β ΒΆ Intro
Hello, friends, and welcome back to your weekly Linux talk show. My name is Chris.
My name is Wes.
And my name is Jeff.
Hello, gentlemen. Coming up on the show this week, one piehole, two VPNs, and zero public exposure. I'm pretty proud of this one. Then, it's our pitch to ditch your GUI-only monitoring system, and why we rolled out Prometheus and Grafana. And then we're going to round the show out with some great boosts, some great picks, and a whole lot more. So before we go any further, time-appropriate greetings to our virtual lug. Hello, Mumble Room.
Hello, Wes, and hello, Brent.
Hi. Yeah, you can join us in the Mumble Room or at jblive.tv. Make it a Tuesday on a Sunday. We have the times at jupiterbroadcasting.com slash calendar. And a big good morning to our friends over at Defined Networking. Go check out Nebula VPN. They have a full managed product, 100 devices, no credit card required. Support the show, defined.net slash unplugged.
It is a great service. And, you know, when I've thought about it a lot, I talk about how Slack used it and they launched it in 2017 to build out the security around the Slack global empire. And I talk about how Rivian uses it for real time analytics for the cars to do securely on the road. And those are all really big-scale projects. But recently, I've appreciated
β ΒΆ Housekeeping
how great Nebula is on a 1, 2, 3 node network. And the fact that I can set up a on-demand mesh network that has name resolution and everything. We'll talk more about this. And there's no big tech login. There's no third-party hosted admin dashboard. Nothing like that. It's just two machines using cryptographic keys talking to each other.
It's just a couple of text files, really.
It's so powerful for small home lab stuff, and it's so scalable to massive enterprise stuff. And you can try it out with our fully managed product and support the show by going to define.net slash unplugged. You're going to like it a lot. And I'll tell you, I've been using it on extremely limited bandwidth connections. And it's so much better, and it's so much more resource sensitive. It's way lighter. It's way lighter. Check it out, define.net slash Nebula.
And thank you to Define for sponsoring the Unplugged program. All right, you know we've got to mention it. Planet Nix and Scale23x are 39 days away. That means 33 days until Brent needs to be going down the road, at least.
Let's just round that to 30.
And six, I believe, or five, actually, more Linux Unplugs, maybe, until we need to be on the road ourselves.
Wow.
So it's coming up.
I think we better get in the Nixie mood.
Yeah, and I am really looking forward. Planet Nix has a theme this year. It's where builders come together. And our Nix coverage is supported again by Phlox, who's focused on making reproducible dev environments actually usable. And it's a fantastic tool. So check out Phlox and come see us at Scale and Planet Nix. You do need to register at Scale. And you can take 40% off that registration with our promo code UNPLG, U-N-P-L-G. and we'd love to see you there. One other item.
The meetup page is now live. The details are not yet locked in. The date, time, location likely to change. But you can join the meetup and you'll be the first to get updates. And if you are intending to join us at the meetup, please consider signing up for the meetup. Please. We'd love to see you there. Last time we had about 80 more people than we expected. Great problem to have. It was very stressful on the restaurant staff. And they thankfully could open
up. They had to open up another wing for us, which they were able to do. but this time we wanted to give them a great heads up. So if you're planning to make it and I want to bring a guest, there's room for that too. Just let us know. And we'll plan accordingly. Meetup.com slash Jupiter broadcasting link in the show notes to the direct meetup. We'd really appreciate it. If you could make it, if you're in the area, even if you can't go to the event, you're welcome to join us at the meetup.
We did get one submission for that. I saw for a swag idea that we could hopefully have together for scale and Linux fest. It was a nice one. I'll show it to you boys after the show but I'd like to see a few more send them in to unplugged at jupiterbroadcasting.com or tag Wes in Matrix, and let us know we'll try to put one together pretty soon so we all have a uniform that we can identify each other with and have easy conversation hey I know you you listen to the show are.
We getting hats.
Ooh you know I'm a hat guy now you know I'm a hat guy now that's right,
β ΒΆ Keys to the Kingdom
Well, what is, in a name, gentlemen, in short, convenience, right? When you set up your home lab or your enterprise network, whatever it is, it is eventually inevitable that you need good name resolution.
I suspect for you there might be a spousal approval factor in the mix for that too.
Yeah, and also just a memory factor. It gets hard to remember, especially the mesh network VPNs and the LAN IPs. And, of course, I have to go and make it hard, and I have multiple mesh networks now, multiple locations.
some behind double carrier grade NAT a couple of them behind double carrier grade NAT so I had to go and make it hard on myself and I want sensible name resolution that works on the LAN and works across the various mesh networks, so I can just you know connect by machine name to all of them and then I need something also that does fast forwarding out to the internet and then can cache that so then future queries are faster.
And then was it something you wanted to, like, I don't know, do you have some of these services that depend on other services in a way where, like, DNS is how they find each other?
Yeah, and there's a lot of things I've set up are just by name now. So, you know, I had a basic pie hole going on my tail net, and I had a basic pie hole going on my LAN. But then we set up my wife's clinic.
And was the tail net pie hole was running, like, as a container on a VPS or something?
Yeah, and it just only had an interface on the Tailnet. So it was just acting as name resolution for the Tailnet. And then I kind of combined that with MagicDNS and sort of had the whole Tailnet thing solved. Then I had to go set up another network and all of that. And I also just kind of wanted to take another look at this and see if I couldn't do this better. But when I had set it up for the Tailnet only on the VPN, I took a shortcut.
And instead of having to worry about exposing a pie hole to the internet... I just only bound it to the tail net interface. So I didn't have to worry about public IP and the internet, you know, banging on my pie hole server that's on a VPS because it couldn't talk to it. But if I wanted to make this pie hole usable across multiple mesh networks, it meant undoing that sort of convenience in security I had and coming up with a better security architecture to go across multiple networks.
That's where it got a little kind of more complicated because i went from the easy way to the hard way and so there's multiple uh layers i kind of took to this and i kind of like to hear your guys's feedback on this so the first step i took is i wasn't sure if this is the right call but i essentially put the pie hole container on host networking so it could see all the interfaces And then in the configuration, I limited by application configuration to only bind to the tail net and the
Nebula VPN interfaces and to not bind to the WAN interface. So at an application configuration layer, I did that. And then at another layer, I also set up ACLs with IP tables, just real basic IP tables that blocks all traffic on port 53. So like just in case, you know, for a moment, like when PyHole's starting up, if for a brief moment it bound to port 53 on the WAN interface,
this would essentially prevent that from happening. Or if I make a config change mistake in the future, it prevents it from exposing it to the public internet. And so that's sort of the... multi-layer approach in a way and then all the communications just happening over the mesh vpns i'm not communicating with the buy hole at all no admin interface nothing over any public interface, how do you feel i did is that too risky would you brent would you be comfortable with that deployment i suppose i.
