Posted on Leave a comment

Decentralize common Fedora apps with Cjdns

Are you worried about a few huge corporations controlling the web? Don’t like censorship on centralized social media sites like facebook and twitter? You need to decentralize! The internet was designed to be decentralized. Many common activities, from social media to email to voice calls, don’t actually require a centralized service.

The basic requirement for any peer to peer application is that the peers be able to reach each other. This is impossible today for most people using IP4 behind NAT (as with most household routers). The IP4 address space was exhausted over a decade ago. Most people are in “IP4 NAT Jail.”

Your device is assigned a private IP, and translated to the public IP by the router. Without port forwarding to a specific private IP, incoming TCP connections or UDP sessions can’t tell where to forward to, and are dropped. As a result, nothing can connect to your device. You must connect to various public servers to do anything. IP4 NAT Jail forces centralization.

The simplest solution to this problem is IPv6. However, most US consumer internet providers do not offer usable IPv6. For instance, if the IPv6 prefix changes every few days, the devices are not addressable except via a dynamic DNS server. Furthermore, on a mobile device like a laptop, most WiFi does not offer IPv6 either. So you can’t use Mobile IP6 to have a stable address.

You can work around this using a VPN like OpenVPN (included in Fedora) to a centralized server with a public IP4 — perhaps one you provide yourself by renting a Virtual Personal Server. But then packets to and from your device have to travel to and from the VPN server first. You can also use a tunnel broker like

If you and your peers already have stable IPv6 addresses, you can use these for the sample applications to be showcased. But most people need to use something else.

DNS is also essentially a centrally controlled service, so this article’s two sample applications avoid the use of DNS.  Email and SIP applications have built-in address books that work just as well.  Think of your stable IPv6 address as a “phone number.”

IPv6 Overlay Mesh VPN with Cjdns

The Cjdns package (included in Fedora) implements a global IPv6 mesh by connecting to several peers instead of a centralized server. Each node has a public/private key pair. The IPv6 is the truncated SHA512 hash of the public key, preventing spoofing.

  • Packets are end to end encrypted — relays can be untrusted.
  • Packets are source routed, allowing seamless upgrades of and experimentation with routing algorithms.  (This is safe thanks to anti-spoofing.)
  • The data for routing comes from a Distributed Hash Table listing the peers of each node.
  • Peers can be explicitly configured as UDP tunnels, or auto-configured on ethernet via layer 2 protocol 0xfc00.

With Cjdns installed, you have a stable, “unspoofable” (standard cryptographic caveats apply) IPv6 address that can be used with any IPv6 ready application. Your recipient must also use the Cjdns protocol, but this isn’t much of an obstacle since it’s easier to install Cjdns than convince US ISPs to provide usable IPv6.

Install Cjdns

To install and enable the Cjdns service persistently, run these commands:

$ sudo dnf install cjdns cjdns-tools cjdns-selinux $ sudo systemctl enable --now cjdns
$ peerStats 18:03:14:56:c2:1e v20.0000.0000.0000.0019.681v1s7k3af1q2cf09txpw309zdf4q0mn7mtq0wr544dz98stwr0.k ESTABLISHED in 6kb/s out 15kb/s LOS 8 "outer"

This generates a /etc/cjdroute.conf file, pre-populated with random keys and passwords. If there’s already a Cjdns node on your LAN as above, you’re done. But more likely, there was no output from peerStats. In that case you now need to configure one or more UDP tunnels. First, you must discover the random UDP port used.

$ sudo grep bind /etc/cjdroute.conf // Port to bind the admin RPC server to. "bind": "", "bind": "", "bind": "[::]:26041", // Alternatively bind to just one device "bind": "all",

In this example, the random UDP port is 26041 for both IPv6 and IPv4. Your port will be different. Allow incoming sessions for this port.

$ sudo firewall-cmd --zone=public --add-port=26041/udp success $ sudo firewall-cmd --runtime-to-permanent success

Now you need to edit the config to add a peer. Hopefully, you are somewhat familiar with configs using JSON syntax. You must add an entry for a UDP peer using your favorite text editor, such as vim. Here is one provided on a VPS. Search for IPv4, and add the indicated stanza after connectTo, inside the braces:

$ sudo vim /etc/cjdroute.conf "": { "login": "fedora", "password":"zvkxv604fqx0zn9trhw5hjxwp3u4v2u", "publicKey":"lhj54c2xnczfurpw42d0h1bvc4qquclb4dw72q50tc83ucmm9zt0.k", "peerName":"" },

For the changes to take effect, restart cjdns.

$ sudo systemctl restart cjdns $ peerStats v20.0000.0000.0000.0017.lhj54c2xnczfurpw42d0h1bvc4qquclb4dw72q50tc83ucmm9zt0.k ESTABLISHED in 0kb/s out 0kb/s "" $ ping PING (fceb:7fc0:c62c:9cd9:2971:e3ff:aee2:6e08)) 56 data bytes 64 bytes from (fceb:7fc0:c62c:9cd9:2971:e3ff:aee2:6e08): icmp_seq=1 ttl=42 time=87.6 ms

You can now ping any node in the global IPv6 mesh. CAUTION: All those nodes can now directly connect to your device. The default Fedora firewall will block all incoming connections be default — but be careful what you allow in. Be sure to consult the package README for additional security notes.

