Bacardi55's Web Cave

Introduction

In my previous post about setting up my uConsole, I said that instead of using Firefox, I try using chawan, a TUI browser with (some) CSS, JS and images support. Sometime I still use Firefox, but try to limit its usage for when a page is really not usable in Chawan. The reason being the very limited CPU of the RaspberryPi 4 powering my uConsole (I could switch to a RaspberryPi 5 but other than for Firefox, I don’t see the need).

This post explained how I installed Chawan on a RaspberryPi (4) as Nim, the programming language used to develop Chawan, is not available in Debian Trixie.

Install Nim

First, install the required dependencies if you haven’t already:

sudo apt -y install build-essential openssl curl

Then, download the Nim source:

cd workspace/contrib/nim
wget https://nim-lang.org/download/nim-2.2.4.tar.xz
tar xf nim-2.2.4.tar.xz
cd nim-2.2.4

We can start the build process:

./build.sh

The next step is to build koch, the official maintenance script for Nim:

bin/nim c koch
./koch boot -d:release

And finaly install some Nim tools as well as Nimble, Nim’s package manager:

./koch tools
./koch nimble

Next step is to install everything in a more useful place than this working directory. I decided to install it locally for my user (in ~/.nimble and not system wide (but you could use /usr/bin or equivalent instead). I also copied the other binary files I compiled before in that same repository

./install.sh /home/<userName>/.nimble
cp ./bin/* /home/<userName>/.nimble/nim/bin/

And at last, add the ~/.nimble/nim/bin/ directory to your $PATH in your ~/.bashrc or ~/.zshrc or equivalent and then reload it, eg:

source ~/.zshrc

Just to try, you could run:

nim --version

If you don’t have an error and it shows the compiler version, you did it :). Example in my case:

➜ nim --version
Nim Compiler Version 2.2.4 [Linux: arm64]
Compiled at 2025-10-22
Copyright (c) 2006-2025 by Andreas Rumpf

active boot switches: -d:release

That took some time, specially on a raspberry pi, but we are done with Nim’s installation, now let’s focus on chawan!

Install Chawan

Let’s start by installing build dependencies that you don’t have yet on your system:

apt install libssh2-1-dev libssl-dev libbrotli-dev pkg-config make

Then, we download the source code of Chawan:

cd ~/workspace/contrib
git clone https://git.sr.ht/~bptato/chawan
cd chawan

And build Chawan:

make
sudo make install

And now you can start it and browse the web in your terminal with a better experience than elinks or w3m :).

Conclusion

While Chawan is still young, it is already a nice project and I can’t wait to see how awesome it will be in a year or two with a bit more css working and maybe some kind of tab management (but that’s because I’m a tab maniac). Thanks for bptato and all contributors!

Introduction

The goal of this post is to go through my current setup for my uConsole (by ClockworkPi) and everything I had to do to make it happen. I have the feeling it will be useful for my future self if something fails or possibly for my future Pilet if it end up being delivered at some point (the joy of kickstarter)… Or any other cyberdeck I end up using the most…

The tldr; is: Debian (Trixie), i3wm, lots of CLI/TUI applications and retroarch for playing my favorite JRPG games (Chrono Trigger, Final Fantasy VI, etc…). At the end, I’ll also give my opinion about this device.

OS installation and tweaks Debian bookworm trixie

When I started to write this post, debian Trixie was not yet available and thus I installed Bookworm. But since Trixie came out and as said by Rex, the community member providing the best OS for the uConsole, the upgrade from Bookworm to Trixie doesn’t work (trust me I tried and failed - yay for backups!). Anyway, I’ve reinstall Trixie from scratch and redid everything. Hopefully I didn’t leave any mistake based on things done in Bookworm that isn’t compatible with Trixie.

As said above, I didn’t installed the official image, because according to a lot of things I read on the official forum, it was way better to use the version provided by a nice person called Rex. I found it on this thread and advise to use the same one. Rex also provides other distros and packages so check their profile. I used the full and not the lite version because I had issues with the keyboard using the lite version.

To install it, just copy the image on a SD card and then insert it in your uConsole and start it. To copy the image, I simply use dd:

sudo dd if=/path/to/image/file.img of=/dev/sdX status="progress" conv="fsync"

Don’t forget to update sdX with the right name of your disk.

Initial setup

First, run through the initial setup to provide your username, network connection, language, country, timezone, keyboard layout, etc… I kept the US layout so it matches what is written on the keyboard keys. I did that because the physical layout of the keyboard is not standard, so it would be too complicated to remember where special characters are as opposed to a real size keyboard where I don’t need to look at it.

Then I updated the system with sudo apt update && sudo apt upgrade and then launch sudo raspi-config. In the config screen, I:

• Made sure raspi-config was already up to date (Update)
• Changed the hostname (System → Hostname)
• Confirmed boot to desktop GUI and not Console (System → Boot)
• Disabled both auto login to CLI or GUI (System → Auto Login). I did this because of the encryption of the home directory that will be decrypted at login with the same password than my user. Read below for more.
• Enabled ssh server (Interface Options → SSH)
• Verified my localisation options (Locale en_US.utf8, Timezone, keyboard and WLAN country)

After all that, I rebooted to unsure everything was still running correctly and the system showed me the login screen at boot instead of the auto login by default.

Then I of course installed vim and tmux to edit any configuration files later on. Read below to see what else I installed but started with that first as I’m going to edit some config file very soon via ssh (hence tmux just in case of network drop).

Login and encryption

Next step was home directory encryption. I already wrote a dedicated post about all the details to do so with gocryptfs. As opposed to what I do on my laptop/desktop, it means I don’t encrypt the full disk which means I don’t decrypt the full disk at boot. I have to decrypt my home directory when I log in (hence disabling autologin earlier). As I wrote in that post, the decryption happen when I authenticate via PAM, either via the tty or via the login manager (lightdm). Doing so require that I must login manually and disable the autologin feature. Otherwise PAM would not have the password to decrypt my home. Read the dedicated post linked in this paragraph for more information.

Overclock

I decided to overclock the device a little. To do so, edit the /boot/firmware/config.txt file. Within the [pi4] section (or [pi5] if you have a raspberrypi 5 and not a 4), add the following:

over_voltage=5
arm_freq=2000
gpu_freq=750
gpu_mem=256

And reboot after saving the file.

