Drupal 8 and AWS CloudFront

Submitted by isntall on Fri, 07/06/2018 - 08:14

I've been struggling with a couple things since I decided to front my blog with AWS Cloudfront:

  • Keeping the correct domain
  • Search was borked

These have been fixed.

The domain issue was due to not passing the correct headers to the backend servers and those in certain cases would pass the backend URL.
The search needed a new Cloudfront behavior that accepted query strings.

Volumio on a Raspberry Pi 3

Submitted by isntall on Sun, 02/18/2018 - 12:23

Getting more and more into better audio, I've found myself using audio DACs and better headphones.
Keeping up with the various changes to various Linux audio changes to get the best performance is something that has fallen to the wayside.

Amazon DeepLens first impressions

Submitted by isntall on Thu, 11/30/2017 - 19:10

(I haven't actually deployed anything to this device)
I went the training for this device, it was wildly popular. I was fairly impressed how easy the device was in the lab. It was able to recognize humans and a hotdog; all part of the labs. Great.


Linux audio fedility

Submitted by isntall on Sun, 09/10/2017 - 20:59

Of the many hobbies I've jumped to lately, listening to high quality music has been near the top of the list. Choosing the correct source aside, tuning my Linux installs to have the highest Fidelity for the DAC is important. Here are the settings i use to allow for better sound.


Simple Drupal 8 Theming

Submitted by isntall on Sun, 09/10/2017 - 20:55

For a long while I was using a theme named Integrity. It had a lot more functionality than I wanted/needed, but it was easy to strip it down to the parts I wanted.

After a long while I decided to see if there was another theme that would fit the my bill for minimalistic and not offensive to my eyes. And surprisingly enough I found it in one of Drupal's base themes Bartik. I had always dismissed it due to the way it handled the upper tabs. Though with the rediscovery of disabling blocks and finding out those are blocks I can use Bartik.

After cleaning my logo icon, all I need now is to create a favicon.ico and find new fonts.


Loops and conditionals

Submitted by isntall on Sat, 09/09/2017 - 21:32

One of the weaker things in bash are the conditionals, when compared to the simplicity and elegance of a higher language. I know the syntax of both and there are many, many caveats in the bash conditionals that make them non-trivial.

Variables in Jenkins Pipelins

Submitted by isntall on Sat, 09/09/2017 - 07:30

The power that the bash shell affords is hard describe and its familiarity makes the bash shell my go to for almost everything. But I'm continuing on the process of JP (Jenkins Pipelines).

With that end, I need to have some variables defined at the beginning of the run and used throughout the entire job.
Sometimes these variables will be defined in Groovy

btrfs scrub

Submitted by isntall on Fri, 09/08/2017 - 21:29

btrfs scrub check the data integrity

sudo btrfs scrub start /



btrfs balance

Submitted by isntall on Fri, 09/08/2017 - 21:24

btrfs balance

sudo btrfs balance start -dusage=75 /



Jenkins Pipeline round 1...with examples

Submitted by isntall on Fri, 09/08/2017 - 21:10

Recently started to take them more seriously to see how much work it would be to take my current work flow and augment their power.
Most of my jobs are bash scripts that make Jenkins a glorified cron job. Previously Jenkins was very rudimentary, e.g. I just recently started using Jenkins plug-ins for config injection and secret obfuscation.
Now I'm trying to take those newly learned processes and add a whole new DSL on top.

Let's Ecrypt: bare metal OS

Submitted by isntall on Sat, 04/08/2017 - 19:31

Reference for using certbot with nginx.

cd /etc/certbot/
certbot renew  -c ./conf.d/isntall-cli.ini
certbot certonly  -c ./conf.d/isntall-cli.ini
certbot certonly --standalone  -c ./conf.d/isntall-cli.ini


self-signed cert with san

Submitted by isntall on Mon, 02/20/2017 - 18:56
openssl genrsa -out server.key 4096
openssl rsa -in server.key -out server.key.insecure
openssl req -new -key server.key -out server.csr -sha256
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

csr with san

openssl req -new -sha256 \
    -key server.key \
    -subj "/C=US/ST=Oregon/L=Portland/O=EXA/OU=MPL/CN=exa.mpl" \
    -reqexts SAN \
    -config <(cat /etc/ssl/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:exa.mpl,DNS:www.exa.mpl")) \
    -out server.csr

(from https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-command-line)


fish cli gnome-keyring-daemon

Submitted by isntall on Sun, 10/23/2016 - 11:39

Recently something has seemed to change in the way fish cli a gnome-keyring-daemon worked together, or didn't work. Here is a quick function, not pretty, that seems to get these to work again.

function gnome-keyring-daemon
  if test -n "$DESKTOP_SESSION"
    set -x SSH_AUTH_SOCK (gnome-keyring-daemon --start | awk -F= '{print  $2}')



debian package pinning

Submitted by isntall on Tue, 08/16/2016 - 14:41

Debian has really solid software, but sometimes newer feature are needed.


Package: *
Pin: release a=testing
Pin-Priority: 900



deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi

example command

# apt-get -t testing install open-vm-tools-dkms


swap what is it good for...

Submitted by isntall on Thu, 07/07/2016 - 14:01


dd if=/dev/zero of=/mnt/swap16G bs=1G count=16


fallocate -l 16G mnt/swap16G


mkswap /mnt/swap16G
chmod 600 /mnt/swap16G
swapon /mnt/swap16G

add to the /etc/fstab if you want to keep the settings

/mnt/swapfile16g   none    swap    sw    0   0

If using things like AWS instance-store-volume adding the file to the /etc/fstab is not appropriate.
You could create the swapfile on the fly or you could create one swapfile, compress it, and decompress on each boot.
In Ubuntu and other probably others using the /etc/rc.local file can be a decent choice (there are others).

gunzip -c /swapfile16g.gz > /mnt/swapfile16g
chmod 600 /mnt/swapfile16g
swapon /mnt/swapfile16G