May 31, 2024
Many strategies can be employed to build resilience in IT systems.
Personally, I think one of the most critical yet overlooked ones - both in personal and corporate settings - is backups.
I recently had to back up a folder containing the state of a service running on a Fedora machine.
As often happens, an interesting aspect of this service is that the backups are consistent and, therefore, restorable only if the service is stopped while the configuration folder is backed up.
Due to the design of this host, I wanted to use Systemd as the backup driver and keep it as simple and obvious as possible.
Read More 
April 30, 2024
VPNs can be used in different ways based on the desired objective.
If the goal is to reach some specific web pages served only within a network, using a proxy will probably do the trick.
Another common use for VPNs is to ensure the confidentiality of data transferred between a remote system and a safe site.
In this case, we might want to ensure that all traffic from the remote system reaches the safe site via the VPN.
Read More 
March 31, 2024
A while ago, I posted about using SSH to proxy traffic within a Nebula network context.
In the last few months, I changed my implementation because SSH required some steps and accesses that I was not fully happy with.
In the previous iteration, I was using SSH as a SOCKS proxy.
The problem, though, is that I need to set up the connection every time and use my SSH credentials, so it becomes difficult to have it always on.
A different SOCKS proxy software needs to be used to achieve the same result without SSH.
Read More 
February 29, 2024
When I deploy a system, I always try to automate it fully.
There are many reasons for this, one of which is that, in this way, the automation becomes the documentation for the system itself.
Another reason that drives me to automate everything is my preference for clean systems.
Another consequence of this preference I have is that in the last few years, I’ve moved many systems to a Fedora rpm-ostree flavor (eg: Fedora CoreOS, Fedora IoT, Fedora Atomic) with the various services running in containers managed directly by systemd via podman.
I prefer to create container images via CI/CD processes for the same reasons.
Since I use Quay.io a lot, I usually leverage its capability to hook into git repos and rebuild images based on git tags or git commits.
Recently, I needed a multi-arch image, and I discovered that the usual process does not support multi-arch images.
Read More 
December 31, 2023
Since the merge of Quadlet in Podman, I’ve been moving multiple services to Podman Systemd services.
I find them to be easy to create, manage, and automate.
I recently migrated a complex system to Podman Systemd, where multiple processes write in a folder, and one process reads the folder’s content.
Before the migration, everything worked properly since all the processes were running natively on the machine with the same user.
After the migration, there were some permissions issues.
This issue allowed me to dive a little more deeply into the whole implementation of SELinux for containers and realize a few interesting things.
Read More 
October 19, 2023
Over the last few years, I’ve moved many of my systems to Immutable versions of Fedora.
One of the last systems still missing was my Hetzner Dedicated server.
The blocking part for me was that Hetzner is not offering any Fedora or Immutable options.
However, Hetzner provides the Rescue System, which is a Debian system, so it is possible to leverage it!
After rebooting in Rescue mode:
Go to Hetzner Robot.
Select the proper server.
Go to the “Rescue” tab.
Click “Activate rescue system” after properly selecting the Public Key and keyboard layout.
You can now reboot the machine, and after it boots back up, you can log in to the Rescue System.
Read More 
May 17, 2023
Until a few months ago, the only option to start containers from Systemd was to create a Systemd unit which called podman (or docker) with the run sub-command.
Podman was also providing podman generate systemd to easily create such Systemd file.
This has now changed.
From version 4.4 of Podman, in addition to the mentioned method, it is possible to use Quadlet to simplify the execution of containers from Systemd.
Quadlet allows you to create additional kinds of Systemd units to manage your container needs:
Read More 
April 18, 2023
With Fedora 38 officially released, Sericea and Sway Spin have also been officially released!
In the last month, I’ve been working on those variants’ presence on the Fedora website.
Now both variants have their page on the Fedora Website respectively at Sericea and Sway Spin.
If you have any questions, reach the Sway SIG in the following ways:
I hope many of you will find these valuable improvements to Fedora as much as I do.
Read More 
March 24, 2023
The Fedora Project released Fedora 38 beta images.
The Fedora Sway Spin and the Fedora Sericea ones are in the long list of released images!
This is a critical point in the release of those Fedora artifacts based on Sway since it is the first time it has been possible to test them for the wider public.
Although the Fedora Project has been creating Sway artifacts for a couple of months, those were based on Rawhide, which is “a not always stable” version of Fedora, since it tracks far in the future (4-10 months) versions of Fedora.
Read More 
February 24, 2023
A few weeks ago, I was doing a security check on one of my machines to ensure that everything was secure when I noticed that there were some ports open that I was surprised to find out.
The way I discovered those ports was by checking some ports with netcat (nc -zv IP_ADDRESS PORT).
I was expecting those ports to be closed, and I got surprised when netcat claimed to be able to connect to them.
Read More 
(Fabio Alessandro Locati|Fale)'s blog