After the reboot, test that the changes worked:

root@clockworkpi:~# vcgencmd measure_clock arm
frequency(48)=2000531200

Secure the device

If you haven’t, read my previous post where I explained how I encrypted my home directory.

To secure SSH, I did the usual: no root connection, no password connection (only with ssh key).

NOTA: if you do the same and limit your ssh connection to ssh keys and forbid password connection, then you MUST connect to your account on the uConsole first and then you’ll be able to connect via SSH. The reason for that is that you need first to decrypt your home (that contains the ~/.ssh/authorized_keys) to be able to connect with your ssh key. Otherwise you’ll see a failing message telling you the passkey is wrong.

Then secure the device with some firewall rules. First, install ufw and then:

ufw default deny incoming
ufw allow ssh
ufw enable

But I also disabled sshd by default:

sudo systemctl disable sshd.service

And I only start it when needed:

sudo systemctl start sshd.service

Replace start with stop to disable it after you’re done :).

Fake sleep / hibernation

Hibernation is not supported on a RaspberryPi (at least to my knowledge). I’ve seen “fake” sleep mode for the uConsole on their forum where it blocks the keyboard, switch off the screen, set the CPU to a low value, etc… But I haven’t set all that up at this time. Maybe I will, but for now I don’t care too much.

If you want to read more about this topic, I suggest looking at either this thread or this one.

Make the uConsole a CLI/TUI first device i3wm to reduce the use of the shitty trackball

As the above title said, the trackball of the uConsole is difficult to use at best, crap most of the time… So instead of relying on a Desktop Environment or a Window Manager requiring to use it for most things, I decided to use my beloved i3wm like everywhere else. The main issue is the lack of a “super” key (the windows key) without the use of Fn on the uConsole keyboard, so I had to update my configuration to use alt (called mod1 in i3wm configuration file) as my main “modifier” as opposed to my config on my desk/laptops where I use super.

First, install the required software used in my i3 config:

sudo apt install i3-wm i3blocks i3lock

As per debian’s documentation, the i3 package is a metapackage installating i3-wm, i3lock, i3status, dunst, and suckless-tools (not sure which ones). As I prefer using i3blocks, I installed all packages manually. Check the next paragraph (useful software) as a lot of my configuration relies on some of those software.

One issue I had was the lightdm configuration, installed by default with LXDE and that doesn’t allow to change the DE/WM on its start screen. To change the session started by lightdm, I edited its configuration file /etc/lightdm/lightdm.conf and changed:

user-session=LXDE-pi-labwc
autologin-session=LXDE-pi-labwc

To:

user-session=i3
autologin-session=i3

Now log in using lightdm and you should see i3wm starting.

Useful software

Here is a list of the software I installed (I may missed some):

apt install tmux neovim ffmpeg zsh git wget curl emacs syncthing ufw bat dunst rofi fonts-font-awesome scrot thunar imagemagick xbacklight blueman nm-tray tldr-py pavucontrol mpv light elinks golang syncthing htop dfc aerc emacs alacritty syncthing xsel

Then, I copied the relevant dotfiles from my other computer (for zsh, doom emacs, dunst, rofi, etc…).

Firefox is very slow, so while I still have it installed, I decided that maybe the uConsole was a good fit to try to learn how to use chawan, a TUI browser with CSS, inline image and JS support. I’m going to write a dedicated post about this because I had to compile both Nim language and Chawan from source so it would be too long to describe here.

For emails, I use aerc. I may write latter about my setup and configuration.

I decided to use Newsboat for reading RSS feeds. I do this to avoid opening Firefox to access my miniflux instance, as newsboat can connect to miniflux (so reading an article on newsboat will mark it as read in miniflux). It isn’t perfect as sometime I still need to open the full article in a browser (eg: news website I subscribe to that only provide an summary in their feeds).

I use Navidrome to manage my music library and listen to it anywhere. I use Tempo as an android client for my phone, but I use Termsonic, a TUI client on my computer, which works great on the uConsole too. To install it (you need golang installed):

cd ~/workspace/contrib
git clone https://git.sixfoisneuf.fr/termsonic && cd termsonic
go build ./cmd/termsonic/

Then put the binary in a directory that is in your path (eg: I use ~/bin and put it in my path).

To install a signal client and a matrix client, I need (unfortunately) to have rust installed. To do so:

sudo apt install rustup
rustup default stable

Then, to install gurk, a Signal TUI client:

sudo apt install clang libclang-dev cmake protobuf-compiler
cargo install --git https://github.com/boxdot/gurk-rs gurk

And then follow the documentation to connect your new device.

And to install iamb, a matrix TUI client:

cargo install --locked iamb

You’ll also need to add ~/.cargo/bin to your $PATH variable within your ~/.bashrc or ~/.zshrc or equivalent.

To share files between my other devices and the uConsole, I use syncthing. I didn’t installed the GTK client (maybe I should), so I used the web client to configure the other devices. It is really great to share files without manual intervention, like my password (managed with pass) or my org files.

I didn’t install any fediverse client yet, but maybe i’ll find a good TUI one that works correctly with GoToSocial. But I’m not sure if I want to have access to the fediverse on this device. We’ll see.

Thank you notes

I’d like to thank a lot of people from the uConsole forum that wrote many things that helped me during this setup. The most useful links anyone buying such a device should look at are:

• https://forum.clockworkpi.com/t/just-received-my-uconsole-now-what-a-list-of-links-of-interest/15322
• https://gist.github.com/selfawaresoup/b296f3b82167484a96e4502e74ed3602
• https://forum.clockworkpi.com/t/uconsole-software-tips-and-tricks-general-thread/12243
• https://github.com/cjstoddard/Clockworkpi-uConsole

And most probably others too!

Conclusion and thoughts on the uConsole.

The uConsole is a nice cyberdeck type of device. It is solid and has a good quality build. Except for the trackball that is crap! The keyboard is good enough, while not the best. But still better than typing on a touch screen. The weird physical layout forces me to use it in qwerty though which is a bit annoying and a lot of my “a” are displayed as “q”… But that is ok.

The arrows and gaming keys are great and allowed me to have a very nice time redoing chrono trigger entirely!

The main thing is it’s size. I would have hope for something a little smaller so I could have it with me all the time. Its size makes that difficult if you don’t have a bag or big cargo pants with huge pockets (which I don’t). Maybe with the weather getting colder, having it in my coat pockets will be a solution?

