Vagrant and Ansible

Using Vagrant you can automatically deploy a Virtual Machine on almost any virtual platform, VMware, Virtual Box, and QEMU/KVM (libvirt).

It works similarly to Docker. It has a repository, Vagrant Cloud, that is similar to Docker hub. You specify a base image to use from the cloud, and it deploys it to your platform (provider). You can configure how it is delivered using a config file called ‘Vagrantfile’.

Within ‘Vagrantfile’ you can also specify a tool to use to further “provision” the virtual machine. You can use a variety from Puppet, shell, and Ansible.

Libvirt plugin

Install the plugin using:

$ vagrant plugin install vagrant-libvirt

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.define :myserver do |server|
    server.vm.box = "debian/bookworm64"
    server.vm.synced_folder ".", "/vagrant", disabled: true
    server.vm.hostname = "myserver"
    server.vm.provider :libvirt do |libvirt|
      libvirt.title = "Vagrant Machine Build"
      libvirt.description = "Debian 12 Bookworm (Vagrant)"
      libvirt.memory = 2048
      libvirt.cpus = 2
      libvirt.keymap = "en-gb"
      libvirt.autostart = true
      libvirt.storage :file, :size => "20GB", name: "data"
    end
    server.vm.provision :ansible do |ansible|
      ansible.playbook = "playbook.yml"
      ansible.compatibility_mode = "2.0"
    end
  end
end

Here we are building a Debian 12 (bookworm) machine with 2048 MB RAM, and 2 vCPU’s. Then we are using an Ansible play book to complete the provisioning. We also add a second disk as a 20GB data volume – it will require formatting and mounting, all of which could be done from Ansible.

Image Files

The “box” (debian/bookworm64) is pulled from the cloud repository, and stored as a cached copy in your specified, or default pool in libvirt. It is then used as a base image to take a snapshot from, to clone to the machines that are based on the same box image.

References

Vagrant Libvirt Documentation

Vagrant Boxes Create Virtual Machines in Seconds on VirtualBox, Hyper-V, and VMware

Using WireGuard as a non-Administrator on Windows

WireGuard does not work on Windows unless you are an administrator. However, you can enable a regular user to control the service after an admin has installed and configured it. You cannot use the standard WireGuard GUI at all, and should follow these steps to give a non-admin user the ability to start and stop the WireGuard connection service.

First off, install WireGuard onto the Windows PC as an administrator, or elevated permissions to do so.

Start an Administrative command prompt as we need to run a few commands with elevated permissions.

Copy the WireGuard config file (wg0.conf) into “C:\Program Files\WireGuard\Data\Configurations\wg0.conf”. The WireGuard Management service should convert this to an encrypted version with a .dpapi extension, eg. wg0.conf.dpapi

Add the wg0.conf as a service using:

wireguard /installservice “C:\Program Files\WireGuard\Data\Configurations\wg0.conf.dbapi”

You then need to set it as a manual start to ensure it’s not running every time the computer starts. If you don’t do this it gets into a bind when it is in the office as the local routing conflicts with WireGuard routing.

It installs the service named “WireGuardTunnel$wg0”

sc config WireGuardTunnel$wg0 start=demand

Download and install (requires elevation) the ServiceTray application:

https://www.coretechnologies.com/products/ServiceTray/

As you install it, choose the green play arrow style button, and then select the WireGuard Tunnel Service: wg0. Choose to browse to your user’s desktop folder to install the shortcut – we copy/move this to the startup folder once finished.

Next, you must install ServiceSecurityEditor to change the permissions (requires elevation):

https://www.coretechnologies.com/products/ServiceSecurityEditor/

Select the WireGuard Tunnel Service: wg0 to then change the INTERACTIVE user to allow it to start, stop and pause the service.

We then move the icon we installed on the desktop to the startup folder using WIN+R, or Run shell:startup. This should bring up the users’ startup folder for you to drag the icon into. After a restart, and the user logs on, you should find that there is a new icon in the system tray of a RED play arrow icon. You can click this and choose to start and stop the WireGuard Service.

Trilium Notes

Excellent note-taking app. Only calling a note-taking app seems to heavily understate what it is. It’s like a personal version of a Markdown document repository, that stores notes in a manageable structure.

I first tried to use it as a native installation on Manjaro, but it seems to include electron and a huge amount of other dependencies. Instead, I went for the docker installation. Installed in seconds and up and running in no time. The best bit is it’s also available to use in any web browser I can connect to my network with.

The docker compose is very simple and can be tweaked to suit ports and storage location as you like.

version: '3.7'

services:
  trilium:
    image: zadam/trilium
    volumes:
      - "${PWD}/data:/home/node/trilium-data:rw"
    ports:
      - "8080:8080"

Then visit http://localhost:8080 and give it a password.

Zeal – Offline Reference

I came across Zeal some time ago, and for some reason never really got to using it. Mainly because I’m always online and always have access to reference sources. Also, I find myself with a lesser need for documentation as the product base I deal with shrinks.

Then I find I get asked to get stuck in at the coal face and bring out my old Laravel, PHP and JavaScript skills, to bring more hands to a development project. Out comes VSCode and a bag of helpful plugins, and I rediscover zeal.

Install Zeal onto my desktop. Add a few document sets that I need – Laravel, PHP and JavaScript. Then use the Dash VSCode plugin (It supports Dash – MacOS, Zeal – Linux and Velocity – Windows).