Mean to me that feels probably more fine than anything that i've probably deployed in the past so it seems okay but really i'm not the pro or anything like that but But what I'm getting from you is that this is upping your peace of mind with this. But there's also some hesitation. So I'm curious to hear what Wes has to say.
I do think it seems totally reasonable. You could, you know, get with the times and use NF tables already. No, I'm just kidding.
I did actually, that actually considered, I was like, ah, this is what I know. But yeah.
I think from background discussions, I picked up maybe you were using a sidecar before?
A tailscale sidecar, yeah.
So I think maybe in like another version, if you were going like fully, you know, application mesh native could be to just double down on the sidecar.
Do a nebulous sidecar.
Yeah. Like have it serve those two interfaces just in its own containerized networking environment.
I like that.
Where things might get more complicated depending on exactly what you want and convenience, et cetera. What matters to you is what you're doing with that host. And is that host then wanting to query the pie hole? And are you going to let that happen over local host? Or in this scenario, you'd either need to replumb stuff and forward it or rely on it only querying it over the mesh, which would probably be fine, but maybe you don't want to do that.
The host is also on the tail net. So there's that too. But yeah, that is a tricky part. Technically, the host OS can't talk to it over the network, which hasn't been an issue yet. But so that's the basic, that's the core network setup, okay? And then what I decided to do was I turned off the tailscale MagicDNS stuff and didn't like the results because I do not have DNS entries for every machine on my tail net.
And that's what MagicDNS was solving for me. So my sort of compromise solution was I re-enabled MagicDNS and then I added this pie hole as the upstream DNS server for MagicDNS. And I think that worked seemingly pretty well. and then I enabled the DNS.
Right, so in that setup, TailScale will answer sort of right away for the TailScale host and then forward to your setup for anything it doesn't know about where you have to find your own manual entries.
And that's where you'll find entries for the Nebula devices.
Nice.
And then you can configure the Nebula lighthouse to suggest a DNS server to the clients. And, um, that is, that's a really simple, it's like two lines of configuration on the lighthouse and you just give it the DNS server. And then, so that's also helping the Nebula clients discover who they're supposed to talk to for name resolution.
And since I only have like three nodes on this little tiny, maybe four nodes now on this little tiny network, I'll talk more about super easy to just add the entries manually. And I don't, if this is going to be for a private clinic, so I don't think I'll be adding more hosts.
One thing we should play with, which I haven't yet, but I'd like to get more into is doing either delegation or maybe using an API to trigger updates because Nebula lighthouses can serve DNS.
Yeah.
So you could also, depending on if you want to, maybe the static has advantages too, of course, but you could also maybe set it up so...
Yeah.
You know, the pie hole would just query Nebula and be able to answer for the Nebula host without you having to hard code it.
The advantage was on the pie hole DNS server, now I also have a bunch of entries for the devices that are on my LANs. So it hosts here at the studio and hosts at the RV are also on this DNS server. So all the machines, if you're on the LAN, whichever LAN you're on, or whichever Mesh VPN network you're on, we all can resolve the same host names now. So that's kind of why I didn't go that direction. But I think that would be an easier setup if you just had a couple of machines.
Well, I meant like integrating the two, like keeping the pie hole, just letting Nebula answer for the host it knows about.
Oh, okay. And then would it upstream to the pie hole when it does? I see. Yeah, I like, okay. Oh my God, change.
How do you feel, Chris, about the need for internet access here? Because occasionally you don't actually have access whenever a storm comes by or you're traveling, that kind of thing. So your name resolution internally on your local network would be affected. Is that a correct understanding?
I did. Yeah. And so for that, I kept my pie hole on my LAN. And it forwards now to this guy.
Nice.
But for the most part, because that pie hole has been around so long, I have all these same DNS entries already. So, but I did keep it for that reason. And I'm very happy now. It adds complexity to have two mesh networks and, you know, multiple LANs, but it's seamless now to the end user now that I've done this. So I'm pretty happy, and the latency is pretty good even for LTE connections, really.
Well, you know, it kind of makes sense, too. It's like, it'd be one thing if you didn't have the existing infrastructure and all that, but because you kind of have hosts that are positioned to fit into both of these networks or could bridge them, like it doesn't actually. You didn't have to stand up a bunch of new infrastructure. You kind of just had to reprovision some of it to better work with your new setup.
I would like to actually ask, so if you want to boost in or send us a contact, if you were building this from scratch, so I already had a pie hole going. But if you out there, listener, were building this from scratch, what would you have used to do this name resolution? Because it did cross my mind. Like, maybe this is just a stupid DNS mask thing. I just set up a simple DNS mask. But then I like the idea of a little bit of ad blocking for the systems as well.
That's nice. That's a nice feature that comes with it.
And you can do dns mask configuration with.
Pot all right because it uses like a forks version that was my conclusion yeah i was like yeah well i might i kind of get and i know how to use it yep and it's worked fine for me and it's survived multiple major upgrades now so it's past those tests as well so it's a good project but i would be curious like i think you probably would use tectidium or technically that would least.
Be not or like because i know can do sort of like delegate zones where it will say like hey for anything in this sub you know maybe you have like dot nebula demands or whatever, go query this server for those and then return those. It also has some plugin capability, which I haven't really explored. Um, Or, you know, there's a lot of good options these days.
Yeah, I saw some people that were solving this with AdGuard. Okay, yeah. Yeah, you could totally use Bind, of course. So I'd just be interested to know how people are solving this. I would also like to know if anybody has a way to solve this declaratively, you know, so that would also be a winner in my book. But while we were talking about Nebula, you've been working on something that's kind of slick, Wes Pano.
Yeah, it was just an idea we had while we were toying around with setting up the clinic the other week. was, well, what if you just had like a low-key, you know, not crazy production scale, not being like a whole control plane for Nebula necessarily, but just something to make printing new host certs easier.
Yeah, could you explain that a little bit? So if I'm not using the managed product, there's sort of some cert exchanges that have to happen.
Yeah, right. So you have to, you're basically managing a CA.
Right?
So you have your own certificate authority, and then to get hosts onto the network, they generate their own private key but then you kind of have to sign the public part of that and that's how they get blessed with a host name and an IP address on the network and then that's how anything trusts them, when you try to communicate with something you need to be able to present that public side that is signed by the CA that they all mutually trust and.
