======================= More maintenance news ======================= Today I replaced the light fixture, mentioned in the previous post. Now there's light in the hall once again, and it's attached to the wall better than the previous one was (drywall anchors, instead of simply screws), as well as connected better (screw terminals, instead of twisted wires). The previous one was installed by a contractor. Oh, and the light produced by those 6500 K Philips light bulbs looks fine to me: closer to white/sunlight than the 4000 K versions, I think. On 2023-01-01 I received a mail notification from cron, about a failure to renew the certificate via ACME (from Let's Encrypt); as happened before, turns out that it was caused by the secondary nameserver's (provided by gandi.net) laggy renewal, and apparently that nameserver rejected update notifications for a few weeks before that, so the lags became notable -- it only updates the records daily now. It's still nice to have a secondary nameserver though, so I finally delegated the _acme-challenge subdomain to a separate zone, handled only by the primary nameserver -- so that even if Let's Encrypt's DNS server goes to secondary at first, it's then redirected to the primary nameserver for that subdomain, and reads the freshly updated records. Thought of setting it that way before, but it seemed not quite necessary, while complicating the overall configuration; turned out to be rather important, and it's not that much of a complication. Another thing I have set that I kept postponing is a custom XMPP blocklist, with Prosody's mod_firewall: hoped that JabberSPAM/blacklist would suffice, but apparently it takes years to add new entries there, and the spam can be annoying meantime. Recently ran into a server administrator refusing to sort out the spam (well, saying it's not spam; reminds me of occasional software maintainers refusing to fix bugs, saying they aren't bugs -- though perhaps network service administrators should be a bit more responsible), though there were cases with just unresponsive administrators and hosters in the past, so figured it's the time to finally set it. Could have used nftables instead, but I think it's more appropriate to block this way: for debugging from blocked servers (properly bouncing with the reason provided, not just refusing connections or dropping packets), as well as to keep the configuration specific to XMPP in the relevant files, not in more general ones. As I do with email, too. Also have set a system on a new work server, used LVM + ext4 instead of btrfs this time. Had some issues with btrfs on other servers, particularly after running out of space. And disabling its prominent features on partitions used for databases anyway (mounting with "nodatasum,nodatacow"). Next going to migrate a few large-ish PostgreSQL databases there, likely setting streaming replication at once, and then turning this new server into a primary/master, turning the old one into standby/backup. Oh, recalling recent maintenance work, I guess shoveling quite a lot of snow from the country house entrance counts as well. Maybe will have to figure something with the fence door's lock there, too, since it's prone to freezing, and maybe plan and order a small roof on top of the entrance (but need to ensure that the snow won't collect on top and break it). But those are amounts and kinds of maintenance I'm not quite comfortable with, unfortunately. Computer and apartment ones are easier -- at least if you're spending much time in front of a computer, inside an apartment. ---- :Date: 2023-01-14