Server replaced

Due to some failure, the old server went offline and needed to be recovered. Easy fix, but required console access for repairing.

Unfortunately, the NOT awesome support of the housing provider locked me out of the management console for 4 days straight before they fixed some issues and granted me access again.

According to them, I should have just waited for days without doing anything. Since this is not an option, I reinstalled the server with all the repositories (rsync and https) and switched the DNS record to it.

Today I finally regained access to the old server and picked up one file that I needed to restore the database, so here is up again. On the positive side:

  • It’s a much more capable hardware with SSD drives
  • Updated OS
  • Updated hardening policies (CIS, NIST, and some other stuff)
  • Configuration/setup is fully automated
  • I have full access on the console in case of issues
  • It’s available on IPv6
  • Proper crypto policies (it’s now listed as A on the Qualys website):

Nvidia proprietary and open source kernel modules

With the latest bunch of updates to the Nvidia and Multimedia repositories, I’ve added the ability to switch to the two implementations of the kernel modules currently available in the Nvidia driver for Linux.

Since almost a year, the Nvidia driver ships with two different implementations of the kernel modules, one proprietary and one open source. The open source one as of drivers 545.x is now considered beta quality also for the workstations, so it seems a good moment to start shipping it.

The open source one is supposed to be the only one that will be kept in the future, but at the moment both are available and both differ in terms of functionality. You can read about the main differences in terms of functionality and what chips they support in the official documentation.

I did not want to introduce another variation of the kernel modules beside akmods, kABI and DKMS, this would have created even more confusion and lots of dependencies in the SPEC files for the variations. The new akmod and DKMS packages ship both sources (MIT/GPL and proprietary kernel modules) and allow you to switch between one or the other through a configuration file.

Considering that in the long run only the open source variant will remain, I wanted to make this as transparent as possible for the users. Basically, if you don’t care and just want something that works, nothing has changed for you.

The two sources get referenced as they are referenced inside the Nvidia run file, namely “kernel” for the original proprietary kernel modules and “kernel-open” for the new open source variation.

The following instructions show you how to switch between one implementation or the other.

DKMS

Check which version you have installed:

# modinfo -l nvidia
NVIDIA

Change the type of modules you want to use and trigger a rebuild and a reinstall:

# sed -i -e 's/kernel$/kernel-open/g' /etc/nvidia/kernel.conf
# dkms build -m nvidia/545.29.02 --force
# dkms install -m nvidia/545.29.02 --force

Now check again the license and you should see that it has changed to MIT/GPL:

# modinfo -l nvidia
Dual MIT/GPL
# reboot

To switch back, change the configuration again and then trigger the same process for rebuilding installing:

# sed -i -e 's/kernel-open$/kernel/g' /etc/nvidia/kernel.conf
# dkms build -m nvidia/545.29.02 --force
# dkms install -m nvidia/545.29.02 --force
# reboot

akmods

Check which version you have installed:

# modinfo -l nvidia
NVIDIA

Change the type of modules you want to use and trigger a rebuild and a reinstall:

# sed -i -e 's/kernel$/kernel-open/g' /etc/nvidia/kernel.conf
# akmods --rebuild

Now check again the license and you should see that it has changed to MIT/GPL:

# modinfo -l nvidia
Dual MIT/GPL
# reboot

To switch back, change the configuration again and then trigger the same process for rebuilding installing:

# sed -i -e 's/kernel-open$/kernel/g' /etc/nvidia/kernel.conf
# akmods --rebuild
# reboot

Xbox Series X|S Wireless controller in Fedora/Steam

I recently had to replace a chep quality Xbox-like controller with a proper one, so I decided to get an Xbox controller. This gives me the proper experience in Steam and games which support Xbox controllers in the various configuration options.

I’ve decided to purchase an Xbox Series X|S Wireless controller, which is USB / USB-C or BLE (Bluetooth Low Energy). No issues with USB, the controller is recognized properly, including vibration, but to get it working via Bluetooth it requires a bit of extra software.

image

So here are the packages and how to connect it.

USB / USB-C connection

Just plug it in, it will instantly be recognized. Nothing else to do in this case.

usb 1-3: new full-speed USB device number 12 using xhci_hcd
usb 1-3: New USB device found, idVendor=045e, idProduct=0b12, bcdDevice= 5.07
usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-3: Product: Controller
usb 1-3: Manufacturer: Microsoft
usb 1-3: SerialNumber: 3039373133333431323636313230
input: Generic X-Box pad as /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.0/input/input31
usb 1-3: USB disconnect, device number 12

Bluetooth Low Energy connection

Requirements:

  • An up to date 5.13 kernel (already available in Fedora updates)
  • A Bluetooth Low Energy adapter in your system
  • Updated firmware on the controller (5.7 at the time of writing this)
  • Packaged xpadneo software

Firmware update

First of all, make sure your firmware is up to date on the device. Before updating the firmware, I had some issues with Bluetooth constantly cycling with pairing. To update the firmware, unfortunately you have to use a Windows system.

