Linux Software Virtualisation


Started looking into a service to auto-post from this blog onto my Mastodon feed. Feed2Toot fit the bill perfectly.

I wanted to run the whole thing from a Docker container, though, so I’ll quickly write a how-to.

This whole thing runs from a Raspberry Pi, as root. No k8s or k3s for me. The path I use is /root/git/feed2toot/, so be sure to modify that to whatever you’re using.

First off, get your credentials for the app. You can either install the Feed2Toot package on a system (i.e. throwaway VM, to keep it clean), or use the Docker container below, but add RUN apk add bash and change the last line to CMD ["bash"] and then chroot into it via docker exec -it feed2toot bash.

This will generate two files (feed2toot_clientcred.txt and feed2toot_usercred.txt). Be sure to save these.

You can also try to run Feed2Toot at least once to make sure it’s working and to fine-tune your ini file. This is mine:

; Here you need the two files created by register_feed2toot_app
; Default visibility is public, but you can override it:
; toot_visibility=unlisted



; uri_list=/feed2toot/rsslist.txt
toot={title} {link}
; toot_max_len=500
title_pattern=Open Source
; ignore_ssl=false

; several_words_hashtags_list=/feed2toot/hashtags.txt
; no_tags_in_toot=false

; accept_bozo_exceptions=true

; custom=/var/lib/feed2toot/media/logo.png

I have three other files to make this work, first off Dockerfile:

FROM python:3.6-alpine
RUN pip3 install feed2toot && mkdir -p /etc/feed2toot/
COPY feed2toot.ini feed2toot_clientcred.txt feed2toot_usercred.txt /etc/feed2toot/
VOLUME /feed2toot/
CMD ["feed2toot", "-c", "/etc/feed2toot/feed2toot.ini"]

The script I run to build the container (

git pull

BASEIMAGE=`cat Dockerfile | grep FROM | awk '{print $2}'`
docker pull $BASEIMAGE
docker stop feed2toot
docker rm feed2toot
docker build -t feed2toot .

And finally, the script to run the container every so often (

docker run -d --rm -v /srv/mastodon/feed2toot/:/feed2toot/ --name feed2toot feed2toot

This will save the database file under /srv/mastodon/, to preserve states across rebuilds.

Note that once Feed2Toot runs, it’ll exit, and the container will be stopped. So it does not automatically run all the time.

So, you’ll want to run this every so often. You can add a file to /etc/cron.d/ to run it, for example, every six hours:

# cron-jobs for feed2toot


0 */6 * * *		root	if [ -x /root/git/feed2toot/ ]; then /root/git/feed2toot/ >/dev/null; fi

That’s it. Should do the trick. It’ll now post stuff from your RSS feed onto your timeline.

Oh, and Jeroen has a good post about Mastodon.

Linux Misc Networking Software Virtualisation

I’ve revamped my Smokeping infra a bit since 2020.

First off, starting to use the smokeping.eu1 domain that Bianco got 10 or so years ago instead of using weird URLs under domain.

It’s running on four nodes as we speak:

This is achieved using Smokeping in a docker container, Cloudflare tunnel and Cloudflare CDN/DNS.

1 Doesn't point at anything at the moment. To do later.
Linux Networking Software

Running WireGuard in a Docker container (RPi)

This follows the my two other posts about WireGuard.

Most of this can be copied from the amd64 post — with a minor change for making it work on RPi4. This is the full git repo (including both rpi and amd64).

The main difference is in the file. The installation is a bit different and we’ll need to install the Raspberry Pi kernel headers.

WireGuard is also installed from testing instead of Debian backports.

Note that for older RPi’s (ie gen 1) you’ll need to compile from scratch.

Linux Networking Software

Error! Bad return status for module build on kernel: 4.19.0-8-amd64 (x86_64)

I was rebuilding my WireGuard Docker container today and this error started popping up:

Setting up dkms (2.6.1-4) ...
Setting up wireguard-dkms (1.0.20200429-1~bpo10+1) ...
Loading new wireguard-1.0.20200429 DKMS files...
It is likely that 4.19.0-8-cloud-amd64 belongs to a chroot's host
Building for 4.19.0-8-amd64 and 4.19.0-8-cloud-amd64
Building initial module for 4.19.0-8-amd64
Error! Bad return status for module build on kernel: 4.19.0-8-amd64 (x86_64)
Consult /var/lib/dkms/wireguard/1.0.20200429/build/make.log for more information.
dpkg: error processing package wireguard-dkms (--configure):
 installed wireguard-dkms package post-installation script subprocess returned error exit status 10
Setting up build-essential (12.6) ...
Setting up libalgorithm-diff-xs-perl (0.04-5+b1) ...
Setting up libalgorithm-merge-perl (0.08-3) ...
dpkg: dependency problems prevent configuration of wireguard:
 wireguard depends on wireguard-dkms (>= 0.0.20200121-2) | wireguard-modules (>= 0.0.20191219); however:
  Package wireguard-dkms is not configured yet.
  Package wireguard-modules is not installed.

dpkg: error processing package wireguard (--configure):
 dependency problems - leaving unconfigured
Processing triggers for systemd (241-7~deb10u3) ...
Processing triggers for libc-bin (2.28-10) ...
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)

The solution was to install bc. Seems like Debian is not pulling the right dependencies. I’ll be adding it to my Dockerfile.

Linux Networking Software

Running WireGuard in a Docker container (amd64)

This is the 2nd post about WireGuard.

So I am running two WireGuard servers — one on a Raspberry Pi 4, and one in an amd64 virtual machine. This post will be about getting WireGuard working on amd64 in a Docker container.

As this container rarely get rebuild, I am running unattended-upgrades inside the container to make sure security updates are applied.

I am also running Bind9 to act as a caching DNS server inside the container. Ideally this should be running from its dedicated container but that makes everything more complicated and not worth it for what I am trying.

I am also

The public repo that acts as a proof of concept can be found here. — this file starts (or restarts) and builds the container. It will also create the files as needed, set the forwarding DNS server, etc.

Dockerfile — the example will start a basic container based on debian-slim, set up the port forwarding, install the tools we need, and copy over the configs — this file will be executed after the container has been built. We need to install WireGuard from this file or it will fail due to the volume not being mounted and not having the right params.
This will also start the named (bind9) server.
I manually set ip address add dev wg0 because using Address in wg0.conf caused issues. I haven’t recently tested if that’s still the case.

named.conf.options — pretty standard bind9 config file; I want to be in control of my forwarding server because I am using NextDNS and want to apply a different config.

And of course your wg0.conf.

Running docker exec wireguard wg should give details about your connected hosts.