virtiofs in NixOS

The current way I have landed on to run my NixOS environments is using VM’s on a Proxmox host. One thing that I have not been happy about in this setup is all data is on virtual disks that need to be partitioned, but I recently discovered the Proxmox now supports virtiofs!

Proxmox Virtual Environment

So now I can create a ZFS dataset zfs create tank/mydataset, add it as a Directory Mapping in the PVE Datacenter object pvesh create /cluster/mapping/dir --id mymapping --map node=node1,path=/tank/mydataset and add it as a virtiofs device in the hardware of the VM qm set 100 -virtiofs0 dirid=mymapping. That’s it from PVE’s side.

systemd soft reboot

I wanted write about a brand new feature in systemd 254 that has got me very excited, this feature is soft reboot which is described as:

systemd-soft-reboot.service is a system service that is pulled in by soft-reboot.target and is responsible for performing a userspace-only reboot operation. When invoked, it will send the SIGTERM signal to any processes left running (but does not follow up with SIGKILL, and does not wait for the processes to exit). If the /run/nextroot/ directory exists (which may be a regular directory, a directory mount point or a symlink to either) then it will switch the file system root to it. It then reexecutes the service manager off the (possibly now new) root file system, which will enqueue a new boot transaction as in a normal reboot.

What VPN’s?

One of the big businesses on the internet are VPN (Virtual Private Network) services, but the ones you normally see advertised (Privacy VPN’s) are not what I want to write about today. The VPN services I want to write about are Remote access VPN’s, as per the name the purpose of these VPN services are to securely access remote device and networks. These can be needed in lots of different situations from OEM’s (Original Equipment Manufacturer) needing to support a machine on the other side of the country or a utility provider with hundreds of individual sites, normally these sites will have a little cellular router or on the odd occasion the site will have a local office network where the IT team will want to manage access.

NOTE:When I wrote this post I worked for an Emerson distributor, while this makes me more familiar with the Emerson offering this is my personal blog and thus these are my own thoughts and not my employers. But I am limited in what I can talk about with regards to Emerson due to restrictions imposed on me.

One thing that has gotten me really excited about the Industrial Automation space in the last couple of years is the new generation of PLC’s that are expanding what we can do with PLC’s. So comparing to previous generations a PLC was a standalone deterministic controller that looked after it’s own process, then technology progressed and more complex systems meant we now have PLC’s that are capable of using multiple communication protocols to interface with SCADA and work with other controllers. Now PLCs (some vendors like to call these PAC (Programmable Automation Controllers) but they are still PLCs) are bringing in more complex communication protocols and extending their scope to do more, the purpose of this is to collect more data and move this data to where it can be analysed, processed and used to improve decision making and to eventually automate those decisions to increase productivity and effectiveness.

Following up my previous post on nebula and the two big things that were outstanding were getting DNS over nebula and setting the default route through nebula, Well now I have figured out the DNS side and will be sharing that with you today.

Update 15/08/2023

Due to changes in systemd-networkd the following need to be added, this is reflected in the below examples

KeepConfiguration=yes

What does not work

Now I could just put a DNS server listening on a device connected to nebula but I really wanted to include the built in DNS functionality you can enable in a lighthouse so that I don’t have to remember nebula IP addresses (with being in control of the addressing on all these networks you think I would have aligned all the IP addresses). Also the lighthouse DNS server is only to resolve nodes that have checked into the lighthouse recently so that is only part of the solution I would still like to resolve requests for general DNS.

I have been using OpenVPN for my remote access for a while now and while it works well enough the newer options are very attractive and solve a couple of issues with OpenVPN. I have four use cases for my VPN which are:

1. Connecting remote sites back to my central server.
2. Managing remote sites from central site.
3. Access central services while roaming.
4. Protecting my traffic while on untrusted sites roaming.

After looking at the different options I decided nebula was the most interesting, something I could host myself (as I was doing with OpenVPN) and should be able to address my four use cases (I think).

This post will go over the process I took to make this website for those curious or wanting to go through the process themselves. Broadly the path was purchase a domain, get email for that domain functioning, create a repository in Source Hut for the site and learn how to use a static site generator to create the website.

Self hosting background

Before I get in to the process I should highlight my experience and background so people do not think I started from zero, I have spent the past two years learning to self host my own services where possible with docker, which admittedly was running in Docker For Desktop on a Windows 10 machine using WSL2, these services include my own music server, baby tracker, RSS reader and a Pihole to name a few. Couple this with my career as an engineer in the Industrial Automation space, so I knew the broad strokes of how to do this but no idea on actually implementing it. Background included familiarity with the version control software git (https://git-scm.com/) and using the command line in general.

This is my first Blog post so as is tradition for anything software I would like to say

Hello World!