Recent posts

#eXit : Goodbye twitter. Hi Mastodon…

less than 1 minute read

Plushtodon

I decided to leave twitter.
 
Yes, this has something to do with the change of ownership, the name change to x, …
 
There is only 1 X to me, and that’s X.org

Twitter has become a platform that doesn’t value #freedomofspeech anymore.

My account even got flagged as possible spam to “factchecking” #fakenews

The mean reason is that there is a better alternative in the form of the Fediverse #Fediverse is the protocol that Mastodon uses.

It allows for a truly decentralised social media platform.

It allows organizations to set up their own Mastodon instance and take ownership and accountability for their content and accounts.

Mastodon is a nice platform; you probably feel at home there.

People who follow me on twitter can continue to follow me at Mastodon if they want.

https://mastodon.social/@stafwag

I’ll post this message a couple of times to twitter before I close my twitter account, so people can decide if they want to follow me on Mastodon …or not ;-).

Have fun!

Read more...

docker-stafwag-unbound v2.1.0 released: Use unbound as an DNS-over-TLS resolver and authoritative DNS server

4 minute read

Unbound

Unbound is a popular DNS resolver, that has native DNS-over-TLS support.
 

Unbound and Stubby were among the first resolvers to implement DNS-over-TLS.

I wrote a few blog posts on how to use Stubby on GNU/Linux and FreeBSD.

The implementation status of DNS-over-TLS and other DNS privacy options is available at: https://dnsprivacy.org/.

See https://dnsprivacy.org/implementation_status/ for more details.

It’s less known that it can also be used as authoritative DNS server (aka a real DNS server). Since I discovered this feature and Unbound got native DNS-over-TLS support I started to it as my DNS server.

I created a docker container for it a couple of years back to use it as an authoritative DNS server.

I recently updated the container, the latest version (2.1.0) is available at: https://github.com/stafwag/docker-stafwag-unbound

ChangeLog

Version 2.1.0

Upgrade to debian:bookworm

  • Updated BASE_IMAGE to debian:bookworm
  • Add ARG DEBIAN_FRONTEND=noninteractive
  • Run unbound-control-setup to generate the default certificate
  • Documentation updated

Read more...

docker-stafwag-hello_nginx v1.0.0 released

less than 1 minute read

2025

While the code ( if you call YAML “code” ) is already more than 5 years old. I finally took the take the make a proper release of my test “hello” OCI container.

I use this container to demo a container build and how to deploy it with helm on a Kubernetes cluster. Some test tools (ping, DNS, curl, wget) are included to execute some tests on the deployed pod.

It also includes a Makefile to build the container and deploy it on a Red Hat OpenShift Local (formerly Red Hat CodeReady Containers) cluster.

To deploy the container with the included helm charts to OpenShift local (Code Ready Containers), execute make crc_deploy.

This will:

  1. Build the container image
  2. Login to the internal OpenShift registry
  3. Push the image to the internal OpenShift register
  4. Deploy the helm chart in the tsthelm namespace, the helm chart will also create a route for the application.

I might include support for other Kubernetes in the future when I find the time.

Read more...

Ansible k3s on vms 1.2.0 and delegated_vm_install 2.0.3 released

1 minute read

cloud-init

I prepared a few update releases of some ansible roles related to provision virtual machines with libvirt over the last weeks.

Mainly clean up releases and makes sure that everything works on different GNU/Linux distributions out of the box.

One “big” change is the removal of the dependency on the cloud-localds utility to provision virtual machines with cloud-init. This enables the usage of the roles on Linux distributions that don’t provide this utility.


Ansible-k3s-on-vms v1.2.0

An Ansible playbook to deploy virtual machines and deploy K3s.

https://github.com/stafwag/ansible-k3s-on-vms

Read more...