Using OpenTofu/Terraform to create a disposable Tails virtual machine

June 22, 2025 1 minute read

OpenTofu

Terraform or OpenTofu (the open-source fork supported by the Linux Foundation) is a nice tool to setup the infrastructure on different cloud environments. There is also a provider that supports libvirt.

• https://github.com/dmacvicar/terraform-provider-libvirt

If you want to get started with OpenTofu there is a free training available from the Linux foundation:

• https://training.linuxfoundation.org/express-learning/getting-started-with-opentofu-lfel1009/

I also joined the talk about OpenTofu and Infrastructure As Code, in general, this year in the Virtualization and Cloud Infrastructure DEV Room at FOSDEM this year:

• https://fosdem.org/2025/schedule/event/fosdem-2025-6057-the-iac-tooling-multiverse-and-the-future-of-iac/

Lookat 2.1.0rc1 released

June 8, 2025 less than 1 minute read

Lookat 2.1.0rc1 is the latest development release of Lookat/Bekijk, a user-friendly Unix file browser/viewer that supports colored man pages.

The focus of the 2.1.0 release is to add ANSI Color support.

News

8 Jun 2025 Lookat 2.1.0rc1 Released

Lookat 2.1.0rc1 is the first release candicate of Lookat 2.1.0

ChangeLog

Lookat / Bekijk 2.1.0rc1

• ANSI Color support

#eXit : Goodbye twitter. Hi Mastodon…

May 11, 2025 less than 1 minute read

I decided to leave twitter.
 
Yes, this has something to do with the change of ownership, the name change to x, …
 
There is only 1 X to me, and that’s X.org

Twitter has become a platform that doesn’t value #freedomofspeech anymore.

My account even got flagged as possible spam to “factchecking” #fakenews

The mean reason is that there is a better alternative in the form of the Fediverse #Fediverse is the protocol that Mastodon uses.

It allows for a truly decentralised social media platform.

It allows organizations to set up their own Mastodon instance and take ownership and accountability for their content and accounts.

Mastodon is a nice platform; you probably feel at home there.

People who follow me on twitter can continue to follow me at Mastodon if they want.

https://mastodon.social/@stafwag

I’ll post this message a couple of times to twitter before I close my twitter account, so people can decide if they want to follow me on Mastodon …or not ;-).

Have fun!

docker-stafwag-unbound v2.1.0 released: Use unbound as an DNS-over-TLS resolver and authoritative DNS server

May 4, 2025 4 minute read

Unbound is a popular DNS resolver, that has native DNS-over-TLS support.
 

Unbound and Stubby were among the first resolvers to implement DNS-over-TLS.

I wrote a few blog posts on how to use Stubby on GNU/Linux and FreeBSD.

• https://stafwag.github.io/blog/blog/2018/09/09/dns-privacy-with-stubby-part1-gnulinux/
• https://stafwag.github.io/blog/blog/2018/10/07/dns-privacy-with-stubby-part-2-freebsd/

The implementation status of DNS-over-TLS and other DNS privacy options is available at: https://dnsprivacy.org/.

See https://dnsprivacy.org/implementation_status/ for more details.

It’s less known that it can also be used as authoritative DNS server (aka a real DNS server). Since I discovered this feature and Unbound got native DNS-over-TLS support I started to it as my DNS server.

I created a docker container for it a couple of years back to use it as an authoritative DNS server.

I recently updated the container, the latest version (2.1.0) is available at: https://github.com/stafwag/docker-stafwag-unbound

ChangeLog

Version 2.1.0

Upgrade to debian:bookworm

• Updated BASE_IMAGE to debian:bookworm
• Add ARG DEBIAN_FRONTEND=noninteractive
• Run unbound-control-setup to generate the default certificate
• Documentation updated

docker-stafwag-hello_nginx v1.0.0 released

April 27, 2025 less than 1 minute read

While the code ( if you call YAML “code” ) is already more than 5 years old. I finally took the take the make a proper release of my test “hello” OCI container.

I use this container to demo a container build and how to deploy it with helm on a Kubernetes cluster. Some test tools (ping, DNS, curl, wget) are included to execute some tests on the deployed pod.

It also includes a Makefile to build the container and deploy it on a Red Hat OpenShift Local (formerly Red Hat CodeReady Containers) cluster.

To deploy the container with the included helm charts to OpenShift local (Code Ready Containers), execute make crc_deploy.

This will:

1. Build the container image
2. Login to the internal OpenShift registry
3. Push the image to the internal OpenShift register
4. Deploy the helm chart in the tsthelm namespace, the helm chart will also create a route for the application.

I might include support for other Kubernetes in the future when I find the time.