The latest version of DNScrypt-proxy does not use anymore a single configuration file (/etc/conf.d/dnscrypt-proxy) but instead completely relies on systemd. Configuration is now split in two different files. [root@arch ~]# cat /etc/systemd/system/multi-user.target.wants/dnscrypt-proxy.service --- [Unit] Description=DNSCrypt client proxy Requires=dnscrypt-proxy.socket [Install] Also=dnscrypt-proxy.socket WantedBy=multi-user.target [Service] Type=simple NonBlocking=true ExecStart=/usr/bin/dnscrypt-proxy \ --resolver-address=185.97.7.7:27015 \ --provider-name=2.dnscrypt-cert.fvz-rec-de-fra-01.dnsrec.meo.ws \ --provider-key=9FCC:EB74:6856:238D:AC57:428B:DE4F:D9C6:E736:5370:E9F9:5415:3BD3:6EBE:A8C2:FAFE \ --user=nobody …and… [root@arch ~]# cat /etc/systemd/system/dnscrypt-proxy.socket --- [Unit] Description=dnscrypt-proxy listening socket After=network.target [Socket] ListenStream=127.0.0.2:53 ListenDatagram=127.0.0.2:53 [Install] WantedBy=sockets.target

After some years of using Firefox (currently version 38.0.5) with Session Restore enabled (the browser saves all the tabs from the previous session and reload them at the next start-up) it started to act weird and freeze for around 10 seconds 3 or 4 times a day. This very annoying behavior is caused by the presence of multiple useless Session Restore files. To delete those files open a new tab and type about:support in the address bar, then in the Application Basics area click on the Open Directory button placed next to Profile Directory. Delete every file named sessionstore_something_.js and everything inside sessionstore-backups directory. Close and reopen Firefox, this should solve the problem. …

The whole web is full of pseudo guides on how to properly - that is the key word here - configure Nginx to perform caching alongside with PHP-FPM, but every single one of them fails to mention some minor steps resulting in a borked half functioning implementation. For example, not a single one mention the necessity to edit /etc/php.ini and set session.use_cookies to 0. Too bad that without doing so caching with WordPress in combination with certain plugins or themes (for example MainWP or Enfold theme) is completely not working; the following headers get added to every HTTP response: …

Pacman as long as I know does not provide any method for sending an email notification when there are updates available. SSH into the Arch box just to find out if there are updates available is really annoying so I wrote a simple bash script to do the dirty work on my behalf. [root@arch ~]# cat /etc/cron.daily/check4updates.sh #!/bin/bash HOST=hostname DOMAIN=domain SUBJECT="System update: $HOST@$DOMAIN" EMAIL_ADDR="name@domain" ### Query pacman for available updates updates_raw=$(pacman -Syu <<< n) if echo $updates_raw | grep "there is nothing to do" then echo Everything is up to date else updates=${updates_raw#*Packages ([1-9])} ### extract packages update list up_raw=${updates%Total Download*} up=$(echo $up_raw | tr ' ' '\n') #echo -e "$up" > report.txt ### extract update size us=${updates#*Total Download*} #echo -e "\nTotal Download $us" >> report.txt ### compose email email_text="New updates available for host $HOST\n\n$up\n\nTotal Download$us" echo -e "$email_text" | mail -s "$SUBJECT" "$EMAIL_ADDR" fi To schedule the cron job to run everyday at 1 am edit the following files: …

EXT4 is usually pretty good at keeping files fragmentation at minimum, but, sometimes, especially if dealing with really huge files, some fragmentation may actually occur. Luckily EXT4 supports online defragmentation, command fsck displays, among other things, fragmentation percentage: [root@fedora ~]$ fsck.ext4 -fvn /dev/sda1 e2fsck 1.42.12 (29-Aug-2014) Warning! /dev/sda1 is mounted. Warning: skipping journal recovery because doing a read-only filesystem check. Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information 429 inodes used (1.31%, out of 32768) **5 non-contiguous files (1.2%)** 1 non-contiguous directory (0.2%) # of inodes with ind/dind/tind blocks: 0/0/0 Extent depth histogram: 420 45161 blocks used (34.46%, out of 131072) 0 bad blocks 1 large file 402 regular files 17 directories 0 character device files 0 block device files 0 fifos 0 links 1 symbolic link (1 fast symbolic link) 0 sockets ------------ 420 files The command e4defrag, which is contained in e2fsprogs, can be used to perform online defragmentation of EXT4 volumes. …