The more I think about it, my ideal size would be something like a large blackberry phone… The beepy seems nice but unfortunately it is out of stock at the moment and use a Pi Zero W which wouldn’t be powerful enough though.

Anyway, that post is long enough for now, so I’ll stop here, maybe it will be useful for others as well.

This will be a short post, but I must write about it so I don’t waste time again next time I have the problem…

While I was reinstalling from scratch my uConsole with Debian Trixie (as the upgrade from Bookworm does not work) and writing my next post about my full uConsole setup, I stumbled upon a weird error when trying to connect to it via SSH.

After the fresh install, I ensure that SSH was enabled at start and currently running, I review the configuration where I disable root access but permit user password. That’s what I usually start with so I can then copy my key via ssh and then change again the sshd configuration to only allow connection via keys. Nothing I haven’t done countless of times before!

So after updating the sshd config to check that password authentication was set to yes and the port was the correct one, I opened a terminal on my desktop and fired the ssh command as usual (ssh <ipOfUConsole>) to then see this error message:

Received disconnect from <IpOfUConsole> port 22:2: Too many authentication failures

Hm? I haven’t even tried entering any password yet, so how could I have hit the maximum of failures already?

Last year, after losing everything, I redid my ssh config in a cleaner way, having more unique ssh keys, dedicated config files included in the main ~/.ssh/config file. You can read more here about my ssh setup.

Well, one thing I didn’t know was that when connecting to a new ssh server that was not part of any of my ssh config files was that all my identity would be tested before eventually asking me for a password. And apparently I have reached a number that is considering too many because it fails before actually asking for it…

The fix is quite simple and obvious once you understand the problem. Simply adding at the top of my ~/.ssh/config file before all the includes the following snippet:

Host *
    IdentitiesOnly=yes

This will force the ssh client to only use identity explicitly indicated in the command line or specifically configured for this host in my configuration. So when ssh-ing into a new box, it will not try any existing key except if I indicate to do so in the command line.

One way of testing it before changing your config is to force IdentitiesOnly in the command line for a test:

ssh -o IdentitiesOnly=yes <login>@<IP>

If that works, it means it is indeed the problem.

But in any cases, I do think it is better to always force it when having so many ssh keys anyway.

So now it is part of my configuration which looks like this:

Host *
  IdentitiesOnly=yes

Include config.d/<fileA>
Include config.d/<fileB>
…

I also edited that old blog post about my ssh config just in case.

I’ve started my selfhosting somewhere between 2005 and 2007 (I don’t exactly remember…), a long, long time ago! I have a lengthy and unfinished draft to talk more about that story, but I read a blog post from Valère (in French) a couple of months ago that sparks this particular post in the meantime.

I’m not going to talk about the basics of “why selfhosting”, the usual things around privacy, owning your data, freedom, etc… One reason I’ve been so into selfhosting on top of those is simple: I enjoy it. I like managing my small private set of services for my own usage. As others call it: “my own internet” or “my own cloud”. While sometime it can be frustrating (eg: when a piece of hardware fails or something goes down), I enjoy it most of the time :). I still do even after “the incident” of last year.

One thing I’ve always been afraid of though is selfhosting services shared with others. I don’t like that added pressure… For me, selfhosting stay enjoyable because I do whatever I want with it. I want to remove a service? I can. I want to switch from one tool to another, easy. I want to make it only usable on home network without external access? Let’s do it!

Once you start sharing your services with other, this is where it can become painful and a burden. Having other users, while really nice to help others stop using big tech solution, puts a lot of pressure on your shoulders (at least on mine). Specially if you do this just for fun and your own pleasure. Of course you can always explain your friends and family that because you provide a service hosted in a closet in your house, this service might fail. Most will understand that but some won’t. And even for the people who understands that, I would still feel more pressure to restore services used by others than the one I’m using on my own. I would be even more stressed if someone else would use a service I host for their job…

To be fair, I don’t want that additional stress. I don’t do this as my day job, it is a nerdy hobby. But people think because I work in IT, I’m an expert at everything computer related (I’m sure lots of people can relate to that one). So they expect the same level of expertise than any big tech provider (sorry, I don’t have a billion dollar company^^).

This is why I also give money to framasoft, they help lots of people by hosting quality services for many people! That’s why I don’t feel bad when I say to people “go use [put any service managed by framasoft], it is managed by framasoft and they do it better than myself”. I trust them not to use users’ data and do crazy big tech shit. When I explain to my entourage why I push them to use these services instead of using mine, most will understand, some might be a bit annoyed that “[they] can not do like [me]”. Well… Sorry but not sorry…

That being said, I’ve never refused to help someone who wanted to learn how to do it on its own. Granted it didn’t happen often, but I help a friend managed its own mail server (for the time he did it) and someone else his website hosting. But at least the pressure is not on my homelab management. And I don’t feel bad when my internet connection fails.

There are a limited number of exceptions though.

The first exception I did (and still do) was (is) for emails. I have been selfhosting my email for a long time now (±15 years) and some time ago I decided to do it also for my brother and my parents. Well, it makes sense because we share a family name, so if they want an email like me (firstname@lastname.{fr,org}), they have to ask me because I own the domain. And sharing my email with them or in front of them made them ask multiple time to get one.

I always try to be careful with my email server anyway, not because of them but because it is an important service even for me. But I remember last time I switch from one server to another, switching the tool at the same time, I had to make sure no data was lost. Took me a lot more time than if I was alone on that server. For my own usage I may have simply created an archive and started from scratch, but was not good enough for others. So here I was, spending more time on this migration than what I would have prefer.

For a long time, that was the only service I shared with other. And that was fine. I recently also installed AudioBookShelf to listen to audio books on the move (mainly when I walk my dog). My partner was very found of the idea for when she has to drive long distance for work (once a week) so she asked if she could use it too. I did give her access and installed the android app on her phone. Now my mother heard about it and wants it too. Well, the iOS (she has an iphone) app is not usable yet, so I had to say no without giving a fake excuse, but I’m not that comfortable doing so anyway… I might have done it anyway though if the iOS app was available, so maybe at somepoint.

Anyway, I may sound like a jerk not wanted to help others, but that’s only half way true. I did installed some pihole and other stuff for others who were willing to learn. But I (almost) don’t want my homelab to have more rules than being enjoyable and useful for me… Am I a bad person? Maybe… But at the same time I kept my brain sanity (more or less at least :)) and keep my stress level low, so that’s still a win.