The beauty is the simplicity is it's really coming down to files you're moving around that have keys in them and that is the totality of the infrastructure actually required to get this working, And if you sit with the amazingness of that for a moment, it really is very impressive. These machines are discovering themselves. You need a lighthouse, but they're discovering or use a public one. And they're communicating and creating a mesh VPN just by exchanging these key files.
Yep. And, you know, just simple concepts of groups and you have stuff signed by the right thing and it kind of all just works. But... For simple static networks, that works pretty well. But, you know, I'd been playing around with my sidecar mesh setup on NixOS. And especially for like the demos I was doing and testing it out, it was pretty convenient. You know, products like Tailscale or Netbird, they have this UX you get with
basically all you need is one secret, right? Like an API key, and you can put that in somewhere. And then when the client launches, it goes and uses that to an API and then can onboard itself. And I was just like, well, I wonder if we could get that same workflow with Nebula. So NACME, or ACME for Nebula, is my little attempt at that. It's super early days. I need to do a bunch more testing.
Eventually, it'd be great to do renewals too. But right now, it's at the initial testing stage of just being able to, you run a little server, you configure an API key that's bound to certain groups, and then you have a little client that can run and go get a new host onboarded.
And so if you configure that, I also want to set up a bunch of this stuff, especially with nick's side but configure it to run before nebula uh you could have it go item potently check to see if it needs to configure the the host for the first time set up the keys and everything and then have nebula start and be ready to go or at least that's the idea.
Yes this is really neat so it's automated certificate minting and it gives you essentially like you said it's a like an api key type type exchange.
The goal too would be like it's sort of best effort right it's meant for like home lab or you know stuff where you maybe you're not going to go the full like crazy it automation it's.
Great for like a small business network like we were just setting.
And the whole thing with nebula right is like there are some trade-offs you have less with those certs and the way it's kind of like more like a jwt kind of style of trust you know you don't necessarily have this one database that determines all of the truth right in a sort of less eventually consistent way but the upside is nebula will just keep working right as long as the certs aren't expired like there's no the control plane nothing happens nothing goes down what.
Freaked me out recently was the idea that maybe, My Google account could be suspended because, so PayPal decided to flag my account for like re-verification. And it's a very complicated process. It's not just like a regular, it's like a very in-depth, multiple types of documentation.
What did you do? Nothing.
I don't know, man.
That's usually what it is.
I don't know. But it occurred to me that if our Google Workspace account payment got bounced because of PayPal, then I might not be able to authenticate to my tail net anymore. And that freaked me out a little bit.
Yeah.
And that's where I was like, oh, the simplicity of these keys and the fact that they'll work for as long as I issue these keys for is very reassuring.
And so my thought was this was like worst case, you know, like even if this is down, you can still manually add things like this is just a convenience functionality to make it easier to onboard hosts.
So this is not setting up routing. This is not setting up the networking layer stuff. This is just keys to get you going to then build that stuff.
Exactly.
That's really cool. NACME. I like the name, too. It's very clever. I think that could take off. so uh we'll put a link in the show notes it's on wes's github n-a-c-m-e mit licensed indeed indeed uh and uh version 0.10 was released just recently.
Yeah we'll see i should cut a new version it's move it's you know it's moving fast and uh needs more tests.
I want to say thank you to our members and our boosters. Next week, I'm calling it a birthday episode, boys. I don't know what we're going to do, but check this out. So Brian and I started podcasting in January, right around my actual birthday, almost exactly 20 years ago to the day for next week's episode.
β ΒΆ Eye in the Sky
20 years of podcasting on my birthday next week. So if that's not a long-term commitment to the space, I don't know what is. So send a birthday boost. We'd love that. or become a member and use the promo code bootleg. We have a couple of, well, we have a handful of redemptions left. And, you know, you become a member at the party or a core contributor and support the show at a great discount.
And if you'd like to get your company or product in front of the world's largest and best Linux audience, show me an email. Chris at jupiterbroadcasting.com. This space could be yours. And thank you to everybody who supports the show. We greatly appreciate it.
Now, Chris, for the last two episodes, you've been talking about deploying, you know, a bunch of new machines at a clinic, making sure you have the responsibility for keeping your wife's business happy from a tech perspective. And now you're putting up, you know, some infrastructure that you also need to be working at all times. I would imagine now is the time to make sure all that stuff yells at you whenever it's not in good health.
Right he.
Wanted to uh just leave a business card with my phone number on it but i didn't think that was a great idea.
And part of me is like well we should do this why it's still fresh in the mind because this stuff fades oh yeah and i thought well if we're going to do this for hadia's clinic, um maybe i should do this for my own infrastructure and then i thought wouldn't it be great if we could build something that if we ever did this you know on occasion for audience members or whoever, wouldn't it be nice if we could also offer to monitor their stuff and i could
build something that was pretty flexible like this and i'm sure you boys are familiar with uptime kuma, we actually use it at jb alex set it up for us a while ago and we like it it's pretty simple and it alerts us when something goes offline like one of our websites via telegram bot and it creates a nice dashboard super easy to self-host and they have a demo i'll put a link in the show notes And it does monitoring for HTTP, TCP.
It can search website keywords, check WebSockets, do ping, check DNS records, stuff like that.
Very easy, straightforward to get going.
Yes. So obviously that was the first thing I decided because this is what I have the most experience with. And I thought this will be the way to go. Can you guess what the problem was?
Well, I think I know because it's been a longstanding issue we've had with the project.
In fact. What's that?
A lack of declarative configuration.
Yeah, man, it's just really gooey. Well, I had to set up something like, you know, 45 hosts and services to monitor and I was sitting there creating all the entries and I'm like, this is going to take me to two days to do. And also because I wanted them to be actionable and all this stuff. So it's like, oh, my God. And then I also wanted tiered escalating alerts. So first ping me via notify. So because I have a lot of stuff coming in via NTFY these days.
And so that's sort of a feed of just checking on my systems. And if I'm available, I check it. But if I'm not presently thinking about my infrastructure, my systems, I don't check it. So I needed something that would break through to Telegram and kind of, you know, kick it up.
Yeah.
And so I wanted and I wanted it based on different thresholds and trends. And so when I started getting into I need to add, let's just say 45 ish host combination services, maybe more and more complex alerting with a little bit more nuance. I really started to hit two different walls. Like my GUI exhaustion kicked in. Like if I was adding like five systems, I would just done it. And then trying to get complex logic around alerts started to get frustrating.
