Forem: dom

Cool / must have Paint.net plugins

dom — Sun, 30 Nov 2025 09:54:31 +0000

paint.net extensions / paint.net plugins
boltbait.com/pdn
kris vandermotten - object align/blur/gradient/other https://www.vandermotten.be/paintdotnet http://users.telenet.be/krisvandermotten/Downloads/PaintDotNetEffects.html
madjik - seamless texture
mike ryan - alias
https://forums.getpaint.net/topic/112730-content-aware-fill-2018-10-4/
smudge https://forums.getpaint.net/topic/7291-pyrochild-plugins-2017-12-04/
aa assist + extra https://forums.getpaint.net/topic/16643-dpys-plugin-pack-2014-05-04/ https://gmic.eu/download.html

node-exporter install (dedicated user, no package)

dom — Mon, 10 Nov 2025 18:21:50 +0000

See the latest version, and correct CPU architecture over at
https://github.com/prometheus/node_exporter/releases/latest

# grab latest release EXAMPLE:
# wget https://github.com/prometheus/node_exporter/releases/download/v1.10.2/node_exporter-1.10.2.linux-amd64.tar.gz
tar -xf node_exporter-1.10.2.linux-amd64.tar.gz
cd node_exporter-1.10.2.linux-amd64/
ls
./node_exporter # see if it works

sudo groupadd --system node_exporter
sudo useradd -s /sbin/nologin --system -g node_exporter node_exporter
sudo cp node_exporter /usr/bin/
sudo chown node_exporter:node_exporter /usr/bin/node_exporter
nano /usr/lib/systemd/system/node_exporter.service

you can use either
/usr/lib/systemd/system/ /etc/systemd/system/
but i'll go with /usr/lib/systemd/system/node_exporter.service

[Unit]
Description=Node Exporter
Documentation=https://prometheus.io/docs/guides/node-exporter/
Wants=network-online.target
After=network-online.target

[Service]
User=node_exporter
Group=node_exporter
Type=simple
Restart=on-failure
ExecStart=/usr/bin/node_exporter

[Install]
WantedBy=multi-user.target

sudo chmod 664 /usr/lib/systemd/system/node_exporter.service
sudo systemctl daemon-reload
sudo systemctl enable node_exporter
sudo systemctl start node_exporter

see http://<host>:9100/metrics

Docker backups/migration using rclone

dom — Thu, 23 Oct 2025 13:59:50 +0000

stop all containers:

docker stop $(docker ps -q)

rclone copy for file copy, or sync if to have exact match as in source server.
rclone follows the logic of first input being from, second input being to (in this case newserver as configured using rclone config, though you can also use backend: and passing in the required credentials that backend requires, if you don't want to setup rclone config file)

rclone copy /opt/stacks/ newserver:/opt/stacks/ -P -L (because i use dockge)

rclone copy /var/lib/docker/volumes newserver:/var/lib/docker/volumes -P -L \ --exclude '**/*.sock' \ --exclude '**/casper' \ --exclude '**/source'

test if works in new server or resume run of services

start container (if backup)
docker start $(docker ps -a -q)

Windows WSL under Proxmox

dom — Sun, 22 Jun 2025 09:50:54 +0000

When trying to enable Hyper-V/VMP in Windows, after VM reboot, the virtual machine stuck at boot process/virtual machine can’t boot at all

check in pve:
cat /sys/module/kvm_intel/parameters/nested

If the guest OS tries to access an unsupported MSR, instead of throwing a general protection fault or killing the VM, KVM ignores the access.
echo "Y" > /sys/module/kvm/parameters/ignore_msrs #temp
echo "options kvm ignore_msrs=1" >> /etc/modprobe.d/kvm.conf #perm

modprobe -r kvm

Set CPU to HOST

Also Machine settings under Hardware, we are using i440fx not q35

SSH to server,
Navigate to /etc/pve/qemu-server/
Edit the machine ID (e.g. 123.conf) which will need nested virtualization (Proxmox server having Windows VM which will use Docker, WSL, Hyper-V, etc)