What about you, do you manage services for others? If yes, do you do it for a very limited number of people or are they fully open? How is your stress level when something goes wrong?

Introduction

I (not so) recently received my clockworkpi uConsole and didn’t took the time to play with it yet as June, July and early August where full of way too many pro and personal things… But I took the time during the weekend to set it up using a custom debian ISO build for it that worked great. But more on all that later.

The first thing I wanted to do after the OS installation (and updates) was to encrypt my home directory. If I want to bring this device with me often, I want to make sure it is secure and my data are safe. Because it runs on a raspberrypi CM 4 with limited CPU and RAM resources, I thought that full disk encryption like I do on my {desk,lap}top(s) was too resource consuming and instead I would only encrypt my home directory. A little bit less secure but good enough in my opinion. If you think otherwise, feel free to reach out to me explaining why :).

To do so, I used gocryptfs for the encryption and I’m decrypting the folder and mounting it at login directly with pam.

Initial preparation

Nota: For the folder to be automaticly decrypted and mounted at login, it is mandatory to use the same password for your user and for the folder encryption.

Before doing anything crazy, let’s backup the existing home directory. This is important if you already have data you want to keep. In the case of the clockworkpi uConsole, it was because some settings in there are important, for example for the correct screen rotation.

cd /home
tar czf username.tgz username/

Change username with… well… your user name :). This is true for every time you’ll see username in the rest of this post!

Then, let’s remove everything in the home directory (if you haven’t created a backup yet as said above, do it now or it will be too late!):

rm -rf /home/username/* /home/username/.*

Now that the directory is empty, let’s create a file that will be there only when the encrypted files are not mounted (an easy way of checking if everything worked):

touch /home/username/gocryptfs_not_mounted
chown username:username /home/username/gocryptfs_not_mounted

Now, let’s create the directory where files will be encrypted:

cd /home
mkdir username.cipher
chown username:username username.cipher

Configuration

Ok, now we can install the required software:

sudo apt install libpam-mount gocryptfs

Then, edit /etc/fuse.conf and uncomment the user_allow_other line (remove the #). This will allow non root user to access a fuse mounted directory.

Edit /etc/security/pam_mount.conf.xml and add before </pam_mount>:

<volume
  user="username"
  fstype="fuse"
  options="nodev,nosuid,quiet,nonempty,allow_other"
  path="/usr/bin/gocryptfs#/home/%(USER).cipher"
  mountpoint="/home/%(USER)"
/>

Again, don’t forget to adapt the username.

EDIT: A nice reader (dllud) emailed me to indicate that by adding the idle=30s would automatically unmount your encrypted folder after log out. Reading the doc, it should, but for me it doesn’t work and the logs indicate that the device is busy. Not sure if lightdm or anything else is blocking the unmount, but I’m giving here the updated option line from the above pam_mount.conf.xml in case:

<volume
  options="nodev,nosuid,quiet,nonempty,allow_other,idle=30s"
/>

To ensure best performance, we can check what is the fastest encryption algorithm with gocryptfs:

gocryptfs -speed

As an example, the result for the uConsole was:

root@clockworkpi:/home# gocryptfs -speed
gocryptfs 2.3; go-fuse 2.1.0+git20220822.58a7e14; 2023-04-09 go1.19.8 linux/arm64
cpu: unknown; no AES acceleration
AES-GCM-256-OpenSSL               44.04 MB/s    (selected in auto mode)
AES-GCM-256-Go                    23.68 MB/s
AES-SIV-512-Go                    20.06 MB/s
XChaCha20-Poly1305-OpenSSL       165.63 MB/s    (selected in auto mode)
XChaCha20-Poly1305-Go            149.44 MB/s

So the good choice here is using XChaCha encryption mechanism.

Now we know how to encrypt that username.cipher folder:

gocryptfs -xchacha -init username.cipher/

As said above, if you want the auto mount to work when you log in, use the same password as your user.

And then, let’s decrypt the folder in the home directory to test:

gocryptfs -nonempty /home/username.cipher/ /home/username

The -nonempty argument is needed because of the gocryptfs_not_mounted file we created above

One important thing that made me loose a lot of time (see below) was the fact that the gocryptfs.* files belonged to the root user and that was an issue as your user needs to access those.

chown username:username /home/username.cipher/gocryptfs.*

Then, if you had data to save and created the backup as said above, you can extract data back in the decrypted folder now:

cd /home && tar xzf username.tgz --strip-components=1 -C username

Also, I’m creating a file in the decrypted folder so looking for this file will let me know if decryption worked correctly:

touch /home/username/gocryptfs_mounted
chown username:username /home/username/gocryptfs_mounted

Tests

Then, let’s test the automated decryption:

root@clockworkpi:/home# su - username
reenter password for pam_mount:
(mount.c:68): Messages from underlying mount program:
(mount.c:72): Cannot open config file: open /home/username.cipher/gocryptfs.conf: permission denied
(pam_mount.c:522): mount of /usr/bin/gocryptfs#/home/username.cipher failed

Putting this here because I had this error. If you do as well, that’s because you forgot to change ownership to the gocryptfs.conf and gocryptfs.diriv files.

If you did change the ownership and the above command worked correctly, you can now list files in your user home and check that the gocryptfs_mounted file exist and the gocryptfs_not_mounted is not there.

Now you can reboot (well, not necessary, but just in case I did :)) your device and log in via the display manager and everything should be loaded as expected. If everything worked fine, you can remove your backup archive file:

rm -rf /home/username.tgz

Conclusion

Hope this helps, I will probably use this again each time I reinstall my uConsole or other similar device installed on a SD card!

Now that this is setup, I can now start thinking about the actual usage I’ll have for this device :D. I have some ideas but that will be for a later post.

Weird idea: #Selfhosting 5 different #finger servers (all named after a finger, eg: thumb.finger.bacardi55.io, index.finger.bacardi55.io, middle.finger.bacardi55.io, …) with 5 different goals: latest tinylog entry, latest gemlog, latest blog post, and other useless thing…

I know there is absolutely no good reasons to do so except “because I can” and “it would make me laugh”… So we’ll see if I one day find the time and motivation to do so even though I have way more important things on my todolist ^^.