The fedora password to this nyc VPS may not be up indefinitely, so you need some more peers. Consult a list of public peers or peer with your Fedora friends.

Decentralize Email applications

You can decentralize almost any email client included in Fedora that supports IPv6, such as alpine or Thunderbird. This example uses mailx, a bare bones CLI mail client designed for teletypes. This makes configuration and use easy to show.

Similarly, you can use any of the MTAs supplied with Fedora, but this example uses opensmtpd, as it is simple, small, and secure. By default, opensmtpd stores incoming email in /var/spool/mail, which is perfect for personal decentralized use. You can, of course, use any mail store and client you prefer.

$ sudo dnf install mailx opensmtpd $ cat >~/.mailrc <<EOF set from="mylogin@[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678] (Real Name)" set smtp=localhost EOF

Of course, you need to use your own local login, IPv6 and name.

To receive email, you will need to edit the opensmtpd config in /etc/opensmtpd/smtpd.conf. Here is a sample. (Note this article may wrap some of the “preformatted” lines, so use your head):

# This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. # To accept external mail, replace with: listen on all listen on fc02:fefe:dead:beef:cafe:babe:1234:5678 hostname "[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678]" listen on localhost # If you edit the file, you have to run "smtpctl update table aliases" table aliases file:/etc/aliases # Uncomment the following to accept external mail for domain "" #accept from any for domain "" alias deliver to mbox accept from any for domain "[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678]" alias deliver to mbox accept for local alias deliver to mbox accept for any relay hostname "[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678]" 

Use your actual Cjdns IP, of course. When the opensmtpd config is ready, start it so you can receive emails. If your recipient is offline, opensmtpd stores your letter and retries periodically.

$ sudo systemctl enable --now opensmtpd $ sudo firewall-cmd --zone=public --add-service=smtp $ sudo firewall-cmd --runtime-to-permanent

Now send the author a dex (decentralized) email:

$ mailx -s "Fedora Article" \ "stuart@[IPv6:fcbc:b27:be6f:94dd:4225:792:c988:8ace]" <<EOF > Great article! > EOF

That sends an email to the author’s nyc vps — so don’t be surprised if you get a reply!

Alpine is a full featured console email client. After you install and run it the first time, you can decentralize it by editing ~/.pinerc and changing these basic config items:

# Sets domain part of From: and local addresses in outgoing. user-domain=[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678] # List of SMTP servers for sending mail. smtp-server=localhost

Decentralize SIP applications

Linphone call screen

Linphone call screen

Using Cjdns for your voice calls gives you privacy and authentication. You can use any sip client that supports IP6. This example uses the linphone app included in Fedora.

$ sudo dnf install linphone $ sudo firewall-cmd --zone=public --add-service=sip --add-port=7078/udp --add-port=9078/udp $ sudo firewall-cmd --runtime-to-permanent
Linphone network config screen

Linphone network config screen

Run linphone on your desktop, and skip the account wizard. You don’t need logins and accounts with peer to peer. Select Options, Preferences and select Use IPv6 instead of IPv4 and Direct connection to internet. Enter your Cjdns IPv6 in Public IP address. Now select Options, Quit to completely exit linphone.

The version in Fedora doesn’t provide a way to configure your peer to peer contact, so you need to edit the config file. Find the [sip] section and change guess_hostname and contact:

$ vim ~/.linphonerc guess_hostname=0 contact="Real Name" <sip:mylogin@[fc02:fefe:dead:beef:cafe:babe:1234:5678]>

Now start linphone again, and add a Fedora friend with Cjdns to the addressbook using the same address syntax. Try a text message first, then give them a call.

Of course, there are many potential issues with audio and video in a VoIP app, which are not covered here. Usually, however, linphone just works. If you don’t have any friends, you can reach out to the author via dex email at the nyc node above.

Posted on Leave a comment

Lennart Jern: How Do You Fedora?

The Fedora Magazine recently interviewed Lennart Jern on how he uses Fedora. This is part of a series  on the Fedora Magazine. This series profiles Fedora users and how they use Fedora to get things done. Contact us on the feedback form to express your interest in becoming a interviewee.

Who is Lennart Jern?

Lennart Jern is a Swedish-speaking Finn, who has been living in Umeå, Sweden, for about three years. He was born and raised in southern Finland where he obtained his master’s degree in applied mathematics. His time at university exposed Lennart’s true passion.  “While at the university, I realized that computer science was really what I wanted to work with.” In order to follow his dream of working in computer science he moved to Sweden with his wife to pursue a master’s program in computer science. After a short while he had learned enough to land a job with a local startup. “I’m working with cloud/distributed systems, specifically with tools like kubernetes and OpenShift.

Lennart’s first contact with Linux was in 2006. Some of the computers in his high school were running OpenSuse. He installed Ubuntu’s Hardy Heron in 2008 and has been using Linux ever since.

The Hobbit: An Unexpected Journey and Star Wars: The Force Awakens are his two favorite movies. Lennart likes simplicity. “I generally don’t like fancy food. Nothing beats a homemade pesto-mozzarella pizza.

