Posts

  • TrueNAS Core: Miscellaneous power tweaks

    This continues the series of posts on TrueNAS Core idle power optimization. The previous opus here discussed SpeedShift available on Broadwell and newer processors, that allows to relieve the OS from micromanaging power states and accomplish significantly better power savings that tools like powerd could achieve. In this post we discuss a few minor tweaks that bring diminishing returns, but if every watt counts – it’s worth exploring.

  • TrueNAS Core: Saving even more power with Intel Speed Shift

    In the previous opus here we have discussed using powerd daemon to optimize power consumption of the TrueNAS system based on Intel Xeon E-2600 v3 (Haswell) and earlier processors, discussed challenges with managing and scaling clocks from the OS, and yet ended up with somewhat unsatisfying solution.

  • Hosting services behind Ubiquiti Unifi Dream Machine over Wireguard VPN connection with port forwarding

    Step by step with illustrations on how to configure Ubiquiti Unifi Dream Machine to host services in the lan over VPN connection with port forwarding.

  • Configuring CyberPower UPS on TrueNAS Core

    This opus describes how to properly configure CyberPower UPS on a TrueNAS Core to ensure that the power is only pulled when safe.

  • Cockpit over Cloudflare Zero Trust

    Advice on configuring Cockpit to work reliably over the Cloudflare Zero Trust (Access) network.

  • TrueNas Core: configuring power-savings modes with powerd

    I’ve noticed that my Intel Xeon E3-1230 v2 CPU runs at the maximum frequency on my TrueNAS Core, even at a negligible load. This post describes how to configure the powerd daemon to shave off a few watts of idle power by allowing the frequencies to scale.

  • Connecting TrueNAS Core to Cloudflare Zero Trust

    Cloudflare Zero Trust tunnel client does not support FreeBSD out of the box, and Cloudflare does not provide FreeBSD binaries either. This means that we need to either fetch the package or build the binary ourselves, and then configure tunnel in a roundabout way: automatic tunnel setup does not work. Lastly, we want to enable it in a way to survive the TrueNAS OS upgrades, let alone reboots.

  • Running auto-updatable services in rootless containers with podman on Oracle Linux/RHEL/Fedora with SELinux enabled

    These are my notes about configuring services with Podman on RHEL and related OSes with SELinux enabled, using compute instance in the Oracle Cloud with Oracle Linux 8. Information presented below is readily available elsewhere – see references – however, the intent of this opus is to condense all of that into palatable chunks to serve as a somewhat quick answer to the question “How do I get this container running on my instance?” without needing to spend hours reading pages and pages of documentation.

  • Debugging mDNS/Avahi on TrueNAS

    If you are trying to debug mDNS/Avahi on TrueNAS Core and stumble on this misleading Failed to create client object: Daemon not running, and web search leads nowhere?

  • Hosting services behind a restrictive firewall/CGNAT using DNAT on a VPS hosted wireguard endpoint

    This is a short description of how to host services, using STORJ node as an example, on a host behind CG-NAT, or otherwise restrictive firewall, by forwarding packets through WireGuard endpoint on a relatively fast nearby VPS. This is not specific to Storj, and can be adopted to hosting other services.

  • Raid operation is interrupted in a few minutes

    If during Intel Rapid Storage RAID migration or verification on Windows, the disk activity ceases in a few minutes and the Event Log contains messages similar to Reset to device, \Device\RaidPort0, was issued check if you have VMWare Workstation or Player installed. I did not have time to dig into details, but uninstalling the VMWare removed this issue.

  • Time Machine backup to Windows host

    Time Machine backup to windows host over SMB is not supported. This post describes configuration of `netatalk` in WSL to facilitate backup over AFP.
  • Accessing Xfinity modem admin pages in bridge mode from behind third party router

    One can connect to the Xfinity modem configured in bridge mode directly with a cable as described in the support article or configure static route on the third party gateway and avoid running around with cables. This post is a confirmation that this approach works.
  • Stability of rclone mount on macOS for Google Drive with macFUSE

    Addressing stability of Google Drive rclone mount on macOS with macFUSE
  • Migrating Jekyll blog comments from Disqus to Discourse

    Move to self-hosted discourse for blog comments to avoid user tracking by unrelated third parties.
  • Configuring duplicacy CLI on macOS with SIP enabled