I received my #clockwork #uconsole 2 weeks ago, but because I was sick and then had to travel for work, I haven’t been able to play with it since I got it…

My short term goals:

• Install debian bookworm
• Encrypt only my home directory (I think full encryption might be to harsh for micro sd card)
• Install emacs, syncthing and git so I can write and publish from it
• Install some retro gaming (best rpg games were made for SNES anyway!)

What I don’t know is what am I going to do with the keyboad layout. Normally I’m an azerty user. And even on my Dogma Raise 2 that has qwerty keycaps, I have it setup to azerty as I don’t care and don’t look. But the layout of the uconsole is so special that changing it might mean I’ll struggle a lot to find some special keys… So I’m still perplex at this stage about that.

After reinstalling my NAS last week-end (using OpenMediaVault) due to mistakes on my part, I wanted to use some data stored on my NAS from an LXC container managed on my proxmox cluster. In my head, it was supposed to be very straight forward… But if I’m writing this now, it means it didn’t go as planned :D.

Creating the NFS shared directory was as simple as planned: Using the OMV web UI, I created in a few minutes a new NFS (v4) shared folder, with read-only permissions and limited to the IP of my container.

For simplicity, as the NFS storage is only available on my network, I added the following option to my shared folder: « all_squash, anongid=xxx, anonuid=yyy »:

• all_squash: Map all uids and gids to the anonymous user, which means all requests will be mapped to the anonymous user. This may not be what you want to do, but was the simplest yet secure for my read-only data accessed from only 1 specific server
• anongid=xxx (where xxx is a valid group id on the system): the group id to used for the anonymous user group
• anonuid=yyy (where yyy is a valid user id on your system): the user id to used for the anonymous user group

Then I went to my container, installed nfs-common and then tried to mount that directory without success: « Permission denied ». Hmm… Tried multiple things that are not useful for this post because none of them worked. Have I RTFM better, I would have known why: Proxmox create, by default, unprivileged LXC containers. I knew that but didn’t know the implications…

Unprivileged containers means that « all user id and group id are mapped to a different number range than on the host machine ». As an example, the root uid which is normally 0 becomes 100000. That’s due to the use of namespaces, a kernel feature. Doing so prevents that, for example, a malicious software managing to “escape” the container gets the host root permission. So important feature to secure any abuse on the host from an lxc container.

But in my particular case, it also meant I couldn’t mount any NFS folder from the host. This is also true for CIFS/SMB shared folders as well. I thought about using sshfs + autofs or switch to a VM (Virtual Machine). The later would have worked with NFS shared folder, but I prefer using LXC containers when possible as they don’t block the hardware resources like VM does. I keep VM only for servers running docker as it is more secure in that particular usage. The sshfs + autofs was a strong contender but was my plan B. Plan A was trying to make the NFS shared folder works as it avoided some extra config on my NAS to secure the folder for sshfs usage.

The proper way of mounting NSF (or CIFS/SMB) folders on an unprivileged lxc container is actually simple: first you mount the remote folder on the proxmox host and then you use the proxmox « bind mount » feature to basically mount the “mounted” storage on the host within the container.

This use case is actually writen in their wiki: « Bind mounts allow you to access arbitrary directories from your Proxmox VE host inside a container. Some potential use cases are: […] Accessing an NFS mount from the host in the guest  ».

Main drawback is that the NFS folder is mounted on the host as well even though the host does not need it. Other VMs/Containers will not see it anyway (unless configured otherwise) and in any cases, the folder is mount in read only with no critical, private or important data anyway. So for my use case, I didn’t care about those drawbacks.

Also quick note: this bind mounted storage will not be included in the backups made by proxmox, which was ok to me for those data in particular.

Be careful with your NFS configuration, if you allowlisted your container IP address, don’t forget to change it to your host IP address instead as the host is the one connecting to the shared folder now and not the container.

For the rest of this post, let’s assume that:

• My NAS is reachable at the NASName.bacardi55.local FQDN. If you don’t have a local DNS in place like this, replace it by its IP. For this post, let’s assume it is 192.168.0.55
• I’m going to mount the NFS directory FolderName from the NAS (which is in /export/FolderName on the NAS, but I won’t go through that part)
• The host will mount the above directory here: /mnt/NASName/FolderName
• The LXC container will “bind mount” the directory here: /FolderName
• The LXC container has the 555 node id in proxmox

On the proxmox host, create the directory where you’re going to mount the NFS folder:

mkdir /mnt/NASName/FolderName

Then, add a line in the /etc/fstab to mount automatically the folder:

NASName.bacardi55.local:/FolderName /mnt/NASName/FolderName nfs defaults 0 0

If your server doesn’t have a local DNS entry, you can use its IP address instead, it will look like this:

192.168.0.55:/FolderName /mnt/NASName/FolderName nfs defaults 0 0

Use only one of the 2 line above, not both.

Then, systemD daemon must be reloaded:

systemctl daemon-reload

Then, let’s mount the directory on the host:

mount /mnt/NASName/FolderName

It should work now and you can confirm by checking the content of /mnt/NASName/FolderName that should display the content of what is shared from the NFS shared storage.

Last thing to do is add the bind mount to the LXC container. This is not doable from the proxmox UI, so you must do it from the command line:

pct set 555 -mp0 /mnt/NASName/FolderName,mp=/FolderName

You should now see the mounted storage without launching any command within the LXC container.

And voilà, your data shared via NFS are accessible from your unprivileged LXC container :). And if another LXC container needs to access this storage, all you need to do is reuse the pct command with the container node ID instead.

I would have saved a lot of time by actually reading the proxmox wiki first, but I finally got there. I would have prefer not to mount the NFS storage on the proxmox host, but I did what was necessary to avoid using a privilege lxc or a VM :).

https://blog.pomdtr.me/posts/tweety-v1/

While I have nothing against the writer of this post and I don’t care if they decided to use their terminal within their web browser, I do believe this is yet another example of how we broke our use of computer and the web in general…

« Everything should be a web app » is just a very bad idea for so many reasons that I’m too tired to enumerate here. A side effect is seeing so many CLI/TUI application developped in JS/Typescript/NodeJS.

I don’t want to only use a web browser at all, I want more “desktop software” doing their job well, even if they are connected to web services to do their job… My window manager is then here to manage window and workspace the way I like. I have already too many tabs open in my web browser (even though I’m using readeck (read-it-later) and linkding (bookmark manager)) to add all my terminal windows in there too.

Useless rant, but I had to say it anyway :-).

