hexaitos.com/_site/feed.xml

114 lines
25 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="4.3.4">Jekyll</generator><link href="https://hexaitos.com/feed.xml" rel="self" type="application/atom+xml" /><link href="https://hexaitos.com/" rel="alternate" type="text/html" /><updated>2024-11-28T12:53:12+01:00</updated><id>https://hexaitos.com/feed.xml</id><title type="html">Hexaitos Personal Website</title><entry><title type="html">Asahi Linux on my base model M1 MacBook Air</title><link href="https://hexaitos.com/2024/11/19/asahi-on-m1-mba.html" rel="alternate" type="text/html" title="Asahi Linux on my base model M1 MacBook Air" /><published>2024-11-19T00:00:00+01:00</published><updated>2024-11-19T00:00:00+01:00</updated><id>https://hexaitos.com/2024/11/19/asahi-on-m1-mba</id><content type="html" xml:base="https://hexaitos.com/2024/11/19/asahi-on-m1-mba.html"><![CDATA[<figure class="main">
2024-11-18 23:05:54 +00:00
<a target="_blank" href="/assets/images/blog_posts/asahi_mba_m1/20241118-WE2A1144.jpg">
<img src="/assets/images/blog_posts/asahi_mba_m1/thumbnails/20241118-WE2A1144_2000w.jpg" alt="An opened MacBook Air M1 standing on a table. It is showing the desktop of KDE Plasma 6 with the floating task bar at the bottom. The desktop background is a bird of prey." />
</a>
<figcaption>A photo of my MacBook Air running Asahi Linux with KDE Plasma 6</figcaption>
</figure>
<p>A couple of years ago still during my apprenticeship and also during the pandemic I bought a base model M1 MacBook Air with some bonus money that I got for finishing an important (to my boss, at any rate) project at work and its been my main laptop ever since and one that Ive been using basically daily ever since. However, the fact that I only got a base model has been a bit problematic and, thefore, I decided to upgrade to the new M4 MacBook Pro this year. This, then, leaves me with my still more than capable MacBook Air and Ive been thinking about what to do with it. Then I remembered the fact that Ive always been wanting to try out Asahi Linux; and that coupled with the <em>very</em> low power consumption of these M-series chips made me think that it would probably make for a really good low-powered server that still has enough <em>oomph</em> for more heavy workloads (definitely more than my <em>actual</em> server thats running an Intel N100). And so thats exactly what I did!</p>
<h2 id="installation">Installation</h2>
<p>The installation of Asahi is pretty straightforward in general, but having only a base model Mac (with a measly 256 GB SSD) does pose a bit of a problem: Asahi cannot be installed as the sole operating system; instead; it can only be installed <em>alongside</em> macOS. This, then, means that even after completely erasing my previous Sonoma install and then <em>only</em> running the Asahi Linux installer afterwards, I only have about 150 GB of usable disk space on my Asahi partition. Now thats not that bad or anything, but its definitely not a lot of disk space in todays world.</p>
<p>Speaking of the installation, its pretty much as simple as running <code class="language-plaintext highlighter-rouge">curl https://alx.sh | sh</code> in a terminal window and following the on-screen prompts (insert disclaimer about running running shell scripts without checking their contents first here). If youre even remotely familiar with the command line (and are able to read), then the installation shouldnt pose any significant problems. Still, I would not recommend installing this on your main machine that you use for other things as well as Im sure it can quite easily render your macOS install useless if something goes wrong.</p>
<p>During the installation process, youll be given the opportunity to set a new size for the macOS partition and a size for the to-be-created Asahi Linux partition. Additionally, you can choose between either Gnome or KDE (if I remember correctly) as your desktop environment. Then, after some rebooting and changing of Mac security features, youll be greeted by an installer that youre going to be very familar with if youve ever installed a Linux distribution. There youll choose a timezone and a username and password. Afterwards you can reboot and you should be greeted by a login window.</p>
