Deploying virtual machines can be manual, boring, and repetitive, but with the right tools, it becomes a seamless process. In this article, I’ll guide you through using Terraform to deploy 5 virtual machines in Hetzner Cloud. All the infrastructure component will be defined in Terraform files and stored in Git, adhering to Infrastructure As Code (IAC) principles. All commands below are run on Ubuntu 24.04 OS, but it should be same on any other Linux distro or MacOS.| [Stepan_Kulikov@blog]# cd ~
About me My life in one sentence →→→ doing tech with questionable efficiency My life in many sentences ↓↓ >>> Im an IT infrastructure engineer, my duties are a combination of: * Linux Administration * DevOps * Support (tech and emotional) * Python programming. >>> I was born in China, where I lived and studied for 24 years. Now I am all over the place. >>> I like to play chess and cook+eat food in my free time, but Im most passionate about doing things with computers.| [Stepan_Kulikov@blog]# cd ~
Intro This article will show how to set-up a local email relay on a Linux machine with msmtp to send emails through Gmail. 2 approaches will be shown: Simple approach: msmtp and App Password. More complex approach with msmtp and mailctl that uses OAuth 2.0 instead of a password. Both of the methods will require a Google account and some patience since there will be some jumping through hoops to obtain correct credentials.| Blogs on [Stepan_Kulikov@blog]# cd ~
Introduction This article is a summary of monitoring best practices as outlined in the book “Practical Monitoring” by Mike Julian. I did not add my thoughts and experience to it, it’s just a simple summary of core concepts from first 3 chapters of the book. The whole book is tool-agnostic and focuses on common themes that occur in different kinds of monitoring systems, so the article also tries to follow this concept.| Blogs on [Stepan_Kulikov@blog]# cd ~
Proton team does not build packages for Gentoo Linux, so we have to figure out how to install it on our own. From what I have gathered, there are 3 ways to go about it: download OpenVPN and Wireguard configuration files from the ProtonVPN UI, install GUI and CLI apps from sources or use community CLI. Configuration Files In the ProtonVPN personal settings configuration files can be downloaded both for OpenVPN and Wireguard.| Blogs on [Stepan_Kulikov@blog]# cd ~
This blog post will cover a way to publish APK files with GitHub Actions for Flutter mobile app with Firebase backend. Workflow example. GitHub Repository Secrets Flutter/Firebase apps have 3 files that hold sensitive information: services.json - Google Cloud credentials in JSON format, this is used by Firebase keystore.jks - Key used to sign the app key.properties - Key properties, such as key password, alias and it’s location All of the above will be encoded (not encrypted!| Blogs on [Stepan_Kulikov@blog]# cd ~
Project Goals Main goal of the project was to write an app that will automatically handle updates on Gentoo Linux systems and send notifications with update summaries. More specifically, I wanted to: Simplify the update process for beginners, offering a safer and more intuitive method. Minimize time experienced users expend on routine update tasks, decreasing their workload. Ensure systems remain secure and regularly updated with minimal manual intervention. Keep users informed of the updates...| Blogs on [Stepan_Kulikov@blog]# cd ~
Introduction This article will go through the basic usage of gentoo_update CLI tool and the mobile app. But before that, here is a demo of this project: ⚠️ CLI was rewritten in version 0.2.2 and the video is slightly outdated Commands in this article were updated to the new CLI standard Video will be updated soon 😼 gentoo_update CLI App Installation gentoo_update is available in GURU overlay and in PyPI. Generally, installing the program from GURU overlay is the preferred method, but P...| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of all the changes made on Automated Gentoo System Updater project during weeks 11 and 12 of GSoC. Project is hosted on GitHub ( gentoo_update and mobile app), blog post can be also found on Gentoo Blogs. Progress on Weeks 11 and 12 During last 2 weeks I’ve completed app UI and Firebase backend. Most of the work is done! I’m not entirely pleased with how the backend works.| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of all the changes made on Automated Gentoo System Updater project during week 10 of GSoC. Project is hosted on GitHub ( gentoo_update and mobile app), blog post can be also found on Gentoo Blogs. Progress on Week 10 I have finalized app architecture, here are the details: The app’s main functionality is to receive notification from the push server. For each user, it will create a unique API token after authentication (there is an Anonymous option).| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of all the changes made on Automated Gentoo System Updater project during week 9 of GSoC. Project is hosted on GitHub, blog post can be also found on Gentoo Blogs Progress on Week 9 This week, much of my time was devoted to improving Dart and Flutter skills, preparing to develop the mobile app and researching app architecture. I have made some gentoo_update code improvements as well:| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of all the changes made on Automated Gentoo System Updater project during week 8 of GSoC. Project is hosted on GitHub, blog post can be also found on Gentoo Blogs. Progress on Week 8 Currently, the updater supports two methods of notifications: IRC bot and email. The IRC bot was built using Python’s sockets library with SSL support. Although functional, it remains quite basic and encounters issues with sending out the report properly in approximately 20% of cases.| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of all the changes made on Automated Gentoo System Updater project during weeks 6 and 7 of GSoC. Project is hosted on GitHub, blog post can be also found on Gentoo Blogs. Progress on Weeks 6 + 7 These 2 weeks were spent on the parser and the reporter. During this time, I’ve added many features to it, but there are still much more things left to be done.| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of all the changes made on Automated Gentoo System Updater project during week 5 of GSoC. Project is hosted on GitHub, blog post can be also found on Gentoo Blogs. Progress on Week 5 Week started off by receiving some feedback from the community in the forums. Here are some nice ideas that community have suggested to implement: Fallback to the latest version of the package if an error is encountered during an update; Add an option to control Portage niceness; Estimat...| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of all the changes made on Automated Gentoo System Updater project during week 4 of GSoC. Project is hosted on Github, blog post can be also found on Gentoo Blogs. Progress on Week 4 Started the week by discovering that my updates to ebuild were not accepted in the GURU overlay. The issue arose due to a misuse of USE flags feature in the ebuild. Maintainers of GURU (big thanks to antecrescent!| Blogs on [Stepan_Kulikov@blog]# cd ~
Introduction gentoo_update (Github repo) is a tool that automatically updates Gentoo Linux. Motivation Gentoo Linux gives users maximum flexibility and control over the system. A great example of this is the OS upgrade process. Users have a large selection of different command utilities and a bunch of configuration options to choose from to tailor the upgrade process to their needs. Here is the list of some tools that are commonly used during an upgrade:| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of all the changes made on Automated Gentoo System Updater project during week 3 of GSoC. Project is hosted on Github, blog post can be also found on Gentoo Blogs Progress on Week 3 gentoo_update finally received some Github stars! It also has received 2 issues (#7 and #8). In #7 someone suggested to remove update.sh from being installed in the PATH, and only expose gentoo-update as entry point.| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of all the changes made on Automated Gentoo System Updater project during week 2 of GSoC. Project is hosted on Github Progress on Week 2 This week was all about packaging and testing. The updater is still in its infancy, but it’s much better to package everything nicely right away and not think about this in the future. I kicked things off by bundling all the code into one directory and set it up as a Python module.| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of all the changes made on Automated Gentoo System Updater project during week 1 of GSoC. Project is hosted on Github Progress on Week 1 The most basic version of the updater program is ready. By default it only installs security patches from GLSA using glsa-check, but it also allows users to update @world with their custom update flags. Additionally, after an update users can choose to:| Blogs on [Stepan_Kulikov@blog]# cd ~
In this article I want to share my experience in applying to Google Summer of Code 2023 (GSoC). I was lucky enough to get accepted and I hope that this article will help someone in their future applications. Disclaimer: This article is not a guide on how to get accepted, it’s just my journey and my thoughts on the process. The outcome depends on your skills, organization, the project idea, Google and most importantly - luck.| Blogs on [Stepan_Kulikov@blog]# cd ~
Consider a large inventory file full of hosts, some of them only have private IP addresses, but some of them have public IPs as well. The goal is to identify which hosts have a public IP and print it in a debug message. The process involves running a playbook with a custom filter plugin to examine every host. If a public IP exists on a host, the print a debug message to identify the host.| Blogs on [Stepan_Kulikov@blog]# cd ~
Pebbles is a Telegram bot designed to address a specific challenge: the difficulty of executing commands on Linux servers from a mobile device. While there are already excellent CLI tools for mobile devices, such as Termux, it didn’t quite fit my needs. Typing CLI keys on a small touch screen can be cumbersome, especially in crowded spaces like a subway. A Telegram bot emerged as an ideal solution since I was already an avid Telegram and Python user.| Blogs on [Stepan_Kulikov@blog]# cd ~