Just discovered that an android application for #readeck already exists! I wasn’t aware of that and that might be a game changer for my readeck usage as it does provide offline usage!

https://github.com/jensomato/ReadeckApp

Will try it later today!

https://support.mozilla.org/en-US/kb/future-of-pocket

So mozilla is shutting down pocket… Yet another good move from them /s. I guess they need the money to develop more AI bullshit and focus their R&D money where their own users don’t want it to go…

Anyway, I’ve never used that tool anyway, but I can strongly advice using either #wallabag or #readeck . Both are great tools! Readeck is faster and has a better and more beautiful UI. But Wallabag has a phone app that can import articles for offline read, which I believe readeck really need to get at some point. Too bad I just don’t want to build an android app (for readeck or anything really).

I believe you could achieve the same with readeck and its OPDS endpoint. Something I still need to look at.

That’s the 3rd time today that I had to reach out to someone because they deployed an anti AI service like #anubis or #goaway . I have nothing against these people that just try to protect their service / assets from these shitty bot scrapping the web like they own it (when normal people do it, they get sued though)…

That’s what the AI slop is giving us right now: shitty AI services that most don’t care about (and the one that does should be a lot more careful about their results) and are a pain in the a** for everyone else: people trying to run small services / websites and the one that try to follow them outside of proprietary jails…

I really hate the state the web is now… NO thank you big tech sh*t heads.

Hey, we have checked your website and it looks like SEO isn’t working properly, and it’s also not ready for AI-based ranking. We guarantee TOP3 placement on search results for a very affordable price. You can WhatsApp us: [redacted]

Just received this spam for the 2nd time in a couple of days… What they don’t know is that:

• I don’t care about SEO. This sh*t has been broken for a long time anyway.
• “Not ready for AI-based ranking” is actually a great thing to me :D

Seriouly though, not the first time I get around this, so I guess they found me somewhere so it must not be that hidden anyway xD… But still I wish I wouldn’t receive those email wasting my time (even for a few secondes).

I just love email conversations that I sometimes have with other bloggers or people that read some of my blog posts. Most people reaching out (or people I reach out to) are nice and open. And it often sparks new thoughts and ideas in a very positive manner!

As written in my about page:

I’m happy to receive any messages regarding this site or its content, would it be a short or an extensive message, in French or in English, on any of these channels

So always feel free to reach out!

https://holdtherobot.com/blog/2025/05/11/linux-on-android-with-ar-glasses/

This seems both cool and useless… I’d love to try it at least once but I really don’t want to spend the money for it.

I really like that I can now write one microblog entry and decide to deploy it on both or either my website (as notes) and/or on my capsule as a tinylog entry! I need to write more about this, but basically it goes like this:

• write in emacs/orgmode the entry using a capture template to preformat the entry (specially the frontmatter)
• Indicate in the frontmatter the channel: “tinylog” and / or “website”
• Optionnaly add a element to indicate it is a response to someone (used only on tinylog entry for now)
• Optionnaly add tags (only used on my website so far)
• Export to markdown using ox-hugo as for blog or gemlog post in the right place
• Git add / commit / push the file
• Sourcehut automated build starts like usual and use a new tool I created called micrologs to create the tinylog.gmi file and the different markdown file for hugo

Seems over engineered like the rest of my deployment workflow, but weirdly I find it easy and fun :).

Missing pieces:

• Micro logging from my phone
• Add “fediverse” (my gotosocial account) as another channel to choose to deploy entries too

I love my new Dygma Raise 2 keyboard!

Mandatory picture:

(This is mainly an entry to test my new micro blogging workflow for my tinylog and on my website)

My previous post explained my journey with keyboards that lead me to the Dygma Raise 2. It is now time to write my actual review of this awesome keyboard!

The purchased configuration

First, let’s talk about the configuration I chose for my Dygma Raise 2:

• Color: white (to change my usual black keyboard)
• Language: English UK (ISO keyboard layout)
• Switches: Kailh Box White (clicky, the closest to cherry MX Blue)
• Wireless: Yes (low latency radio frequency and bluetooth)
• Tenting: Yes (ability to raise vertically the keyboard, see the screenshot)
• RGBW Underglow: No
• Extra keycaps: Yes: dash ISO
• Extra switches: No

Mandatory picture (sorry, the quality isn’t great):

My review The one bad thing

Before talking about the all the great things about this keyboard, let’s address the main issue I have with it. Well, not really with the keyboard itself, but with the extra keycaps I’ve purchased. You may have noticed that I purchased some extra “dash” keycaps. “Dash” keycaps all have a dash on them, as shown here.

I’ve purchased those because the layout I use is azerty, not qwerty. And Dygma does not offer azerty layout. That’s fine because I know the layout enough to not look at the keys. So I thought that the dash one would be perfect, avoiding people looking at the key and not understanding why the “q” was typing an “a” (dash might be confusing too, but for other reasons :P).

So why am I not using them? Because these extra keycaps are the only thing in my order that wasn’t of good quality. What do I mean by that? The keycaps are not all of the same size and height. And I mean for each line. Each line has a different form to adapt to the finger placement, but all keycaps of a line are normally the same. They were not in the extra keycaps I received. Some were a bit larger than others, others were a bit taller… Not by much, but enough to be annoying (and that defect is clearly visible, not just a sensation). The good news is that the default qwerty keycaps don’t have this problem and are perfectly the same.

I was greatly disappointed by that (specially for their price)… I couldn’t use them so I decided to use the default qwerty ones. Again, that’s not really an issue to type for me as I don’t look, but still frustrating. I need to contact them about that, as I’m hopping it is just bad luck and not the case for every dash extra keycaps.

The good

Otherwise, everything is great. The Kailh Box White switches, indeed, are close to cherry MX Blue and while I can feel a small difference, I like them as much as the cherry MX blue. The clicky noise is lovely as well, for me at least, maybe not for people around me :P.

The keyboard can be connected by a cable or wirelessly (as I bought that option). In case of wireless connection, you can either use the low radio frequency which require to connect a small dongle via USB, or connect the keyboard via bluetooth. On my desktop, I use either the cable connection or the wireless radio frequency (mostly to use the battery and not charge them 100% of the time). On my laptop, I use the bluetooth connection.

I’m also planning to connect it via bluetooth to my phone as it can be connected to multiple devices and you can switch from one device to another by using some keyboard shortcuts. It is great to switch quickly which can be extremely useful at times, for example to switch to my phone to type a long text message and then connect it back to my computer. Monitoring the battery level of the 2 parts is accessible via a simple keyboard shortcut so you can avoid bad surprises. A nice touch :).