Then a simple CTRL+H in VSCode links me to the Zeal documentation search.

Ventoy – One Stick to Boot them All

I regularly end up writing a bootable USB to start a different version of Linux or different distro. Then I came across Ventoy.

Once a USB stick is installed with Ventoy any ISO that you copy onto the stick appears in the Ventoy boot menu. Select the ISO and it boots! Just copy an ISO onto it. No need for any boot maker tools like, dd or etcher. Just copy on an ISO – that’s it.

So far tested with Manjaro, Debian and even Windows 10 – all on the same USB stick!

Video Conferencing Screen Sharing

Try installing manjaro-pipwire if you don’t have it.

The behaviour of my browser seemed to have changed, and no longer lets me share a screen. I end up with a presentation of three black screens to share, and no one gets to see the full screen. I also noticed some missing applications for sharing a window.

Searching the net, I found a Google Chrome option that enables sharing using pipewire. As I’m using Manjaro Gnome under Wayland this probably needs enabling.

vivaldi://flags

or more specifically:

vivaldi://flags/#enable-webrtc-pipewire-capturer

Once I enabled this, my share options changed, and I can now select the entire screen or the missing windows.

Holy Guacamole!

Apache Guacamole – not the answer I was looking for, but impressive.

I wanted to get a remote desktop session to a client machine to support them in the session they are currently working in. On my journey, I encountered guacamole and installed it. Have to say I’m impressed, but what it isn’t is a remote desktop support tool. It’s a HTML5 server that can proxy connections to services such as RDP and SSH. It doesn’t solve the issue of joining a users existing RDP session on Linux, but it does make an RDP connection and give me full access to a Linux XFCE desktop in Linux Mint.

I followed a few guides to get the installation done. The project documentation is a good start to getting Tomcat and guacd running, but creating a config and making it connect to stuff I found this particularly useful, for getting the config and user mapping done: https://www.tecmint.com/guacamole-access-remote-linux-windows-machines-via-web-browser/

Once installed, I then visited the Tomcat webpage http://myserver:8080/guacamole. Logon using the credentials I put in user-mapping.xml and I’m away. Then I can choose the connection I want to connect to.

Whilst I probably won’t use this on a desktop, I may install it on a server and use it as a gateway to other systems on the LAN.

LINPEAS, PEASS

How to get an elevated privileged shell the easy way.

https://github.com/carlospolop/PEASS-ng

Exim4 AUTH LOGIN with LDAP

This was a cause for smashing my head against the wall today.

I configured Exim4 with LDAP auth and tested it with Thunderbird and a couple of Mac clients – I didn’t expect Windows/Office to be the problem child. One of our users, trying to use Outlook, was getting refusals to login. This made no sense as all the other users are logging in just fine. Looking at the logs, the issue wasn’t obvious.

I got the user to install Thunderbird, and it logged in just fine.

Continue reading →

Windows and NFS Shares

Considering I’ve been a long term user of Windows – far longer than Linux, I really find myself detesting the platform with a vengeance. All I wanted to do was mount an NFS share from a Linux system or NAS. All the guides I find pretty much say Install the NFS Client for Windows and then use mount. Not very helpful guys.

Let’s go into the “Add or Remove Programs” in settings and looks for “Optional features” and find absolutely nothing about NFS, click “Add a feature”, still nothing.

Well it’s possible to do this by using the old fashioned “Control Panel” under “Programs” and “Turn Windows features on or off” and scroll the tree to find “Services for NFS”.

Windows 10 is how old now? We still must use legacy features to go looking for how to install something!?

YouTube Music PWA

YouTube music now has a PWA (progressive web app). In Chrome you may get asked to install this when you visit https://music.youtube.com.

As I’m a Vivaldi user the PWA isn’t immediately available on my home system for some reason. After a bit of trawling I find I need to tun on the experimental feature using this special address in the address bar vivaldi:experiments then tick the enable the install of progressive web apps.

Now I can visit the You Tube music URL and right click on the tab it’s in then select Install. Now you should have an icon available in your desktop launcher to take you straight to your music.

Further Enhancement

I edited my .desktop file once it was created an modified it to remove the address bar:

$ vi .local/share/applications/vivaldi-cinhimbnkkaeohfgghhklpknlkffjgod-Default.desktop

#!/usr/bin/env xdg-open
[Desktop Entry]
Version=1.0
Terminal=false
Type=Application
Name=YouTube Music
#Exec=/opt/vivaldi/vivaldi --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
Exec=/opt/vivaldi/vivaldi --profile-directory=Default --app=https://music.youtube.com --kiosk
Icon=vivaldi-cinhimbnkkaeohfgghhklpknlkffjgod-Default
StartupWMClass=crx_cinhimbnkkaeohfgghhklpknlkffjgod

Original line commented out

Thunderbird Appearance

I’ve seen a few user complain that Thunderbird isn’t exactly pretty as a mail client, especially those coming from Outlook. There’s a few addons you can use to really change that.

The ones I’ve chosen all come from one developer Dillinger.

Numix Blue (dark)

Phoenity Buttons

Phoenity Icons

Other Essential Addons

TbSync

Provider for CalDAV & CardDAV

*cloud – FileLink for NextCloud and OwnCloud