Install the Xbox Accessories app, plug in the controller and follow the wizard to update the controller.

If you already attempted to pair the controller without updating the firmware and then you try again with the new firmware, you might have issues pairing. To fix this, delete all cache files of the Bluetooth stack in Fedora before attempting the connection again:

find /var/lib/bluetooth/ -name cache -exec rm -fr {} \;

Bluetooth Low Energy Adapter

Just run this command, if it shows the setting “le” then it means you have Low Energy support:

$ btmgmt info
Index list with 1 item
hci0:	Primary controller
	addr 00:0A:CD:3B:E0:A5 version 6 manufacturer 10 class 0x7c0104
	supported settings: powered connectable fast-connectable discoverable bondable link-security ssp br/edr le advertising secure-conn debug-keys privacy static-addr phy-configuration 
	current settings: powered connectable discoverable ssp br/edr le secure-conn 
	name workstation.localdomain
	short name 

Packaged xpadneo software

The necessary packages are both in the Steam repository and the Multimedia repository.

Execute one of the following commands to install the appropriate packages.

With akmod:

# dnf -y install akmod-xpadneo
# akmods --force

With DKMS:

# dnf -y install dkms-xpadneo
# dkms build -m xpadneo/0.9.1 
# dkms install -m xpadneo/0.9.1

If you don’t want to trigger the builds manually you can just reboot the system, both DKMS and akmods will take care of rebuilding the necessary kernel modules.

Checking that everything works in BLE mode

Open the GNOME Bluetooth settings, then:

  • Keep the wireless button on the controller pressed for a few seconds until the Xbox logo blinks fast
  • Click on the Xbox Wireless Controller - Not set up entry

After pairing, you will see the following entry in the Bluetooth settings panel:

xbox-bt-paired

And in the Power settings panel you can also see the battery status:

xbox-bt-battery

Finally, in the kernel messages you should see a message like the following:

xpadneo 0005:045E:0B13.0004: pretending XB1S Windows wireless mode (changed PID from 0x0B13 to 0x02E0)
xpadneo 0005:045E:0B13.0004: working around wrong SDL2 mappings (changed version from 0x00000507 to 0x00000903)
xpadneo 0005:045E:0B13.0004: report descriptor size: 283 bytes
xpadneo 0005:045E:0B13.0004: fixing up Rx axis
xpadneo 0005:045E:0B13.0004: fixing up Ry axis
xpadneo 0005:045E:0B13.0004: fixing up Z axis
xpadneo 0005:045E:0B13.0004: fixing up Rz axis
xpadneo 0005:045E:0B13.0004: fixing up button mapping
xpadneo 0005:045E:0B13.0004: enabling compliance with Linux Gamepad Specification
input: Xbox Wireless Controller as /devices/virtual/misc/uhid/0005:045E:0B13.0004/input/input32
xpadneo 0005:045E:0B13.0004: input,hidraw2: BLUETOOTH HID v9.03 Gamepad [Xbox Wireless Controller] on 00:0a:cd:3b:e0:a5
xpadneo 0005:045E:0B13.0004: controller quirks: 0x00000050
xpadneo 0005:045E:0B13.0004: Xbox Wireless Controller [f4:6a:d7:72:3c:ef] connected

If everything is good, then let’s check how Steam reports the controller:

xbox-bt-steam-bp

Voilá, you have an Xbox controller running over Bluetooth LE without any extra dongle.

Powering on / off the controller

After a bit of time without using the controller, it will turn off on its own. To bring it up again and quickly re-pair it, just press the Xbox logo on it.

Wayland/modesetting on Nvidia

With the latest Nvidia drivers it seems that modesetting and Wayland work fine for Gnome and GDM.

Console text is still a normal console, but upon boot you get the native screen resolution in Plymouth and then you can login under both X.org and Wayland sessions.