Lennart Jern and his two dogs

Self hosting is one of Jern’s hobbies. He hosts a private blog and a git service running on a cluster of Raspberry Pi computers. “For my blog I am using Jeckll and the git service is gogs.” The Raspberry PI cluster makes use of Kubernetes. Lennart uses several other open source tools to maintain the hosted environment. “I use for the self hosting environment are certbot for certificates, ansible for automation and parallelization of tasks.”

The Fedora Community

Lennart became active with the Fedora Community when his friend introduced him to Fedora. “A friend of mine, Ludvig, was running Fedora on his laptop and I got curious. I wanted to know more about the differences between Linux distros so I simply tried it out.” His friend, Ludvig, also convinced him to get involved with the open source world. “He was using Fedora when we were in high school, probably because it was what Linus Torvalds was using at the time.”

Lennart’s first interactions with the Fedora Community came when he was looking for solutions to issues with Pulse Audio. He found the community friendly and welcoming. “It is nothing to be afraid of, just try it! You don’t have to commit all your free time to it, nobody expects that. If you stumble across something that you can fix or report, do it! It will feel great!

When asked what he would like people to know about Fedora Lennart was quick to mention stability. “I feel that many still have the impression of Fedora being a bleeding edge distro with problems and broken applications every new release. Bleeding edge might still be true, but I find Fedora very well polished and stable these days.” Lennart would also like to see Fedora more well know in Nordic countries.

What Hardware?

Jern has five machines running Fedora. One desktop, one laptop and three Raspberry Pi computers. The desktop is a custom computer with an AMD Ryzen 5 1600 CPU and 16 GB of ram. The desktop makes use of two graphics cards for multi seating. The video cards are both made by Asus. The first is a Radeon 6870 and the second is a Radeon RX 550. The laptop is a refurbished HP ProBook 430 G2. It is equipped with an Intel Core i5-4210U and 4 GB or ram. Two of the Rasberry Pi computers are model 3 B+ and the other is a model 3B.

What Software?

All of Lennart’s computers run Fedora 28. “The laptop and desktop are both on the Workstation edition while the raspberries have minimal installations.”

One of the raspberries (the model B) is still running ARMv7, while the other two are running the newer aarch64 images. Jern’s laptop and desktop are close to the base workstation edition. “I just add a couple of GNOME extensions specifically the Drop Down Terminal and the Dash to Dock extensions.” Notable applications that Lennart uses include:

  • Chrome as browser,
  • Atom as text editor/IDE,
  • Gedit or vim for ad hoc text editing,
  • Slack and Telegram for chatting.

Lennart also use git for version control, occasionally with gitg and meld as helping tools. He makes use of Gnome Boxes and vagrant for experimenting with things in virtual machines and docker for his container needs. “Finally, an important piece of software that I have come to rely on is pass and QtPass for password management.” Jern also uses syncthing for synchronizing files between my computers.

When I’m done geeking around, I relax with some Steam games. And, when I do not need the full power of my desktop I let it contribute to the World Community Grid.

Posted on Leave a comment

Convert file systems with Fstransform

Few people know that they can convert their filesystems from one type to another without losing data, i.e. non-destructively. It may sound like magic, but Fstransform can convert an ext2, ext3, ext4, jfs, reiserfs or xfs partition to another type from the list in almost any combination. More importantly, it does so in-place, without formatting or copying data anywhere. Atop of all this goodness, there is a little bonus: Fstransform can also handle ntfs, btrfs, fat and exfat partitions as well.

Before you run it

There are certain caveats and limitations in Fstransform, so it is strongly advised to back up before attempting a conversion. Additionally, there are some limitations to be aware of when using Fstransform:

  • Both the source and target filesystems must be supported by your Linux kernel. Sounds like an obvious thing and exposes zero risk in case you want to use ext2, ext3, ext4, reiserfs, jfs and xfs partitions. Fedora supports all of that just fine.
  • Upgrading ext2 to ext3 or ext4 does not require Fstransform. Use the Tune2fs utility instead.
  • The device with source file system must have at least 5% of free space.
  • You need to be able to unmount the source filesystem before you begin.
  • The more data your source file system stores, the longer the conversion will last. The actual speed depends on your device, but expect it to be around one gigabyte per minute. The large amount of hard links can also slow down the conversion.
  • Although Fstransform is proved to be stable, please back up data on your source filesystem.

Installation instructions

Fstransform is already a part of Fedora. Install with the command:

sudo dnf install fstransform

Time to convert something

Converting one file system to another in-place can take a while

The syntax of the fstransform command is very simple: fstransform <source device> <target file system>. Keep in mind that it needs root privileges to run, so don’t forget to add sudo in the beginning. Here goes an example:

sudo fstransform /dev/sdb1 ext4

Note that it is not possible to convert a root file system, which is a security measure. Use a test partition or an experimental thumb drive instead. In the meantime, Fstransform will through a lot of auxiliary output in the console. The most useful part is the estimated time of completion, which keep you informed about how long  the process will take. Again, few small files on an almost empty drive will make Fstransform do its job in a minute or so, whereas more real-world tasks may involve hours of wait time.

