Intro

Attempting to organize my notes with mdBook.

Rust

Installing Rust

I really dislike curlpipes, and installing software outside of package managers. And cargo is a really good package manager, but unfortunately theres a lack of good Rust packages in Linux distro repos. The official Rust Forge documentation (supplementary docs for Rust, a lot of interesting stuff there around how they manage the project, infrastrucutre, build channels, design desiciions and such) doesnt really mention any good packages in Linux distros or particularly recommend using the ones that do exist.

So im using the curlpipe rustup.sh script..

The Debian repos seem to have somewhat up to date packages (and they have a RustPackaging team).

And Ubuntu isnt too far behind, I will try that out soon and update:

amine:~$ apt-cache policy rust-all
rust-all:
  Installed: (none)
  Candidate: 1.66.1+dfsg0ubuntu1-0ubuntu0.22.04.1

After having just updated with rustup update:

amine:~$ cargo --version
cargo 1.71.1 (7f1d04c00 2023-07-29)

There is also a rustlang PPA on Launchpad with stable and nightly builds that ive seen mentioned.

I should probably build and package Rust and friends for my builds repo some day..

Cross compiling

Easiest way that i have found is to use cross. It cross-compilers in docker (or podman) containers, that it manages itself.

You can also use cargo directly with cargo build --target=$target, but i havent given that more than a cursory attempt (but i should, to understand how cross relates to cargo better)

make sure to have your user in the docker group to avoid root.

You can get a list of supoprted targets (platforms?) from rustc:

$ rustc --print target-list

For more details on the different targets and how well they are supported, check the rustc documentation about about Platform suppport and the for cross specifically, the cross/README.md also has a list.

Configuring `cargo`

If you are cross compiling, then you are most likely targeting a platform that you cant or dont want to compile on. Basically something less powerful and common than say x86_64 (or at least I am). So you'll most likely want a statically linked binary. You dont configure that in Cargo.toml, because that is for configuration of your project itself, and we need to configure cargo (not the project that it is building).

targets with musl are generally preferred for building statically linked binaries.

So you need to add that to cargo.toml, which can live in a couple of places, the ones that i use are

$HOME/.cargo/config.toml
$PWD/.cargo/config.toml

Note that youll sometimes see it referred to without the .toml suffix as .cargo/config -- thats a legacy name for the same file.

Making static builds

To get a static build, you need to pass -C target-feature=+crt-static to rustc. So if you're running rustc directly, this should work:

rustc -C target-feature=+crt-static

But you probably arent, and you probably want to use the cargo config. If you use the cargo config, you can specify options for multiple targets in the same place, which is kind of neat:

[target.x86_64-unknown-linux-musl]
rustflags = ["-C", "target-feature=+crt-static"]

# my vacuum cleaner
[target.aarch64-unknown-linux-musl]
rustflags = ["-C", "target-feature=+crt-static"]

# my router
[target.armv7-unknown-linux-musleabihf]
rustflags = ["-C", "target-feature=+crt-static"]

# my access point
[target.mips-unknown-linux-musl]
rustflags = ["-C", "target-feature=+crt-static"]

Then to compile, say for my vacuum cleaner:

amine ~/projects/robot $ cross build --target aarch64-unknown-linux-musl --release
   Compiling hello_robot v0.1.0 (/project)
    Finished release [optimized] target(s) in 0.16s

You'll find the compiled binary in target/${target}/release (assuming you built with --release):

amine ~/projects/robot $ file target/aarch64-unknown-linux-musl/release/hello_robot
target/aarch64-unknown-linux-musl/release/hello_robot: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, with debug_info, not stripped

Transfer it somehow to the machine with the architectory you targetted, and it will .. just work:

amine ~/projects/robot $ scp target/aarch64-unknown-linux-musl/release/hello_robot vacuum-robot:/data
hello_robot

[root@vacuum-robot ~]# /data/hello_robot
Hello, world!

As a sidenote, if you have a robot vacuum and you havent rooted it, then you are missing out.