<p>As a side note: Asahi used to be based on Arch Linux but they appear to have moved over to Fedora and the Fedora-based Asahi Linux is, as far as I can tell, the only <q>official</q>. There are some <a href="https://github.com/AsahiLinux/docs/wiki/SW:Alternative-Distros">community-maintained flavours</a> but I havent tried out any of those yet; I am also guessing their installation process will differ quite significantly from that of the official Fedora-based version.</p>
<h2 id="the-desktop-experience">The desktop experience</h2>
<p>I was honestly quite surprised at how <em>usable</em> it was in general, the only thing I still would very much like to see implemented is the ability to connect an external monitor through one of the USB-C ports of the MBA — that has (as of the publishing of this post) not yet been implemented. Other than that, however, everything worked pretty much as youd expect: you can change the brightness of the keyboard and the screen; the trackpad works (and even has force feedback); the speakers work and sound as you would expect them to sound; the keys on the keyboard all work (including things like the media keys for playing/pausing videos or music); closing the lid makes the laptop reliably go to sleep and opening it wakes it up quite quickly … you get the idea. Even the battery life is as fantastic (KDE estimating 9-12 hours) despite this MacBook being 4-ish years old now. WiFi also works perfectly and at the the expected speed.</p>
<figure class="small-image">
<a target="_blank" href="/assets/images/blog_posts/asahi_mba_m1/screenshot-fastfetch.png">
<img src="/assets/images/blog_posts/asahi_mba_m1/thumbnails/screenshot-fastfetch_1200w.png" alt="A screenshot showing a full-screened terminal window and the output of the program fastfetch. The output shows some information about the machine, such as the processor and its speed, OS etc." />
</a>
<figcaption>Fastfetch running on the MacBook Air</figcaption>
</figure>
<p>There are some strange behaviours here and there though. For example, whilst the trackpad does work, the palm rejection is, seemingly, non-existent, especially if youre used to how well it works on macOS. Oh and speaking of the trackpad, it feels strangely laggy, almost as though it were connected through a terrible bluetooth connection (Im pretty sensitive to input delay in general though, so you might not notice this at all). Also, youre going to have to use regular Windows-style shortcuts, i. e. <code class="language-plaintext highlighter-rouge">⌃C</code> instead of <code class="language-plaintext highlighter-rouge">⌘C</code> for copying things, as an example.</p>
<p>Additionally, you might not have access to all the packages as, obviously, this isnt an <code class="language-plaintext highlighter-rouge">x86_64</code>-based system but rather <code class="language-plaintext highlighter-rouge">aarch64</code>. I wanted to install Ruby on my system and I generally use <code class="language-plaintext highlighter-rouge">rbenv</code> to manage my Rubies. However, I first had a bit of trouble getting <code class="language-plaintext highlighter-rouge">rbenv</code> itself working and once I did, I had even <em>more</em> trouble getting it to actually compile Ruby 3.3.6 for me. At first, there were some problems with <code class="language-plaintext highlighter-rouge">openssl</code> that I managed to somehow fix by running <code class="language-plaintext highlighter-rouge">sudo dnf groupinstall "Development Tools"</code> but then it complained about <code class="language-plaintext highlighter-rouge">libffi</code> apparently missing (even though it wasnt as far as I could tell) so I just ended up using <code class="language-plaintext highlighter-rouge">rvm</code> instead that could compile Ruby 3.6.6 without any problems.</p>
<p>Most of the Flatpaks that Ive tried worked without any problems except for the Flatpak for Telegram for some reason, but that mightve just been my doing something wrong. LibreWolf, the browser I generally use on Linux, works fine and runs as expected, though also through a Flatpak. Tokodon, KDEs own Mastodon / Fediverse client, also works quite well. The GPU, apparently, <em>also</em> works but I havent really tried that out yet. Watching YouTube videos, even at 4K, was not a problem however and I couldnt detect any dropped frames.</p>