More file systems are supported

As mentioned above, it is possible to try Fstransform with ntfs, btrfs, fat and exfat partitions. These types are very experimental, and nobody can guarantee that the converion will flow perfect. Still, there are many success stories, and you can add your own by testing Fstransform with a sample data set on a test partition. Those additional file systems can be enabled by the use of the –force-untested-file-systems parameter:

sudo fstransform /dev/sdb1 ntfs --force-untested-file-systems

Sometimes the process may iterrupt with an error. Feel free to repeat the command again — it may eventually complete the conversion from second or third attempt.

Posted on Leave a comment

Image creation applications for Fedora

Feeling creative? There are a multitude of applications available for Fedora to aid your creativity. From digital painting, vectors, to pixel art there is something for everyone to get creative this weekend. This article highlights a selection of the applications available for Fedora for creating awesome images.

Vector graphics: Inkscape

Inkscape is a well known and loved Open Source vector graphics editor. SVG is the primary file format of Inkscape, so all your drawings will scale no-problems! Inkscape has been around for many years, so there is a solid community and mountains of tutorials and other resources for getting started.

Being a vector graphics editor, Inkscape is better suited towards simpler illustrations (for example a simple comics style). However, using vector blurs, some artists create some amazing vector drawings.

Install Krita from the Software application in Fedora Workstation, or use the following command in Terminal:

sudo dnf install inkscape

Digital Painting: Krita & Mypaint

Krita is a popular image creation application for digital painting, raster illustration, and texturing. Additionally, Krita is an active project, with a vibrant community — so lots of tutorials to get started. Krita features multiple brush engines, a UI with pop-up palletes, a wrap-around mode for creating seamless patterns, filters, layers, and much more.

Krita with artwork from the Pepper and Carrot webcomic (CC-BY 4.0)

Install Krita from the Software application in Fedora Workstation, or use the following command in Terminal:

sudo dnf install krita

Mypaint is another amazing digital painting application available for Fedora. Like Krita, it has multiple brushes and the ability to use layers.

Install Mypaint from the Software application in Fedora Workstation, or use the following command in Terminal:

sudo dnf install mypaint

Pixel Art: Libresprite

Libresprite is an application designed for the creation of pixel art and pixel animations. It supports a range of colour modes and exports to many formats (including animated GIF). Additionally, Libresprite has drawing tools designed for the creation of pixel art: the polygon tool, and contour & shading tools.

Libresprite is available to download from the Flathub application repository. To install, simply enable Flathub as a software source, and then install via the Software application.



Posted on Leave a comment

5 applications to manage your to-do list on Fedora

Effective management of your to-do list can do wonders for your productivity. Some prefer just keeping a to-do list in a text file, or even just using a notepad and pen. For users that want more out of their to-do list, they often turn to an application. In this article we highlight 4 graphical applications and a terminal-based tool for managing your to-do list.


GNOME To Do is a personal task manager designed specifically for the GNOME desktop (Fedora Workstation’s default desktop). When comparing GNOME To Do with some others in this list, it is has a range of neat features.

GNOME To Do provides organization of tasks by lists, and the ability to assign a colour to that list. Additionally, individual tasks can be assigned due dates & priorities, and notes for each task. Futhermore, GNOME To Do has extensions, allowing even more features, including support for todo.txt and syncing with online services such as todoist.

Install GNOME To Do either by using the Software application, or using the following command in the Terminal:

sudo dnf install gnome-todo

Getting things GNOME!

Before GNOME To Do existed, the go-to application for tracking tasks on GNOME was Getting things GNOME! This older-style GNOME application has a multiple window layout, allowing you to show the details of multiple tasks at the same time. Rather than having lists of tasks, GTG has the ability to add sub-tasks to tasks and even to sub-tasks. GTG also has the ability to add due dates and start dates. Syncing to other apps and services is also possible in GTG via plugins.

Install Getting Things GNOME either by using the Software application, or using the following command in the Terminal:

sudo dnf install gtg

Go For It!

Go For It! is a super-simple task management application. It is used to simply create a list of tasks, and mark them as done when completed. It does not have the ability to group tasks, or create sub-tasks. By default, Go For It! stored tasks in the todo.txt format, allowing simpler syncing to online services and other applications. Additionally, Go For It! contains a simple timer to track how much time you have spent on the current task.

Go For It is available to download from the Flathub application repository. To install, simply enable Flathub as a software source, and then install via the Software application.


If you are looking for a no-fuss super simple to-do application, look no further than Agenda. Create tasks, mark them as complete, and then delete them from your list. Agenda shows all tasks (completed or open) until you remove them.

Agenda is available to download from the Flathub application repository. To install, simply enable Flathub as a software source, and then install via the Software application.


Taskwarrior is a flexible command-line task management program. It is highly customizable, but can also be used “right out of the box.”   Using simple commands, you can create tasks, mark them as complete, and list current open tasks. Additionally, tasks can be tagged, added to projects, searched and filtered. Furthermore, you can set up recurring tasks, and apply due dates to tasks.

This previous article on the Fedora Magazine provides a good overview of getting started with Taskwarrior.