Add args: -cpu host,hv_passthrough,level=30,-waitpkg
If you have some issues, experiment by removing some arguments or changing values

In Windows as admin cmd
wsl --set-default-version 2
wsl --update
wsl --install -d debian
(will install Virtual Machine Platform, and WSL support)

if still can't boot, stuck on Logo, do
bcdedit /set hypervisorlaunchtype off

If error code:
An error occurred during installation. Distribution Name: 'Debian GNU/Linux' Error Code: 0x80072ee7
Make sure windows is up to date. If you use IOT Enterprise, enable Microsoft store wsreset -i

How to Migrate a Self-Hosted GitLab Instance (Docker-Based) to a New Machine

dom — Mon, 30 Dec 2024 14:18:27 +0000

Using the usual rclone sync casaos:/DATA/AppData/gitlab-ee/ /DATA/AppData/gitlab-ee/ -P --create-empty-src-dirs -l doesn't help because lot's of copy errors, and symlinks don't endup being remade thus gitlab fails to start up on new server.

Nice optional have:

gitlab-rails console
# wait for startup (its slow)
::Gitlab::CurrentSettings.update!(maintenance_mode: true)

Start from here:

gitlab-backup create  
/DATA/AppData/gitlab-ee/data/backups
# echo 1735565802_2024_12_30_17.5.1-ee_gitlab_backup.tar

Create the docker on new server

Restore on new one

# OPTIONAL: Create the /opt/gitlab/data/backups directory, including any parent directories if they don't exist
mkdir -p /DATA/AppData/gitlab-ee/data/backups

get inside container or use docker exec -t <name of container>

gitlab-ctl stop puma&&gitlab-ctl stop sidekiq&&gitlab-ctl status

Execute the command inside the running "gitlab-backend" container to stop the Puma service

gitlab-ctl stop puma
Execute the command inside the running "gitlab-backend" container to stop the Sidekiq service

gitlab-ctl stop sidekiq
Verify that the GitLab services have stopped by checking the status of all services in the container

gitlab-ctl status

Run the GitLab backup restore command inside the running "gitlab-backend" container (restore to specific)
gitlab-backup restore BACKUP=1735565802_2024_12_30_17.5.1-ee_gitlab_backup
Autodetect / better - especially if you provide the file correctly yet it still pretends to "fail" to find it:
gitlab-backup restore force=yes

NOT INCLUDED IN BACKUP:
"/DATA/AppData/gitlab-ee/config/gitlab.rb"
"/DATA/AppData/gitlab-ee/config/gitlab-secrets.json"
will need to transfer them manually

Run the GitLab reconfigure command inside the running "gitlab-backend" container
docker exec -t gitlab-backend gitlab-ctl reconfigure

Restart the "gitlab-backend" container after reconfiguration
docker restart gitlab-backend
Done!

Tailscale OpenWRT Subnet/Site to site config

dom — Sun, 22 Dec 2024 19:26:52 +0000

ref: https://tailscale.com/kb/1019/subnets#connect-to-tailscale-as-a-subnet-router and https://tailscale.com/kb/1214/site-to-site

If your Linux system has a /etc/sysctl.d directory, (check with ls /etc/sysctl.d/) use:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

Otherwise:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf

Home network: 192.168.8.0, router ip 192.168.8.1

tailscale up --advertise-routes=192.168.8.0/24 --accept-dns=false --accept-routes

to show device origin IP instead of subnet router host add --snat-subnet-routes=false:
tailscale up --advertise-routes=192.168.8.0/24 --accept-dns=false --accept-routes --snat-subnet-routes=false

use tailscale set so it persists

approve on https://login.tailscale.com/admin/machines

If you use Adguard Home:
Add [/ts.net/]100.100.100.100 in "Upstream DNS servers"
If not there's always this to consider:

sudo nano /etc/dnsmasq.conf
server=/ts.net/100.100.100.100

IMPORTANT NOTES:
GL-inet tends to reset tailscale (imo LAN/WAN toggles are decorative), which breaks subnet/S2S routing feature.
Router reboot needed to make it work, as well as other routers to acknowledge the new IP route
(e.g. home router after internet loss broke subnet, or using wifi repeater, tailscale subnet stopped working, travel router was used to connect using ts.net, to then fix subnet routing, after fix still had to reboot travel router for changes to get noticed)
OpenWRT - Make sure to allow access to web/ssh from other networks https://forum.openwrt.org/t/allow-ssh-on-wan/74995/2

Good to know:
Tailscale ports:
Make direct connections by allowing UDP port 41641 to ingress through the firewall
Direct connection between VMs, also add an outbound firewall rule allowing UDP port 3478.