Yeah, you combine those two. That could be pretty annoying, especially if you have to like go configure it and then go run the test and then go see if it did the thing you want and then go repeat that cycle a whole bunch.
Yeah, man. So I decided to break the seal on something that I have never, I've never bothered learning. I've never wanted to embrace because of the overhead.
It's been a long time coming on the show. I'm excited for this.
It has. Ladies and gentlemen, I have finally deployed my first Prometheus instance.
Woohoo!
And of course, once you have a Prometheus instance, you want pretty dashboards and you want all the details. So along with that, I have also finally deployed my first Grafana instance.
Yeah, something tells me you really deployed the Grafana and then you just got the Prometheus, so you had something to fill it.
It feels like that deserves a round of applause, really, there, Chris. Give yourself, yeah.
Thank you.
Everybody, yeah.
I mean, uptime Kuma is good, but I needed a little bit more than that. And I also have kind of a complex situation that I thought Prometheus was a little better at solving. I have set up a federated configuration. And I had a problem where I have my Odroid on my home lab that doesn't have a lot of available resources. as it has some, but now it's doing frigging a bunch of other stuff.
And I'm on LTE on two different ends of the connection, not all of them, but two different ends are on LTE networks. So they're slow and I can't just be blasting a bunch of data. My original idea was I'll set up a central VPS connected to all the mesh networks, and then it will monitor everything. And I just go to the VPS dashboard.
But then I actually started running the math on that. And I realized the overhead would be somewhere between 40 megabytes to 100 megabytes a day, best case, plus the overhead and latency it adds and slows down the whole LTE connection while it's doing that stuff.
And that's only going to grow as you add more stuff that you monitor, surely.
Exactly. So the solution was a federated setup where I had local monitoring on my home lab system, monitoring on a VPS, and then light remote monitoring on my wife's clinic network. And I set up a Prometheus system with a black box exporter that does some additional like HTTP, TCP, ping checks, and can do some API authentication for me. And that all feeds into Grafana to give me dashboards. And then that all talks to alert manager. So let me zoom out.
Prometheus is running on two different systems. plus a little Prometheus client is running on my wife's clinic and I have a Prometheus integration now running on Home Assistant.
Oh yeah.
So this is collecting.
You knew that was coming.
Yeah, buddy. And that's really useful. I could talk more about that. But the Prometheus agent is essentially collecting all of the metrics, the CPU, the disk usage, and it allows me to trend and alert on these over time. And with Home Assistant, I'll just mention this quickly, that integration is pretty awesome because you can export a lot of different things from automation details, log, all these types of things.
I mean, it basically has a whole bunch of stats in its own stats engine to begin with, right?
Oh, yeah.
You can kind of just dump those out to Prometheus.
It's a sensor machine, yeah. And so the way I use that now is I am using, via Prometheus data export into Grafana, I have dashboards on how long my different climate entities run. So since it's winter, we have some electric heat out in different areas, and I want to make sure that they're not running excessive because that would tell me the heater isn't keeping up. I want to know how long we're running electric heat. I want to compare that
to our intake from solar. And I want to have all that on one dashboard. And now I have just not only a beautiful display, but good historical data that I can work with. And all of this is pulled in on my local Prometheus incident that's running on my home lab. Then I have Prometheus running on the VPS. That's doing some remote checks to make sure that the remote systems are up. And it has some logic to understand that if the mesh network is down, don't freak out.
don't alert about every single host. You know, I wanted some of this tiered logic in there so it knows if one network connection is down, then everything that's on that network is down. which is going to hopefully save me a lot of notifications.
Yeah, and you've saved yourself that first night, right? Where the network goes down and suddenly everything's on fire.
And then everything it's observing about the VPS itself, the mesh networks, and the wife's clinic is getting federated back to my Grafana instance. So I have just one dashboard to view everything. And that's running on my local instance. Oh, man. And the difference is, according to my calculations, boys, the difference is about two megabytes a day of data usage. nicely done yeah that's.
At least a power of 10.
It's it was a nice little savings and it's less it's less running on my home lab or on the vps i do.
Like that you kind of went from zero to not uh you know.
Yeah unsophisticated setup i think the real deal breaker was, everything could be done declaratively and i could do this sort of hybrid federated setup and those flexible yeah coming together those two things like it's like to create all the dashboards I didn't create a single dashboard in the GUI. There's so many community examples that you can modify and get started with. And then you drop them in a folder and that becomes a dashboard and Bob's your
uncle. You got all the things and bells and whistles you'd want. And then I have alert manager, last piece. I have alert manager running on the VPS and everything forwards to that. So I only have to have one alert instance and it can communicate with notify. It can communicate with telegram because I set up a little bot thing and all of that. and it handles all that stuff. And it will also let me know if any of the remote hosts are down or if any of the mesh networks go down.
And the results have been, there's about 31 services that I'm getting real-time visibility into their performance and their metrics, all in beautiful Grafana dashboards. And I also have real-time alerts anytime any service goes down. And I'm now very carefully monitoring storage, which is very tight these days. And so I have different thresholds for storage alerts. And I have different thresholds for like if home assistance at 80% CPU for X amount of time.
And if it gets to 85 or 90 for X amount of time, we do different styles of escalation. and then there's follow-up for when things recover i get a recovery alert so that's all working really beautiful.
Yeah i'm curious how you tested it.
The entire well by shutting things down i did excellent all right docker compose down you know.
The next version of this is you give your agent access and you ask it to stop a random service.
Right just chaos monkey oh my god that'd be fun basically just give west your credentials, yeah that's to most of it um but so i measured the whole stack across all the machines 400 megabytes of ram totally fine not even making really an impact at all in my home lab system and i was worried because i'd heard some stories about grafana but i really really like the home assistant integration with prometheus it's something else i've put off for a while if you have been tempted to
try this the insights are fantastic and then the other thing that's really fun is frigate which i also set up recently also has an api where i can export all the information to prometheus and grafana so i have details on how my coral is doing inference wise and my different cameras and their connectivity and i can and their detection frames per second the camera's overall health when the automations execute and how frequently for like arming and disarming the recording if they
are available at all is all coming into this dashboard so i have essentially a camera health dashboard now. It's so great because you have dashboards.
For your dashboards.
I do. And a lot of the RAR projects, it's great. Oh, I'm like, I'm inception dashboards over here. A lot of the RAR projects out there that we don't talk about also have APIs and health API endpoints that also plug into this. So you can get all that kind of information in there. And it, it really struck me like how, now I get it, why people go through setting all this up. And yes, it's a lot of YAML and all of that, but there's so many great examples out there.