Install Taskwarrior with this command in the Terminal:

sudo dnf install task
Posted on Leave a comment

How to use Fedora Server to create a router / gateway

Building a router (or gateway) using Fedora Server is an interesting project for users wanting to learn more about Linux system administration and networking. In this article, learn how to configure a Fedora Server minimal install to act as an internet router / gateway.

This guide is based on Fedora 28 and assumes you have already installed Fedora Server (minimal install). Additionally, you require a suitable network card / modem for the incoming internet connection. In this example, the  DrayTek VigorNIC 132 NIC was used to create the router.

Why build your own router

There are many benefits for building your own router over buying a standalone box (or using the one supplied by your internet provider):

  • Easily update and run latest software versions
  • May be less prone to be part of larger hacking campaign as its not a common consumer device
  • Run your own VMs or containers on same host/router
  • Build OpenShift on top of router (future story in this series)
  • Include your own VPN, Tor, or other tunnel paths along with correct routing

The downside is related to time and knowledge.

  • You have to manage your own security
  • You need to have the knowledge to troubleshoot if an issue happens or find it through the web (no support calls)
  • Costs more in most cases than hardware provided by an internet provider

Basic network topology

The diagram below describes the basic topology used in this setup. The machine running Fedora Server has a PCI Express modem for VDSL. Alternatively, if you use a Raspberry Pi with external modem the configuration is mostly similar.


Initial Setup

First of all, install the packages needed to make the router. Bash auto-complete is included to make things easier when later configuring. Additionally, install packages to allow you to host your own VMs on the same router/hosts via KVM-QEMU.

dnf install -y bash-completion NetworkManager-ppp qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer 

Next, use nmcli to set the MTU on the WAN(PPPoE) interfaces to align with DSL/ATM MTU and create pppoe interface. This link has a great explanation on how this works. The username and password will be provided by your internet provider.

nmcli connection add type pppoe ifname enp2s0 username password XXXXXX 802-3-ethernet.mtu 1452

Now, set up the firewall with the default zone as external and remove incoming SSH access.

firewall-cmd --set-default-zone=external firewall-cmd --permanent --zone=external --remove-service=ssh

Add LAN interface(br0) along with preferred LAN IP address and then add your physical LAN interface to the bridge.

nmcli connection add ifname br0 type bridge con-name br0 bridge.stp no ipv4.addresses ipv4.method manual nmcli connection add type bridge-slave ifname enp1s0 master br0

Remember to use a subnet that does not overlap with your works VPN subnet. For example my work provides a subnet when I VPN into the office so I need to avoid using this in my home network. If you overlap addressing then the route provided by your VPN will likely have lower priority and you will not route through the VPN tunnel.

Now create a file called bridge.xml, containing a bridge definition that virsh will consume to create a bridge in QEMU.

cat > bridge.xml <<EOF <network>     <name>host-bridge</name>     <forward mode="bridge"/>     <bridge name="br0"/> </network> EOF

Start and enable your libvirt-guests service so you can add the bridge in your virtual environment for the VMs to use.

systemctl start libvirt-guests.service systemctl enable libvirt-guests.service 

Add your “host-bridge” to QEMU via virsh command and the XML file you created earlier.

virsh net-define bridge.xml

virsh net-start host-bridge virsh net-autostart host-bridge

Add br0 to internal zone and allow DNS and DHCP as we will be setting up our own services on this router.

firewall-cmd --permanent --zone=internal --add-interface=br0 firewall-cmd --permanent --zone=internal --add-service=dhcp firewall-cmd --permanent --zone=internal --add-service=dns

Since many DHCP clients including Windows and Linux don’t take into account the MTU attribute in DHCP, we will need to allow TCP based protocols to set MSS based on PMTU size.

firewall-cmd --permanent --direct --add-passthrough ipv4 -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Now we reload the firewall to take permanent changes into account.

nmcli connection reload

Install and Configure DHCP

DHCP configuration depends on your home network setup. Use your own desired domain name and and the subnet was defined during the creation of br0. Be sure to note the MAC address in the config file below can either be capture from the command below once you have DHCP services up and running or you can pull it off the label externally on the device you want to set to static addressing.

cat /var/lib/dhcpd/dhcpd.leases
dnf -y install dhcp vi /etc/dhcp/dhcpd.conf 
option domain-name ""; option domain-name-servers; default-lease-time 600; max-lease-time 7200; authoritative; subnet netmask { range dynamic-bootp; option broadcast-address; option routers; option interface-mtu 1452; } host ubifi { option host-name ""; hardware ethernet f0:9f:c2:1f:c1:12; fixed-address; }

Now enable and start your DHCP server

systemctl start dhcpd systemctl enable dhcpd

DNS Install and Configure

Next, install bind and and bind-utils for tools like nslookup and dig.

dnf -y install bind bind-utils

Configure your bind server with listening address (LAN interface in this case) and the forward/reverse zones.

$ vi /etc/named.conf
options { listen-on port 53 {; }; listen-on-v6 port 53 { none; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query {; }; recursion yes; forwarders {;; }; dnssec-enable yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/"; session-keyfile "/run/named/session.key"; include "/etc/crypto-policies/back-ends/bind.config"; }; controls { }; logging { channel default_debug { file "data/"; severity dynamic; }; }; view "internal" { match-clients { localhost;; }; zone "" IN { type master; file ""; allow-update { none; }; }; zone "" IN { type master; file "0.0.10.db"; allow-update { none; }; }; };

Here is a zone file for example and make sure to update the serial number after each edit of the bind service will assume no changes took place.

