ads' corner

Using fail2ban to block unfriendly web requests

Every time I peek into the webserver logfiles, I find quite a few 404 requests trying to figure out if certain exploits exist on this server. Now I get that these are automated attempts, and the number of requests coming from one IP show that they try several different exploits and path names. Nevertheless I thought that I don’t need this in my log, and on my webserver. fail2ban for the rescue.

Run Ansible tasks as different remote user

Had a somewhat curious situation: need to run a task in Ansible in different user accounts, but I don't have 'sudo' or 'su' access, only ssh access for every account. Took me a moment to figure out how to do that.

Ansible: Lookup group name by gid

For one of my *Ansible* Playbooks I need the group name associated with a specific group id. Turns out there is not much documentation online how to do this, and I had to test it out.

Read a JSON text into a variable in Ansible without parsing it

For one project I need to insert the content of a local file into another file on the remote system, and the first file happens to be JSON. The JSON file is in compact format and is supposed to stay this way. When Ansible reads the content of the file, it determines that the content is JSON, and parses the content into the variable - and along the way is uncompressing the format. Not what I want. To keep the file content as string, it is necessary to tell Ansible to handle this as string.

Ansible and string comparisation for IDs

Was running in a stupid problem where Ansible (version 2.9.x) throws an error when a variable is defined.

Ansible, "copy" module and "become"

For testing I did spin up a couple of new virtual (Ubuntu 20.04 LTS) instances, installed PostgreSQL, and wanted to copy over a '.sql' file to install in the database. And ran into a meaningless error message.

Make Ansible "postgresql_ping" fail if the database does not exist

Ansible has a very useful module 'postgresql_ping' which checks connectivity to the database server. I'm using it in quite a few Playbooks as first step just to ensure that the database server is present - this fails early if there is a problem which otherwise just prevents the rest of the Playbook to work properly.

Online indicator for remote controllable power plugs in openHAB

Recently I installed a number of new power sockets. The Hue bridge can not only add each switch to a light group, but also reports each plug as a Thing in openHAB. There I thought it will be a nice touch if openHAB actually reports when it sees a device plugged in. The power socket has a LED which turns on when the plug is on. The Hue bridge reports 'OFFLINE' and 'ONLINE'. That's useful. The plan is to turn the LED light - and the power plug - on and off for a few second.

Restic backup

Was asked quite a few times how I do my backups with Restic.

For more than 10 years I was using “Duplicity” for backups, but in 2019 I changed to Restic. The main reason for the change was that Duplicity still can’t handle “Big Data”, as in: larger directories. In 2009 someone opened an issue on the Duplicity bugtracker, and this problem still exists as of today. For about two years I was shifting around the problem, excluding files, trying to make the sigfile smaller. But at some point I decided that it is enough and I need to change the tool.


Add a Google Calendar to openHAB

openHAB can integrate Google Calendars. The functionality is kind of limited, it can only see the current and the next calendar event, but in my case that is enough. More about the use case in another blog post.