<p>A colleague of mine who is also quite interested in both ARM and RISC-V has told me about Box64 which allows you to run normal <code class="language-plaintext highlighter-rouge">x86_64</code>-based programs on an ARM-based processor. I havent yet tried this out myself but I definitely want to try it out and see if I can get some non-native programs running through that.</p>
<h2 id="and-as-a-server">And as a server?</h2>
<figure class="small-image">
<a target="_blank" href="/assets/images/blog_posts/asahi_mba_m1/screenshot-sensors.png">
<img src="/assets/images/blog_posts/asahi_mba_m1/thumbnails/screenshot-sensors_1200w.png" alt="A screenshot showing a terminal window and the output of the sensors command. It is showing temperatures, voltages and a wattage." />
</a>
<figcaption>The output of lm-sensors</figcaption>
</figure>
<p>I still havent done too much with regards to trying it out as a server, but I still feel like it should work quite well as long as all the software also works. I <em>really</em> wanted to get something like Proxmox or maybe even just YunoHost working, but I havent really found a way to do that yet. One thing I already did was change the charging limit from <code class="language-plaintext highlighter-rouge">100%</code> down to <code class="language-plaintext highlighter-rouge">80%</code>. I had to do this through the console by running <code class="language-plaintext highlighter-rouge">echo 80 |sudo tee /sys/class/power_supply/macsmc-battery/charge_control_end_threshold</code> in the terminal as changing the charging limit through KDEs GUI settings did not seem to work.</p>
<p>I also installed <code class="language-plaintext highlighter-rouge">lm-sensors</code>. I did that mostly to see the temperatures at which the computer was running, but I was very surprised to see that it also provided me with a nice way of seeing how much power it was using at a given time. This showed me that the power usage even with the screen turned on was rather low! I, therefore, enabled ssh and sshd into the machine to see what its power usage would be when the screen was completely turned off; and I was very surprised to see that the idle power consumption appears to be around 1-2 W with the screen turned off. Now thats <em>really</em> low value and something that you would <em>probably</em> have a hard time noticing on your monthly power bill.</p>
<p>If I were to actually start using this machine as a server, I would probably install a more minimal version of Asahi (probably without any DE whatsoever) and I would also need to get some sort of USB-C to ethernet adapater and <em>hope</em> that it works; though depending on what exactly Ill end up using the server for, a decent WiFi connection might not be all that problematic either.</p>
<h2 id="conclusion">Conclusion</h2>
<p>I was pleasantly surprised to see how well it works just out of the box and will definitely be keeping Asahi on my MBA. Ill try out some more stuff, especially in regards to running it as a server or I might just keep it around as a nice Linux machine in general.</p>]]></content><author><name>hexaitos</name></author><summary type="html"><![CDATA[In this blog post I will be taking a quick look at Asahi Linux and my opinions on it so far. I have installed it on my base-model M1 MacBook Air and am planning of perhaps turning it into a very low-powered yet still powerful server.]]></summary></entry><entry><title type="html">Hosting my websites at home but I only have a public IPv6 subnet</title><link href="https://hexaitos.com/2024/10/29/hosting_at_home.html" rel="alternate" type="text/html" title="Hosting my websites at home but I only have a public IPv6 subnet" /><published>2024-10-29T00:00:00+01:00</published><updated>2024-10-29T00:00:00+01:00</updated><id>https://hexaitos.com/2024/10/29/hosting_at_home</id><content type="html" xml:base="https://hexaitos.com/2024/10/29/hosting_at_home.html"><![CDATA[<p>I wanted to write a small series of blog posts detailing how I made it so that my websites that are hosted at the server in my apartment (which only has a public IPv6 address) can be accessed from the Internet even if youre in an IPv4-only network and I wanted to start by writing a post about how I delegated an IPv6 prefix to my OPNsense installation from my FRITZ!Box. (Un)fortunately, just as I finished writing it, I found out that the official (I think) <a href="https://docs.opnsense.org/manual/how-tos/ipv6_fb.html">OPNsense documentation</a> has the <em>exact</em> thing I wrote about documented already, so theres really no point in my posting my own version that is almost literally the same thing.</p>