Useful commands

If youre somewhere without rust installed, can can use the docker images. To get the list of supported targets for example:

$ docker run --rm --user "$(id -u)":"$(id -g)" rust:latest rustc --print target-list

Python

Notes

Use poetry-bumpversion with poetry. Its a poetry plugin, and not tied to the project (wich would have been nice).

poetry self add poetry-bumpversion

And in your pyproject.toml, configure as needed:

[tool.poetry_bumpversion.file."${module_name}/__init__.py"]
[tool.poetry_bumpversion.file."tests/test_version.py"]

With this example it will update __version__ in ${module_name}/__init__.py to the version in pyproject.toml, and also keep the version number in tests/test_version.py up to date.

Ansible

Home Automation

Detecting rain

NOTE: these are notes on on ongoing "project" that i sporadically work on, not actual documentation of how to achieve anything

Hydreon RG-9

https://rainsensors.com/products/rg-9/
https://rainsensors.com/support/rg-mounting-alternatives/
https://rainsensors.com/support/rg-9-rg-15-faq/
https://community.home-assistant.io/t/hydreon-rg-15-rain-sensor/332794
https://www.esphome.io/components/sensor/hydreon_rgxx

Z-Wave tipping bucket: POPE700168

Weather APIs

Hacking my door phone connect it with Z-Wave

Background

The intercom/buzzer/doorphone in my flat is a Siedle HTS 711-01, and i wanted to be able to press the the button remotely, to trigger the lock downstairs in my building.

The ringer also makes a deeply horrible sound when some rings my bell, the next part for this project is to sense the ring singlas when this happens, and play an actually pleasant sound instead. Being able to automate and schedule when it is on/off based on the rest of the state of my flat will also be nice. But i started with the easy part, triggering the door unlocking.

Adding a relay to trigger the buzzer

Since the buzzer for the house door is triggred by a simple switch, all we need is a relay that we can control remotely. I personally mainly use Z-Wave (with Z-Wave JS) devices, controlled with Home Assistant.

I used used a Fibaro FGBS-222 implant that i had on hand, which is (among other things) a relay.

wires soldered to the contacts for the buzzer button

This is a really simple switch, it just closes a circuit which triggers the buzzer. I soldered wires to each end of the open side of the circuit that the button closess, and use one of the relay contacts on the FGBS-222 to close it.

Home Assistant templating

Configuration for Home Assistant can be found at infra:roles/hass/files/packages/doorbell.yaml:

---

script:
  momentary_switch:
    icon: mdi:button-pointer
    mode: parallel
    sequence:
      - service: switch.toggle
        target:
          entity_id: "{{ target_switch }}"
      - delay:
          milliseconds: "{{ press_for_ms | int }}"
      - service: switch.toggle
        target:
          entity_id: "{{ target_switch }}"
    fields:
      target_switch:
        description: >-
          entity_id of the switch to toggle like a button (a list of
          entity_id's also works)
        example: switch.smart_implant_out1
      press_for_ms:
        description: how long to press the button, in milliseconds
        default: 200

template:
  - binary_sensor:
      - name: doorbell_buzzer
        state: >-
          {{ is_state("switch.doorbell_buzzer", "on") }}
        icon: >-
          {% if is_state("switch.doorbell_buzzer", "on") %}
          mdi:electric-switch-closed
          {% else %}
          mdi:electric-switch
          {% endif %}

  - button:
      name: doorbell_buzzer
      icon: >-
        {% if is_state("switch.doorbell_buzzer", "on") %}
        mdi:electric-switch-closed
        {% else %}
        mdi:electric-switch
        {% endif %}
      press:
        - service: script.momentary_switch
          data:
            target_switch: switch.doorbell_buzzer
            press_for_ms: 200

This assumes that the switch entity on the FGBS-222 module is named switch.doorbell_buzzer, and creates a button.doorbell_buzzer entity that triggers the relay.