Screenshot-from-2020-07-11-08-06-56

How to test? Make sure that you have the following line enabled for the nvidia-drm module:

# cat /usr/lib/modprobe.d/nvidia.conf | grep drm
options nvidia-drm modeset=1

And then make sure to comment out the following line in the udev rules supplied by GDM:

# cat /usr/lib/udev/rules.d/61-gdm.rules | grep -i nvidia
# disable Wayland when using the proprietary nvidia driver
#DRIVER=="nvidia", RUN+="/usr/libexec/gdm-disable-wayland"

Then reboot, and you will login with a Wayland session by default:

# cat /sys/module/nvidia_drm/parameters/modeset 
Y
# cat /sys/module/nvidia_drm/version 
450.57
$ lsmod | grep nvidia
nvidia_drm             57344  4
nvidia_modeset       1187840  3 nvidia_drm
nvidia_uvm           1130496  0
nvidia              19726336  208 nvidia_uvm,nvidia_modeset
drm_kms_helper        249856  1 nvidia_drm
drm                   618496  7 drm_kms_helper,nvidia_drm
$ env | grep XDG_SESSION_TYPE
XDG_SESSION_TYPE=wayland
$ lspci | grep -i vga
01:00.0 VGA compatible controller: NVIDIA Corporation GP106 [GeForce GTX 1060 6GB] (rev a1)

Bigger dedicated server

As you might have noticed, in the last few weeks there were issues with the website and repositories.

This was due to the fact that after all the load moved to the dedicated server, the sizing of it was not enough to cope with load. CPU usage constantly at limit and not enough memory that resulted in OOM killing (most of the time) the database.

I’m just finished replacing the server with a bigger one (4 times the size), hope this would be enough for the moment. If not, I will separate the repository download from the main website.

Hope that this will be stable for a while.

Back online! Thank you!

So, the website is back online, with some changes! There might be some issues still on some random link or database references to the old hosting directory structure but I will fix them as soon as I spot them.

Hope you will receive an email from this 🙂

This is what happened on GoDaddy:

The hosting was a “shared hosting”, basically a WordPress instance and a shared folder to host some content (the packages). This is how it was born and how it stayed for quite some years. At the time it was “ok” but it went downhill over the years.

Unfortunately for GoDaddy users, being a shared hosting, you have no choice but click on some web page to get what you need. One of these needs is an SSL certificate.

Yesterday my credit card was billed more than 200 USD for an SSL certificate signed by GoDaddy. Since they sell certificates and control the platform, switching to Let’s Encrypt is not possible.

After the billing, I could see the new certificate, but the certificate was not pushed to the instance. After almost a day on the chat with random people that just told me to wait an hour without getting anything fixed, I was put into phone contact with the “shared hosting” services.

There I was told that they were aware of the problem, and that all customers on the same shared hosting (“legacy”, according to what they said) were impacted since the 30th of April (seriously??) and there was no fix yet.

You are forced to pay a stupid SSL certificate a lot, you get an issue, the certificate can’t be used, they don’t fix it and good bye. Their service is beyond ridiculous.

After some more chatting with support it seems that at least I can be refunded for the last renewal of the certificate, let’s see if this happens.

After this bit of history, back on the new hosting.

Dedicated hosting

The site is no longer hosted on GoDaddy, so now this time I picked up a dedicated sysmte where I have direct access to it and I can do much more than before. This has led me to being able to use Let’s Encrypt certificates and certbot for automated renewals, thus saving money as well.

Bandwidth is much more stable, so download times should be greatly improved, especially for me for uploading the packages. I was able to sync the ~100 GB of packages in just a few minutes.

Mirroring repositories

Having access to the system means that now there is also an RSYNC daemon running serving all the content of the /repos folder. You can sync a specific repository with a command like this:

rsync -crlpvz --progress --delete-after rsync://negativo17.org:/repos/nvidia local/path

I’ve also added the instructions on the /repos folder directly.

A big thank you

Thank you very much with all my heart for the round of donations received! This means a lot to me.

All the donations received on Paypal and the cheaper / more versatile hosting should be enough to keep this site alive for another couple of years!

What’s next?

I’m planning to add some more content (ARM packages) and maybe migrate to something else that is not WordPress. I was thinking about a wiki, probably MediaWiki to make it similar to the Arch wiki, which I found very clear and easy to read, if you have any preferences please let me know.

Certificate expired…

After spending a day on the phone with GoDaddy, they informed me that they have an issue with the shared hosting and they can not update certificates on the various instances. According to them they had this issue on the past 3 weeks!

Of course nobody bothered to tell me and now the certificate is expired and I have no way of fixing it. I’m now in the process of moving everything to a separate hosting provider, starting from the repositories.