2024-11-11 18:16:50 +00:00
<p>Therefore, Ill just be skipping that portion of my blog post. If youre in Germany and a customer of Vodafones, then you should have been assigned a /59 IPv6 subnet and you can quite simply follow the instructions on the official documentation that I linked above.</p>
<p>Before I start this off, it is important to note that this will <em>only</em> work if youre using Cloudflares proxy. I have not found any other DNS provider that allows you to do this, unfortunately. I know there are some who have quite strong (and often negative) opinions about Cloudflare, so if youre one of those, then you will probably not be able to do this. If youre not sure what Im talking about, you should probably read up on Cloudflare and how their proxy functions first and try to form your own opinion on this matter. If you know of another (free!) way to do this <em>without</em> using Cloudflare, then Id be <a href="/contact">happy to hear about it</a>.</p>
<p><em>Also</em>, Im not claiming that anything Im about to explain is necessarily the best way of going about this; its simply what I found works quite well for me. If I wrote something thats terrible advice or if you found something that I could improve, you are more than welcome to <a href="/contact">contact me about that</a>, too!</p>
<p>And lastly, please note that a lot of ISPs do not technically allow the hosting of webservers if you only have a consumer contract and you might have to pay for a (usually more expensive) business contract instead. Or they might just straight up block certain ports from working in the first place on consumer contracts. Therefore, before you do anything, I urge you to check your ISPs terms of service.</p>
<p>With that out of the way, lets get started!</p>
<h2 id="setup-overview">Setup overview</h2>
<p>Before we start, a quick rundown of my setup. I have a FRITZ!Box 6660 Cable (my main router) to which my server running Proxmox is connected. The FRITZ!Box gets a /59 IPv6 prefix but no public IPv4 (CGNAT). Running on the Proxmox host as a VM is an OPNsense installation. Its WAN network is connected to the <em>LAN</em> network of my FRITZ!Box (it, therefore, gets an IPv4 address in my FRITZ!Box LAN, <code class="language-plaintext highlighter-rouge">192.168.178.0/24</code>) and the OPNsenses LAN network is a virtual network that all other VMs running on my Proxmox installation are connected to. Additionally, I have assigned a /64 IPv6 prefix to the LAN network of my OPNsense (see OPNsense documentation above) and all VMs get both a private IPv4 address (in the OPNsenses <code class="language-plaintext highlighter-rouge">10.10.10.0/24</code> network) via DHCP and an IPv6 address either via SLAAC or DHCPv6.</p>
<p>For my webserver in particular I made a separate and really small (/30) IPv4 subnet with a virtual IP in OPNsense, mostly so this public-facing LXC is in a different network from the VMs and LXCs that are <em>not</em> open to the public. Ill probably switch that over to a VLAN instead of a virtual IP soon. I feel like this is a bit overkill (and probably doesnt add that much security anyway), but I wanted to do it anyway. However, this means that my webserver has a static IPv4 in a different network, namely <code class="language-plaintext highlighter-rouge">10.11.10.2/30</code> with <code class="language-plaintext highlighter-rouge">10.11.10.1/30</code> being the virtual IP I assigned to the OPNsense installation and it cannot talk to any other VM or LXC.</p>
