Docker – Pi Hole, DNSSec, DNSCrypt

My home network has been having issues. Mostly it seems between the chromecast packet flooding bug and something to do with WiFi + android 8.1, but things will drop connections. I’ve eventually had to make one WiFi for my important stuff, and one for the random gadgets (which I probably should have done anyways). I’m not certain either of these things were happening, but they seemed to line up.

But on top of all that I wanted to try moving DNS off of my router and onto something I had more control over. I had heard of Pi-hole as a solution for system level ad-blocking, I was mostly hoping it would help my phone cause ads on mobile webpages really suck cause of load jumping around the page, I can generally ignore ads the rest of the time.

Docker has the usual advantage of things working out of the box. No configuring and everything because someone else did it for me.

So off I go to find an install of Pi-hole that works, and I can poke around with. It didn’t take long. seems to work really well. Installed it, looked pretty good. Restarted it with ports mapped so I could play with it. Still success. DNS seemed fast and zippie. Fully usable.


But I wanted more. I was reading about dns-crypt, and had heard it could encrypt your DNS requests so your ISP and such couldn’t actually track what you were doing (Not that I wanted to hide, but I liked the idea of it).

So off I go. I learn about dnscrypt-proxy, and quickly found a nice docker image.

So off I go, seems pretty easy to set up. Just download, run, and point at the local proxy (there’s a list on the docker hub page).

Nope, not that simple. Cause silly me, it needs port 53 as well. Okay, no problem, let me use another port and tell pihole to use that. hrm.. nope, the runtime configuration thingie eats up the ‘#’ so I can’t specify port like you can in the dnsmasq config that pihole uses. Okay. Okay, lets try a ip address alias. That seems to work, so pihole takes the main ip, and dnscrypt takes an alias? Sweet! I can manually query things on it, time to hook everything up together.

Hrm. Nope, wall again. Apparently my docker setup can’t talk to anything but the main ip. I’m guessing its firewalld which I’m hoping to get rid of once I reinstall my system. Okay, what else can I try now?

After a bunch of reading online, I found out you create a docker network, and the various services can talk to eacho ther without needing to expose ports out to the rest of the network. That sounds perfect. Oh, wait, you need to resolve the addresses inside the containers, which totally won’t work for dns because dns wants the ip so it can resolve. Close, I mean it would probably work because docker has its own dns proxy, but again you can’t pass non ips to the pihole runtime configs. Okay whats next.

Lastly I found a quick script using docker inspect. docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $container

I really wasn’t sure this would actually work because in theory ips could change every time it starts up, but it seems to allocate the same ip if possible, so kinda lucked out. So now I had Pi-hole talking to dnscrypt-proxy, which meant my lookups were encrypted. Yay!

Okay, whats next? Next I want to get dnssec working again. Not the end of the world for Canada. Our government and ISP are not supposed to mess with dns results, but I wanted it anyways. Plus its nice to have when the time comes.

Oh Awesome. Pi-hole has a option for it. Time to enable it.

Enabled, success. Time to walk away.

Oh wait, things are failing. Why are they failing?

Long story short, the version of Debian that was bundled with the Pi-hole docker image was super old. So the version of Dnsmasq was super old. It wouldn’t handle any cloudflare based dns requests that had dnssec enabled (which my domain does). Okay, now what? Started to dig into how the docker image was built. Looks like it actually wasn’t that hard to get it running with latest stable instead of the old stable.  Between the work I did, and a different PR the author did, we managed to get it upgraded to Debian stretch that afternoon. I tried the latest build and success, everything was resolving again. Time to walk away right?

Wrong. Suddenly I started getting all these cron errors about not resolving. Turns out Dnsmasq also had an issue with the certs for that domain. Okay, disable dnssec and start researching again. Turns out again Dnsmasq had a new – newer version that had it fixed, but wasn’t in Debian stretch. Turned out actually to be a pretty easy fix. I had never tried to install a testing package in stable before, but for Dnsmasq that didn’t really have dependencies, it was super easy. And thus my Pi-hole image was born. Sadly it would be nice to have it in the base image. And one day I’ll clean up a patch and get it submitted, but I’m happy to be totally encrypted and verified dns now.