And I now have an enterprise grade monitoring stack that I just never even thought I would get into. Zero dollars spent, you know, one day I've set up really a lot of documentation and maybe five to eight hours of fiddling to get it all working. And it really makes me feel a lot better about my self-hosted infrastructure. I have built quite a little empire now of things I depend on and my family depends on and my wife and whatnot.
And I probably haven't been monitoring it as seriously as I should. And I just thought that, eh, it's fine. But honestly, it does feel a lot better because I'm getting insights before things go wrong. Now I'm getting ideas of trends. So stuff I know, Oh, this is actually something I need to address. And I know something's a problem before the wife has to tell me it's a problem.
So I know if jellyfin isn't working for some reason or et cetera, or I know if her system isn't backing up before she has to tell me. So if you have a self-hosted setup, definitely uptime Kuma is a pretty good starting point. But if you have the ambition and the time Prometheus and Grafana get a double recommendation from me, I waited way too long. There is a real learning curve, but the visibility you get out of it, it's just so useful.
Plus, like I've revisualized my entire infrastructure once again. All the stuff I've built, like I know how many services and how many hosts and I know how they're doing. I have a much more concrete picture once again of everything I've done over the last five, six years.
Well, I think as you're discovering, right, a lot of things publish Prometheus metrics.
Yeah.
So actually, as Tiny points out in our chat room, Uptime Kuma itself can publish to Prometheus.
Yes, I thought about that for a second.
And Nebula does as well. I don't know if you've integrated that yet.
Hmm. Hmm. Hmm. Should look to see what Tailscale can do too, but that would be really useful. Yeah, I'm pretty happy with this. I did have to kind of, you know, be tight on the retention. So I don't have, I think I have like 30 or 60 days. I couldn't go crazy because of storage constraints. And I did, I will admit, Wes...
I feel a little guilty, but I did a lot of it with Docker. And the reason was, and it's always what gets me, is a lot of the community add-ons and plugins all assume you're using the Docker instance. And it's one of those things where it's like, well, yeah, I could come up with a way to declaratively do that with Nix every single time. Or I just start the container and it works, right? And so all of the OS-level stuff to make it work is all declarative, obviously.
But then, like, Prometheus, Grafana, and Alert Manager, they're all in, like, one big Docker compose.
Ah, yeah.
I felt bad about that.
No, I mean, as long as you're dabbling, I think, a little bit and seeing that Nix can play very nicely with these things.
And it was a no-brainer for the Nginx. Like, some of the stuff, I had to add some more stuff behind a reverse proxy and get SSL certs for it that I didn't have before just so I could keep consistent. So I wasn't doing IP for some stuff and name for other stuff. I wanted names for everything. So I just got all the DNS set up anyways. And that was really, really nice to just configure all of the Nginx stuff via Nix.
And, I mean, it should be easy, right? Like any of your Nix hosts, you can just add in a bit to have it run a Prometheus exporter for the node and send the node metrics too.
And I know between the three of us, I'm also the Git Luddite, but the other thing I liked and appreciated about having declarative config for my monitoring setup is that I could use Git to manage that. And if I F it up in the future, you know, I've got some recoverability there. So the more I can define via text, I feel like the safer it is to experiment and the easier it is to roll back. And so that's, I just, that's something I just, food of thought.
One of the lessons I took away from the setup is that gave me a little bit of comfort level to experiment with something that I didn't fully understand yet. that has a big learning curve.
And now that you have it captured, you can watch as it evolves too, right? So you have rollbacks, but you can also then go, well, what did I tweak? Was that what broke it?
And I did catch a couple of things already, I will say too. I had some choral performance degradation issues that I tracked down to Wi-Fi actually, but it started a whole process of like breaking down where the problem was at.
What is the maintenance going to be like for this? Like how likely are you if you're just booting up a new container for some kind of new system you're playing with that may last a long time are you likely to have that to the dashboard here in the process of setting it all up or is this just going to fade a little bit and then you'll have the problem where you've got a bunch of services that aren't actually integrated in this how do you think that's going to go.
That's a great question that's a great question um because my current thinking so i haven't thought a lot about that because i've been thinking i need to really freeze the state of my odroid and i need to stop adding stuff because every single effing thing i add i need to migrate to a one liter pc one day and i just went and made it a lot more complicated right so i have been thinking i was actually going to hit the pause button for a while,
until i get to that migration but you raise a good point of like what if i find it in my new favorite self-hosted app and i get it all set up do i throw it into the monitoring system and i I think my answer for that is I don't know if you guys do this. This is probably just a Chris thing, but I have, I have two tiers for self-hosted applications. You know where I'm going?
I think so.
And it's like, if I'm just playing around or if it's just something for me or really, you know, maybe I want to, I don't know, for whatever reason, I'll just put it on a port and I'll just go to the local IP and I'll put the colon in the browser like an animal. but then when it becomes like oh this is something that's serious then i go ahead and i set up the reverse proxy and i get an ssl cert for it and i even register a dns name because.
Some stuff just doesn't survive to that level you know.
Right so i think that is the threshold in which i now need to say and i'm going to add it to the monitoring system.
There'll probably be a natural point where you realize that it's down and you wanted it to be out but then oh right okay.
Better ahead that other people do this let us know send a booster contact form and let us know if you guys do this I just wonder if it's a sus thing. Because I've definitely seen some other folks that we know be like, oh, why do you do that? I think my other question I have for you guys is, do you honestly think I did it overkill? Do you think I went too far with this? I think, is that implicit in your question there, Brent?
How many more pie holes would you have run?
Yeah, right?
I guess it is a little bit, because there seems like there's such a gap between where you started solving this problem versus where you ended up.
but as long as it's well your requirements were quite specific as well right so I think had you loosen those requirements especially with the notifying you know the tiered notifications, that probably would have made this much much easier for you however you probably would have hated your life every day of the monitoring system after that so I think if you're looking long term which it sounds like you are with this kind of monitoring then I'm,
It sounds like you made the right choice, because your digital life and your maintenance of that life will just get better.
You know, I saw this morning over on the BcacheFS subreddit, a couple different folks working on both for Telegraph and then for Prometheus, BcacheFS collectors.
Cool.
So a little incentive for you in the future.
So you don't think I've overdone it?
Not if you install BcacheFS, no.
I mean, if I could pull BcacheFS metrics in, that would be pretty neat.
I think that justifies your setup.