Of course now it will be a dedicated box, so the cost will not be the same. Any donation is of course accepted.

WordPress hack fixed

Some automated bot added an extra PHP file and a redirect, so when Googling for this website you would have been redirected to a page selling drugs.

I’m still trying to think why looking for some Fedora package would trigger a compulsive Viagra purchase, but hey, not everyone is the same.

Page & redirects have been removed, everything is back to normal. The specific repository pages were not visible (404) due to a faulty WordPress plugin update, which I removed. A crawl from Google has been triggered to remove the drugs page from Google search.

I will move the GPG public key of the repositories somewhere else, so people can still check if they have any doubt.

Now, If I could figure out how to remove that Jetpack error about AMP….

Also, looking for a cheap hosting solution (hey, this has been running for free since 2013), ideally where I also manage the website (no more WordPress..) and not the hosting company managing it for me, so if you have any suggestion let me know.

Sonarr, Lidarr, Radarr, Tautulli and Spotifyd packages for Fedora

I now have a new Plex server with lots of storage in a new small cube form factor, so it was now time to automate things a bit more and put the box to proper use.

Now in the multimedia repository you can now find Sonarr, Radarr, Lidarr and Tautulli. This allows you to populate and maintain automatically your TV Shows, Movies and Music libraries without effort. Tautulli is not particularly useful if you are not hosting Plex for third parties, but gives you anyway statistics and information in a nice GUI for consumption and also notifies you any time one of the other tools adds something to a library.

Now I can see how many times my kid has watched the Super Wings! TV show (a ridiculous amount of times, if you are interested):

The packages are built from the upstream releases. Being Sonarr, Radarr and Lidarr built on different Mono versions and requiring a different minimum version, I assembled the packages from their Mono binaries tarballs. The plan is to make all of these available also for CentOS, so packaging needs to be relaxed. Tautulli as well bundles a lot of specific Python dependencies.

All of them come with proper System units and Firewalld rule definitions. So should be a breeze to enable them on the system.

$ rpm -ql sonarr radarr lidarr tautulli | grep -E 'systemd|firewalld'
/usr/lib/firewalld/services/sonarr.xml
/usr/lib/systemd/system/sonarr.service
/usr/lib/firewalld/services/radarr.xml
/usr/lib/systemd/system/radarr.service
/usr/lib/firewalld/services/lidarr.xml
/usr/lib/systemd/system/lidarr.service
/usr/lib/firewalld/services/tautulli.xml
/usr/lib/systemd/system/tautulli.service

Along with those, there is also Spotifyd, which allows you to turn any system into a Spotify client and/or Spotify Connect speaker. Without any configuration file it just works like a WiFi speaker support Spotify Connect, with a configuration file that contains a Spotify Premium username and password you have a fully connected client that you can control with the Spotify phone app like any other client.

If the Plex server is always on and close to a set of speakers, why not use it also as a WiFi speaker? Would also be nice to have Google Cast support; so my family could also use it for listenting to Plex hosted music, but unfortunately Google locked out all APIs for casting and no open source implementation exists (as far as I know).

For example:

This list comes from my phone, and I’m in the same network of the laptop. Everything else is signed in with my account or has been playing something when I was close by, so it’s still logged in.

Also Spotifyd will eventually be available for CentOS/RHEL even if it does not have any Rust packages. The version currently in the repositories is built to also support PulseAudio as a backend, as the plan is to run this on a fully fledged Fedora/CentOS/RHEL system. The binary release offered on the Github project is built with only Alsa as a backend as it requires a considerable less amount of libraries as dependencies; making it suitable for running on a barebone Raspberry Pi.

HandBrake with NVENC support

After switching from libav to FFmpeg, the HandBrake developers quickly added NVENC encoder support to HandBrake. You can now select both NVENC for H.264/H.265 encoders in the drop down menu or with the command line interface:

$ HandBrakeCLI --help | grep -A12 "Select video encoder"
   -e, --encoder   Select video encoder:
                               x264
                               x264_10bit
                               nvenc_h264
                               x265
                               x265_10bit
                               x265_12bit
                               nvenc_h265
                               mpeg4
                               mpeg2
                               VP8
                               VP9
                               theora

With most GPUs I tried, even setting the slowest and costly preset results in the video engine not being fully utilized. Encoding times are cut to ~25%.

Awesome! No more ffmpeg command line black magic. You can now comfortably create your preset in the HandBrake gui and then use HandBrakeCLI through SSH on your awesome Plex Media Server. The build is available for both CentOS/RHEL 7 and Fedora.