Onion Information
Feeding the Cloud
No description
Onion Details
Page Clicks: 0
First Seen: 03/11/2024
Last Indexed: 10/21/2024
Onion Content
Feeding the Cloud Creative Commons Attribution-ShareAlike 4.0 International License https://feeding.cloud.geek.nz/ Feeding the Cloud ikiwiki 2024-02-02T19:59:07Z Using a GitHub Gist like a git repo https://feeding.cloud.geek.nz/posts/using-github-gist-like-git-repo/ 2024-02-02T19:59:07Z 2024-02-02T04:05:00Z A GitHub gist is backed by a regular git repository, but it's not exposed explicitly via the user interface. For example, this "secret" gist can be cloned using this command: git clone https://gist.github.com/fmarier/b652bad2e759675e8650f3d3ee81ab08.git test Within this test directory, the normal git commands can be used: touch empty git add empty git commit -a -m "Nothing to see here" A gist can contain multiple files just like normal repositories. In order to push to this repo, add the following pushurl : git remote set-url --push origin git@gist.github.com:b652bad2e759675e8650f3d3ee81ab08.git before pushing using the regular command: git push Note that the GitHub history UI will not show you the normal commit details such as commit message and signatures. If you want to access the latest version of a file contained within this gist, simply access https://gist.githubusercontent.com/fmarier/b652bad2e759675e8650f3d3ee81ab08/raw/readme.md . Proper Multicast DNS Handling with NetworkManager and systemd-resolved https://feeding.cloud.geek.nz/posts/proper-multicast-dns-handling-network-manager-systemd-resolved/ 2024-01-20T01:13:59Z 2024-01-20T01:10:00Z Using NetworkManager and systemd-resolved together in Debian bookworm does not work out of the box. The first sign of trouble was these constant messages in my logs: avahi-daemon[pid]: Host name conflict, retrying with hostname-2 Then I realized that CUPS printer discovery didn't work: my network printer could not be found. Since this discovery now relies on Multicast DNS , it would make sense that both problems are related to an incompatibility between NetworkManager and Avahi . What didn't work The first attempt I made at fixing this was to look for known bugs in Avahi. Neither of the work-arounds I found worked: the one proposed in https://github.com/avahi/avahi/issues/117#issuecomment-1651475104 : [publish] publish-aaaa-on-ipv4=no publish-a-on-ipv6=no nor the one proposed in https://github.com/avahi/avahi/issues/117#issuecomment-442201162 : [server] cache-entries-max=0 What worked The real problem turned out to be the fact that NetworkManager turns on full mDNS support in systemd-resolved which conflicts with the mDNS support in avahi-daemon . You can see this in the output of resolvectl status : Global Protocols: LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Link 2 (enp6s0) Current Scopes: DNS mDNS/IPv4 mDNS/IPv6 Protocols: +DefaultRoute -LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.1.1 DNS Servers: 192.168.1.1 DNS Domain: lan which includes +mDNS for the main network adapter. I initially thought that I could just uninstall avahi-daemon and rely on the systemd-resolved mDNS stack, but it's not actually compatible with CUPS . The solution was to tell NetworkManager to set mDNS to resolve-only mode in systemd-resolved by adding the following to /etc/NetworkManager/conf.d/mdns.conf : [connection] connection.mdns=1 leaving /etc/avahi/avahi-daemon.conf to the default Debian configuration. Verifying the configuration After rebooting, resolvectl status now shows the following: Global Protocols: LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Link 2 (enp6s0) Current Scopes: DNS mDNS/IPv4 mDNS/IPv6 Protocols: +DefaultRoute -LLMNR mDNS=resolve -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.1.1 DNS Servers: 192.168.1.1 DNS Domain: lan Avahi finally sees my printer (called hp in the output below): $ avahi-browse -at | grep Printer + enp6s0 IPv6 hp @ myprintserver Secure Internet Printer local + enp6s0 IPv4 hp @ myprintserver Secure Internet Printer local + enp6s0 IPv6 hp @ myprintserver Internet Printer local + enp6s0 IPv4 hp @ myprintserver Internet Printer local + enp6s0 IPv6 hp @ myprintserver UNIX Printer local + enp6s0 IPv4 hp @ myprintserver UNIX Printer local and so does CUPS: $ sudo lpinfo --include-schemes dnssd -v network dnssd://myprintserver%20%40%20hp._ipp._tcp.local/cups?uuid=d46942a2-b730-11ee-b05c-a75251a34287 Firewall rules Since printer discovery in CUPS relies on mDNS, another thing to double-check is that the correct ports are open on the firewall. This is what I have in /etc/network/iptables.up.rules : # Allow mDNS for local service discovery -A INPUT -d 100.64.0.0/10 -p udp --dport 5353 -j ACCEPT -A INPUT -d 192.168.1.0/24 -p udp --dport 5353 -j ACCEPT and in etc/network/ip6tables.up.rules : # Allow mDNS for local service discovery -A INPUT -d ff02::/16 -p udp --dport 5353 -j ACCEPT Filtering your own spam using SpamAssassin https://feeding.cloud.geek.nz/posts/filtering-own-spam-using-spamassassin/ 2024-01-14T00:26:40Z 2023-12-19T06:20:00Z I know that people rave about GMail's spam filtering, but it didn't work for me: I was seeing too many false positives. I personally prefer to see some false negatives (i.e. letting some spam through), but to reduce false positives as much as possible (and ideally have a way to tune this). Here's the local SpamAssassin setup I have put together over many years. In addition to the parts I describe here, I also turn off greylisting on my email provider ( KolabNow ) because I don't want to have to wait for up to 10 minutes for a "2FA" email to go through. This setup assumes that you download all of your emails to your local machine. I use fetchmail for this, though similar tools should work too. Three tiers of emails The main reason my setup works for me, despite my receiving hundreds of spam messages every day, is that I split incoming emails into three tiers via procmail : not spam : delivered to inbox likely spam : quarantined in a soft_spam/ folder definitely spam : silently deleted I only ever have to review the likely spam tier for false positives, which is on the order of 10-30 spam emails a day. I never even see the hundreds that are silently deleted due to a very high score. This is implemented based on a threshold in my .procmailrc : # Use spamassassin to check for spam :0fw: .spamassassin.lock | /usr/bin/spamassassin # Throw away messages with a score of > 12.0 :0 * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\* /dev/null :0: * ^X-Spam-Status: Yes $HOME/Mail/soft_spam/ # Deliver all other messages :0: ${DEFAULT} I also use the following ~/.muttrc configuration to easily report false negatives/positives and examine my likely spam folder via a shortcut in mutt : unignore X-Spam-Level unignore X-Spam-Status macro index S "c=soft_spam/\n" "Switch to soft_spam" # Tell mutt about SpamAssassin headers so that I can sort by spam score spam "X-Spam-Status: (Yes|No), (hits|score)=(-?[0-9]+\.[0-9])" "%3" folder-hook =soft_spam 'push ol' folder-hook =spam 'push ou' #