But you see, I'm a little worried about that. But because, again, it feels it's like one of these things where when it's when it's all declared, I can kind of re pick it up and read through it and understand it. Where when it's the GUI, I have to really dig through it and really, really, really have to grind again to get it figured out again. I don't know. Maybe that's just me convincing myself.
Well, no, and I mean, there's a lot of pieces, but I think one of the benefits of a Prometheus-style setup is, right, you're building on top of time series, and that's a fairly universal format for a lot of things.
Yeah, yeah, yeah.
Wes didn't answer your simple question. Do you think that he went overkill?
No, I mean, how many services did you say you had?
Around 37, and then, you know, five or six hosts in there, something like that. Yeah.
I mean, it seems like maybe if anything, it's more of like, um, like a reckoning with the level of infrastructure you're already providing and that it deserves a similar class of monitoring.
Yeah. And it's like, it's not only is it running a clinic, right? But the home assistant stuff is really integrated into the function of the home to a degree that like prevents freezing and, and, and other damage occurring. So it's pretty significant. Uh, yeah, I think I probably was underdoing it. Yeah, I think I might've been. And yeah, it did need, it did need a better solution. I would be curious to know if maybe there was a better way to go though.
So, and how people are doing it. Always love to hear that. I'm not opposed to coming up with a better way. Could always make for a good segment. All right. Well, check this out. Linux Unplugged has been here for over 12 years. And I think I figured out why. Right. We focus on a few things. And I think this is one of our strengths. Real use cases for Linux. We can get value out of it. Free software that's actually free. And we talk about the differences there.
And we try to focus on self-hosting that's practical and just works and not like the hype stuff. And I think you'll also find that we have honest conversations that try to help you make sense of the big shifts in the Linux landscape. And you can look over the 12-year history of the show. And we don't chase the outrage. We don't chase the hype. We don't go for the drama clickbait.
We just try to focus on the signal there. And so when you support the Unplugged program, you're keeping something that's a bit rare alive. It's focused, thoughtful Linux podcasts that tries to stay in its lane, respects your time, and treats the community like adults. And that's probably not as common as it should be. So this here show, it runs on value for value, time, talent, or treasure.
β ΒΆ Shout-Outs
listening and sharing the show, spreading the word, time, participating in the community, helping create maybe show swag. That's time. It could be a little bit of talent in there too, right? Also your feedbacks, corrections, things like that. Also helpful. And of course, treasure. Boosts, membership, direct support at meetups, all of those things make a big difference right now. The reason why I'm talking to you right now is because we don't have a sponsor for this slot.
So every bit helps the show continue and ideally thrive and grow. Better coverage, bigger experiments, more room to explore what's next before it's obvious without all the hype. I mean, look at the history of the show. So if it's helped you understand Linux better or avoid bad tech decisions or feel more confident about running your own systems, consider supporting the show to keep that going. You can send us a boost. You can become a core contributor or a Jupyter.party member.
Or, of course, if you use the promo code bootleg while it lasts, you get it at a great price. That's linuxunplugged.com membership to support this show directly or jupiter.party. You get the perks and you keep the show going. And of course you can send us a boost to support each episode directly. Thank you everybody who does that. It makes all the difference.
Well, AJ wrote in this week, long-time listener, Mobile Linux Survivor reporting in here. Hey, Chris, JB Crew. Been a long-time member, watching and listening since about the Matt Hartley era. So not quite a Lunduk graybeard, but almost. I'm extremely jaded about Linux phones, and for some good reasons. I backed the Librem 5, lawyers got involved there, and still no phone. I owned a PinePhone and a PinePhone Pro, which were underwhelming at best.
So I assume we're all pretty burned on mobile Linux by now. But then I heard about the FLX1. Last spring, I learned about it. It's the FLX1 from Fury Labs. Didn't expect much there, but I believe in the idea of mobile Linux. So I backed it. A month or two later, though, the FLX1 was cancelled. So cue that purism-era PTSD. But here's where it gets a little weird in a good way. Fury Labs announced a replacement device, the FLX1S for slim.
It offers refunds or a spot in the new queue. And so I stayed in, fully expecting another disappointment. But then they delivered. My FLX1S just arrived January 2nd, and I've been daily driving it since that weekend. Not testing, not tinkering, but daily driving it. So here's a little report. Does it actually work? Yes, calls seem to work. SMS and MMS, mobile data, GPS, most Bluetooth works. Many Android apps also via WayDroid.
They use a fork called Andromeda. The battery lasts about a full day with normal use as well. The software stack, as I understand it, is FOSH, customized Debian base built on the Helium project. Those details might be slightly off, but that's the gist I understand. Is it perfect? Nope. Is it real? Shockingly, yes, it's real. There's a compromise, of course, but they're shrinking pretty quickly. Some issues get fixed day to day, not month to month.
I even submitted a bug fix that'll ship by default on the next release.
that alone felt wildly refreshing compared to my previous experiences so why am i reaching out well i have zero affiliation no financial interest and no incentives i just genuinely am a happy customer which feels rare enough to mention fury labs has restored some of my hope in mobile linux they're active in the matrix room with a small but engaged community and i really think you should get your hands on a device, maybe invite someone from that team onto the show and talk about what they did
differently this time around.
Oh, that's an interesting suggestion. Boy, I would appreciate a contact if you have one, AJ. That is a good report, right? Isn't it nice to hear that possibly a Linux phone out there that people are happy with and gets the basics done? And I think about how much I could do in a web browser if I didn't have an app.
And I start to think maybe it's not crazy maybe it's maybe the dream is possible aj makes me believe again faith restored thank you aj appreciate that report great example of value contribute to the show right there with a in the field report another great example of course is la boost, And Daja's back with a row of McDucks as our baller booster this week. And he writes, I just wanted to share a little Linux and self-hosted success story. Oh, here we go. I love these.
Yeah.
Thanks to what I've learned from the crew, our community, and our community over the last six years, I was able to migrate off of a GCP, oh, a Google Cloud, to a combo of our own Infra and Colo, resulting in monthly savings of this boost amount.
Wow.
But it was in dollars instead of sats that's a big number and all foss you guys are awesome thank you love to hear that that that really you know that kind of stuff makes our day also regarding the on-site you guys did at his clinic it was super interesting and it's always those small gotchas that get you.
Ain't that the truth it's always networking.
That is such a great boost also i mean because it's just really great to hear that we made a little difference there but also uh appreciate the signal on that type of topic it's the first time we've ever done something like that so we always appreciate the feedback.
Optical gre comes in.
With 21.