$ vi /var/named/
$TTL 86400 @ IN SOA ( 2018040801 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) IN NS IN A gw IN A ubifi IN A

Here is a reverse zone file for example and make sure to update the serial number after each edit of the bind service will assume no changes took place.

$ vi /var/named/0.0.10.db
$TTL 86400 @ IN SOA ( 2018040801 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) IN NS IN PTR IN A 1 IN PTR 2 IN PTR

Now enable and start your DNS server

systemctl start named systemctl enable named

Secure SSH

Last simple step is to make SSH service listen only on your LAN segment. Run this command to see whats listening at this moment. Remember we did not allow SSH on the external firewall zone but this step is still best practice in my opinion.

ss -lnp4

Now edit the SSH service to only listen on your LAN segment.

vi /etc/ssh/sshd_config
AddressFamily inet ListenAddress

Restart your SSH service for changes to take effect.

systemctl restart sshd.service

Optional WiFi Configuration

In this optional section we have the configuration for Wireless AP and 4G WAN. I used Ubiquiti wireless in my setup as I needed multi AP and seamless handover. For WiFi you probably want WPA2 pre-shared key, RSN security protocol, and CCMP group as shown below. We also set the AP to run as 5GHz band via “ a”.

dnf install NetworkManager-wifi nmcli connection add type wifi ifname wlp6s0 con-name ap0 autoconnect yes ssid HOMENET 802-11-wireless.mode ap a 802-11-wireless-security.proto rsn 802-11-wireless-security.pairwise ccmp ccmp 802-11-wireless-security.psk xxxxxxxxx 802-11-wireless-security.key-mgmt wpa-psk ipv4.method shared

Optional  4G Configuration

Now install wwan support and if you have a WWAN USB modem like me that needs to be switched to modem mode vs. storage.

dnf install NetworkManager-wwan ModemManager
Enable and start the ModemManager
systemctl start ModemManager  systemctl enable ModemManager
Plug your device in and make sure ModemManager and NetworkManager both see the wwan device.
mmcli -M nmcli dev
If you don’t see your device I recommend you go to this link and open a bug report.

Now configure your 3GPP WAN connection and reload to make sure everything auto-starts.

nmcli connection add type gsm con-name Telekom gsm.apn ifname ttyUSB0 

Since we have the default zone for our firewall set to external, this wwan interface will be put into the correct zone.–>

Thank you

Thanks and please leave a comment below if you have any ideas, edits or questions.

Posted on Leave a comment

How to use VS Code for your Python projects

Visual Studio Code, or VS Code, is an open source code editor that also includes tools for building and debugging an application. With the Python extension enabled, vscode becomes a great working environment for any Python developer. This article shows you which extensions are useful, and how to configure VS Code to get the most out of it.

If you don’t have it installed, check out our previous article, Using Visual Studio Code on Fedora:

Using Visual Studio Code on Fedora

Install the VS Code Python extension

First, to make VS Code Python friendly, install the Python extension from the marketplace.

Once the Python extension installed, you can now configure the Python extension.

VS Code manages its configuration inside JSON files. Two files are used:

  • One for the global settings that applies to all projects
  • One for project specific settings

Press Ctrl+, (comma) to open the global settings.

Setup the Python Path

You can configure VS Code to automatically select the best Python interpreter for each of your projects. To do this, configure the python.pythonPath key in the global settings.

// Place your settings in this file to overwrite default and user settings. { "python.pythonPath":"${workspaceRoot}/.venv/bin/python", }

This sets VS Code to use the Python interpreter located in the project root directory under the .venv virtual environment directory.

Use environment variables

By default, VS Code uses environment variables defined in the project root directory in a .env file. This is useful to set environment variables like:


That setting ensures that warnings are displayed when your program is running.

To change this default, set the python.envFile configuration key as follows:

"python.envFile": "${workspaceFolder}/.env",

Code Linting

The Python extension also supports different code linters (pep8, flake8, pylint). To enable your favorite linter, or the one used by the project you’re working on, you need to set a few configuration items.

By default pylint is enabled. But for this example, configure flake8:

"python.linting.pylintEnabled": false, "python.linting.flake8Path": "${workspaceRoot}/.venv/bin/flake8", "python.linting.flake8Enabled": true, "python.linting.flake8Args": ["--max-line-length=90"],

After enabling the linter, your code is underlined to show where it doesn’t meet criteria enforced by the linter. Note that for this example to work, you need to install flake8 in the virtual environment of the project.

Code Formatting

VS Code also lets you configure automatic code formatting. The extension currently supports autopep8, black and yapf. Here’s how to configure black.

"python.formatting.provider": "black", "python.formatting.blackPath": "${workspaceRoot}/.venv/bin/black" "python.formatting.blackArgs": ["--line-length=90"], "editor.formatOnSave": true,

If you don’t want the editor to format your file on save,  set the option to false and use Ctrl+Shift+I to format the current document. Note that for this example to work, you need to install black in the virtual environment of the project.

