Last month, my homelab experienced an incident that resulted in service disruption for 3 hours and 8 minutes, and because I like to cosplay as a sysadmin in my free time this is a post-incident analysis. The effects of the disruption were mostly external, mainly affecting the main site and ytrss, internal systems remained unaffected.
A virtual machine hosted on Linode needed to be moved between physical hosts for urgent and unplanned maintenance.
Read more...
Networking
Server and client setup Install Wireguard on both server and client
sudo apt install wireguard Create the public and private key on both server and client. Store the private keys in a secure place.
wg genkey | tee privatekey | wg pubkey > publickey Server configuration Create and open the file /etc/wireguard/wg0.conf. Insert the following block and view the examples on the table below.
Variable Exmaple <server-ip> 10.0.1.1 <subnet> 24 <interface> eth0 <server-private-key> kj202323j23mwnew0= <server-port> 51820 [Interface] Address = <server-ip>/<subnet> SaveConfig = true PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o <interface> -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o <interface> -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o <interface> -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o <interface> -j MASQUERADE ListenPort = `<server-port>` PrivateKey = <server-private-key> Bring up Wireguard on the client
Read more...
Grabbing just an IP address from a network interface can be useful for scripting. In the example below the assumed interface is eth0.
ip a show eth0 | grep "inet " | cut -d' ' -f6 | cut -d/ -f1 You can then save this into a variable and use it in other commands.
local_ip=$(ip a show eth0 | grep "inet " | cut -d' ' -f6 | cut -d/ -f1) python3 -m http.
Read more...