This post turned out to be way more rambly and disconnected than I expected, but I’m very happy with the results. I now have systemd keeping up dnscrypt (primary and backup) and Pi-hole and now have fast stable dns and my phone is no longer randomly disconnecting everything. I’m pretty happy with the results. Plus pretty graphs.

Dockerizing Services

After seeing Jess Fraz’s posts about home labs, I got more excited about finishing cleaning up my server and getting it a bit more modernized. When I first installed it I choose centos as a recommendation of a friend, and while its fine, I just know ubuntu/debian based systems a lot better and makes some of the random day to day tasks a lot easier.

I didn’t want to start completely from scratch again. I’ve done it a few times, and tried out setting up my systems using ansible, puppet, chef, etc but never kept it up to date enough to make moving to a new system easy.

I’ve tried installing kubernetes and docker swarm a few times over the years so my system is a mess, so I’ve just been sticking with docker + systemd to run my services. This will let me completely reinstall my base system in the future without having to reconfigure all the various services I want running. (Externally mounted volumes <3)

I’ll try to do follow up posts on pihole/dnssec/dnscrypt, jenkins, how awesome openvpn is.

Jenkins World 2017 Interview

So back in august I spend a couple weeks in San Francisco to visit the Sauce Labs HQ and a bunch of the teammates I hadn’t seen in a while. We figured we could squeeze in another week by offering to hang out at the booth at Jenkins World.

A couple weeks before the actual event, I was approached by our marketing department. They were contacted by to have some people volunteer for a couple interview slots. When asked other than slightly freaking out, I was totally on board.

Fast forward to the actual day. I’m totally wired. Grabbed a couple doughnuts. Some fruit. Whatever I could do to keep myself distracted between busy times at the booth.

Time comes. I have no idea what to expect. The only real instructions I got was don’t look at the camera. One of my teammates took the awesome picture below while I was doing the interview. It actually was nerve wracking but a lot of fun. The interviewer was really good at leading the discussion while leaving me oppertunities to talk, and yet specific enough questions I wouldn’t just keep rambling.

After the interview, I was a little fried, but was so much fun. We figured it’d take a while to get edited and published, but no, it was up by the next day. I had a lot of trouble listening to my own voice, so I hadn’t really checked it out, but I was still excited (though so worried I just rambled over and over agian), so I posted it to twitter.

I have to say the feedback I got was actually super positive. I really wasn’t expecting any at all. I was just excited.

I eventually did listen to it. I still hate the sound of my own voice (don’t we all) but I think it went really well.

I did eventually post it to LinkedIn (which I’ve never posted to before). It was fun watching it spread. The stats they provide is interesting, but not exactly useful. I could easily see how many people “saw” it, how many people liked it. The different job titles, the different companies.

The most interesting thing to me was one of my friends informed me that it had started to get passed around at one of my past jobs.

So thats my experience. I’ve come a long way from not being able to talk to people in public, to now where I’ve done meetups, recorded interviews, and hopefully soon conferences. If i had to share one tidbit with people, it would be:

“No matter how experienced you are, it’ll be nerve wracking, but so rewording so you should try anyways. You don’t need to be experienced.”


(I really don’t know how to start blog posts without the word “so”. I’ll figure this out one day.)

New Position. Open source and more!

I recently switched teams at Sauce Labs. I used to be the sole person on the Integrations team, and after more than a year feeling pretty isolated, my mental state was slipping pretty hard, so when an opportunity came up to switch departments, I took it.

So now I’m on the IT team, which as a developer is kinda confusing, but its giving me the oppertunity to do some customer facing work, and a lot of internal facing work. I always love working on items that I get to actually see improving peoples work life.

So starting day 0, I had some work to finish off, but I wanted to get to know the team better, and whatnot, so I kept an eye on the internal tickets. Quickly I started to notice that a lot of tickets had to have the initial question of “Whose your manager.” so one day during our team’s huddle, I made the offhand comment that I had enough experience making JIRA plugins, I could probably take the HR data (which I had already mucked with in past projects) and add a little widget to JIRA providing basic info. I felt so exposed, I didn’t want to feel like I was intruding or taking over or anything, but no, as expected the team loved the idea.

