Linux on a Netgate SG-8860-1U

I recently obtained a second-hand Netgate SG-8860-1U firewall, which has now replaced my PC Engines apu2c4 board as the router in my home network. The apu2c4 is a perfectly good piece of hardware, but it only has three Ethernet ports compared to six on the Netgate machine. I was using all three ports (one connected to my modem and two bonded together and connected to my managed switch), so having some spare ports for expansion is useful – I’m already thinking about how I could rewire things to try to achieve 2 gigabits/sec with bonding between my desktop and server.

Read more

systemctl daemon-reload and Puppet

Update: Puppet 6.1 adds support for automatically calling systemctl daemon-reload when required, making the technique described in this post redundant.

I manage my machines at home (and at work) with Puppet, a configuration management tool. Sometimes one of my manifests needs to change a systemd service’s configuration – for example, if the upstream package didn’t ship with a unit file, or to override some settings in a .service.d directory. systemctl daemon-reload needs to be executed after changing configuration in the /etc/systemd directory, but Puppet doesn’t have built-in support for this.

Read more

Compressing X.509 certificates

I run a Certificate Transparency monitor which retains a copy of all the certificates it downloads. As CT logs are append-only, the monitor’s disk usage keeps creeping upwards. I’m always on the look out for ways to optimize disk usage to delay the need to buy bigger disks!

Read more

Linux tproxy server in Java

tproxy is a feature in Linux which allows an intermediate router to run a proxy server which can intercept and modify network traffic transparently (i.e. the end systems cannot tell that this has been done, as the source/destination IP addresses in the packets are not modified.) tproxy also works with IPv6 whereas non-transparent mechanisms such as the iptables REDIRECT target do not because of the lack of NAT support in the Linux IPv6 stack in older kernels.

Read more

Using IntelliJ IDEA's javac2 in Gradle

JetBrains’s IntelliJ IDEA uses a wrapper around the Java compiler, named javac2, to provide additional support for compiling .form files produced by the IDE, and for processing @Nullable and @NotNull annotations. It is naturally supported inside IDEA itself, and also by Apache Ant. However, other build systems like Gradle do not support it out of the box. Supporting it is useful - e.g. if you wanted to run a continuous integration server, which means you cannot use IDEA for building, and want it to compile your forms. Also, it could be useful if other developers on the same project used a different IDE.

Read more