<p>I dont want to share the exact IPv6 prefix I get from my ISP, but lets just pretend its <code class="language-plaintext highlighter-rouge">2001:db8:0:e280::/59</code> where <code class="language-plaintext highlighter-rouge">2001:db8:0:e280::/64</code> is used by the FRITZ!Box itself and where <code class="language-plaintext highlighter-rouge">2001:db8:0:e291::/64</code> has been delegated to the OPNsenses LAN interface. I have assigned a static IPv6 to the LXC which is running my webservers, namely <code class="language-plaintext highlighter-rouge">2001:db8:0:e291::1000:1/128</code>.</p>
<p>My webserver is running Caddy and Im using a module for Caddy called <code class="language-plaintext highlighter-rouge">dns.providers.cloudflare</code> so that Caddy can create an SSL certificate even when its behind Cloudflares proxy.</p>
<p>Okay, that was probably quite a bit of information. The best tl;dr I can think of is: the public IPv6 my webserver gets is <code class="language-plaintext highlighter-rouge">2001:db8:0:e291::1000:1/128</code> (the prefix is not my actual prefix, this is just as an example).</p>
<h2 id="setting-up-cloudflare">Setting up Cloudflare</h2>
<p>Ill assume that you already are somewhat familiar with Cloudflare and how it works, especially after what I mentioned earlier in the blog post and Ill also assume that you have already added your domain to Cloudflare. If you have not yet done so, please refer to <a href="https://developers.cloudflare.com/fundamentals/setup/manage-domains/add-site/">Cloudflares own documentation</a> on how to do this.</p>
<p>What you have to do is go into your domains DNS settings and create <strong>only a single AAAA record with the proxy enabled</strong>. Do not add another <code class="language-plaintext highlighter-rouge">AAAA</code> record or even an <code class="language-plaintext highlighter-rouge">A</code> record; simply add a <code class="language-plaintext highlighter-rouge">AAAA</code> pointing to the IPv6 address of your server. This should look as follows:</p>
<p><img src="/assets/images/blog_posts/hosting_at_home/bateleur_org.png" alt="A screenshot from Cloudflares website showing a single AAAA record set for the domain bateleur.org" /></p>
<p>This is probably the most important aspect of this entire thing if you want your website to be reachable even in networks that do not support IPv6. If you only set a <code class="language-plaintext highlighter-rouge">AAAA</code> record and no <code class="language-plaintext highlighter-rouge">A</code> record, Cloudflare will automatically translate requests from IPv4 networks so that your website can be reached even from those networks.</p>
<p>You may also have to change the SSL settings of your domain. By default, the SSL setting is set to <q>flexible</q> which ended up not working for me and I had to set it to <q>full</q> instead:</p>
<p><img src="/assets/images/blog_posts/hosting_at_home/cloudflare_ssl.png" alt="A screenshot of Cloudflares SSL settings" width="30%" /></p>
<p>While youre here, you might as well also create an API key either for your entire account or only for a particular zone / domain. For more information about what permissions need to be set, you can look at the <a href="https://github.com/caddy-dns/cloudflare">GitHub page for Caddys Cloudflare module</a>.</p>
<h2 id="firewall-rules">Firewall rules</h2>
<p>The first thing youd have to properly set up are the firewall rules, especially the WAN rules. Since the only thing running on my LXC that needs to be accessed from the Internet is a webserver, it only really needs to have ports <code class="language-plaintext highlighter-rouge">443</code> and maybe also port <code class="language-plaintext highlighter-rouge">80</code> open to the public. I created an <a href="https://docs.opnsense.org/manual/aliases.html">alias</a> that includes both ports so that I dont have to create <em>two</em> rules and I simply named it <code class="language-plaintext highlighter-rouge">allowed_ports_default</code>.</p>
<p>However, we can refine this rule a bit further: since <em>all the traffic</em> going to our webserver should come from Cloudflare (as were using their proxy), you change the rule so that only traffic from Cloudflares network is accepted.</p>