Files

Filename
`Systemhandbuch_1+n-Technik_2019_210009634-00_DE.pdf`	Datasheet and wiring diagrams

`CHANGELOG`

Date	Comment
2023-03-08	Connected the buzzer to Fibaro FGBS-222 and HA
2023-09-08	Added example YAML config for HA

Notes on using Apple TV (mostly with Home Assistant)

NOTE: these are notes on on ongoing "project" that i sporadically work on, not actual documentation of how to achieve anything

For a while my hass instance would loose track of the Apple TV if it went into a sleeping state. This was a bit of a problem for me, as I mainly relied on the state of my ATV to turn my (old and power hungry amp) on and off.

This was a known bug and had been fixed but the problems persisted for me, and it turned out that i had a config issue (probably as well as being affected by the bug). Saw the commit 33387bf and got clued in to what was going on, the hass integration is relying on the "Companion Protocol".

I had added it by hostname/ip, and it turns out that it relies heavily on the mdns advertisements from the ATV and its "identifiers" instead. Adding it as the "name" of the ATV (mine is creatively named "Apple TV") and now hass doesnt loose track of it when it goes to sleep and is immediately aware of the state of the ATV as soon as it wakes up.

This reliance on mdns and discovery requires you to run hass on the same network, which is an annoying constraint (though I do run it on the same network).

Can we use a proxy?

The hass integration uses pyatv, which comes with the (rather neat) atvproxy tool, which can proxy the companion protocol (and all the others too). Idea: can we use that as a bridge between home assistant and ATV?

First, we have to find the Apple TV and the identifiers:

amine ~ $ atvremote scan
Scan Results
========================================

       Name: Apple TV
   Model/SW: Apple TV 4K, tvOS 16.6
    Address: 10.1.1.14
        MAC: 8C:42:99:82:4C:CB
 Deep Sleep: False
Identifiers:
 - 8B2E0556-6BFF-46AB-B977-3D8E678D38A4
 - 8C:42:99:82:4C:CB
 - 8C4299824CCB

Then we pair atvremote with the ATV for the companion protocol (note how we direct it to the ATV with the UUID, and not ip/hostname):

amine ~ $ atvremote --id 8B2E0556-6BFF-46AB-B977-3D8E678D38A4 --protocol companion pair
Enter PIN on screen:

After that it spits out an authentiction token, which i saved as ~/.config/atv.credentials. Then we can start atvproxy for the companion protocol:

amine ~ $ atvproxy companion `cat ~/.config/atv.credentials` 10.1.1.14
2023-08-18 00:50:30 DEBUG [pyatv.scripts]: Running with pyatv 0.13.4
2023-08-18 00:50:30 DEBUG [pyatv.scripts.atvproxy]: Binding to local address 10.1.1.13
2023-08-18 00:50:30 INFO [pyatv.scripts.atvproxy]: Started Companion server at port 46507
2023-08-18 00:50:30 DEBUG [pyatv.core.mdns]: Publishing zeroconf service: ServiceInfo(type='_companion-link._tcp.local.', name='Proxy._companion-link._tcp.local.', [....])

And now the proxy appears as an Apple TV named Proxy on the network, which the hass integratoin can connect to.

`CHANGELOG`

Date	Comment
2023-08-18	initial notes on pairing and starting `atvproxy`

`wwwsudois`

mdBook on `/docs`

Relevant docs ive been looking at:

building

install mdbook:

cargo install mdbook

and build it:

mdbook clean
mdbook build

to get a dev server:

mdbook serve

sudo.is infrastructure

`/deadspace`

nullspace

Command reference

A place to note and reference how to run various commands

`apt-key` is deprecated, how to add repos and keys

This (now) familiar error:

W: GPG error: http://download.example.com/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1140AF8F639E0C39
E: The repository 'http://download.example.com/debian bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

The path where keys are stored has changed, and you sneed a signed-by attribute in the repo .list file referencing the key's path.

TLDR

new path for key files, use /etc/apt/keyrings (or /usr/share/keyrings if its your repo)

add a signed-by to the .list file, refercing the filename:

deb [arch=amd64 signed-by=/etc/apt/keyrings/key.gpg] http://download.example.com/debian bookworm main

remove old keys from apt-key

De-armoring the key

Convert the file from the ASCII armor to binary format (the pipe is important, havent found the right args to gpg to do it without stdin).