Over the next few weeks between whatever else came up, I started working on this little project. I had seen on the atlassian developers community form that someone had made a flask-ac integration. This was perfect. This would give me an excuse to get more familiar with python (which is the main language at Sauce Labs) and even poke around with how packages were made. This module turned out to be pretty hipchat focused, but gave me a bunch of ideas.

I decided I still wanted to learn about packaging and releasing, but also wanted to get something out. So I started to hack the existing system a bit and made an integration. First version was pretty crude. Lots of hard coded stuff, but no credentials. That was my only real goal was to make sure credentials and sensitive items were never hard coded.

First release. Team was estatic. Showed name, phone number, office location and manager. This made thier lives easier because they knew managers and who was local and who wasn’t without the ackward question.

But this wasn’t enough. I really wanted to learn how to package python packages. So I started reading up on how flask plugins were created. Turns out pretty simple actually. So started to refactor a bunch of things. Then I got another jira based project at work. Okay this is perfect. Now I have 2 projects using the shared functionality.

Short story even shorter, I managed to get Flask-AtlassianConnect released. I released it under my own name because I spent mostly after hours polishing it up. Plus I didn’t really think anyone else would want to maintain it. I’m still iffy on that bit, but nobody seemed to mind. So yay! I have a published pip package.

I wasn’t done there. I wanted to get the original JIRA plugin all cleaned up and open sourced. We can’t be the only people out there that use BambooHR and also JIRA. So again, in between tasks I cleaned up the implementation. Now it had a full config screen. Let you pick what to display. Let you choose with projects it would be integrated with. Etc. Now it was ready to go. Plus now I knew how to write tests.

So I’m proud to announce (a little late here though) that the BambooHR + Jira Cloud plugin I wrote is open source. I had so much fun doing it. I hope this new position will lead to many more projects that we can open source for others to use as needed.

Systemd + Tshock + Docker

I’ve been diving pretty head long into running services with docker. I’ve ported someone’s mineos and patched it to run in docker with a custom set of users. I have factorio server running. Even openhab running my meager home automation setup. Its the easiest way to run an application and not worry about system depaendancies.

Most of the time its pretty straight forward. docker run, walk away.

Tshock/Terraria gave me a bunch of trouble. It requires a working stdin, which none of my other daemonized processes do.

A bunch of digging and trial and error, I found out about the tty functionality for services. Which worked perfectly, but once I first logged in, it was causing my server to beep endlessly. I suspect tshock was sending terminal control codes.

Did a bit more reading. Found out you can have input from a tty, but output to the journal as normal. SUCCESS!

So for people like me that want to run tshock this way, here’s my systemd service file:


# needed because tshock crashes when no stdin
# Hijack tty11 for this purpose
# all output should stay in the journal though
ExecStartPre=-/usr/bin/docker stop terraria
ExecStartPre=-/usr/bin/docker rm terraria
ExecStop=/usr/bin/docker stop terraria
ExecStart=/usr/bin/docker run --rm -it \
        -p 7777:7777 \
        -v /storage/games/terraria/world:/world \
        --name terraria \
        ryshe/terraria:latest \
        -autocreate 3  \
        -world /world/Lg-Normal-17-02.wld


High school robotics Compeition

So yesterday I ended up at helping judge a high school robotics competition organized by the local robotics group, but lets rewind a bit.

In september, my friend Daruvin contacted me. He in conjunction with Penguin Robotics was helping to put together workshops to help the high school students learn to program for the robotic systems.

The penguins were past world competitors and had a lot of experience, but they wanted more people to help out the large number of attendees, plus would love people with industry experience to share stories and such.

As I love to mentor and build up people, especially kids, I very quickly signed up. Even got work to sponsor.

Last month due to traveling I wasn’t able to get involved, but when the tournament rolled around and again I was asked if I was up for helping judging I promptly signed up.

We had about 8 people, so that easily allowed us to have pairs. We had 3 groups of 2 setup at tables so the various clubs could come and get reviewed and judged. Some were really amazing and had been doing this for a long while. Others were just starting out and it was a bit better to give them feed back instead of worrying about judges.