<p>To do this, you can simply create yet another alias that includes all the networks that Cloudflare uses. Luckily, Cloudflare publishes the list of their IPv6 subnets which you can find it here: <a href="https://www.cloudflare.com/ips-v6/#">https://www.cloudflare.com/ips-v6/#</a>. So all we need to do is create an alias that includes all seven (at the time of writing) subnets and put that alias into the <q>Source</q> field of our created WAN rules. The alias should end up looking as follows:</p>
<p><img src="/assets/images/blog_posts/hosting_at_home/cloudflare_ips.png" alt="A screenshot showing a firewall alias containing all of Cloudflares IPv6 subnets" /></p>
<p>And the rule should end up looking as follows:</p>
<p><img src="/assets/images/blog_posts/hosting_at_home/wan_rule.png" alt="A screenshot of an OPNsense rule" /></p>
<p>Additionally, you also have to set up the rules on the LAN interface. I created two LAN rules, one for the IPv6 and one for the IPv4 address of my webserver and I allowed only ports <code class="language-plaintext highlighter-rouge">443, 80, 123, 53</code> for both IPv4 TCP/UDP and IPv6 TCP/UDP. I also set up a LAN rule that blocks access from my webservers LAN network to all of my other LANs.</p>
<h2 id="caddy-configuration">Caddy configuration</h2>
<p>Im assuming you know how to get a website up and running with Caddy. If not, I highly recommend looking at their <a href="https://caddyserver.com/docs/">documentation</a>, its really quite simple!</p>
<p>However, getting Caddy to work with the Cloudflare DNS was a little bit annoying at first, because the Debian 12 LXC that Im running did not have the newest version of Caddy in its repositories, apparently, and the version that was available did not have the <code class="language-plaintext highlighter-rouge">add-package</code> command which is needed to install the Cloudflare DNS module. So I simply downloaded the newest <code class="language-plaintext highlighter-rouge">.deb</code> file from Caddys GitHub, installed that and installed the Cloudflare DNS module using the command <code class="language-plaintext highlighter-rouge">sudo caddy add-package github.com/caddy-dns/cloudflare</code>. Afterwards, simply follow the instructions on their GitHub page on how to add the API key to your configuration.</p>
<p>If you then restart Caddy after adding your configuration (or simply starting it for the first time), it should automatically generate an SSL certificate for you and your website should become reachable from <em>both</em> IPv6- and IPv4-only networks.</p>
<h2 id="conclusion">Conclusion</h2>
<p>Your website should now be accessible from the Internet! I hope you enjoyed reading this and I hope it will end up helping someone in the future. If you have any further questions, critique or whatever, <a href="/contact">feel free to reach out to me</a>. This is the first blog post I have written in a <em>long</em> time, so if theres anything you think could be improved in the next one, I would love to hear about it.</p>]]></content><author><name>hexaitos</name></author><summary type="html"><![CDATA[I wanted to write a small series of blog posts detailing how I made it so that my websites that are hosted at the server in my apartment (which only has a public IPv6 address) can be accessed from the Internet even if youre in an IPv4-only network and I wanted to start by writing a post about how I delegated an IPv6 prefix to my OPNsense installation from my FRITZ!Box. (Un)fortunately, just as I finished writing it, I found out that the official (I think) OPNsense documentation has the exact thing I wrote about documented already, so theres really no point in my posting my own version that is almost literally the same thing.]]></summary></entry><entry><title type="html">My first blog post</title><link href="https://hexaitos.com/2024/09/30/first_blog_post.html" rel="alternate" type="text/html" title="My first blog post" /><published>2024-09-30T00:00:00+02:00</published><updated>2024-09-30T00:00:00+02:00</updated><id>https://hexaitos.com/2024/09/30/first_blog_post</id><content type="html" xml:base="https://hexaitos.com/2024/09/30/first_blog_post.html"><![CDATA[<p>Hello everyone! This is my first blog post, mostly just to try out how everything works.</p>]]></content><author><name>hexaitos</name></author><summary type="html"><![CDATA[Hello everyone! This is my first blog post, mostly just to try out how everything works.]]></summary></entry></feed>