rename blog dir

1 files changed, 0 insertions, 197 deletions

diff --git a/080_blog/00015_Admin/00050_Wine-in-LXC/index.md b/080_blog/00015_Admin/00050_Wine-in-LXC/index.md
deleted file mode 100644
index 24344e0..0000000
--- a/080_blog/00015_Admin/00050_Wine-in-LXC/index.md
+++ /dev/null
@@ -1,197 +0,0 @@
-Wine inside LXC
-===============
-
-Abstract
---------
-
-Running Wine inside an unpriviliged LXC Container as a secondary user,
-utilizing the host systems OpenGL 3D acceleration and PulseAudio.
-
-Host System
------------
-
-* Debian 9 / Stretch
-* Xorg running as primary user "miguel"
-* NVIDIA proprietary drivers (debian's contrib/non-free)
-* PulseAudio up & running as primary user (I run pavucontrol as miguel)
-* A Secondary user "retard2" with uid/gid=1002
-
-Preparations
-------------
-
-Allow access to the display server and audio. Note that you should 
-restrict this in a real world setup (e.g. auth-ip-acl):
-
-    migue@host$ xhost + # allow remote X access
-
-add this lines to /etc/pulse/default.pa and restart pulsaudio:
-
-    load-module module-native-protocol-tcp auth-anonymous=1
-    load-module module-zeroconf-publish
-
-Create Container
-----------------
-
-    1. In order to allow the creation of virutal network bridges as our 
-    secondary user, add the following two lines to /etc/lxc/lxc-usernet:
-
-    retard2  veth         virbr0     2
-    retard2  veth         lxcbr0     10
-
-    2. Login as retard2 ("su" does not work well with cgroups)
-
-    miguel@host$ sudo machinectl login   # than login as retard2
-    retard2@host$ cat /proc/self/cgroup  # just check cgroups if you want
-
-    3. Add subuid subgid mappings to /home/retard2/.config/lxc/default.conf
-    You can check the ranges in /etc/subuid and /etc/subgid:
-
-    lxc.id_map = u 0 1541792 65536
-    lxc.id_map = g 0 1541792 65536
-
-    4. We are ready to create the lxc container as retard2: 
-
-    retard2@host$ lxc-create -n winebox -t download
-
-    Select exactly the same distro / version / arch as you run on the
-    host. i.e. debian / stretch / amd64
-
-    retard2@host$ lxc-ls # assure that "winebox" LXC was created
-
-    5. Adapt the new config in: ~/.local/share/lxc/winebox/config adding:
-
-    # NET
-    lxc.network.type = veth
-    lxc.network.link = lxcbr0
-    lxc.network.flags = up
-    lxc.network.hwaddr = 00:16:3e:be:3c:5a 
-
-    # X
-    lxc.mount.entry = /dev/dri dev/dri none bind,create=dir
-    lxc.mount.entry = /tmp/.X11-unix tmp/.X11-unix none bind,create=dir
-
-    # NVIDIA
-    lxc.mount.entry = /dev/nvidia0 dev/nvidia0 none bind,create=file
-    lxc.mount.entry = /dev/nvidiactl dev/nvidiactl none bind,create=file
-
-    6. Finally start the container and enter its realm:
-
-    retard2@host$ lxc-start -n winebox
-    retard2@host$ lxc-ls --running            # check it is up & running
-    retard2@host$ lxc-attach -n winebox -- su # enter container (as root)
-
-Inside the Container
---------------------
-
-    1. Adapt /etc/apt/sources.list to make use of "contrib" and "non-free" 
-    and run:
-
-    root@winebox$ apt update
-
-    2. Get OpenGL running
-
-    root@winebox$ apt upgrade
-    root@winebox$ apt install mesa-utils
-    root@winebox$ apt install xserver-xorg-video-nvidia
-    root@winebox$ DISPLAY=:0 glxgears                        # check
-    root@winebox$ DISPLAY=:0 glxinfo  | grep "direct render" # check
-
-    3. Get PulseAudio running.
-    Please adapt the IP to the host's lxcbr0 ip address.
-
-    root@winebox$ apt install pavucontrol
-    root@winebox$ DISPLAY=:0 PULSE_SERVER=10.0.5.1 pavucontrol
-
-    At this point we should have accelerated video and audio running from 
-    inside our LXC. Well Done!
-
-Wine
-----
-
-A few trivial requirements:
-
-    root@winebox$ apt install wget
-    root@winebox$ apt install gnupg
-    root@winebox$ apt install apt-transport-https
-
-Now let's get some wine accoring to: https://wiki.winehq.org/Debian:
-
-    root@winebox$ sudo dpkg --add-architecture i386
-    root@winebox$ wget -nc https://dl.winehq.org/wine-builds/Release.key
-    root@winebox$ sudo apt-key add Release.key
-
-Add the debian stretch wine repo to your /etc/apt/sources.list:
-
-    deb https://dl.winehq.org/wine-builds/debian/ stretch main
-
-    root@winebox$ apt update
-    root@winebox$ apt-get install --install-recommends winehq-stable
-
-Unfortunatelly wine still depends on the 32-bit versions of some libs so
-we have to replace our 64-bit verions by running:
-
-    root@winebox$ apt install libgl1-nvidia-glx:i386
-
-Restrict Networking
--------------------
-
-Now You can optionally restrict any communication with the outside world:
-
-    miguel@host$ sudo iptables -F FORWARD       #block traffic
-    miguel@host$ sudo iptables -P FORWARD DROP  #block traffic
-
-If your host is forwarding traffic you will need to set up some rules.
-
-Finalizing Contianer
---------------------
-
-    1. Create a non-root user:
-    root@winebox$ adduser lxc-retard
-
-    2. Now we can exit the container with :
-    root@winebox$ exit
-
-    3. Stop the container on the host. This might take some while.
-    retard2@host$ lxc-stop -n winebox
-
-    4. THIS WOULD BE A VERY GOOD MOMENT TO SNAPSHOT THE CONTIANER 
-    FOR LATER REUSE!
-
-Summary
--------
-
-Congratulations! Now you are running "wine" as an unprivileged user
-inside of an unprivileged container of a secondary user, utlizing your
-hosts hardware acceleration and PulseAudio capabilities.
-
-Optionally traffic forwarding has been blocked, for increased security.
-
-Using the Container
--------------------
-
-To use your new container you will need to go through the following 
-steps each time:
-
-    miguel@host$ xhost +
-    miguel@host$ sudo iptables -F FORWARD       #block traffic
-    miguel@host$ sudo iptables -P FORWARD DROP  #block traffic
-    miguel$host$ sudo machinectl login # and login as retard2
-
-    retard2@host$ lxc-start -n winebox
-
-Now you can attach to the container as lxc-retard user:
-
-    retard2@host$ lxc-attach -n winebox -- su lxc-retard
-
-Alternatively we can attach as root:
-
-    retard2@host$ lxc-attach -n winebox -- su
-
-Do not forget to stop container once you are finished:
-
-    retard2@host$ lxc-stop -n winebox
-
-Remember that stopping might take a while. Be patient!
-
-Make sure to automate/adapt the process, according to your personal
-preferences and requirements.