    This post explains how to configure Duplicacy on macOS with SIP enabled to backup all users and limit CPU utilization.
  • Duplicacy backup to Google Drive with Service Account

    How to backup with Duplicacy to Google Workspace with Service Account
  • Handling of radar detection on DFS channels by Ubiquiti WiFi access points

    Ubiquiti APs stay off the channel for a strange amount of time but can be nudged back to the DFS channel manually.
  • Duplicacy Web on Synology Diskstation without Docker

    Duplicacy is a self-contained executable and as such, it can be run natively on a Synology disk station, without docker.
  • Bypassing Sophos XG stateful firewall

    Sophos XG blocks UniFi communication by implicit rule 0. This post describes how to bypass a stateful firewall for the specific hosts.
  • Cloud Storage Pricing, Revisited

    Updated cloud storage pricing as of March 2019
  • Determining address ranges for a service from a single IP

    This post explains how to come up with a list of all IP ranges used by the company or service to configure your firewall and web filter exceptions.
  • Optimizing Code42 CrashPlan performance

    Optimizing performance of Code42 CrashPlan engine for resource constrained hosts. (Does not apply to client version 7.7.0 and likely newer)
  • Provisioning custom SSL CA and Server Certificate to Synology Diskstation

    How to add Self-Signed CA and Server SSL certificate to Synology DSM and configure it to be used with services. Two poorly documented pitfalls I stumbled upon.
  • Provisioning custom SSL keys to Ubiquiti CloudKey and UniFi Controller

    Could not find the guide that worked. Had to figure stuff out on my own.
  • Creating Self-Signed Certificate Authority to issue SSL certificates using Certificate Assistant on macOS

    This is a somewhat tutorial-ish guide about creating a self-signed Certificate Authority suitable for issuing SSL certificates to be used for various servers, services, and devices to ensure "green lock" in the browsers and happy users using macOS GUI tools.
  • Strongswan IKEv2 split/full tunnel VPN on Alpine Linux VM on Synology Diskstation

    Ever wanted to have an always-on VPN on an iOS device? IKEv2 is the answer; unfortunately, it is not properly supported by any appliances commonly laying around the house - so we'll improvise. This post is about the setup and configuration of an IKEv2 VPN server based on Strongswan running inside of the Alpine Linux instance in the virtual machine hosted on Synology Diskstation. Pitfalls and challenges making split-tunnel work seamlessly. And don't have your hopes up too high -- while both full tunnel and split tunnel work just fine on a routing level it is not currently possible to make split-DNS work seamlessly enough, without client-side configuration. See closing notes for details. You might as well jump to the OpenVPN article if that is important.
  • Failure to negotiate when connecting to Synology L2TP server

    Setting up an L2TP VPN server on Synology DiskStation, forwarded ports 500,4500,1701 but the handshake fails for an obscure reason; something like “fatal payload-malformed notify message, phase 1 should be deleted.” What do to? Check the PSK length. It shall not be longer than 64 characters. The UI will accept longer string, however, doing so will result in failures setting up the tunnel.

  • Canon MF4150: Printing and Scanning with AirPrint and SANE

    I have a fairly old but great laser multifunction Canon MF4150 that never really supported scanning from anything but windows and whose macOS printing drivers lag behind OS releases by a large margin, causing frustration after each new release. Still, it has been over 10 years, and it works great, and I’m absolutely happy with its performance.

  • Cloud Storage Pricing

    Looking for a CrashPlan alternative: Comparing cost of cloud storage.
  • OpenVPN Split Tunnel on Synology Diskstation

    Exhaustive guide on configuring Synology's built-in OpenVPN server and further configuration of the .ovpn files to set up split-tunnel VPN home, emphasizing one-click client configuration, including macOS, iOS, and Windows clients.
  • Unattended Duplicacy setup on macOS

    What do you do when your favorite backup provider decides to focus on corporate customers and discontinues the home edition of its cloud backup software? You start testing replacements and soon come with an alternative that in retrospect happens to be more robust, flexible, and resilient. This post will provide supplemental information for setting up unattended periodic Duplicacy backup on a macOS. The main goal is to provide meaningful configuration files to save time re-inventing the wheel.