$  file key.asc
key.asc: OpenPGP Public Key Version 4, Created Mon Nov  9 06:59:32 2020, RSA (Encrypt or Sign, 4096 bits); User ID; Signature; OpenPGP Certificate

$ cat key.asc| gpg --dearmor > key.gpg

$ file key.gpg
key.gpg: OpenPGP Public Key Version 4, Created Mon Nov  9 06:59:32 2020, RSA (Encrypt or Sign, 4096 bits); User ID; Signature; OpenPGP Certificate

This step isnt really needed, debian just recomennded it for compatability reasons

Add the repo referencing the file

Move it into place and ensure correct ownership:

$ sudo cp key.gpg /etc/apt/keyrings/
$ sudo chown root:root /etc/apt/keyrings/key.gpg
$ sudo chown 644 /etc/apt/key.gpg

Add the repos .list file with ansible:

- name: add apt repo
  apt_repository:
    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/key.gpg] http://download.example.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main"
    #repo: "deb [arch=amd64] http://download.proxmox.com/{{ ansible_lsb.id | lower }}/pve {{ ansible_lsb.codename | lower}} pve-no-subscription"
    state: present
    update_cache: false
    filename: /etc/apt/sources.list.d/example

Which should look something like this

$ cat /etc/apt/sources.list.d/example
deb [arch=amd64 signed-by=/etc/apt/keyrings/key.gpg] http://download.example.com/debian bookworm main

With signed-by referencing where the file exists on your filesystem.

Alternative repo defintions and ansible modules

Alternatively use the deb822_repository module:

- name: add your repo
  deb822_repository:
    name: example
    types: deb
    uris: http://download.example.com/{{ ansible_distribution | lower }}
    suites: "{{ ansible_distribution_release }}"
    components: stable
    architectures: amd64
    signed_by: /etc/apt/keyrings/key.gpg

Or even more alternatively instead of .list file, create a .sources file like /etc/apt/sources.list.d/example.sources:

Types: deb
URIs: http://download.example.com
Suites: {{ ansible_distribution | lower }}
Components: main
Signed-By: /etc/apt/keyrings/key.gpg

Clean up old keys from `apt-key`

Then clean up the key from apt-key if it was there already. List existing keys with

$ sudo apt-get list

Debian/ubuntu keys are still there for compatability reasons, so grep them out:

$ sudo apt-get list | grep uid | grep -vi debian

If that turns up any keys, delete them:

$ sudo apt-key del support@example.com.

Now you can apt update and apt install and etc.

basic `certbot` usage

Create (request) a new cert for ${name}:

certbot certonly -d ${name}

The new cert exists in the certbot-managed dir /etc/letsencrypt/live:

~:$ ls -d /etc/letsencrypt/live/${name}
/etc/letsencrypt/live/${name}

If you need to delete/revoke a cert for ${name}:

certbot delete --cert-name ${name}

Stream usb camera with VLC without transcoding

cvlc v4l2:///dev/video0 --sout '#standard{access=http,mux=ts,dst=:8080}'

Git submodules

By default they are added at fixed commits. Now git can set submodules to track branches. Its still fiddly and im not sure its working correctly for me.

Adding a new submodule tracking $branch:

branch=main

# add submodule to track a branch
git submodule add -b $branch $url;

# update submodule
git submodule update --remote

Change an existing submodule to track $branch:

submodule=foo
branch=main

# change the submodule defintion in the parent repo
git config -f .gitmodules submodule.${submodule}.branch $branch

# and make sure the submodule itself is actually at that branch
cd $submodule
git checkout $branch
git branch -u origin/$branch $branch

This how I have currently used it in ben/builds, but not sure its correct. Also not sure that repo is a good idea or if I should go back to separate repos.