Consider a large inventory file full of hosts. The goal is to create a smaller list, a ‘sub-inventory’, containing only hosts with a specific service - Docker, in this case. The process involves running a playbook to examine every host. If Docker exists on a host, this host gets added to the smaller list. What’s the significance of this action? During the initial creation of the large inventory, hosts with Docker weren’t categorized separately.| Blogs on [Stepan_Kulikov@blog]# cd ~
Case study: Imagine that firewalld needs to be configured on multiple servers with Ansible. Different servers might have different ports and services are allowed through the firewall. But at the same time some settings are same across all servers, for example the default zone. This article will attempt to provide the best way to configure host_vars and group_vars for firewalld configuration. Since the main focus of this article is on variables, only localhost will be used in examples below.| Blogs on [Stepan_Kulikov@blog]# cd ~
Gentoo’s package manager Portage has an organizational feature called sets. A set is essentially a named list of packages that you can use to install or update multiple packages at once. There are predefined system sets like @world that contain all packages installed in the system, and it’s also possible to create custom ones, for example for a specific application. This is a very useful feature, because it allows users to easily install uninstall and upgrade packages.| Blogs on [Stepan_Kulikov@blog]# cd ~
USE flags that allow users to customize the way packages are built and installed on a system. They are essentially a set of optional features that can be enabled or disabled for each package, depending on the specific needs and preferences. For example, some packages may offer optional support for certain file formats or network protocols. By enabling the appropriate USE flags for these features the package will be built with support for those features.| Blogs on [Stepan_Kulikov@blog]# cd ~
Gentoo Linux, being a true meta-distribution, give users maximum flexibility and control over the system. A stark example of this is the OS upgrade process. Users have a large choice of different command utilities and a bunch of configuration option to choose from to tailor the upgrade process to their needs. This guide will attempt to combine and distill the best practices and recommendations from the Gentoo Wiki/Forums and other sources into a single guide.| Blogs on [Stepan_Kulikov@blog]# cd ~
This article is a summary of couple Gentoo Wiki articles that teaches how to get access to Gentoo’s GURU overlay and start creating your own ebuilds or maintain existing ones. Disclaimer: I am not a Gentoo developer, and I just started interacting with Gentoo community and this is what I’ve learned so far. There are probably (definitely) better ways to do this, and I’ll be glad to hear suggestions. Step 1: Request Access This step is not mandatory if the goal is to create ebuilds locall...| Blogs on [Stepan_Kulikov@blog]# cd ~
Articles I thought to be extremely entertaining and from which I have learned alot. Infrastructure [Link] - Building Infrastructure for AI company [Link] - Scaling Google Sheets as a backend [Link] - We have left the cloud [Link] - Lessons Learned from Twenty Years of Site Reliability Engineering [Link] - Scaling pull-based monitoring system [Link] - Platform engineering [Link] - Kubernetes infra that can be managed by 1 person Git [Link] - Git Branching Model Tools [Link] - NGINXConfig [Link...| Blogs on [Stepan_Kulikov@blog]# cd ~
There are many ways to install a Nginx web server on Linux. It can be installed using OS’s packager manager, either from distro’s repositories on from Nginx’s official repos. It can be compiled from source. But my favorite way is definitely in a Docker container. Main benefits are: Nothing is installed on the system Many different versions are available (without adding external repositories) It’s easy to transition from a normal install to Docker Step 1: Preparing Nginx configuration ...| Blogs on [Stepan_Kulikov@blog]# cd ~
I really didn’t think that it will ever be a necessary to use IRC in modern world. First of all, there are better alternatives like Discord and Matrix. Secondly, IRC is a technology from 1988. For a bit of context, in 1988 Soviet Union was still a thing, and Guns and Roses just started making good music. Privileged Gen-Z rhetoric aside, it’s actually not all that bad. Yes, if you are old school you can still use IRC in the terminal, and constantly remind everyone how old days were much be...| Blogs on [Stepan_Kulikov@blog]# cd ~
For me the toughest and most time consuming part of web development was always front end. All the centering divs, box models and CSS inheritance stuff. And even if I get all the code to work, website still looks like highschool student’s project from the 90s. Well, no more. Hugo framework allows users to create websites using Markdown language, and takes care of rendering Markdown files into HTML and CSS code.| Blogs on [Stepan_Kulikov@blog]# cd ~