Yum provides a very useful package called yum-cron, its most publicized feature is the ability to enable yum to run nightly cron scheduled packages upgrades. I honestly don’t really think it is a good idea at all to let the system manage updates by himself but yum-cron can be used for another bunch of tasks, the most interesting one being: send an email if there are updates available. yum install yum-cron Configuration is actually pretty simple. …

Postfix configuration Install the required software: $ yum install postfix postgrey dovecot fail2ban spamassassin spamass-milter-postfix opendkim Create TLS certificate, key and CA authority (replace mail.domain.tld with a valid domain name): $ mkdir /etc/postfix/ssl $ cd /etc/postfix/ssl $ openssl genrsa -aes256 -out mail.domain.tld.key 4096 $ chmod 600 mail.domain.tld.key $ openssl req -sha256 -new -key mail.domain.tld.key -out mail.domain.tld.csr $ openssl x509 -sha256 -req -days 1825 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt $ openssl rsa -in mail.domain.tld.key -out mail.domain.tld.key.nopass $ mv mail.domain.tld.key.nopass mail.domain.tld.key $ openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 -sha256 $ chmod 600 mail.domain.tld.key $ chmod 600 cakey.pem $ openssl dhparam -out dhparams.pem 4096 $ chmod 600 dhparams.pem Edit main.cf file accordingly (the other lines should be ok by default). No SQL database is used, for user authentication postfix relies on Linux users, email data are stored in ~/Maildir. …

First off, I failed so there will not be any kind of walk-through or guide. Hardware/software setup is sub-optimal and is for sure part of the problem for at least three reasons: as primary display adapter I use an Nvidia GTX 750ti; I use Nvidia proprietary driver because nouveau support for newest graphic cards isn’t good (this is an understatement to say the least); it isn’t completely clear if Intel Z97 chipset supports VT-D or not and if it does on what level it does. The whole configuration is: – Xeon E3-1241v3 – Gigabyte Z97X-UD5H (BIOS F8) – Crucial DDR3 2×8 GB PC3-12800 – Nvidia GTX 750ti :: host graphic card – ATI HD7950 :: VM graphic card Another issue is the complete lack of documentation on vfio_pci and VGA passthrough in general, even Fedora KVM related documentation is not up to date and make no mention of vfio kernel module; the best place to get information on the subject is a thread on the Arch Linux forum but even this time the whole process is not documented in a decent way. Anyway, I had this beefy HD7950 lying around and I thought: why not give VGA passthrough a try? After configuring the thing with information I found around the net I got prompted with the following error: vfio: error, group 1 is not viable, please ensure all devices within the iommu_group are bound to their vfio bus driver PCI slot isolation on this Gigabyte sucks, both the ATI (first slot) and Nvidia (second slot) – I tried every slot combination – are bound to the same IOMMU group and even patching and recompiling a custom kernel with ACS overrider and VGA arbiter lock patches didn’t really solve the issue. Just before giving up I took out the Nvidia and plugged in an old Matrox PCI graphic card, this way with the IOMMU group #1 used only for the ATI HD7950 I was able to start the VM so VGA passthrough works at least to some extent on this Gigabyte motherboard. Some questions like an integrated graphic card will be bound to the same IOMMU group as PCI-E graphic cards? or using two ATI would make any difference? remain unanswered. For reference I also gave Virtualbox a try since they advertise PCI passthrough too, when starting the VM the whole host system freeze…so no luck with it either. …