703 satoshis, i forgot where i live so i need west to check his map for me and then relay that information to brent so he can help me with the many unfinished projects if he ever works his way through here.
Uh-oh here we go don't tell me with.
A good time.
Did you uh yes actually oh i.
Keep it in my back pocket.
There it is nice okay watch out watch out i don't want that on camera because that did sharpen the edges yeah all right do we have a location yes.
We do uh 21703 looks like, A postal code from Frederick County, Maryland.
Oh.
Wow.
There you go, Brent.
Well, what you have to do with these messages is also tell me, you know, some temptations as to why I should come through the area. Well, mostly food.
Well, you swing by on your way to the Capitol.
If they have gluten-free pizza, then you got me.
Just, he has a few allergies he'd like you to know about. If you consider those and work them into your boost, there's probably a good chance you'll stop by. Oh, and if you have a plug, outdoor plug, he can make 120 work.
If you have good cat snacks, that's usually a big help.
Liking cats helps, too. That is true.
Well, Gene Bean sent in, this is just a little row of ducks, 2,222. He says, can you share that Nix config for the clinic? I'd love to get some ideas off there.
We could, yeah. I think we would probably just want to do a quick sanitization check, since it is for a clinic and all of that. But I think we could give a look at that after the show.
Totally.
And if it passes the sniff test, we'll just put it in the show notes for this episode. Does that make sense? Yeah. So I guess the answer is, if the answer is yes, it'll be in the show notes, Gene Bean. Good question.
Show notes for 651.
You know, I've talked, yeah, linuxonplugged.com slash 651. I've thought about this. There's not a lot that's going to be revealed because anything that's like a secret gets stored outside the main config that goes in the repository. But, it is the type of thing that if I had access to someone's network, I would use the hell out of this to get everywhere I wanted to go.
And I just, like, this for me, when I, I don't mean to be this guy, but like when I was hired to do penetration testing, this, I would have loved a map like this. I would have. This would be like, oh, you just gave me the job for easy, free, you know, basically.
First I'll own his couple of pie holes and then I will.
Right. It's really, well, it just gives you time to research and it's easier than ever to drop these configs into a machine and say, hey, machine, what's the first thing I could pick on, right? Like you got to think about the tools that are available to people now. And so it crosses my mind that there is a level of information that's being exposed. And so I have some consideration there. But it relies on breaking into the infrastructure.
And then most of what gets exposed is just internal non-routable IP addresses and things like that, or perhaps where secrets get stored and whatnot. But it's something I think about, and I would love the audience's thoughts about it as well. And if you guys are concerned, I know there's a culture around sharing your Nix configs and your Ansible configs, and I like that. And I use that.
We've benefited a lot from it.
And I know I could do a sanitized version. So, I mean, maybe we'll try that. But then I'm not β I prefer if I'm going to put it up on GitHub, I would prefer to actually use it. You know, like β and then it's β anyways. Good question. Check the show notes, Gene, and I would love people's feedback on that. Thank you very much. Is it my turn now? I don't remember. Sifeseeker comes in with β I got all distracted. Comes in with 2,500 sats.
Hi guys, I've been kicking around the idea of a NixOS router, and an example would be great, Leo, there you go. Would you be willing to share your config? The router config is interesting, right? It's in there. I will also mention that Bearded Tech in our community has a really cool NixOS-based router project. And if you're actually thinking about using it for your home router...
Yeah, this might be something to consider.
That might be something worth looking at.
We were kind of doing a bunch of stuff all at the same time, so we took a peek, but we kind of wanted to start a little more minimal and work our way up. But it looks great, especially if you just want, like, a standalone router that is NixOS powered.
Yes. And you've got to remember, we were building something that was a VM first, VM server first.
It wasn't going to be the router first.
Yeah, yeah, right. Exactly. Yeah. All right. But, yeah, all right. We'll take a look at that, Cypher. Thank you very much. I guess there's some demand.
Hybrid Sarcasm comes in with 10,000 SATs. You asked for some feedback regarding actual budget.
Yeah.
It's been a pretty good replacement for you need a budget with spousal approval so far. That's $9 a month I don't have to spend on a cloud service. You'll also appreciate that the actual devs have a sustainable funding model for their core contributors, and they are looking to expand it to others. And then we've got a link we'll put in the show notes.
Oh, interesting. I'm looking. I'm trying. There it is. Yeah. So they have in their documentation here. Hmm. Thank you. I did not know that. That's a good little bit of information there. I appreciate that, Mr.
Zark.
I appreciate the report.
Are you saying those are the actual, actual devs?
No, the actual, actual, actual.
No, yeah.
Oh, actually, okay. Well, adversaries came in with 8,441 sats. Adversaries responding to our question last week, Chris, you were asking for Wi-Fi analyzers for Android.
adversaries says unify makes a great wi-fi analyzer app called wi-fi man it doesn't require unify gear to work it just uses your phone's radios and i can second this one this is the application i've been using for about the last year i used it just this week to that's good to know hey hey you didn't give me time to answer your question nor did you ask me while you were working on this project so oh wow dude anyways it's fantastic i use it just this week uh to I fixed my parents'
Wi-Fi, and it's got some sweet features. So I would say put this on your phone, play with it. It's pretty amazing. It took me a few uses to discover all of the different crazy features that are hidden in it. It's really quite good.
This makes you the buddy that shows up with a water hose after I put the fire out. You realize that, right?
You're welcome.
All right. That makes you β that's what you β I.
Could start a new fire.
No doubt we will. No doubt about that at all. Anonymous comes in with 2,021 sats. No message, just value. Thank you very much. And then Tomato comes in with a row of duckles. And writes, I loved this old network segment. I'd be curious to hear if Brent started to automate his van yet. Mine is completely unautomated. I'm not sure where to start. Oh, well, he needs to start with sensors, right, Brent?
Sensors is great. Yeah, I did the opposite this week and pulled my lithium batteries out of my van. So I've unautomated everything only because it got really, really, really, really cold. And this is not very good for them. So I feel like this week I went backwards. but I'm going to kind of build all the automation here in the workshop, just as winter's here, then I can just plunk it in the van, you know?
But I would say, Chris, you've got much more opinions on this than I do, but I would say start with the problems that you feel like you want to solve or have visibility into, right? If you want exterior temperatures versus interior temperatures, and that's really important to you, start there. If you want to, I don't know, have some other solution to a problem, That's always the best place to start.