Even though the keyboard is a split keyboard, you can still connect the 2 pieces together and use it as a 1 piece 60% keyboard. Why would you do this? Well in case of limited space while traveling or using it on your lap. Also a good way to start with a split keyboard by first having it one piece to get familiar with it before separating the 2 pieces.

I started with a small gap between the 2 pieces and now I’m using it with the 2 pieces widely apart, each being in front of my shoulders, meaning my wrists are naturally aligned with my forearms. The gap is big enough to put my mouse between the 2 pieces. I find it relaxing that way, but you can use it the way you like :).

I also love the traveling case, classy and robust, perfect for protecting the keyboard on the move. It is big though and thicker than my laptop so you need space when bringing it with you.

Even though I purchased the tenting option, I’m not using it yet. I didn’t want to risk the change being to big on day one, so first I move little by little the 2 pieces apart, now that they are at the “right” position (to me), I may start testing the tenting, again little by little. Not sure if I will like it or not, but that’s supposed to be better for my wrists too so at least I’m going to give it a try.

Finally, the configuration software (bazecor) is simple to familiarize yourself with. Lots of helpful indication to avoid searching online and be autonomous quickly. It was also package as an AUR package so installing it on Archlinux took one command line and a few seconds. Only disappointing part of it is that I can not configure it via bluetooth even though it is supposed to be possible. It works while connected via RF or cable though.

My current configuration

You can configure multiple layers on the keyboard (not sure if 9 is the maximum of if you can add more) to manage different layout and shortcuts depending on your needs. In my case, I’m using “only” 3 layers (at least for now).

layer 1 (default)

The default layer is my layer 1, which is mostly a default azerty keyboard:

The main differences with a “normal” azerty keyboard are (notice that the usual “big space bar” is splitted into 4 keys here):

• the left space on the left part: space when tapped, but super (the window key) when hold. Main reason is that I use super+number to switch workspace in i3wm (my window manager) and this is more “thumb friendly” than the usual place between the control and the alt keys
• the “back space” below the space of the left piece: shortcut for control+backspace to delete one word instead of one character with “just backspace” (which is still there at the usual top right place)
• the right space of the right piece: space when tapped, altgr when hold. Same reason as the super on the left, it is more thumb friendly at this place as altgr is very useful for an azerty keyboard
• The blue keys, from left to right: when tapped: left, down, up, right (vim motion <3). When double tapped: home, page down, page up, end
• the green button of the left piece: switch to layer 2 permanently (meaning until I switch back)
• the green button of the right piece: when hold, activate layer 3. When clicked activate layer 3 for 1 key (meaning after pressing one key in layer 3, go back to layer 1).

layer 2

• The top number keys becomes the F1 to F12 keys
• zqsd are used for arrows (like wasd in qwerty)
• on the left side, special keys (the one in white in the picture) stay the same, all letter keys are inactive (“No Key”)
• on the right side, the yellow keys are moving the mouse cursor and the purple ones are either left/right click or mouse wheel scroll. I’m not using them much yet but I need to practice to leave the keyboard even more if possible
• Blue keys on the right of the mouse ones are the usual insert, home, page up, del, end page down. Not using those much because double tapping the blue keys of layer one do the same thing
• Blue keys bellow are the arrows again. I have them twice so I could use them with both hands which can be useful for different game hand positions
• Green button of the left side goes back to layer 1
• Green button of the right side goes to layer 1 as well

I feel that the layer 3 is under used, but I believe I’ll put more useful shortcuts there with time.

Layer 3

• The 3 yellow keys are my shortcuts for screenshots, from left to right: ask for selecting an area of the screen to screenshot, screenshot of the current window, screenshot of the entire screen(s)
• The blue key allow switching to another bluetooth device (if multiple are connected at the same time)
• the green one will show battery level of the 2 sides
• the white one toggle the keys led (eg: if I want to save battery)
• “TRANS” means transparent, meaning the key will do what it is supposed to do in the default layer

Conclusion

As said in the intro, I really love this keyboard! Passed the dash keycaps deception, everything is perfect and the switch has been fast and painless. Initial configuration took a couple of hours but after that I only changed a couple of minor things in a couple of minutes each time thanks to the great configuration tool.

I still have to try the tenting thing, but even without that I already feel a difference by having my shoulder, forearms and wrist aligned so mission already accomplished.

While the dygma raise 2 is expensive and not everyone can afford buying a 500$ keyboard, I don’t regret the investment. I’m hopping it will last as long as my wooting one. I used my wooting one for 7 years (and could still use it as it works still perfectly), so if this one is as good and last 10 years, it would be a 50$/year investment, which wouldn’t be that bad considering the amount of time I spend typing on it per day :). Yes, I know, it is a poor attempt to rationalize such a crazy investment… :D.

Feel free to ping me if you have any question about it :-).

Nota: This post was supposed to be a review of the Dygma Raise 2 keyboard, but ended up being about my story with keyboard to arrive to the Dygma Raise 2… It is already way too long so I decided to stop there and I will write another post to do an actual review instead of writing a post too long to read :-). If you care only about the review, wait for the next post!

Before 2017, I didn’t care too much about keyboards. I was used to cheap 100% (with numeric pad) azerty keyboard or using the keyboard included with my laptop of the time. And even if I spent numerous hours using those, I wasn’t picky at all. I became fast enough with those and that was enough for me.

Using more and more laptop devices, I realized one thing though: keyboard with numeric pad were annoying because it was moving my mouse very far on the right as I must have the main area of the keyboard centered with the screen in front of me. I don’t know if it is some kind of OCD or just normal, but I can’t use a keyboard not well centered… With a 100% layout, the pad was already far right and then the mouse even more which was less confortable.

That’s why I added a rule for all my laptop: no laptop large enough to include a numeric pad. It would make the main keyboard area not centered and that was for me a show stopper. The mouse at the right of laptop was then perfect. The other show stopper for a keyboard was if the control key was not the bottom left one (some laptops have the “fn” key at the bottom left which breaks all my muscle memory shortcuts).

This started to make it less and less comfortable for me to use standard external keyboard, even though it is usually better when you have external screens plugged to a laptop. But I was still using cheap keyboard and was fine with it.

