Posts

Having worked out how to handle TLS traffic on my K3S setup, it is time to achieve the same goal on Docker. In this guide, I’ll show you how to set up a Raspberry Pi running Docker Swarm, SWAG (Secure Web Application Gateway), and Let’s Encrypt to secure your containerized applications with free TLS certificates. While I’ll use Jellyfin as an example, this approach works for most containerized applications. Getting started Prerequisites A Raspberry Pi with Docker and Docker Swarm. A public domain managed, for example, by Cloudflare. Containerized applications, such as Jellyfin, running on Docker. SWAG to handle reverse proxy and TLS certificates. Folder structure All my Docker containers data is stored on BTRFS volume under /opt/my_pool where I have created a folder for each container and the nas-stack.yml file with all the Docker instructions. ...

In this article, we’ll look at using Traefik in K3S alongside cert-manager to act as an ACME (Automatic Certificate Management Environment) client for acquiring certificates from Let’s Encrypt. In order to obtain certificates, it is necessary to prove domain ownership to a Certificate Authority (CA). One method of verifying ownership is through a DNS-01 challenge. For this guide, we will use Cloudflare as our DNS provider, but the principles outlined can easily be adapted for use with other DNS providers. ...

This is the first part of my MikroTik and Terraform series, where I will explain my old and current setup and answer a lot of questions about why. Old setup Many, many years ago I decided to abandon the traditional two-pair wiring hDSL (most widespread, at least in Switzerland) because I was bored of paying the electrician at each house change due to the required changes on the building telephone panel. To cut a long story short, I chose the LTE modem for its versatility, I have no need for high performance and therefore did not choose fibre optics. ...

I recently bought a MikroTik router and I’m spending a lot of time configuring it and trying to understand/learn as much as I can (some posts coming in the near future). With the new router I would like to go a step further and set up some static DNS entries within my home for my devices and for my lab. In this post we will: Prevent dhcpd and NetworkManager to overwrite /etc/resolv.conf Configure Dnscrypt-proxy to use Quad9 with DoH Use Dnscrypt-proxy forwarding feature to resolve hostnames of home devices Manually configure /etc/resolv.conf Configure dhcpd By default, dhcpd obtains nameservers from the DHCP server and configures them in /etc/resolv.conf. If you are a frequent traveller, this means that you will use whatever name servers are configured on the networks you connect to, with some potential security threads (MiTM, DNS Spoofing/Hijacking and privacy risks). To avoid this, we will configure dhcpd to ignore the DNS servers received from the dhcp server and always use Dnscrypt-proxy listening on localhost:53. ...

Nowadays, the browser is always open on my computer and I spend most of my time there. If there is a problem or I need to look up the parameters of a command, the first thing I do is look it up on the web. Now I want to go back to using man pages and rediscover the romance and essence that they convey. Why Man Pages? Always there when you need them: Unlike the internet, which requires connectivity, man pages are always right there on your system. Whether you’re on a plane, in a remote area, or just want to avoid the distractions of the web, man pages are a reliable companion. ...

I would like to build a simple NAS using my Raspberry Pi 5, equipped with the Geekworm X1011 and an M.2 NVMe drives. This project will also provide me with the opportunity to use BTRFS for the first time. Getting started To install BTRFS excecute the following commnad: sudo apt install btrfs-progs Uses lsblk to get the current partitions status $ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS mmcblk0 179:0 0 14.9G 0 disk ├─mmcblk0p1 179:1 0 512M 0 part /boot/firmware └─mmcblk0p2 179:2 0 14.4G 0 part / nvme0n1 259:0 0 476.9G 0 disk └─nvme0n1p1 259:1 0 476.9G 0 part nvme1n1 259:2 0 238.5G 0 disk nvme2n1 259:7 0 238.5G 0 disk If needed remove the old partitions using fdisk, cfdisk or parted ...

In Debian installation process, the preseed.cfg file allows for automated installations by pre-configuring various installation parameters. In this article I will focus on the d-i preseed/late_command string parameter, which is used to run custom commands at the end of the installation process. Here is an example that I recently used in my packer-vbox-debian-latest project: d-i preseed/late_command string \ mkdir --mode=700 /target/home/testuser/.ssh; \ wget -q http://10.0.2.2:8081/key.pub -O /target/home/testuser/.ssh/authorized_keys; \ in-target chown testuser:testuser /home/testuser/.ssh; \ in-target chown testuser:testuser /home/testuser/.ssh/authorized_keys; \ in-target chmod 0600 /home/testuser/.ssh/authorized_keys As you can see, sometimes /target is used, other times in-target, I must admit I struggled a bit to understand the difference and when to use one instead of the other. ...

My current Arch Linux installation has many years and I’d like to reinstall it using other technologies like LVM and BTRFS, but before reinstalling my laptop, I’m testing the installation process inside a VirtualBox VM. This morning I got bored of typing all the commands and in my head popped up Powershell Direct with Hyper-V. Basically you can attach a Powershell session directly to the Hyper-V VM. I found a similar approach by configuring port forwarding in VirtualBox and connecting via SSH. ...

Node Version Manager for Windows is the de facto tool for managing multiple versions of Node.js, and is widely used by developers. In organisations where high security standards are in place, it can be a challenge to allow developers to use NVM. Getting started The aim of this short guide is to enable your developers to use NVM for Windows without the need for administrator rights, applying the concept of least privilege. ...

These evolving personal notes document my journey and discoveries as I explore the versatile Raspberry Pi. At present, all information pertains specifically to the Raspberry Pi 5. Power Minimum required: 5V / 3A (can’t connect any bus-powered HDDs/SSDs) Best performance: 5v / 5A Remainder: x Volt * y Amp = z Watt Pogo Pin: A pogo pin is a spring-loaded connector used to create reliable electrical connections in electronics without the need for soldering, commonly for programming and connecting peripherals. ...