Threads for 3bal

1

aae edited 3 months ago | link | on: GitLab as a Terraform state backend

Is OP author? Can you give some more details on your KVM/libvirt setup?

Been wanting to set up a set of minimalist hypervisors designed to be interacted with via TF/api instead of heavyweight proxmox/xenorchestra

Edit: found this… Helpful thanks!
1. 2
  
  3bal 3 months ago | link
  
  Hi @aae , I also keep some examples here https://github.com/ebal/tf

1

jornane 3 years ago | link | on: a simple DoH/DoT using only dnsdist

If you use 9.9.9.9 as an upstream anyway, just use their own DoH/DoT..? Then your traffic is encrypted all the way to the upstream.
1. 2
  
  3bal 3 years ago | link
  
  The specific dnsdist conf is just an example to present the simplicity of dnsdist. In the article there is a full use case scenario to build your own DoH from top to bottom.

1
hauleth 3 years ago | link | on: LibreDNS, our new encrypted DNS service
I didn’t dig into DoH RFC, but how is that supposed to work:
```
https://doh.libredns.gr/dns-query
```
I understand how 1.1.1.1 works over HTTP as this do not need DNS resolution, but how I can resolve DNS query without DNS?
1. 2
  
  bogdan 3 years ago | link
  
  My guess is it’s bootstrapped via traditional DNS.
  1. 0
    
    3bal 3 years ago | link
    
    DoH in layman’s terms, uses HTTPS (S <— stands for security) to ask a remote DNS server and get the reply in firefox. The traditional way is for firefox to ask your operating system and your operating system ask your DNS via UDP that means cleartext & unencrypted traffic.
    1. 1
      
      bogdan 3 years ago | link
      
      Did you mean to reply to me? I’m well aware of how DNS (intimately) and DoH (from the spec) work. The GP was asking how it was possible to use a domain name to reference a DoH server, to which the obvious answer is that it finds the DoH server’s IP address by querying traditional DNS.
2. 2
  
  GodEater 3 years ago | link
  
  For Firefox at least, the set of DOH settings (actually all prefixed in about:config with “network.trr”), there is a ‘network.trr.bootstrapAddress’ setting which allows you to specify a traditional DNS server to bootstrap the DOH system with. If it’s left empty, the bootstrapping defaults to your OS configured DNS resolver.
  1. 2
    
    3bal 3 years ago | link
    
    Actually:
    
    network.trr.bootstrapAddress
    
    https://wiki.mozilla.org/Trusted_Recursive_Resolver#network.trr.bootstrapAddress
    
    by setting this field to the IP address of the host name used in “network.trr.uri”, you can bypass using the system native resolver for it

1
craftyguy 3 years ago | link | on: Building Archlinux Packages in Gitlab
Instead of:
```
# Read PKGBUILD
- source $PKGNAME/PKGBUILD
# Install Dependencies
- pacman -Syu --noconfirm --needed --asdeps "${makedepends[@]}" "${depends[@]}"
```
You can just use makepkg -s to automatically install missing dependencies with pacman. So something like:
```
su - bob -s /bin/sh -c "cd $(pwd)/$PKGNAME/ && makepkg -s"
```
1. 1
  
  3bal 3 years ago | link
  
  Inside a docker container, makepkg will try to use sudo to install missing dependencies. But you will get this error msg:
  
  sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the ‘nosuid’ option set or an NFS file system without root privileges?
  
  Inside pacman/makepkg codebase: scripts/makepkg.sh.in: cmd=(sudo “${cmd[@]}”)

1

3bal 3 years ago | link | on: Cool, but obscure X11 tools

I’ve using (almost daily) a lot of them ! And yes, there are cool .. but obscure?