Running Tasks

Another great feature of VS Code is that it can run tasks. These tasks are also defined in a JSON file saved in the project root directory.

Run a development flask server

In this example, you’ll create a task to run a Flask development server. Create a new Build using the basic template that can run an external command:

Edit the tasks.json file as follows to create a new task that runs the Flask development server:

{ // See // for the documentation about the tasks.json format "version": "2.0.0", "tasks": [ { "label": "Run Debug Server", "type": "shell", "command": "${workspaceRoot}/.venv/bin/flask run -h -p 5000", "group": { "kind": "build", "isDefault": true } } ] }

The Flask development server uses an environment variable to get the entrypoint of the application. Use the .env file to declare these variables. For example: FLASK_DEBUG=True

Now you can execute the task using Ctrl+Shift+B.

Unit tests

VS Code also has the unit test runners pytest, unittest, and nosetest integrated out of the box. After you enable a test runner, VS Code discovers the unit tests and letsyou to run them individually, by test suite, or simply all the tests.

For example, to enable pytest:

"python.unitTest.pyTestEnabled": true, "python.unitTest.pyTestPath": "${workspaceRoot}/.venv/bin/pytest",

Note that for this example to work, you need to install pytest in the virtual environment of the project.

Posted on Leave a comment

4 cool apps for your terminal

Many Linux users think that working in a terminal is either too complex or boring, and try to escape it. Here is a fix, though — four great open source apps for your terminal. They’re fun and easy to use, and may even brighten up your life when you need to spend a time in the command line.

No More Secrets

This is a simple command line tool that recreates the famous data decryption effect seen in the 1992 movie Sneakers. The project lets you compile the nms command, which works with piped data and prints the output in the form of messed characters. Once it does so, you can press any key,  and see the live “deciphering” of the output with a cool Hollywood-style effect.

This GIF animation briefly shows the No More Secrets effect

Installation instructions

A fresh Fedora Workstation system already includes everything you need to build No More Secrets from source. Just enter the following command in your terminal:

git clone cd ./no-more-secrets make nms make sneakers ## Optional sudo make install

The sneakers command is a little bonus for those who remember the original movie, but the main hero is nms. Use a pipe to redirect any Linux command to nms, like this:

systemctl list-units --type=target | nms

Once the text stops flickering, hit any key to “decrypt” it. The systemctl command above is only an example — you can replace it with virtually anything!


Here’s a command that colorizes the terminal output with rainbows. Nothing can be more useless, but boy, it looks awesome!

Let your Linux command output look jolly!

Installation instructions

Lolcat is a Ruby package available from the official Ruby Gems hosting. So, you’ll need the gem client first:

sudo dnf install -y rubygems

And then install Lolcat itself:

gem install lolcat

Again, use the lolcat command in for piping any other command and enjoy rainbows (and unicorns!) right in your Fedora terminal.


Zoom out your terminal view to increase resolution for Chafa

Chafa is a command line image converter and viewer. It helps you enjoy your images without leaving your lovely terminal. The syntax is very straightforward:

chafa /path/to/your/image

You can throw almost any sort of image to Chafa, including JPG, PNG, TIFF, BMP or virtually anything that ImageMagick supports — this is the engine that Chafa uses for parsing input files. The coolest part is that Chafa can also show very smooth and fluid GIF animations right inside your terminal!

Installation instructions

Chafa isn’t packaged for Fedora yet, but it’s quite easy to build it from source. First, get the necessary build dependencies:

sudo dnf install -y autoconf automake libtool gtk-doc glib2-devel ImageMagick-devel

Next, clone the code or download a snapshot from the project’s Github page and cd to the Chafa directory. After that, you’re ready to go:

git clone ./ make sudo make install

Large images can take a while to process at the first run, but Chafa caches everything you load with it. Next runs will be nearly instantaneous.


Browsh is a fully-fledged web browser for the terminal. It’s more powerful than Lynx and certainly more eye-catching. Browsh launches the Firefox web browser in a headless mode (so that you can’t see it) and connects it with your terminal with the help of special web extension. Therefore, Browsh renders all rich media content just like Firefox, only in a bit pixelated  style.

Fedora Magazine still looks awesome in Browsh

Installation instructions

The project provides packages for various Linux distributions, including Fedora. Install it this way:

sudo dnf install -y

After that, launch the browsh command and give it a couple of seconds to load up. Press Ctrl+L to switch focus to the address bar and start browsing the Web like you never did before! Use Ctrl+Q to get back to your terminal.

Posted on Leave a comment

Learn how to build your own Twitter bot with Python

Twitter allows one to share blog posts and articles with the world. Using Python and the tweepy library makes it easy to create a Twitter bot that takes care of all the tweeting for you. This article shows you how to build such a bot. Hopefully you can take the concepts here and apply them to other projects that use online services.

Getting started

To create a Twitter bot the tweepy library comes handy. It manages the Twitter API calls and provides a simple interface.

The following commands use Pipenv to install tweepy into a virtual environment. If you don’t have Pipenv installed, check out our previous article, How to install Pipenv on Fedora.

