DAppNode

https://dappnode.io

ToDo

1. ipfs.dappnode with HTTPS? See https://github.com/dappnode/DAppNode/issues/406 , and below.
2. Fix http://alice.eth etc. as it’s still NOK when now that IPFS works, see https://github.com/dappnode/DAppNode/issues/492
3. Install http://dappnode.local/#/installer/prysm.dnp.dappnode.eth
4. http://dappnode.local/#/installer More packages to install?
5. http://dappnode.local/#/community => https://sourcecred.dappnode.io/#/explorer PAN?
6. DAppNode DApp list
7. Configure /etc/wireguard/wg0.conf to “route” / “lookup” (?) ONLY .eth and .dappnode domain names through that VPN? Test by shutdown DAppNode.
8. (Re-)install and configure http://dappnode.local/#/packages/rotki.dnp.dappnode.eth/info
9. git server (local at first, then on IPFS); e.g. on https://github.com/linuxserver ?
10. Backups , for git server and other, on IPFS

Use

• IPFS
  • WebUI http://ipfs.dappnode:5001/webui/ (see below for Troubleshooting if this doesn’t work)
  • Peering: Add e.g. /ip4/192.168.1.99/tcp/4001/p2p/12D3Koo...P8TN on brave://settings/ipfs/peers for peering and use Brave local IPFS node. Strangely, this then does NOT show up in the list on http://127.0.0.1:45005/webui/#/peers.
  • Gateway http://ipfs.dappnode:8080 how-to? Expose port on http://dappnode.local/#/packages/ipfs.dnp.dappnode.eth/network ?
  • API http://ipfs.dappnode:5001 ? TODO: How to publish a file on one local computer, pin it on the DAppNode, and then access it from another local computer?
• Ethereum RPC API
  • TODO: How to use http://dappnode.local/#/packages/geth.dnp.dappnode.eth/info's Querying API http://geth.dappnode:8545 and Engine API http//geth.dappnode:8551?
• *.eth domain names :
  • alice.eth or freedomain.eth (or e.g. radek.freedomain.eth from this tutorial are some examples
  • These normally do not resolve over traditional root DNS servers
  • Brave has built-in ENS resolution by using Infura, instead of decentralized DAppNode
  • When connected to DAppNode’s WireGuard VPN, that will resolve both .eth and .dappnode domain names
  • nonexistantx.eth should show an error message from DAppNode’s /usr/src/app/webpack:/@dappnode/dappmanager/src/ethForward/resolveDomain.ts: _Decentralized website not found Make sure the ENS domain exists"
  • ipfs resolve -r /ipfs/: invalid path "/ipfs/": not enough path components means TODO, IDK, fix IPFS #first? See https://github.com/dappnode/DAppNode/issues/492

IPFS in Brave (not directly DAppNode related)

• brave://settings/ipfs
• brave://ipfs-internals/
• If using Brave Local IPFS Node:
  • http://127.0.0.1:45005/webui
  • brave://settings/ipfs/peers

Manage & Maintenance

• http://dappnode.local
• sudo wg-quick up wg0 is required ;) to use *.dappnode hostnames
• http://dms.dappnode/d/dappnode-exporter-host/host?orgId=1&refresh=10s
• http://dappnode.local/#/system/security Host Updates
• VPN: sudo wg-quick up wg0 & sudo wg-quick down wg0
• Power Off on http://dappnode.local/#/system/power .

Set up

As per official documentation, and then:

Krypton made two-factor easy & secure

See https://krypt.co and sources on https://github.com/kryptco .

https://krypt.co/start/ => https://krypt.co/ext/ for U2F Browser Extension, if interested.

More on https://krypt.co/docs .

Setup SSH

Install the Android App , and in its Settings (Krypton Core) enable [X] Developer Mode (and review other Settings; perhaps Disable Google Analytics). Now on workstation/desktop host:

curl https://krypt.co/kr | sh

kr pair

and scan the displayed QR code in the PAIR tab on the App. The printed SSH public key is ~/.ssh/id_krypton.pub (also kr me), and can be put e.g. on https://github.com/settings/keys or on a server (also using kr add <user>@<server>) as per https://krypt.co/docs/start/upload-your-ssh-publickey.html .

SSH Key type ed25519-sk (and ecdsa-sk)

Today I noticed by coincidence that (recent versions of; e.g. the one available on Fedora Silverblue 34) ssh-keygen have ed25519-sk (and ecdsa-sk) key types (-t).

Never having seen these before, I wondered what they were for…

It is explained e.g. on https://security.stackexchange.com/questions/240991/what-is-the-sk-ending-for-ssh-key-types , and in the chapter “FIDO/U2F Support” on https://www.openssh.com/txt/release-8.2 .

This is very nice, as it much simplifies the much too complicated old ways of using gpg-agent to SSH with a YubiKey .

Exploring Fedora CoreOS

See https://docs.fedoraproject.org/en-US/fedora-coreos !

First Steps

Following https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started/ :

podman run --pull=always --rm -v $HOME/.local/share/libvirt/images/:/data -w /data \
    quay.io/coreos/coreos-installer:release download -s stable -p qemu -f qcow2.xz --decompress

qemu-img create -f qcow2 -b \
    ~/.local/share/libvirt/images/fedora-coreos-33.20210328.3.0-qemu.x86_64.qcow2 \
    ~/.local/share/libvirt/images/my-first-fcos-vm.qcow2 20G
ls -lh ~/.local/share/libvirt/images/

podman run --interactive --rm quay.io/coreos/butane:release \
    --pretty --strict <first.bu >first.ign
bat first.ign

qemu-kvm -m 2048 -cpu host -nographic \
    -drive if=virtio,file=$HOME/.local/share/libvirt/images/my-first-fcos-vm.qcow2 \
    -fw_cfg name=opt/com.coreos/config,file=first.ign \
    -nic user,model=virtio,hostfwd=tcp::2222-:22

ssh-keygen -R "[localhost]:2222"
ssh -o StrictHostKeyChecking=accept-new -p 2222 core@localhost

pstree
systemctl status
systemctl --type=service --state=active
hostnamectl

podman run --rm -it hello-world

Automatic Updates

See https://docs.fedoraproject.org/en-US/fedora-coreos/update-streams/ , and https://docs.fedoraproject.org/en-US/fedora-coreos/tutorial-updates/ :

FOSDEM 2021

I “attended” (virtually, thanks COVID-19) FOSDEM 2021 on Sat/Sun Feb 6/7, 2021.

https://fosdem.org/2021/schedule/ has the full schedule - and there’s a lot, as with any big tech conference.

https://www.youtube.com/channel/UC9NuJImUbaSNKiwF2bdSfAw has (will have) recordings. Here are talk I listened in to:

Cloud Infra

• https://fosdem.org/2021/schedule/event/containers_datacenter_class/ about how https://www.opencompute.org open design HW “2nd life” that can be bought (again; “circular IT HW”) on https://www.itrenew.com/explore-solutions/ (pricing on http://bit.ly/sesame-specials; more on https://stands.fosdem.org/stands/sesame_discovery/ ) and managed with https://github.com/opencomputeproject and https://rackn.com/rebar/ (like https://metal3.io ?) - at home? ;) I know what I want for christmas, LOL.