5g dev boards

https://www.waveshare.com/sim8200ea-m2-5g-hat.htm?sku=18578

Still looking for a good mmwave antenna to add.

Terraform can now deploy ZT networks

Multicloud and Hybrid just got easier...

https://www.zerotier.com/2021/10/14/zerotier-central-now-integrates-with-hashicorp-terraform/

Mesh VPN's to explore

 While I am a huge fan of the product from ZeroTier, I am also interested in exploring another similar product that I discovered called Tailscale.

https://tailscale.com/blog/how-tailscale-works/

Frigate Hassio AI NVR

I am interested to test out this docker container for monitoring a video feed via your personal NVR on HomeAssistant.

https://blakeblackshear.github.io/frigate/installation

PCPartPicker

https://pcpartpicker.com

Ubuntu reset APT sources

 

Command to reset apt sources in Ubuntu:

printf 'deb http://archive.ubuntu.com/ubuntu %s main multiverse universe restricted\n' "$(lsb_release -sc)"{,-security} > /etc/apt/sources.list

Using the FortiOS API

 I found this great article on terraform.io on how to setup API's in Fortigate devices. This was difficult to find documentation about so I figured I would call out the good job that they did in publishing this guide. 

https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs/guides/fgt_token

Nested Esxi article

Great article on using nested esxi. 

https://ttytoast.io/getting-fancy-with-nested-esxi/

Zabbix on Docker

https://blog.zabbix.com/zabbix-docker-containers/7150/

Amazon Connect Connectivity Tester

 https://s3.amazonaws.com/connectivitytest/checkConnectivity.html

Production NodeRed with DevOps

 https://binnes.github.io/Node-RED-container-prod/Packaging-Node-RED-apps-in-containers/index.html

12 Factors

 https://12factor.net/

Linux Server Default Hardening

### Ubuntu update packages ###

sudo bash
apt-get update
apt-get upgrade -y
apt dist-upgrade -y

### Ubuntu install unattended-upgrades ###

sudo bash
apt install unattended-upgrades -y
dpkg-reconfigure --priority=low unattended-upgrades

### Ubuntu create user ###

sudo bash
adduser <myuser>

### Ubuntu sudo group ###
usermod -aG sudo <myuser>

### Create KeyPairs instead of Passwords on your workstation ###

mkdir ~/.ssh && chmod 700 ~/.ssh #####On your workstation not server####
ssh-keygen -b 4096

### Copy public key to server ###
ssh-copy-id <myuser>@myserver

### /etc/ssh/sshd_config settings to consider changing ###

Port 22
AddressFamily inet
PermitRootLogin no
PasswordAuthentication no

### Restart sshd ###

sudo systemctl restart sshd

I was working this and I found this great video by NetworkChuck's! Please visit his site and like/subscribe to his pages. I am a big fan of his.

STEP 1 - Enable Automatic Updates

Manual Updates:

apt update
apt dist-upgrade

Automatic Updates:

apt install unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades

STEP 2 - Create a Limited User Account

Create a User:

adduser {username}

Add user to the sudo group:

usermod -aG sudo {username}

STEP 3 - Passwords are for SUCKERS!

Create the Public Key Directory on your Linux Server

mkdir ~/.ssh && chmod 700 ~/.ssh

Create Public/Private keys on your computer

ssh-keygen -b 4096

Upload your Public key to the your Linux Server (Windows)

scp $env:USERPROFILE/.ssh/id_rsa.pub {username}@{server ip}:~/.ssh/authorized_keys

Upload your Public key to the your Linux Server (MAC)

scp ~/.ssh/id_rsa.pub {username}@{server ip}:~/.ssh/authorized_keys

Upload your Public key to the your Linux Server (LINUX)

ssh-copy-id {username}@{server ip}

STEP 4 - Lockdown Logins

Edit the SSH config file

sudo nano /etc/ssh/sshd_config

STEP 5 - FIREWALL IT UP

See open ports

sudo ss -tupln

Install UFW

apt install ufw

See UFW status

sudo ufw status

Allow port through firewall

sudo ufw allow {port number}

Enable Firewall

sudo ufw enable

Reload Firewall

sudo ufw reload

Drop pings

Edit the UFW config file

sudo nano /etc/ufw/before.rules

Add this line of config:

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

ZeroTier as a management network

Zerotier is a great open source project that enables a Global Layer 2 network.

ZeroTier, OPNSense and FRRouting

Well written Blog on this topic:

https://darkcloud.dk/2020/02/05/ZeroTier-in-the-homelab/

I am a huge fan of the work the guys over a ZeroTier have done in simplifying virtual networks on a Global scale with their Virtual Layer 1 and Virtual Layer 2 networks.

This has made some of my projects much more simple and makes the internet work the way it was supposed to when it was designed as a peer to peer network. It is a good bridge to enable some of the benefits of IPV6 all while still running an IPV4 private network. I will continue to follow this team as they grow this product's features. I just hope that they stay open source so that everyone can use this technology.  

Knolling - The Art of Organizing

I found this article very interesting and soothing to look at how some find organizing relaxing. I don't find the process relaxing myself, but the end product is very artistic to me. Take a look at this article. Thanks Jason for introducing me to this:

 http://thebrickblogger.com/2020/04/knolling-with-lego-the-art-of-organizing/