Linux: using bind mount to move a subset of root subdirectories to another partion or disk

I was in the situation dealing with a Linux box with two hard disks: /dev/sda: fast hard drive (SSD), small size (~200 GB) /dev/sdb: very big hard drive (HDD), large size (~4 TB) The operating system was installed on /dev/sda, so I had /dev/sdb empty. I knew I could create a mountpoint (e.g. /storage) and … Continue reading Linux: using bind mount to move a subset of root subdirectories to another partion or disk

Automatically add SSH keys to SSH agent with GNOME and macOS

I am using passwordless login via SSH on every box that I administer. Of course, my private SSH key is protected with a password that must be provided when accessing the key. Modern operating systems incorporate the usage of ssh-agent to “link” the user account to the SSH key(s), in order to unlock the SSH … Continue reading Automatically add SSH keys to SSH agent with GNOME and macOS

Accessing remote libvirt on a non-standard SSH port via virt-manager

Scenario: you are using a remote host as a virtualization host with libvirt and you want to manage it via ”Virtual machine manager” (virt-manager) over SSH. But SSH is listening on a non-standard port, and virt-manager does not offer you to connect to a remote libvirt instance on a non-standard port. Fear not, the option … Continue reading Accessing remote libvirt on a non-standard SSH port via virt-manager

Automatically update your Docker base images with watchtower

I’m an avid user of Docker containers, using base images pulled from the public registry DockedHub. As you may know, Docker containers are based on Docked base images, e.g. I run postgres containers that are based on Postgres base image. It occurs that base images could get updated by their respective author (in our case Postgres team) and pushed to DockerHub. … Continue reading Automatically update your Docker base images with watchtower

Docker and containerd on openSUSE: reaching the limit for cgroup (and how to overcome it!)

I recently encountered a limitation during an experiment I was conducting; after some trial and error, I recognized that the limitation was due to cgroups. But let’s start from the beginning. I open sourced docker-salt, a small pet project I had in mind in order to have a full blown setup for SaltStack: a master … Continue reading Docker and containerd on openSUSE: reaching the limit for cgroup (and how to overcome it!)

Secure your SSH server against brute-force attacks with Fail2ban

The problem: SSH can be brute-forced I usually leave an SSH server on a dedicated port on every server I administer and, as you may recall, I even linked two well-written guides to properly configure and harden SSH services. Now, Internet is a notoriously bad place: scanners and exploiters have always been there, but brute-forcers … Continue reading Secure your SSH server against brute-force attacks with Fail2ban

OpenSUSE Leap 42.2: this is how I work (my setup)

Motivation I switched my distribution of choice to OpenSUSE. There are a lot of motivations behind this choice: I wanted an enterprise-grade quality of software in terms of stability, package choice, and supportability Growing interest in software non-distribution specific and/or customized, e.g. Gnome Dogfooding After nearly one year of usage, I can say that I … Continue reading OpenSUSE Leap 42.2: this is how I work (my setup)

OpenVPN with multiple configurations (TCP/UDP) on the same host (with systemd)

As much more people is getting worried about their online privacy (including me), I started to use my home server as a VPN termination (with OpenVPN) when I am not at home and I need to access Internet via non-secure wired/wireless networks (e.g., hotel wireless network, airport Wi-Fi, etc.). Some overzealous network admins, though, try … Continue reading OpenVPN with multiple configurations (TCP/UDP) on the same host (with systemd)

PSA: this website now is TLS-enabled

After some thinking, I decided to switch my current domain registrar and hoster: in fact, I stayed for 5 years with Netsons.org for domain registration and hosting. I had a very pleasant experience with them, I will recommend their hosting to everyone (it’s very cheap in the plethora of Italian super-expensive hosters). Since I recently … Continue reading PSA: this website now is TLS-enabled

Packaging software for Debian/Ubuntu: eclipse

Eclipse is my (Java, Python, Ruby, XML, <insert any other text format here) editor of choice, and it has been for many years. One thing that bothers me is that Eclipse package is outdated in Ubuntu: so, instead of using apt, I should resort to download/unpack/copy/create links to install it. These days are finished, though. … Continue reading Packaging software for Debian/Ubuntu: eclipse