TMUX for automation / startup monitoring

dom — Fri, 06 Dec 2024 11:14:47 +0000

The problem: Need to start multiple services all at once and also be able to monitor them somehow (there's no way to do logging to a file, because custom CLI tool).
Example use case: Spin up dev server in one click - start server, IDE like VS Code, and Docker subservices (database etc), de clutter multiple terminal windows into one and to monitor logs more easily.

sudo EDITOR=nano crontab -e
@reboot bash /path/to/script.sh

script.sh

#!/bin/bash 

SESH="startupIO" 

tmux has-session -t $SESH 2>/dev/null 

if [ $? != 0 ]; then 
    ## 8000
    tmux new-session -d -s $SESH -n "rhttpds"
    tmux send-keys -t $SESH:rhttpds "bash /home/user/Desktop/services/startup/rhttpds.sh" C-m 

    ## 8024
    tmux new-window -t $SESH -n "rhttpds80" 
    tmux send-keys -t $SESH:rhttpds80 "bash /home/user/Desktop/services/startup/rhttpds80.sh" C-m 

    ## 2121
    tmux new-window -t $SESH -n "uploadFTP" 
    tmux send-keys -t $SESH:uploadFTP "bash /home/user/Desktop/services/startup/upload-FTP.sh" C-m 

    tmux set-option -t $SESH status on 
    tmux set-option -t $SESH status-style fg=white,bg=black 
    tmux set-option -t $SESH mouse on

    tmux select-window -t $SESH:rhttpds80 
fi

Reconnect to terminal
tmux attach-session -t startupIO

Switch between windows
Previous: Ctrl+B then P
Next: Ctrl+B then N
Other shortcuts: https://tmuxcheatsheet.com/

Stop all
tmux kill-ses -t startupIO

Create your own private TLD / .local domain DNS

dom — Fri, 06 Dec 2024 10:13:53 +0000

My network setup: Site to site VPN (No matter what location, networks are cross linked, so I'm able to access the intranet / LAN, but keep using the ISP of that location to not cause internet speed slowdown and higher latency (e.g. Mobile operator, only use VPN tunnel for inter-LAN connection), Technitium DNS, OpenWRT.

You can self host Technitium locally or in some cloud by also adding site to site vpn on there (Tailscale is also capable of behaving like S2S thanks to subnet router feature https://tailscale.com/kb/1019/subnets#connect-to-tailscale-as-a-subnet-router https://tailscale.com/kb/1214/site-to-site)
or once again DIY using wireguard like here https://github.com/mjtechguy/wireguard-site-to-site

Install Technitium:
https://wiki.opensourceisawesome.com/books/authoritative-dns/page/install-and-configure-a-primary-and-secondary-technitium-authoritative-name-server
or via Docker https://github.com/TechnitiumSoftware/DnsServer/blob/master/docker-compose.yml

On OpenWRT

sudo nano /etc/dnsmasq.conf
server=/your-tld/127.technitium.ip.0.1

then

/etc/init.d/dnsmasq restart

and while yes, You could also use your private DNS server for everything everything (and maybe as a pi-hole like behavior too), but if it breaks (fully or partially), you may not be able to reach websites, seems like even if you did set the fallback of any other dns provider IP. And either way imo split dns seems more effective.

If you use Adguard Home:
Add [/ts.net/]100.100.100.100 in "Upstream DNS servers"

other good to know things:
address=/your-tld/127.technitium.ip.0.1 is more like a hosts record, will override everything to be that one ip (it won't question whats ip of the domain from dns server)