References

Stack Overflow: How can I specify a branch/tag when adding a Git submodule? - Answer for new submodules
Stack Overflow: How can I specify a branch/tag when adding a Git submodule? - Answer for existing submodules
Stack Overflow: Force Git modules to always stay current

Firefox

Use Mozilla's PPA on Ubuntu

Nobody likes snap, and Mozilla maintains the latest stable Firefox in a PPA:

ppa:mozillateam/ppa

Start by removing the snap version that Ubuntu installs:

sudo snap remove firefox
sudo systemctl stop var-snap-firefox-common-host\\x2dhunspell.mount
sudo systemctl disable var-snap-firefox-common-host\\x2dhunspell.mount
sudo apt-get purge firefox

Then add the PPA: and install the mozilla firefox package:

sudo add-apt-repository ppa:mozillateam/ppa

Ubuntu will still prefer its package that installs firefox with snap, so create /etc/apt/preferences.d/mozilla-firefox:

Package: firefox*
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 501

Package: firefox*
Pin: release o=Ubuntu
Pin-Priority: -1

And then apt should prefer the package from Mozilla after you update the cache:

amine ~ $ sudo apt update

amine ~ $ apt-cache policy firefox
firefox:
  Installed: (none)
  Candidate: 116.0.3+build2-0ubuntu0.23.04.1~mt1
  Version table:
     1:1snap1-0ubuntu3 -1
        500 http://de.archive.ubuntu.com/ubuntu lunar/main amd64 Packages
     116.0.3+build2-0ubuntu0.23.04.1~mt1 501
        500 https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu lunar/main amd64 Packages

Now just install the firefox package:

sudo apt install firefox

Sources (with more info):

Process manager

Firefox has a process manager now, open:

about:processes

Add-ons

Firefox add-ons that i find useful:

Dark reader
uBlock origin
Certificate pinner
Auto tab discard
Privacy redirect

KDE

documentation of various things i do with KDE or Plasma

clean and read-only desktop

create empty dir and make it unwritable

~:$ mkdir ~/.empty
~:$ chattr -fR +i ~/.empty
~:$ lsattr -d ~/.empty
----i---------e------- ~/.empty

optionally set desktop to use that (should use XDG values). for Plasma, this is in ~/.config/plasma-org.kde.plasma.desktop-appletsrc:

url=/home/${USER}/.empty/

About

Keys

SSH

SSH key: ben.pub

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7N1IzGvC1y9XEBcI+cuZdEoEQxkoXLZkD1KCGox3l1 ben@sudo.is

SSH key (RSA): ben-rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/iaS4ouXCPD80OfYHFIHIM+w9ZM5yTEeLEADAMGSyYMS/EABx5KFAk9Go6va51x2UL3dl/q110MWHPe7lYelhUMD+lqCFGCw7ZS87xZvXdrzp9QVNWC4cUaUGqxu4WhLAqmgTrcSG0V8luRGpyKx9nTwm8/n3um8xMx3CVuEW1t2hVhwPfRrXUzZ7RisQ1cyfHReqSDCW40U1JeMyKy0SqQOzKRB91cLaOjJUeCk/BZGgGukU83R5Wz4cG7U+056U1y+5Rb2qcgKAVn44mmdfDuyUF6y2XnXp7Z6KMR4R/SJvj94FAuAN1e9tjMc41yTtgYI+9We2uuLGtEhZTSvvXkEx5kOfuA8OVJKgVV0VO6YcJMQD47k2BXNcx+YzZ3XaEtqKY0DZ3vI3+5tFXohmVrvJxEna5QWF7B7yN+dH1HethPd7ZAIARezmRi6mkGnE5UURgJLqgMkKdkZJoN1ZgQvSb+ZoOhUdEHbxoJI8+LRajJuahSalIjuZHdjK/02TUPyHnhzir47LC47gcp0NXxcrD87ASXserR9IvG5Vr+mlW/YXv8wpps2jzR+0cyfxJwPsCn+wTHWvSO0I3obyRLtkBNjmlz+wTv6jBn8XVQ2A1QSnzfAiCSp85gBAXfe14XfJuZgOHBuUcGFEcNSztM5SYxVdUXib9+q4ndqOEQ== ben@sudo.is

GPG

GPG key: ben.asc

GPG key (including signatures): ben-signs.asc

www.sudo.is/docs