Refine e_d

Author: Magicloud

_posts/2025-09-14-boot-nixos-with-extlinux.markdown

@@ -12,7 +12,7 @@ So I got a 3TiB USB HDD and a 8GiB USB thumb drive to install a whole new system
 
 While I was using the old configuration.nix (installing grub2), I noticed that there is an option, `boot.loader.generic-extlinux-compatible.enable`, which generates a directly usable extlinux.conf. This certainly is much better than I editing and copying those configurations. Therefore I disabled Grub2 and made following steps:
 
-```
+```shell
 mount /dev/disks/by-label/root /mnt -onoatime,nodiratime
 mkdir /mnt/boot
 mount /dev/disks/by-label/boot /mnt/boot -onoatime,nodiratime
@@ -25,4 +25,4 @@ extlinux -i /mnt/boot
 (cd /mnt/boot && ln -s extlinux/extlinux.conf .)
 ```
 
-This should do it. But I failed. It did not boot at all. No matter how I confirmed my process and verified in VirtualBox. At last, I replaced the boot device to another USB thumb drive and it all worked. Seems like the original one hardware is broken.
+This should do it. But I failed. It did not boot at all. No matter how I confirmed my process and verified in VirtualBox. At last, I replaced the boot device to another USB thumb drive and it all worked. Seems like the original one hardware is broken.

_posts/2025-09-14-save-remote-desktop-password.markdown

@@ -8,7 +8,7 @@ For reason unknown, the Remote desktop app of my Windows 11 does not give the sa
 
 On the first try, I updated the Group Policy, which equals to registry below. The option appeared, I could input the password before connecting. But it did not pass, nor it was saved.
 
-```
+```registry
 Windows Registry Editor Version 5.00
 
 [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services]
@@ -36,4 +36,4 @@ Windows Registry Editor Version 5.00
 "1"="TERMSRV/*"
 ```
 
-Then I decided to update the .rdp file directly. Much simpler. The tool involves is [a powershell script](https://github.com/RedAndBlueEraser/rdp-file-password-encryptor). Run the encryptor, input the password, append a line to .rdp file in format of `password 51:b:**YOUR HEXADECIMAL STRING HERE**`. And that is it. Note: the encrypting is host depended. Using the same "hexadecimal string" on other hosts won't work.
+Then I decided to update the .rdp file directly. Much simpler. The tool involves is [a powershell script](https://github.com/RedAndBlueEraser/rdp-file-password-encryptor). Run the encryptor, input the password, append a line to .rdp file in format of `password 51:b:**YOUR HEXADECIMAL STRING HERE**`. And that is it. Note: the encrypting is host depended. Using the same "hexadecimal string" on other hosts won't work.

_posts/2025-10-19-host-own-dns-provider-for-k3s.markdown

@@ -10,8 +10,55 @@ Many tools are WebUI tools. Generally, in an formal K8S cluster, they would be e
 
 Only if there is something like those cloud DNS providers that work with ExternalDNS.
 
-Here is [E_D](https://github.com/Magicloud/externaldns-webhook) comes to rescue. **E_D** is a tool to connect ExternalDNS and DnsMasq. With the tool, and ExternalDNS deployed in K3S, all services / ingresses could have their own address just an annotation away, like they are in EKS/AKS.
+Here is [E_D] comes to rescue. **E_D** is a tool to connect ExternalDNS and DnsMasq. With the tool, and ExternalDNS deployed in K3S, all services / ingresses could have their own address just an annotation away, like they are in EKS/AKS.
 
-Clone the repo, build the E_D image with `e_d.Dockerfile`. Update `examples/e_d/dnsmasq/dnsmasq.conf`/`examples/e_d/dnsmasq/dnsmasq.yaml`/`examples/e_d/helm-value.yaml` on local domain name, upstream DNS server and hostPath of the share mount. Build DnsMasq image with `examples/e_d/dnsmasq/Containerfile`, install DnsMasq image with `examples/e_d/dnsmasq/dnsmasq.yaml`. Install ExternalDNS chart with `examples/e_d/helm-value.yaml`. Here E_D and DnsMasq communicates via the conf file in the shared mount. It does not have to be persisted.
+[ExternalDns-webhook](https://github.com/Magicloud/externaldns-webhook) project is the ExternalDns out-tree DNS service provider interface in Rust. And its example **E_D** is an implementation for DnsMasq. Thus with some certain setup to connect E_D with the **DnsMasq** of my LAN name server, all K3S exposed host names are solvable within my LAN.
+
+To use E_D with ExternalDns, a few values are needed when installing ExternalDns Helm Chart.
+
+The key part is `provider`.
+
+```yaml
+provider:
+  name: dnsmasq
+  webhook:
+    imagePullPolicy: Always
+    image:
+      repository: ghcr.io/magicloud/e_d
+      tag: "latest"
+    args:
+    - --domain-name
+    - magicloud.lan
+    - --conf-filename
+    - /etc/dnsmasq.d/external.conf
+    env:
+    - name: RUST_LOG
+      value: debug
+    extraVolumeMounts:
+    - name: conf
+      mountPath: /etc/dnsmasq.d/
+```
+
+This would create a second container in ExternalDns pod. And ExternalDns would know to contact with it about name changes.
+
+This part also claims that we need a volume for E_D. This is specified in another section.
+
+```yaml
+extraVolumes:
+- name: conf
+  hostPath:
+    path: /mnt/data/conf/dnsmasq/
+```
+
+Another part worth noting is `policy`. Following is its doc, and I set it to `sync`.
+
+```yaml
+# -- How DNS records are synchronized between sources and providers; available values are `create-only`, `sync`, & `upsert-only`.
+policy: upsert-only  # @schema enum:[create-only, sync, upsert-only]; type:string; default: "upsert-only"
+```
+
+After all these, names in K3S managed via annotation `external-dns.alpha.kubernetes.io/hostname` will be ended up as a DnsMasq conf file in `conf` volume.
+
+To use the conf file, I have a customized DnsMasq image that watches the file and restart DnsMasq when it changed. Yes, sadly DnsMasq does not support hot reloading. The image sit in *examples/e_d/dnsmasq*.
 
 Now everything is running. Pointing desktop DNS solver to exposed DnsMasq host#port, try the ExternalDNS annotations as usual and see the records appear in DnsMasq conf file and work.