And plus one sensors. And then if you really want to see what's capable and way, way far out there, check out smartyvan.com. He's also a YouTuber and he has created some really inspired automations around van living. I mean, absolutely high end tech stuff that you could build from for years. He's also released some code. He has examples and automations and video tutorials and all of that. So it's smartyvan.com, S-M-A-R-T-Y, van.com. And you get some good inspiration there.
I think my next step, if you're curious, is likely getting some visibility and automation around keeping these batteries charged and healthy. One of them is how to keep them warm while they're charging in the winter or, you know, in the after winter season. So that's the main problem I have that I'm going to solve that will get me, you know, some open hardware experience and also diving more into what Home Assistant can do to automate all this. So that's my next step.
But write in and let me know what problem you're solving.
I would also add, like, if you want something to rabbit hole into for a while before you get into all this, go learn the ESP platform. So that is a skill that will pay dividends years.
And relays, relays.
Yeah.
ESVs and relays.
And the little sensors and there's kits you can get on, you know, the big box websites for super cheap and all of that.
And buy some epoxy too.
While you're at it.
All right. Thank you, everybody who boosted the show. We do appreciate you very much. And, of course, shout out to our SAT streamers as well. We had 26 of you stream sats, and collectively you came in with 26,866 sats, which does technically make our streamers the baller booster again this week. Thank you, everybody. When you combine that with our boosters, we raised a total of 109,354 sats.
Pretty humble, but we're very appreciative and gives us an opportunity to make our birthday episode a banger. There's real, real easy ways to boost in these days. Fountain FM is making it easier and easier, including making it just all kind of dollar-based, simple stuff. And, of course, there's the entire awesome self-hosted infrastructure. You can find that when you go to newpodcastapps.com. You'll go down that rabbit hole. You get AlbiHub.
It's really awesome. And, of course, we have the membership program, linuxunplugged.com slash membership, or jupiter.party for the whole dang network.
β ΒΆ Picks
All right. Would you guys like a few picks?
Yeah, what'd you get in your bag today?
Well, you've heard me mention my Hypervibe, which is a NixOS-based Hyperland desktop and still rocking it. Got it running on three machines these days and it's in a great state and I like it a lot. But perhaps you are an Arch person. Well, Rich Arch has a Hypervibe spin. They say we at Rich Arch Project are re-releasing our Hypervibe spin. We now have taken the Hypervibe configs and enriched them with the Noctelis shell on Hyperland.
You can try it in a VM, and it includes some screenshots, or some instructions and a screenshot, which we'll put a link to in the show notes. It's better looking than the way I have it configured. I'll tell you that. It's really nice.
So now you're going to re-Nixify, Hypervibe-ify, the rich Arch Hypervibe-based config?
I like the way you think. You basically start with a base Linux, or a base Arch ISO, just base install. And then he has some kickoff scripts that you can curl onto that basic system and turn it into a Hypervibe desktop based off of what I set up to run on Nix. But with Arch. Kind of neat. Thank you, Rich, for sending that in.
That's great.
It's beautiful. It's beautiful. And then I've got one that.
This looks really nice.
This is nice to see. It's good to have another one of these. I've talked about Junction before. Now we're going to talk about Switchyard, a modern rules-based URL launcher that replaces your default browser. So wrap your noodle around this. Instead of having one browser as your default, you set switchyard as the default browser. And then when you click a link, it brings up a little window and it lets you choose which browser you want to open in.
But on top of that, they have added a really nice graphical interface, a GTK graphical interface, where you can have rules to just automatically send some URLs right to a particular browser. And this is exactly how I work. And this is why I really appreciate this Because there's some stuff I always open in Firefox. There's one site and only one site I use Brave for right now. And then there's other stuff I open in Zen. And it's very, it's always that stuff. So this is really, really great.
It's a super fast app and it has a simple configuration. If you do want to do it by text, they have a flat pack and a Nixflake ready to go. So I thought I might get your approval on that one too.
Oh yeah, absolutely. And it's written in Go, GPL 3.0.
Yeah. So this is so nice if you do live the multi-browser lifestyle. And I do. And I probably would say Firefox is 90% everything. but then there's those, or maybe like if I'm going to do a Google Meet, I might actually do that in Chrome. And I maybe don't use Google Chrome for literally anything else on that machine, but I use it for Google Meet. And it's nice to have something. I just click a link and switch art, it'll send it to that.
But if I don't have any rules set, it gives you a really lean, mean, fast UI and you big icons and you just select the browser you do want to open and it sends a link to that browser. So it's, ha ha.
I think especially, right, they kind of keyed in on work or other stuff, but even just maybe you're doing, you're in a mode where you're doing show notes. You want to make sure you, you know, you're clinking some of the Brent sends. You want it to open the right spot.
Yeah. Something that's in private browsing mode for sure.
Well, yeah, no JavaScript either.
Containerized.
Definitely.
β ΒΆ Outro
All right. Well, that's pretty much the end. I just want to remind everybody that the meetup page is up. If you're going to be in the Pasadena area around March 5th, we'll be at Planet Nixon scale and hanging out with our buddies from Phlox. We'd love to see you there. Meetup.com slash Jupiter Broadcasting. We'll get the details locked in soon for all of that. I'm very much looking forward to it. It's going to be nice, especially as it's
very cold right now. I'm picturing the nice sunshine. It's a beautiful time to be in Pasadena.
Seeing a wonderful audience.
Mm-hmm. Mm-hmm. Good crew down there, too. Wes, is there some pro tips we could leave with them? you know things where they could get more data more information around the show like.
Some sort of enriched xml file.
Yeah something links.
To uh text and json files.
Could be yeah.
With like chapter.
Information and transcript information yeah could have all of that.
Like an srt for however you want to consume this.
It's that if you've got a um podcast client there's more and more of them that supports transcripts we have that in the feed for you and of course if you have a podcasting toodle client you get all kinds of stuff like the cloud chapters like the live item entry pending information and a whole bunch of good stuff. And of course we are live. Yeah, we love it. If you make it a Tuesday on a Sunday, join us Sunday at 10
a.m. Pacific, 1 p.m. Eastern, jupiterbroadcasting.com slash calendar for your time. If you want to, I don't know, read about what we talked about. You want more show? I don't know. Linuxunplugged.com. This was episode, geez, 651. So Linuxunplugged.com slash 651. We get together every Sunday with our Mumble room. That information's on our website as well. You can get in there, get a low latency Opus stream. We tell you about it. Try it out.
And last but not least, we have that Matrix room going 24-7. You can find details to that. It's a great community. And if you're already in the Federation, why not join us? Thanks so much for joining us on this week's episode of Unplugged. See you right back here next Sunday!