Dark's Code Dump

Possibly useful

Tunnel a secondary public IP from one server to a VM on another server

My problem was that I have a OVH SoYouStart server with 16 DDoS-protected IPs that I want to use on other servers, in this case as the public IP of a VM on another server.

Been through a lot of guides to do this that require complicated (IMO) NAT configurations, but was not convinced NAT is necessary when an IP on the source server can be completely dedicated to the destination server. Also seen some guides use GRE or IPIP but would rather use something secure.

Turns out it is indeed possible to do this without any NAT using just pure Wireguard!

(more…)

Debian bootable encrypted RAID 1 with redundancy on /boot

Achieving a MD RAID 1 setup that behaves like a hardware RAID 1 (in terms of booting) is not straight forward. This process worked for me to set up a bootable RAID 1 with LUKS+LVM that keeps /boot automatically in sync as part of the RAID.

(more…)

Force systemd services to use a secondary IP

This assumes a routing/IP setup like OVH has for multiple IPs, with everything through a single physical interface. Virtual MACs should not be used.

The key benefits of this over editing application configs are:

  • Handles applications that force listen on all interfaces
  • Handles outbound traffic sensibly (ie without editing source addresses)
  • Applications that sniff the public IP see the secondary IP
  • Fails loudly - application will lose all connectivity, rather than being silently unconfined

(more…)

UEFI won’t mount ESP and rEFInd reports “chain on hard drive failed”

Had this issue on an OVH (SoYouStart) server where I had reformatted the NVMe drives to 4K logical sectors, and then partitioned them to 100 MB ESP and remainder LVM.

The UEFI refused to mount the ESP, and when forcibly mounted could not read any files from it. Likewise OVH's network boot rEFInd reported "chain on hard drive failed", also failing to mount/read the partition.

(more…)

USB flash drive to pause/rewind live TV on LG TV

The following method allows you to use a USB flash drive for 'Live Playback' aka pausing/rewinding live TV on an LG TV. Normally only USB hard drives or USB SSDs are supported.

The error I encountered when trying to pause TV with a USB flash drive connected was:

This storage device cannot be used for Live Playback.

(more…)

LG CX i1Display Pro Bodner Meter Profile

Never was happy with the white balance on my CX using an i1Display Pro colorimeter alone. HCFR: wrong, Calman Raw XYZ: wrong, Calman FSI EDR: close but too red, default untouched: close but too green.

OLED is an unusual case where the human eye trumps a colorimeter alone, as it is impossible to ship a correction that fits all OLEDs. Without a spectrophotometer, good white balance can only be achieved by a perceptual match with a known good monitor.

Read on for more, including meter profile

LG CX OLED ideal sharpness setting

tl;dr:

4K:

  • Sharpness: 0
  • Super Resolution: Off

Anything else:

  • Sharpness: 12
  • Super Resolution: Low

(more…)

Raspberry Pi 4 sucks for USB audio

I bought a Raspberry Pi 4 B under the impression that it was great for USB audio. It is sold as having hardware issues from previous versions fixed, relating to overlap between ethernet and USB.

(more…)

Signal backups using Linux headless server

I went deeper down the rabbit hole of Signal's lack of message backups on iOS, and discovered the Signal Desktop app works differently to WhatsApp - it does not require any connection to the phone, instead it syncs directly from the server. Using the desktop app you can achieve proper backups, however it requires near 24/7 uptime if you are a heavy user, as only the 1000 newest messages are cached on the server. Any messages beyond the buffer of 1000 while the desktop client is offline will never sync to it.

If you have a 24/7 non-headless machine with any OS, you have things way easier and you don't need this guide. (Just install Signal as normal and leave it running all the time.) I only have headless Linux servers running 24/7, so if that is you then read on.

(more…)

My issues with Signal

Signal has taken the world by storm since WhatsApp introduced their latest round of anti-privacy changes. At face value, Signal seems great, but it has flaws that have me seriously considering whether the privacy aspect is worth it:

(more…)