$ mkdir twitterbot $ cd twitterbot $ pipenv --three $ pipenv install tweepy $ pipenv shell

Tweepy – Getting started

To use the Twitter API the bot needs to authenticate against Twitter. For that, tweepy uses the OAuth authentication standard. You can get credentials by creating a new application at

Create a new Twitter application

After you fill in the following form and click on the Create your Twitter application button, you have access to the application credentials. Tweepy requires the Consumer Key (API Key) and the Consumer Secret (API Secret), both available from the Keys and Access Tokens.

After scrolling down the page, generate an Access Token and an Access Token Secret using the Create my access token button.

Using Tweepy – print your timeline

Now that you have all the credentials needed, open a new file and write the following Python code.

import tweepy auth = tweepy.OAuthHandler("your_consumer_key", "your_consumer_key_secret") auth.set_access_token("your_access_token", "your_access_token_secret") api = tweepy.API(auth) public_tweets = api.home_timeline() for tweet in public_tweets: print(tweet.text)

After making sure that you are using the Pipenv virtual environment, run your program.

$ python

The above program calls the home_timeline API method to retrieve the 20 most recent tweets from your timeline. Now that the bot is able to use tweepy  to get data from Twitter, try changing the code to send a tweet.

Using Tweepy – send a tweet

To send a tweet, the API method update_status comes in handy. The usage is simple:

api.update_status("The awesome text you would like to tweet")

The tweepy library has many other methods that can be useful for a Twitter bot. For the full details of the API, check the documentation.

A magazine bot

Let’s create a bot that searches for Fedora Magazine tweets and automatically retweets them.

To avoid retweeting the same tweet multiple times, the bot stores the tweet ID of the last retweet. Two helper functions, store_last_id and get_last_id, will be used to save and retrieve this ID.

Then the bot uses the tweepy search API to find the Fedora Magazine tweets that are more recent than the stored ID.

import tweepy def store_last_id(tweet_id): """ Store a tweet id in a file """ with open("lastid", "w") as fp: fp.write(str(tweet_id)) def get_last_id(): """ Read the last retweeted id from a file """ with open("lastid", "r") as fp: return if __name__ == '__main__': auth = tweepy.OAuthHandler("your_consumer_key", "your_consumer_key_secret") auth.set_access_token("your_access_token", "your_access_token_secret") api = tweepy.API(auth) try: last_id = get_last_id() except FileNotFoundError: print("No retweet yet") last_id = None for tweet in tweepy.Cursor(, q="", since_id=last_id).items(): if == 'Fedora Project': store_last_id( tweet.retweet() print(f'"{tweet.text}" was retweeted'

In order to retweet only tweets from the Fedora Magazine, the bot searches for tweets that contain and are published by the “Fedora Project” Twitter account.


In this article you saw how  to create a Twitter application using the tweepy Python library to automate reading, sending and searching tweets. You can now use your creativity to create a Twitter bot of your own.

The source code of the example in this article is available on Github.

Posted on Leave a comment

4 cool new projects to try in COPR for July 2018

COPR is a collection of personal repositories for software that isn’t carried in Fedora. Some software doesn’t conform to standards that allow easy packaging. Or it may not meet other Fedora standards, despite being free and open source. COPR can offer these projects outside the Fedora set of packages. Software in COPR isn’t supported by Fedora infrastructure or signed by the project. However, it can be a neat way to try new or experimental software.

Here’s a set of new and interesting projects in COPR.


Hledger is a command-line program for tracking money or other commodities. It uses a simple, plain-text formatted journal for storing data and double-entry accounting. In addition to the command-line interface, hledger offers a terminal interface and a web client that can show graphs of balance on the accounts.

Installation instructions

The repo currently provides hledger for Fedora 27, 28, and Rawhide. To install hledger, use these commands:

sudo dnf copr enable kefah/HLedger sudo dnf install hledger


Neofetch is a command-line tool that displays information about the operating system, software, and hardware. Its main purpose is to show the data in a compact way to take screenshots. You can configure Neofetch to display exactly the way you want, by using both command-line flags and a configuration file.

Installation instructions

The repo currently provides Neofetch for Fedora 28. To install Neofetch, use these commands:

sudo dnf copr enable sysek/neofetch sudo dnf install neofetch


Remarkable is a Markdown text editor that uses the GitHub-like flavor of Markdown. It offers a preview of the document, as well as the option to export to PDF and HTML. There are several styles available for the Markdown, including an option to create your own styles using CSS. In addition, Remarkable supports LaTeX syntax for writing equations and syntax highlighting for source code.

Installation instructions

The repo currently provides Remarkable for Fedora 28 and Rawhide. To install Remarkable, use these commands:

sudo dnf copr enable neteler/remarkable sudo dnf install remarkable


Aha (or ANSI HTML Adapter) is a command-line tool that converts terminal escape sequences to HTML code. This allows you to share, for example, output of git diff or htop as a static HTML page.

Installation instructions

The repo currently provides aha for Fedora 26, 27, 28, and Rawhide, EPEL 6 and 7, and other distributions. To install aha, use these commands:

sudo dnf copr enable scx/aha sudo dnf install aha