In 2017, I discovered kickstarter and the very first thing that picked my interest was a gaming analog mechanical keyboard: the wooting one. I’m linking the kickstarter campaign because they don’t show this keyboard on their site anymore. While not a big gamer, I decided to back them up because:

• I was looking for a 80% keyboard
• Heard so much nice things about mechanical keyboard I wanted to try
• While not a big gamer, I was playing starcraft II a lot back then and thought the analog part of it could help on other games if I decided to play more like I did years before (which I didn’t)

After some time (I don’t remember, but maybe around 4 or 5 months), I received my new keyboard and then my life changed! I fell instantly in love with the blue switches (you know, the ones with the very loud clicky noise :-)) as well as the 80% size.

After using it for a few months, every keyboard I tried suffered the comparison. I became a mechanical keyboard advocate and even bought one for the office but with brown switches (less noise for my colleagues, even though I prefered the blue) and another one for travel (a small 60% layout).

As I was also working more and more from home, I invested money in a more ergonomic setup at home. I bought a standing desk to avoid being seated all day, adjustable monitor support and secret lab chair.

Trying to always improve my setup, I was also reading about ergonomic keyboards. My first attempt at ergonomic keyboard was a TypeMatrix that I bought around 2011 as a bundle order with a colleague back then. But never managed to use it so I sold it later.

I was a little scared to try again those type of ergonomic keyboards because they are usually very expensive… But one day I yielded and purchased the ZSA Moonlander. It costed a lot of money but I was motivated to improve my setup. After its arrival, I spent hours configuring it and then tried to train daily using it at least 1 or 2 hours per day. I couldn’t switch entirely from day 1, because it was such a big change that my typing speed was really too slow to be my daily driver, specially during work hours. I couldn’t keep up for example in a meeting to write notes. Not even talking about all the typing mistakes, I was simply slow as hell. Typing a 3 minutes email was turning into a 15+ minutes exercise and I had too much to do to accept that. Hence the daily training.

But even with that good will, I didn’t manage to do the full switch… I tried with azerty and bepo, but no matter the amount of training, I always went to my wooting one. I gave up, put it in a drawer and moved on. Since then I tried multiple time to get it out of the drawer and train again or even forced myself again to use it. But I did not succeed. So I sold it not that long ago. I think the ortholinear layout was too complicated for my brain to change after so many years typing on those weirdly aligned keys.

I then tried a less extreme one last year: the Keychron V10. I used it for a couple of months but I didn’t like it as much as my wooting one… So even though it was supposed to be more ergonomic, I still switched back to my wooting one.

At that point, I decided to give up on those splitted and/or ergonomic keyboard. Ortholinear layout was breaking my typing flow and made my brain freeze too much. I already moved to an ergonomic mouse (story for another time) which fixed my right wrist pain anyway. I still had a small left wrist pain after extensive typing but that was light and rare enough for me to ignore it and keep things as they were.

It was until I stumbled in my feed reader on a blog post that I unfortunately can not find again (miniflux search is not great) that talked about the Dygma Raise 2. I was quickly intrigued as this is a split 60% keyboard but with a traditional layout, not an ortholinear one. I thought it could finally be the keyboard I was looking for. The split would allow me to finally have my hands in the alignment of my shoulders, while keeping a layout I was familiar with. A few additional keys but not much so it would still be familiar for my muscle memory while still allowing some great customization.

I hesitated a couple of weeks as it is yet again a very expensive keyboard but ended up buying it while thinking this would be my last try at a non traditional keyboard. And boy was I right to do so!

I bought it on the 16th of April and received it on the 25th of April. And I’ve been using 100% of the time since! Took a couple of hours to configure it exactly how I wanted and the transition was very easy! I realized that I was using the 6 and B keys with the wrong hand (right instead of left), but otherwise my muscle memory was not lost and my typing speed was 90% on day 1 and I believe I came back to my usual speed in a couple of days.

I’m even using it when traveling with just my laptop because it is that good that I don’t want to type on anything else at this stage!

As this post is now long enough, I’ll keep my review for my next post, but as you have already understood, it will be a very positive one :-).

Today, I decided to over-complicate my deployment workflow… again! Or maybe simplified it… I am not sure 🤣…

Anyway, in a nutshell, what I did is removed content from my blog and capsule repository and instead have one content repository instead.

Previously, I had:

• a blog repository, containing all hugo (static site generator) related files (template, config, …) as well as the blog posts within content/posts/ and other content in there too (eg: pages, …)
• a capsule repository, containing all kiln (static capsule generator) related files and the gemlog posts. Similar to the blog one but for my capsule
• a writting-deployments (with the misspelling yes) repository, containing all the scripts needed to build and deploy both my website and capsule
• a repository for my custom hugo theme

The issue were that I had content scattered across both the website and capsule repository. That was a bit annoying and then scripts were taking some content from the blog repository (blog posts) to convert them in gemtext (see here) and then take gemlog post from the capsule repo to put them (after some alteration) to my blog.

While this hasn’t fundamentally changed, what I wanted to do is to regroup all content that were supposed to be used both in website and capsule in a single repository.

I did this for 3 reasons:

• In the (very near) future, I want to move my micro blogging content to my website and/or capsule first and then syndicate elsewhere. I’ll write more about the general idea later, but I want a way to write microblog entries and decide easily where they will be displayed. Having this “content only repo” will help, but I’ll explicit the concept later, when I have it ready. A POC is well underway though :).
• It bugged me to have them separated (well, I could have live with it but it was still in my mind)
• Simplify the deployment process. While it doesn’t seem obvious when explaining all this, it made it simpler. If interested, the new script is here and the .build file is there.

From the writing-content repository, the steps are:

• copy blog post to content/posts/ of the hugo directory
• copy gemlog posts to content/gemlog/ of the hugo directory, rename them from .gmi to .md, keep the frontmatter and remove the content from them
• copy gemlog posts to content/gemlog/ of the capsule directory
• copy blog posts to content/blog/ of the capsule directory after transforming them from markdown to gemtext (using lowdown)

I’m also going to change the gemlog format from now on and add them in markdown instead of gemini. As you may have guessed, I’ll use lowdown to transform them in my script, same way I’m transforming my blog post to gemtext.

Anyway, this post has been written a bit fast compared to others, but I was happy that I made that big change just in a couple of hours :-).

There will be a couple of additional post to this series and hopefully that will be the end of it and this process will stay as is for a long period of time without any further changes :).