The other judges were outside watching the games, and watched how the various students/drivers performed.

We all kinda rotated at both sections.

During the afternoon, the teams were no longer random, but instead they got to make alliances and go through playoffs to see who would be allowed to goto the next level. We took this opportunity to get together as judges and compare all of our notes.

Once we were able to compare notes and pick winners for each categories, we were able to go watch the finals.

The finals were absolutely tense. I saw one teacher get so excited she was jumping around. It turned out this was the first year her school got to compete or something. She’s been fundraising a while to get it started. Turns out one of her groups won. She nearly collapsed and was in tears. It was so awesome to watch.

Finally everything was announce. Top winners in playoffs. Top driver in skill challenge, top autonomous robots in skill changes, all 5 judges awards. Some teams played off winning as it was nothing, but you could tell all of theme were excited about winning. I didn’t see any poor losers at all. Even the final game of the playoff you could see the losers thinking about how to improve to next time.

Last bits were the most impressive to me. Everyone of course ran off to clean up the tables and robots of their owns, but as soon as that was over, many kids from many different schools, not just the hosts, came back and helped clean up the event stuff. I mean sometimes it was ridiculous that we had 5 kids doing the simplest tasks, but they were all having fun and things were getting done.

I stuck around till the very end, helped with cleanup wherever I could. I had so much fun. I’ll admit the finals and the cleanup were more fun to me than the actual judging, but i enjoyed all of it and would do it again.

I’m so looking forward to next weekend when I’m getting involved with the second workshop Penguin Robotics is putting together. This time they’ll actually have the game field, and two groups going, one for novice and one for advanced. I’m hoping some of my teacher friends can get more involved as well.

I know this is super scattered, but i’m still excited and just thinking of everything, but I learned that a school would need about $1000 to get the basic kit together to field a team. Of course they would still need workspace and teachers/mentors and everything but I figure that’s something more individuals/companies could donate to schools to help them get started. I know I’m going to look into it. Too bad I haven’t kept in touch with my high school at all, it would have been cool to see them there. I think my shop teacher has long since retired too.

Cat plays with new Cat Toy Box

I never know how to start these :)

I’m off on vacation this week so I kinda decided to do a bunch of chores. Among those, I ended up going online and buying a bunch of bulbs, garbage bags, etc. Things I needed but wasn’t in a super rush for. During this little shopping spree I ended up getting the cat something new. A little self groomer you attach to the wall. So far she’s shown no interest, but since it has catnip in it, we’ll give it a bit of time and see how it turns out.

The best part is that it comes in a little box that you are supposed to cut a hole into and put a few treats in to make a quick cat toy. I decided why not….


I had to make the hole a tiny bit bigger before I took this video, she wasn’t having any luck whats so ever. She’s a super smart little one, but when it comes to food, completely dumb :D

She managed to get the handful of treats out in the end, but I thought it was quite awesome.

So next up I put one of her springs (which she absolutely still loves) in the box.


That was less successful, so i eventually took it out for her. I just loved the meow at the end.

Sauce Labs Hipchat Service (and Open Source)

I am absolutely ecstatic to announce the new Sauce Labs and HipChat integration being not only released to the public, but open source as well. Its been officially out for a month now, but we just went ahead and open sourced it.
About two months ago now, Atlassian hosted their Atlassian Connect Week out in San Diego. If you do any Atlassian based development, I highly recommend going if you can. It’s so much fun to be surrounded by other developers, and be able to ask the original teams questions when you get stuck.
I went into connect week hoping to get a solution for our problem talking to jira server users behind a firewall. Someone had an amazing solution within the first couple hours for me, and I was able to bang out a working prototype in the by the end of the second day.
So what do I do now? I had most of the week left over. Well at a previous internal sauce labs hackathon, I had already started playing around with a slack integration, but was kinda disappointed by its public APIs, so didn’t really get very far. I got really excited at the earlier talks about hipchat integration to see how far I could get.
It turned out I could get something done pretty quickly. This time I decided to use the atlassian-connect-express framework so I could focus on just implementing features. And what a good choice that was. By the end of the first day, I had test results showing up in chat. By the end of the week, I had screenshots available, test information, even video working. I had a direct connection to some of the developers, so was able to play around with even more features.
Curious how it looks? But don’t really want to install it yet? Checkout this awesome animated gif one of our product team members created.
I’m so absolutely excited for this integration, and on top of that, as someone who loves contributing open source, a great example of a working hipchat integration for everyone to learn from and contribute to.

