INT 21h

Hi, I am Vladimir Smagin, SysAdmin and Kaptain. Telegram Email / GIT / Thingiverse / RSS / GPG

Virtualbox: mount physical disk

№ 11191 В разделе "Sysadmin" от January 4th, 2021,
В подшивках: ,

Add your user to disk group and relogin\reboot.

Next create volume file:

VBoxManage internalcommands createrawvmdk -filename 16Gflash.vmdk -rawdisk /dev/sdf

Add disk and mount to virtual machine

Нет комментариев »

Credentials and other secrets from Vault to your containers at startup

№ 11183 В разделах: Programming Sysadmin от January 2nd, 2021,
В подшивках: , , , ,

What if you stored your database credentials in Vault and want to make ENV variables with them for your application at container startup? You can do it for Kubernetes deployments or plain Docker containers with my small program vault-envs.

Add to your Dockerfile additional steps:

  • install my vault-envs programs that “converts” secret to ENV variables
  • create\modify entrypoint script where or call vault-envs and other pre-startup actions

Add to your Dockerfile steps:

# add Ubuntu\Debian repo and install vault-envs with fresh certificates
RUN curl | apt-key add - && \
    echo "deb bionic main" | tee /etc/apt/sources.list.d/21h.list && \
    apt update
RUN apt install -y ca-certificates vault-envs

# copy entrypoint script
RUN chmod +x /


Your entrypoint script will look like:



export eval `vault-envs -token "$VAULT_TOKEN" \
        -vault-url \
        -vault-path /prod/crm/connection_postgres -envs-prefix "PG_"`

export eval `vault-envs -token "$VAULT_TOKEN" \
        -vault-url \
        -vault-path /prod/crm/connection_mysql -envs-prefix "MYSQL_"`

export eval `vault-envs -token "$VAULT_TOKEN" \
        -vault-url \
        -vault-path /prod/crm/connection_api`


exec "$@"

If some vars names is identical they will be overwritten at next vault-envs call, so I used prefix.

Now build image and run

docker run --rm -e VAULT_TOKEN=s.QQmLlqnHnRAEO9eUeoggeK1n crm printenv

and see results at container console:


Wooh! You did it.

Нет комментариев »


№ 11163 В разделах: Electronics Sysadmin от December 31st, 2020,
В подшивках: , ,

Замутил себе GNUK в качестве хранилища ключей для дешифровки писем, бэкапов и прочего хлама, а также ssh авторизации на серверах. Стоит оно всего 140 руб, что гораздо дешевле аналогов за 50 баксов 🙂 На отлично работает под линуксами с GnuPG.

Заказал тут Для прошивки нужен второй такой или любой другой прошивальщик STM32.

Нет комментариев »

Downgrade Thunderbird 78 back to 68 in Ubuntu and Manjaro

№ 11138 В разделе "Sysadmin" от December 5th, 2020,
В подшивках: ,


At first, return back old software source to your repositories:

echo "deb focal-security main"| sudo tee /etc/apt/sources.list.d/thunderbird.list
sudo apt update

Now check available versions:

$ apt-cache policy thunderbird
  Installed: 1:68.10.0+build1-0ubuntu0.20.04.1
  Candidate: 1:78.5.0+build3-0ubuntu0.20.10.1
  Version table:
     1:78.5.0+build3-0ubuntu0.20.10.1 500
        500 groovy-updates/main amd64 Packages
        500 groovy-security/main amd64 Packages
     1:78.3.2+build1-0ubuntu1 500
        500 groovy/main amd64 Packages
 *** 1:68.10.0+build1-0ubuntu0.20.04.1 500
        500 focal-security/main amd64 Packages
        100 /var/lib/dpkg/status

You see last “1:68.10.0+build1-0ubuntu0.20.04.1”, install it and keep forever.

sudo apt-get install thunderbird=1:68.10.0+build1-0ubuntu0.20.04.1
sudo apt-mark hold thunderbird


Manjaro is a rolling update distro, but you can still install old software versions with some additional tricks.

sudo pacman -S downgrade 
sudo DOWNGRADE_FROM_ALA=1 downgrade thunderbird

You see last version you want 68 under number 33. Type it and Enter.

How DOWNGRADE PROFILE from 78 to 68 after accidentally run of 78

In console check version and allow downgrade:

thunderbird --version
 Thunderbird 68.10.0

thunderbird --allow-downgrade

After this you can continue use your old profile.

Finally, fuck you Mozilla.

Нет комментариев »

Add cache control and CORS to nginx ingress in Kubernetes

№ 11131 В разделе "Sysadmin" от November 3rd, 2020,
В подшивках: ,

annotations: |
      if ($request_uri ~* \.(js|css|gif|jpe?g|png|woff|woff2|ico)) {
        expires 1M;
        add_header Cache-Control "public";
      } >-
      Authorization 'GET, PUT, POST, DELETE, PATCH, OPTIONS' '*' 'true'

Нет комментариев »


Fortune cookie: A conservative is a man who believes that nothing should be done for the first time. -- Alfred E. Wiggam