It’s been almost 3 years since my last post it seems, so I thought I’d fire up VSCode and write something new. I wish I hadn’t now, as I had to hack around with my Hugo theme to get it to work again!

As I mentioned in my previous post, I bought an OrangePi R1+ to use as a router for my work laptop. Well, I received it the other day and its great! It does run hot, even with the CPU/RAM heatsinks I added it hovers around 65c, that’s partially due to the case it seems, which maybe could have some more air holes. The thing is tiny - about half the length of a RPi.

I’ve recently been updating various Debian Buster boxes to Bullseye. I’ve got a couple of laptops to do yet but the rest run Sid. On my headless servers, the update mainly consisted of - make sure you’re running the latest kernel and latest Buster packages, add the new Bullseye repo’s, update, remove old packages and configs, reboot and then remove the old kernel: apt update && apt dist-upgrade cat << "EOF" > /etc/apt/sources.

Been doing a lot with Kickstart recently, as I’ve had to build some airgapped VM’s in a hurry and have gone off Ansible again. Been templating the more complex bits using j2cli and YAML, so its a bit like Ansible without the SSH - and its ready at first boot rather than afterwards. I’ve uploaded my RHEL/Alma/Rocky/CentOS 8.4 CIS-hardened kickstart to github Oddly enough I’ve found that the SLES install being so slow in esxi appears to be SUSE (or AutoYAST?

I thought I’d give Ansible another shot now it’s owned by RedHat (IBM). As kickstart is a bit limiting. It seems a bit more robust these days, there’s less need to shell out to do the simplest tasks - probably due to the growing number of builtin modules. Inventories seem to have matured as has Vault, which is now very simple to use - especially if you use it inline. For example, to encrypt your ssh/su/grub password you can use the following in inventory.