Gavin mental health

Since @geekmentalhelp is doing a week of articles talking about mental health, I’ve decided to nudge myself into doing something as well. This is even more scary now that some of my posts are getting tweeted/shared out by work so I’m actually having visitors.

I’m pretty open about my issues, at least the easy to digest versions. I’ve always in the back of my mind (and possibly a bit been told growing up) that I’ll scare people away. Just act normal so people want to be around you. I know I’ve been trying pretty hard to find the right balance of things. I don’t like hiding from me. I also very much like teaching and helping people learn things/grow.

I’ll gladly talk more about what I know, and my experiences, but I’m focusing on high level stuff.

So straight up, the easiest one. ADHD. I was diagnosed with it at approx age 6. I was treated my entire school live until sometime in college. Not ever taking a break from the meds probably stunted me a few ways socially, but I think I manage it really well.
Diagnoses and treatments have come a long way. From what i’ve read online, it has 4 sections now. I fall into the “Inattentive Type”, which lends itself  to anxiety and depression. I think I self sabotage a lot in that area too. I don’t need to be treated special or anything. I’ve long ago learned to handle things. The key thing is that ADHD is all about information overload. You don’t have the traditional filters. I notice a lot. I process a lot. I use headphones and books/movies to blind myself from external stimulus.  So at large events (bars are really bad) with lots of conversations/movement/people/etc, I can get pretty quiet as I expend a lot of energy to stay focused on the people I’m with.

Next official diagnosis is social anxiety. Now this is one I sorta disagree with. I know I have lots of anxiety when it comes to social situations, but I think its more of a symptom than an actual issue. A couple years ago I had a pretty serious breakdown. I was able to keep it together at work, so people didn’t really notice, but that took almost everything I had. I came home, ate lots of junk food, hid in my room and cried, etc etc etc. I eventually managed to get a referral that lead to anxiety medication, and a cognative behavioral therapy class. I highly recommend the class if you think you suffer from it at all. It helps you learn coping techniques, especially to help you get out of that spiral. It also helps you notice those bad/negative thought patterns that help getting you into that spiral.

I’m pretty sure I don’t actually suffer from anxiety straight up, I actually have clinical depression which can manifest/overlap with anxiety. Luckily the meds tend to treat both so I’m back to a pretty functional state. Once or twice a month I still seem to have really bad days. Especially if I havn’t been sleeping as well as usual. And there are certain topics that can really hit me hard, but overall I have seen a massive improvement.

The biggest problem I face in this department is the years and years of bad habits developing avoidance techniques. I have a farely constant fear of things, especially alone, even silly things like making dinner I just feel sick at the idea of doing and eventually order food. Again I don’t need to be treated special, but do know I am trying as much as I can.

Lastly, unofficially, I’m almost certain I have dyscalculia. I’ve been told I was diagnosed with a “math based learning disability” as a kid but we never went past that. All the symptoms of dyscalculia fit. It is essentially a math based form of dyslexia. It mostly focuses on being unable to judge distance, time, relative numbers, etc. I also have given up and just used calculators and computers for basic math. It takes me way too much time and I get kinda embarrassed. It also explains why I have such trouble with spelling, and even why i have trouble with names/nouns a lot.

I’ve been handling this, sometimes pretty silently, for a long time now, so I’m totally capabile of doing so, but I know I don’t like how much its kept in the dark. How much people shouldn’t talk about it. I know when I had my breakdown, I absolutely felt more alone than I ever have in the past. I didn’t know where to turn. I knew others had problems, but never how they addressed it. I hated it. I felt abandoned, alone, scared. I barely held it together for my doctors appointments. I didn’t know who or how to talk to people. I was afraid of scaring off the few friends I still had.

