Skip to content

Random notes

GitLab Runner update/install

curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash
sudo apt update
sudo apt install gitlab-runner

Registering GitLab Runner

https://docs.gitlab.com/ee/ci/runners/runners_scope.html#create-a-shared-runner-with-a-runner-authentication-token

Knot DNS

https://www.knot-dns.cz/docs/3.3/html/configuration.html

Terraform generic DNS resource

https://registry.terraform.io/providers/hashicorp/dns/latest/docs

TailScale router to add more routes

sudo tailscale up --advertise-routes=192.168.2.0/24,192.168.3.0/24,192.168.4.0/24,192.168.5.0/24,192.168.20.0/24

fix Cockpit network and update issue

https://cockpit-project.org/faq.html#error-message-about-being-offline

HashiCorp Packer

  • cloud-init config for subuquity (ubuntu installer): https://ubuntu.com/server/docs/install/autoinstall-reference
  • packer proxmox: https://developer.hashicorp.com/packer/integrations/hashicorp/proxmox/latest/components/builder/iso

some examples: : - https://github.com/aerialls/madalynn-packer/tree/master - https://www.aerialls.eu/posts/ubuntu-server-2204-image-packer-subiquity-for-proxmox/

Random Linux terminal things

  • get locale: locale -a
  • get keyboard layout: cat /etc/default/keyboard

Proxmox

adding proxmox role/api user for both TF and Packer

  • add user, API token will be attached to this user: pveum user add tf-packer-api@pve

  • create new role with all the required permissions:

    bash pveum role add tf-packer-provisioner -privs "Datastore.AllocateSpace Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Console VM.Migrate VM.Monitor VM.PowerMgmt SDN.Use SDN.Allocate Pool.Allocate Pool.Audit Datastore.AllocateTemplate" - create API token for user (disable priviledge separation so that API will have the same permissions as user):

    bash pveum user token add tf-packer-api@pve tf-packer-api --privsep 0 - modify ACL for the user with permission from the role created previously:

    bash pveum aclmod / --users 'tf-packer-api@pve' --roles tf-packer-provisioner

reason to disable priviledge separation is that if user has no permissions and API token is given the permissions, because of the way Proxmox evaluates, the API will also have no permission. Since this user is explicitly for Terraform and Packer purposes, this will suffice. However, if you are considering to use another user with higher permission do NOT disable privilidge separation and instead modify ACL for API token pveum aclmod / --tokens 'tf-packer-api@pve!tf-packer-api' --roles tf-packer-provisioner

From Proxmox documentation Separated privileges: The token needs to be given explicit access with ACLs. Its effective permissions are calculated by intersecting user and token permissions

Ref https://pve.proxmox.com/wiki/User_Management

Python things

  • set up a simple Python http server: python3 -m http.server 8000