host docker container via systemd on debian 8

I want to run a custom docker image as a systemd service. This assumes I'm starting out on plain debian 8:

# add backports repository
sudo bash -c 'echo -e "\\n\\n#backports\\ndeb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list'

# install docker
sudo apt-get update
sudo apt-get install docker.io

# optional: add your user to docker group so you dont
# have to use sudo all the time for calling docker
# (you will need to log in again to make this come into effect.
# or simply start a new shell)
#sudo adduser $USER docker

# tell systemd to start docker on boot
sudo systemctl enable docker

# create docker container
# (just a simple test container, you might create your own...)
sudo docker run -d -p 80:80 --name example_webserver nginx

## create a systemd unit for a docker container
## (repeat this step for every container you need)

cat << EOF | sudo bash -c 'cat >> /etc/systemd/system/docker-example_webserver.service'

Description=Test Web Server

ExecStart=/usr/bin/docker start -a example_webserver
ExecStop=/usr/bin/docker stop -t 2 example_webserver



# reload systemd because we added a new unit
sudo systemctl daemon-reload

# start docker container
sudo systemctl start docker-example_webserver.service

# tell systemd to start docker container on boot
sudo systemctl enable docker-example_webserver.service


simple multi user git server setup

This is a very simple, yet effective setup for multi user git servers. I'm using file-system permissions for managing users and use ssh for remote access.

  1. get an ssh server up and running.
  2. create a new user for each git repository. (eg. sudo adduser git-my-project)
  3. init git repo

    sudo su git-my-project
    cd --
    git init --bare --shared=group my-project.git
  4. add user to according group

    sudo adduser devuser1 git-my-project
    sudo adduser devuser2 git-my-project
  5. clone repo

    git clone 'ext::ssh -i .../.ssh/id_rsa devuser1@repo.buzzmark.com %S /home/git-my-project/my-project.git'

setup nginx tls reverse proxy on debian 8

It often makes sense to run a web-server behind a reverse proxy for various reasons. It often also makes sense to terminate TLS on the reverse proxy. So here's a minimal approach for doing this with nginx:

sudo apt-get install nginx-full

# generate strong diffie haleman paramters
# might take some time ...
sudo openssl dhparam -out /etc/ssl/dhparams.pem 4096
sudo chmod 600 /etc/ssl/dhparams.pem

cat << EOF | sudo bash -c 'cat >> /etc/nginx/sites-available/example.com.conf'

    server {
        listen 80;
        listen [::]:80;
        server_name example.com;
        rewrite ^ https://$server_name$request_uri? permanent;

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name example.com;

        # reverse proxy configuration
        location / {

        # allow big uploads
        client_max_body_size 1024M;

        # ssl settings
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_certificate /etc/ssl/example.com_bundle.crt;
        ssl_certificate_key /etc/ssl/example.com.key;
        ssl_dhparam /etc/ssl/dhparams.pem;
        ssl_prefer_server_ciphers on;



install postgresql and add database on debian 8

Here's a little followup to my last post. On Debian postgresql defaults to using linux user accounts for access management. Here's how to add a new postregsql user:

sudo apt-get install postgresql postgresql-client

# if no postgress process is running now, this command can fix it
#pg_createcluster 9.4 main --start
# if this command fails with locale errors install all locales it demands
#dpkg-reconfigure locales

sudo adduser dbuser

sudo su -c 'createuser dbuser' postgres
sudo su -c 'createdb -O dbuser owncloud' postgres


encrypted partion on debian 8

Encrypting partitions is fun, but also a bit unintuitive.

# install dependencies
sudo apt-get install cryptsetup

# setup luks on desired partition
sudo cryptsetup -y -v luksFormat /dev/sdb1

# init mapper device (and persist this setting)
sudo cryptsetup luksOpen /dev/sdb1 sdb1_crypt
sudo sh -c 'echo "sdb1_crypt /dev/sdb1 none luks" >> /etc/crypttab'

# format block device
sudo mkfs.ext4 /dev/mapper/sdb1_crypt

# add device to fstab
sudo mkdir /mountpoint
sudo sh -c 'echo "/dev/mapper/sdb1_crypt /mountpoint ext4 defaults 0 1" >> /etc/fstab'

# mount
sudo mount /mountpoint


cron restart process if it died

I just put something like this in my crontab. It's quick and dirty, but it works.

*/1 * * * * [ -z "`ps -ef | grep -v grep | grep '<command>'`" ] && <command>

For those rare cases when writing a daemon just does not pay off.

screen capture on ubuntu 14.04 (trusty thar)

list your pulse devices:

pactl list

record with avconf (which is a weird version of ffmpeg):

avconv -video_size 1024x768 -framerate 20 -b $((10*1024))k -f x11grab -i $DISPLAY -f pulse -ac 2 -i "alsa_input.usb-0b0e_Jabra_SPEAK_510_USB_1C48F9E60C09020A00-00-USB.analog-mono" -threads 2 -vcodec libx264 -acodec mp3 -preset ultrafast output.mp4

install epson L355 scanner driver on debian

Short and painless:

wget https://download2.ebz.epson.net/iscan/general/deb/x64/iscan-bundle-1.0.0.x64.deb.tar.gz
tar -xf iscan-bundle-1.0.0.x64.deb.tar.gz
sudo bash iscan-bundle-1.0.0.x64.deb/install.sh

grep epkowa /etc/sane.d/dll.conf \
    || sudo bash -c 'echo epkowa >> /etc/sane.d/dll.conf'

# you printer is very like different form
# so adjust accordingly
grep 'net 192\.168\.123\.4' /etc/sane.d/epkowa.conf \
    || sudo bash -c "echo 'net' >> /etc/sane.d/epkowa.conf"

This of course is a security nightmare so don't forget to do this only in a VM or better yet on dedicated hardware with no sensitive data / network access.


eclipse search code

If it comes to IDEs Eclipse is a beast. Here are some shorts-cuts I use really a lot lately, they're for searching and navigating through code:

  • search for files: [Ctrl+Shift+r]
  • search for java methods: [Ctrl+Shift+m]
  • search for java classes: [Ctrl+Shift+t]