So I keep saying over and over again. I don’t want to be treated special. But what can you do, if not for me, but for others? Honestly I have no idea, everyone is different. For me, and probably many otehrs, just being patient, just being around, maybe even just being forgiving goes a long way. And with everything else, sometimes all that is needed is a nice distraction to get things going again. But don’t feel like you have to fix things. Or find a solution. Especially don’t try to “fix” things by telling me or others to just be happy, or think positive. Its much more complicated than that, but more than anything else, knowing someone is around makes all the difference.

I think does a way better job at explaining some of the things a lot better.

Oh, totally wanted to mention. Every time I feel like someone praises how awesome, or smart I am, I want to curl up and hide. I am not that good. Stop compairing me to those. I didn’t finish school. I’m alone a lot. I can’t do math. Everyone knows more than me. But I get past it. I know the intention. I know I am actually good at what I do, because I try really hard, and I’m excited about it. I’m not better than anyone else. But I am good. I can do this.

I’ll end it off on a positive mental health poem. A guy speaking about how his OCD is calmed by a love. (Video)

test.allTheThings() at Jenkins World 2016

I CsXFwi9UMAA-2vIspent last week at Jenkins World 2016.

This wsa my second time hanging out at the Sauce Labs booth, the first being Microsoft’s /b/uild event.

I have to say I’m realy enjoying it. I don’t think I could do it full time, but its so much fun to talk to people excited to use your product. There’s that moment in thier eyes you can see when they realized its actually going to make their lives easier.

Jenkins World was actually incredably well done itself. I snuck off to the keynote to check things out on Wed morning. As someone who is lightly attached to the community, I didn’t really find anything all that new, but there was lots of exciting news. He explained why the UI hasn’t really changed in the past, and what they are going to do about it (Blue Ocean) and what they want to do long term, including the sexy sexy configuring Jenkins by Pull requests.

IMG_20160914_074254Our booth was right next to the entrance to a couple of the theaters, and the event had planned it so people would come back to the main hall between talks for food and snacks and stuff. While some of the talks were on, things got pretty slow, but we did have visitors, and I got to talk to some of the other out of town saucers that I normally don’t get to interact with.

In the end, I didn’t end up going to any of the other panels. I realized they were not really designed for me, I’m a very comfortable Jenkins user. They were more targeting people new to it. Instead I would talk to the other vendors, learned about a bunch of awesome products. Talked to some of the other attendies taking breaks.

The event ran informally on Tuesday, and they capped Tuesday off with a community appreciation night at the Computer History Museum. I was a little too paranoid about my backpack (which they didn’t want to allow inside) for me to wander the exhibits, but I had a blast hanging outside with random people. I managed to met a pair from scotland, and at least one person which high security clearance. Even ran into a buddy of mine I’ve known almost 15 years, but who I havn’t seen in probably 5 years (when was the last pax I went to?).

Wednesday was the longest of everything. I took the first shuttle from the hotel to the convention center at 7am. The actual talks ended around 5pm, but there was a Dev Ops Express party that night, so all the vendors stayed around and socialized with the various attendies. Lots of foods, snacks, even popcorn. The event kinda wound down at 7:30, and I was exhausted and took off about then.

Thursday was a much shorter day, only going to 5pm. Less people came by, but we had one guy who came by, and came back later that afternoon with his boss so things could be re-explained. I think by the end I had her convinced as well :D


Last but not least, Jenkins World had the team (I didn’t know it was a team) behind Commitstrip come by from France. They were producing a mural just outside the main rooms. The plan was that the attendiees would be able to color it in, but they’d draw the thing.

I walked by it a few times. I really wish I had snagged a picture of the colored in one, but it still looks great black and white.

I know at least one of them (Okay I’m not certain there’s a team) was on stage for the keynote on Wed morning. He was live drawing while people were getting steated. It was so much fun to watch. Whoa, whats he doing? Oh, shading, thats probably not needed is it?… oh whoa, zoomed out, Okay I can see how much that adds. Thats amazing.


Overall a blast. I’m going to keep signing up for booth duty in the future. I had a blast.. as I’ve already said. And its so cool to work at a company/for a product you actually believe in and am not ashamed of. I havn’t felt like that since LiveJournal.