Thursday, July 27, 2017

Running ipfire in a Proxmox KVM

Long ago my network equipment at home was simple: just used a Belkin N600 router to connect to my ISP. All my computers and devices, including some raspberry pi, mobile phones and pads will access the internet via the router. As the number of clients increased, I found that the Belkin router did not serve well. Therefore I installed a software firewall, IPFire, on a Raspberry Pi (Model B) and replace the existing router. (I still needed the N600 as a wireless bridge so I switch it to a bridge mode)

IPFire is a great software firewall. You can have a look at the website so see the features. Running IPFire on Raspberry Pi is surprisingly stable too. Everything was fine until I change the ISP plan from 8M (8mbps/1mbps)  to 100M (100mbps/30mbps).

The problem was the hardware limitation of the Raspberry Pi. The builtin LAN and another usb ethernet adapter worked fine when I was using 8M. However after I changed to use the 100M plan I found that the maximum speed was 30M something. In order to utilize my bandwidth I planned to run IPFire on another hardware.

I didn't have a big budget at that time so I wondered if I can make use of my existing hardware. My N54L that is running proxmox seems to be a good choice. So I decided to create a KVM for this.

The config of the IPFire VM is simple:
1. 512M ram
2. 1 CPU
3. 16GB virtual disk (virtio driver)
4. one bridged network (virtio driver)

One tricky thing I have done was to passthrough USB adapter from host to the VM, which should have a better performance.

By running lsusb on host:
# lsusb
...
Bus 003 Device 002: ID 0bca:8133 Realtek Semiconductor Corp. RTL8153 Gigabit Ethernet Adapter
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
...
Then add a line at /etc/pve/qemu-server/.conf
usb0: host=0bca:8133,usb3=yes

note that only use "usb3=yes" if you are using a usb3 device.

When the setting was done, I started the VM, the USB adapter was detected and just followed the instruction to setup. In my case I connected USB adapter to RED (internet), the virtual adapter to GREEN (internal). As I did a IPFire configuration backup from raspberry pi. I just import it back to the VM and everything ran out of the box!

I did a quick test by running the command line version of speedtest (speedtest-cli). the result was 80mpbs/26mbps which is acceptable.

[root@ipfire ~]# ./speedtest-cli
Retrieving speedtest.net configuration...
Testing from XXXXXXX (xxx.xxx.xx.xxx)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by xxxxxxxx[22.51 km]: 8.898 ms
Testing download speed................................................................................
Download: 81.54 Mbit/s
Testing upload speed................................................................................................
Upload: 25.93 Mbit/s

In summary IPFire is a good solution if you want to have a software firewall. There are other free firewalls such as pfsense or opnsense. I will try them and compare. But for now, I am happy to use IPFire.

Wednesday, June 28, 2017

Playing Yeelight with Python

Recently I've been playing a Yeelight Smart LED Bulb. It'd be a good starting of learning home automation, as such smart LED Bulbs do not depend on any modification of your home electricity system. This yeelight bulb is already bundled with the WIFI chip so that you can configure it using its official app (both Android and iOS are available)

Using the official app is straight forward, then I wondered can I play it 'harder'. Then I searched and found some interest use cases:

  1. Controlling yeelight by Python
  2. Controlling yeelight by Siri (wow!)
  3. Controlling yeelight by Home-Assistant
In fact there should be more cases, including Amazon Alexa or Google Home, but I do have these products and the setup will be very similar to 2. and 3, that I will explain it in another post later. Right now I am going to share how to play the yeelight with python.

First, you need the official app to enable developer mode. Then just use python yeelight package https://yeelight.readthedocs.io/en/latest/ and you are good to go!

import yeelight
yeelight_ip='xxx.xxx.xx.xxx' # your yeelight bulb IP
light = yeelight.Bulb(yeelight_ip, effect='smooth')
light.turn_off()
light.turn_on()

# Set it to white
light.set_rgb(255,255,255)
# Set the brightness
light.set_brightness(100)



Not very difficult right? If you have a raspberry Pi you can set some cronjobs in order to turn the light on in the morning as a silent  alarm clock, or place the bulb in your kid's bedroom, then change the brightness from 100% to 1% (then off, of course) in one hour.

If you think it's too dummy to control such a bulb, I agree. That's why there will be some more elegant solutions. Next time I'll show how I setup a virtual HomeKit and ask Siri to control the bulb.

Ref:

Saturday, June 03, 2017

Nextcloud on Archlinux

Recently I'm trying Nextcloud, which is a fork of Owncloud.

I have to admit that I am not a big fan of PHP apps. When I tested Owncloud several years ago I only felt it's very slow.....As someone recommended Nextcloud a few weeks ago I'd like to give it a try.

The installation doc was well but since it is only for Redhat and Ubuntu. I'd like to add some notes when using Archlinux (with Nginx, PHP-FPM, Mariadb, Redis Server):


  1. The official packages are needed ("pacman -Sy nginx, php-fpm, mariadb, redis")
  2. The AUR package php-smbclient is needed if you want to use the external storage feature with SMB/CIFS
  3. Using memory caching can improve the performance. From the doc you can choose APCu, Memcached and Redis. I am using Redis server since it should be most flexible approach. AUR package php-redis, again, is needed.
  4. Download the latest Nextcloud package. Extract and put it under /var/www
  5. under /etc/php/php.ini, make sure these lines are uncommented:
    zend_extension=opcache.so
    extension=pdo_mysql.so
    extension="smbclient.so"
    extension="redis.so"
  6. Following the official method to setup Nginx 
  7. Enable the services so that they will bring up after a reboot. (systemctl enable xxx)
  8. Using SSL is highly recommended. It's very easy to get one from Let's Encrypt with zero cost.
I will setup a container on my proxmox and evaluate for a while and give a brief review about it  later.