Welcome to hhvn.uk
Today I focused on setting up some DNS services.
Having a personal DNS resolver is useful as it allows me to give all my devices on wireguard hostnames.
I enabled OpenBSD's unbound(8) recursive resolver and configured it as follows:
server:
interface: 0.0.0.0
access-control: 0.0.0.0/0 allow
use-syslog: yes
verbosity: 1
edns-buffer-size: 1232
access-control-view: 10.44.0.0/16 wg
access-control-view: 127.0.0.0/8 lo
local-data: "x1.hhvn.uk A 10.44.0.2"
local-data-ptr: "10.44.0.2 x1.hhvn.uk"
local-data: "phone.hhvn.uk A 10.44.0.3"
local-data-ptr: "10.44.0.3 phone.hhvn.uk"
view:
name: wg
local-data: "hhvn.uk A 10.44.0.1"
local-data: "hhvn.uk MX 10 10.44.0.1"
local-data-ptr: "10.44.0.1 hhvn.uk"
view:
name: lo
local-data: "hhvn.uk A 127.0.0.1"
local-data: "hhvn.uk MX 10 127.0.0.1"
local-data-ptr: "127.0.0.1 hhvn.uk"
This superimposes wireguard addresses for the "pseudohostnames" of x1.hhvn.uk and phone.hhvn.uk, referring to my laptop and phone respectively. As neither of these have a fixed address, and are usually sitting behind NAT, it makes sense to always have their DNS lookup point towards their wireguard addresses.
When the resolver is accessed from the 10.44.0.0/16 subnet, which is configured for use in my wireguard network, it rewrites the records for hhvn.uk itself to its wireguard address, keeping all data on wireguard, rather than on the open net.
However on attempting to access the resolver via anything over than the loopback interface, I got nowhere. This is because unbound runs in a chroot at /var/unbound, and I had tried to configure it at /etc/unbound/unbound.conf (which is where the config file is usually found on Linux systems), when really I should have configured it at /var/unbound/etc/unbound.conf).
0 hydn ~$ host hhvn.uk hhvn.uk
Using domain server:
Name: hhvn.uk
Address: 78.141.194.172#53
Aliases:
hhvn.uk has address 78.141.194.172
0 hydn ~$ host hhvn.uk 10.44.0.1
Using domain server:
Name: 10.44.0.1
Address: 10.44.0.1#53
Aliases:
hhvn.uk has address 10.44.0.1
hhvn.uk mail is handled by 10 10.44.0.1.
I then disabled resolvd(8), in order to prevent it from automatically rewriting /etc/resolv.conf, and manually editied resolv.conf to use 127.0.0.1 as its nameserver.
On my laptop I rewrote /etc/resolv.conf to use 10.44.0.1 as the primary nameserver, and 78.141.194.172 (hhvn.uk's IP addr) as the secondary nameserver. This allows wireguard to find hhvn.uk in order to establish a connection with it, and once this has been done it then becomes possible to switch over to using the wireguard address as the main nameserver. I also ran chattr +i /etc/resolv.conf, to set the file as immutable in order to prevent dhclient(1) from trying to rewrite it all the time.
On my phone, I simply configured 10.44.0.1 as the nameserver to use in the wireguard app.
Now all of my devices will preferentially use wireguard when available to communicate to each other, and can refer to eachother with hostnames.
Today I've done a little bit more configuration and set up of the user environment here on the VPS.
I pulled and compiled my slightly modified version of Byron Rakitzis' rc(1).
This required:
And now an hour later, I have built a binary. (Well, I did eat dinner at some point in that hour).
TODO: go back and figure out if I can get an up to date readline library installed, or swap to an alternate library.
I then installed the binary, added rc to /etc/shells, and chsh'd it as my main shell.
Tab completion doesn't work correctly, acting like files are directories, so that will need to be addressed. Probably to do with the readline stuff being commented out I would imagine. I plan to add the necessary #ifdef magic and commit the changes so that it can compile flawlessly on either OpenBSD or linux in the future.
I modified my .rcrc to always attach to, or start a tmux(1) session. I also found a tmux_away.pl script for irssi, which I set up.
I've missed being able to remotely access my laptop, so I thought I'd work on networking everything together:
The VPS acts as the central hub, at 10.44.0.1, and then the laptop and phone get 10.44.0.2, and 10.44.0.3 respectively. This allows me to connect from any device to any other via the wireguard interface. Success.
I took a bit of a break from the online world.
I allowed my domain to lapse, and various other services to cease existence.
And now, I am back.
All that I have set up for now:
I am comitted to a much simpler technological presence. Everything got a bit too complicated, a bit too fragile, a bit too fancy, and it tired me out. I got too busy to deal with what I had set up, and I simply could not be bothered to tidy it up and simplify, so here I am. Starting fresh.
Some important things to set up:
Some not so important things to set up: