Last week I started using my old 13″ laptop and left the bulky 15″ workstation permanently at my desk. This setup gives me portability without loosing power when I’m connected to my home network. Today, I decided to configure EdgeVPN on both devices to also have this setup while on the road.
EdgeVPN makes use of tokens, to connect nodes to a network. Since I have a Nextcloud server, which keeps files in sync on both of my laptops. I decided to put the EdgeVPN configuration file there and created a small script that reads from it to generate the token, and decide which IP to give to each device, based on their hostname:
TOKEN=$(cat /path/to/Nextcloud/edgevpn-config.yaml | base64 -w0)
if [ "$(hostname)" = "zeno" ]; then
elif [ "$(hostname)" = "seneca" ]; then
if [ "$IP" = "" ]; then
echo "IP not configured for $(hostname)"
echo Using IP: $IP
edgevpn --token="$TOKEN" --address="$IP/24"
Plus I created systemd services so I can make use of systemctl instead of having to remember the name of that shell script
I’m excited to announce that I joined Spectro Cloud. I’ll be part of the team building Kairos, the immutable Linux meta-distribution for edge Kubernetes.
Ok, a lot to unpack there, and I’m still very new to it, so I have numerous questions myself, but for my own sake, I will unwrap it:
Immutable Linux: there are some parts of the file system in the OS that are read-only. This means that if you want to add a package, or make some configuration change, you need to build a new image of the OS with the given changes. This is good for two reasons, on the one hand, it reduces the attack surface and, on the other, it helps to roll back to a specific version of the OS.
Meta-distribution: you can pick the flavor of the base Linux distribution on which Kairos is built. For what I can tell, openSUSE, Ubuntu and Alpine are already available, but others could follow up.
Edge computing: systems nowadays are being centralized in datacenters. While this can be beneficial in some cases, it can also be unpractical for others. When you have a system, running as far away from the datacenter, then you’re running at the edge of the network. For example, a computer in a parking lot, taking pictures of car plates and calculating the amount they need to be charged.
Kubernetes: it’s a platform to deploy applications. It was started by Google and became quite popular. It’s now part of the CNCF.
For as long as I can remember, I’ve been a Linux enthusiast, so I’m very much looking forward to this experience.
Running the MNT Reform 2 from an SD card is not a bad solution. It’s similar to the way a Raspberry Pi is run. However, I wanted to free the SD card slot. In this post I describe the whole process from picking and buying an NVMe SSD, to installing and configuring it.
But before I continue, I cannot take credit for this work, as it’s summarized in the Operating System on NVMe Without SD Card Post. I just wanted to give a little more detail into the steps I took, some of the mistakes I made, and add some information related to using an encrypted device.
PARTS AND TOOLS NEEDED
1 NVMe disk
1 Phillips screw driver
1 M2x4mm pan head screw (included in the DIY kit)
PICKING AND BUYING AN NVME DISK
I bought the one that MNT puts on the assembled version of the Reform 2, a 1Tb Transcend MTE220S because I didn’t want to risk it. I bought it from amazon.de (I tried to look for it in local businesses in Belgium but I couldn’t find it in the ones I was suggested to check). The price was around 125 Euro with shipping included.
There’s a community page on Confirmed Working NVMe Drives that will hopefully hold more options in the future but so far, the Transcend disk seems like a very good one.
INSTALLING THE DISK
Disconnect the laptop from the power
Discharge yourself by touching a metal surface or using a discharge bracelet
Remove the acrylic bottom
Remove the batteries
Place the NVMe device in the M2 socket
Do not close the laptop just yet. Turn it around, plug the power, turn it on and log in with your user. If the installation was successful, you should be able to see the device on the Disks application
PARTITIONING, FORMATTING AND ENCRYPTING
The next step is to create one or more partitions on the disk. I used Gnome Disks but it’s limited because you cannot do logical volumes, so you might want to install gparted or follow some tutorial for the CLI on how to achieve your specific partitioning setup.
Note: If you are planning to use the whole disk without partitioning and only format the disk, using the Drive Options menu (3 dots at the top right corner). The script mounting your partition /sbin/reform-init might have issues because of the name of the device. At least that’s what I experienced the first time I did this process.
My current setup is one encrypted partition with ext4 file system for root and one encrypted partition with ext4 file system for home (I will write about this in a next post). This means that I have to enter two passwords when booting. I’m planning to use a key in the future but if you don’t want to have to enter two passwords, read about logical volumes, or if you don’t want encryption at all then you don’t have to worry about this.
Select the NVMe Disk
Click on the + sign to create a new partition
Select the size (needs to be at least the size of the SD card) and continue
Give it a name e.g. “root”
Select ext4 as your file system
Select encryption with LUKS
Add a pass phrase
MIGRATE YOUR DATA
To copy all your data in the SD card to the NVMe disk, we first need to unlock the disk. The first argument is the path to the device, so it needs to map whatever partition number you did in the previous step. The second argument is the name you want to give, so choose whatever you prefer.
# cryptsetup luksOpen /dev/nvme0n1p1 crypt
The unencrypted partition will be accessible on /dev/mapper/crypt
We can use that path to run the reform-migrate script
# reform-migrate /dev/mapper/crypt
You can of course use Disks to unlock (open lock button) and mount (play button) the device instead. You will need to use the following command to move all your data.
Make sure to update the last argument to be the path to where you mounted the device.
CONFIGURE BOOTING FROM NVME
Booting from the NVMe disk is a two step process. We first need to configure the laptop to boot from the eMMC drive, and configure it to decrypt and mount the NVMe drive and init from it.
Read more about this topic on Section 10.2 and 10.3 from the Operators Handbook.
To switch the booting mechanism from the SD card to the inner eMMC module where the MNT Rescue disk resides, we need to flip a dip switch that resides underneath the heat sink.
Shutdown and disconnect from power
Remove the heat sink (be careful not to put the heat sink bottom flat on top of a surface since there’s some paste in it)
Flip the dip switch on the bottom right (or top left depending on your perspective)
Place the heat sink back in place
We can now plug the power again and start the machine. When prompted for a logging you need to use “root” without a password since this is a completely different system from the one configured on the SD card.
Now we need to download a newer version of U-boot in the rescue disk.
U-boot is a mini OS used to boot Linux. For what I understand, this “newer” version is just the same version than is in the SD drive, so trying that instead of downloading a new one would also be an option.
To flash the new U-boot we need to unlock the boot partition
Now that we have this U-boot version in place, we can configure it to boot from the NVMe drive
# reform-boot-config nvme
This creates the file /reform-boot-medium with the word nvme in it. This is important because it’s used by reform-init.
Note: One important thing to mention is that reform-init will only try to unlock and mount the encrypted partition under /dev/nvme0n1p1. With a different setup, one needs to go and modify this script to the right path. I stumbled across this problem on my first attempt but it was quite simple to debug and to help me understand better what’s going on under the hood.
If everything went well you should be able to reboot the device and it will boot from the NVMe drive successfully. To finalize this process
Shutdown the system and unplug it
Put the batteries back in place (be careful with the polarity)
The MNT Reform 2 laptop was made available on Crowd Supply in June 2020. This review is for the DIY kit version, and I’ll focus on the experience of supporting this project and its vendor through crowdsourcing, the process of putting the machine together, and my first impressions. I plan to share a second post with my thoughts on the experience of using the device as my computer for personal use.
WHAT IS THE MNT REFORM 2 DIY KIT?
The MNT Reform 2 is an Open Hardware Laptop. It comes with the Open Source operating system Debian Linux pre-installed. The DIY kit is just a disassembled version with a set of instructions on how to put it together.
Nowadays laptops, and most electronic devices, lose their warranty if you try to tinker or repair them yourself. This laptop is one of the few that invite you to open them and make them your own. If you don’t believe me, take a pick through the bottom, made of see-through acrylic.
THE CROWDFUNDING EXPERIENCE
As soon as I saw the project on Crowd Supply, I got hooked and decided to support it. If I remember correctly, the project got fully funded reasonably quickly, and by the time the campaign finished, the number of backers tripled.
The original shipping date was in December 2020, but I only received mine in April 2021. Four months of wait time can sound like a lot, but you need to consider that many producers and shipping companies had delays because of the COVID-19 pandemic. It would have been silly to expect that MNT wouldn’t be affected by this. On top of that, there are always delays in February because of the Chinese New Year. In the end, I think these delays ended up being positive because the MNT team used the time to make improvements to the keyboard and battery life. Lukas, MNT’s CEO, constantly shared about progress and any delays. It was pretty entertaining to follow up.
In my opinion, most open projects don’t have a very appealing branding. MNT is the complete contrary. I’m glad they put the same passion on the packaging as they did on the product.
PUTTING IT ALL TOGETHER
The kit comes with a big printout that has on one side the instructions and on the other side pictures to give you a good idea of what is what. All you need is a cross screwdriver.
While most steps were clear, there was one that I couldn’t figure out about the right way to plug the monitor. Fortunately, all I had to do is open the device again and invert the connector. In total, it took me between 2.5 and 3 hours to get the machine to boot. I swear I hadn’t had this much fun with a device in a very long time.
The laptop is gorgeous. When the lid is closed, it has this old-school Thinkpad vibe. The aluminum enclosing is pleasant to the touch and hardly picks any fingerprints. The MNT Reform 2 is quite thick if you compare it to today’s standards, which has its benefits, as you’ll see.
On one side, there’s an HDMI port and three USB type-A ports. On the other side, a port for SD cards, a headphone jack, a network port, and one for the charger. I’m pleased about this because there’s nothing more annoying (and ugly if you ask me) than all those dongles coming out of a beautiful laptop.
If you flip the computer, you can pick into the electronics thanks to the acrylic bottom. At first, I wasn’t very excited about this feature. It’s not that I don’t like it, but I think that after a while, it will get scratched, and then it won’t look as good. If there had been an option to get it with an aluminum bottom, I would have probably gotten that one. But I’m glad it is this way because it feels like an invitation to open and tinker with the device.
If you open the lid, the first thing you notice is the trackball. It’s also possible to buy it with a trackpad, but I thought this would be more fun. Plus, I can always replace it if I don’t like it. So far, it’s been quite fun to use, but it will take some time to get used to it.
Next, you might notice the small display on top of the keyboard. It’s helpful to get additional feedback, like battery percentage or the system’s status. The best part is that I can turn it off whenever I don’t need to look into it and avoid wasting precious energy.
And of course, here’s where we find the mechanical keyboard. The keycaps feel very natural to the touch. The switches have excellent travel and sound amazing. However, this could be problematic when working with others, just like with any other mechanical keyboard, and there doesn’t seem to be a way to put dampers on these switches. I’m now used to Cherry MX Silent Red switches, and these are louder. Typing is very comfortable, except for the keys I press with my thumbs. The keyboard sits only slightly above the level of the palms rest, and because of the long travel, I feel like I’m constantly pushing the palms rest with the side of my thumb. In my opinion, raising the keyboard a little bit or making the inclination between the palm rest and the keyboard a bit more prominent would help.
The layout of the keys is quite good. I love having a dedicated row for the function keys and a split space bar with two alt keys in between, which makes it more natural to reach them. Instead of a caps lock key, you get a control key, which I already configure on every other laptop. Details like these make this laptop feel like if it is tailor-made. I don’t particularly appreciate having the up arrow where the shift key is typically, but that’s where the open-source part comes very handy. I plan to flash a new layout into the keyboard, hopefully, one with multiple layers.
The last tiny issue I will mention is that the printout of the quotes key was inverted, but MNT is already aware of this, so they might have it fixed for future machines. None of the issues I just mentioned are deal-breakers. This keyboard is by far the best I’ve used on a laptop.
On the top panel are the display and two speakers. I like the side and top bezels, but the bottom one is a bit prominent and could use, in my opinion, some design or an MNT logo. I decided to put the sticker with the serial number there. The sturdiness of the top panel feels solid. I can move, and it doesn’t wobble. The hinges feel pretty sturdy like they can last forever. The display quality is excellent, but the speakers are a bit too quiet.
Last but not least, I must mention the parts that are not present with the machine. The MNT Reform 2 doesn’t have a webcam or a microphone (I remember reading somewhere that this was by design thinking about privacy first, but I couldn’t find this information on the Crowd Supply or MNT Reform websites). The DIY kit doesn’t come with an SSD or a WiFi card, but these can be bought online or at a local store. Lukas shared the exact models that come with the assembled version.
The MNT Reform 2 initially boots into text mode, where you first have to follow a few steps to create your user account. The Operator’s Handbook explains every step in detail. Once you have an account, you can start the graphical interface. The three options that come pre-installed are Sway, Gnome 3, and Window Maker. But you can install any other that’s available for Debian.
The Gnome 3 version that comes with the MNT Reform 2 has fewer components than the vanilla version. I guess that it helps reduce the load since full DEs are very power-hungry. I tried to do the same experiment as with Sway, but unfortunately, none of the videos played well on MPV, and in general, I did feel a bit of lag when using Gnome for some tasks.
If you cannot live with a tiling window manager, I recommend you go with Window Maker. It doesn’t look very up-to-date, but after trying it for a while, I must say it performed very well. Like with Sway, there was no issue at all having my three designated applications running simultaneously.
I’ve been using the MNT Reform 2 to write these notes down for the past few days. Hearing the sound of the mechanical keyboard is music to my ears. Not having a network connection allows me to concentrate on what I want to say instead of being annoyed by multiple notifications. From time to time, I plug an ethernet cable to search for something online and eventually publish these words on my blog. The whole experience reminded me about times when computing felt a lot more personal, and our lives didn’t need to be online 24/7.
Not only has it been fun to build and use this machine, but I’m also very excited about the idea of being able to service and extend its life. I love the concept of having a device that evolves according to my needs. Above all, it feels good to own a device not because it’s the latest and greatest but because its ethos resonates with my own. Only time will tell if the MNT Reform 2 will live up to its promises, but I’m certainly rooting for it.
This article will teach you how to run one or more Redis instances on a Linux server using systemd to spawn copies of a service.
The easiest way to install Redis in Linux is with your distributions package manager. Here is how you would do it on openSUSE:
sudo zypper install redis
In case your distribution doesn’t provide a Redis package, you can always follow the upstream instructions to compile it from scratch.
CONFIGURING A REDIS INSTANCE
Make a copy of the example/default file that is provided by the packagecd /etc/redis/ cp default.conf.example my_app.conf Use a name that will help you recognize the purpose of the instance. For example if each instance will be mapped to a different application give it the name of the application. If each instance will be mapped to the same application use the port in which it will be running.
Change the ownership of the newly created configuration file to user “root” and group “redis”chown root.redis my_app.conf
ConfigurationAdd a “pidfile”, a “logfile” and a “dir” to the .conf file.pidfile /var/run/redis/my_app.pid logfile /var/log/redis/my_app.log dir /var/lib/redis/my_app/ Each of these attributes has to match with the name of the configuration file without the extension.Make sure the “daemonize” option is set to “no” (this is the default value). If you set this option to yes Redis and systemd will interfere with each other when spawning the processes.daemonize no Define a “port” number and remember that each instance should be running on a different port.port 6379
Create the database directory at the location given in the configuration fileinstall -d -o redis -g redis -m 0750 /var/lib/redis/my_app The database directory has to be owned by user “redis” and group “redis” and with permissions 750.
Repeat these steps for every instance you want to set up. In my case I set up a second instance called “my_other_app”
In order for systemd to know how to enable and start each instance individually you will need to add a service unit inside the system configuration directory located at /etc/systemd/system. For convenience you might also want to start/stop all instances at once. For that you will need to add a target unit.
In case you installed Redis on openSUSE these two files will be already provided for you under the system unit directory /usr/lib/systemd/system.
Create the service unit file “redis@.service” with the following contents:[Unit] Description=Redis After=network.target PartOf=redis.target[Service] Type=simple User=redis Group=redis PrivateTmp=true PIDFile=/var/run/redis/%i.pid ExecStart=/usr/sbin/redis-server /etc/redis/%i.conf Restart=on-failure[Install] WantedBy=multi-user.target redis.target The unit file is separated in sections. Each section consists of variables and the value assigned to them. In this example:
After: when the Redis instance is enabled it will get started only after the network has been started.
PartOf: this instance belongs to the redis.target and will get started/stopped as part of that group.
Type: simple means the service process doesn’t fork.
%i: a specifier that is expanded by systemd to the “my_app” instance.
Create the target unit file “redis.target” with the following contents:[Unit] Description=Redis target allowing to start/stop all redis@.service instances at once
INTERACTING WITH REDIS
If everything went as expected you should be able to interact with the individual instances:
One of the mayor reasons why I still use my Windows box is because I havent found a subtitute for TOAD. I know I could make it work some how using wine but I just didn’t feel like it. Since Oracle is so Linux supportive I looked for something on their website and for my surprise I found SQLdeveloper. So far, so good! I like it and I am going to start using it for work. Here are the steps I followed to make it work in my Ubuntu 9.04 box: