dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-05 08:13:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add anchor links for subheading

Browse Source
This commit is contained in:
Dave Gallant
2022-12-11 21:53:35 -05:00
parent b008b00e0c
commit 0515adbe60
64 changed files with 584 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
content/post/watching-youtube-in-private.md
View File

@@ -5,7 +5,7 @@ lastmod: 2022-12-10T21:46:55-05:00
draft: false
keywords: []
description: ""
tags: ['invidious','degoogle', 'youtube', 'yewtu.be', 'tailscale']
tags: ['invidious','degoogle', 'youtube', 'yewtu.be', 'tailscale', 'privacy']
categories: []
author: ""
@@ -34,15 +34,15 @@ sequenceDiagrams:
<!--more-->
I recently stumbled upon [yewtu.be](https://yewtu.be) and found it intriguing. It not only allows for you to watch YouTube without *being on YouTube*, but it also allows you to create an account and subscribe to channels without a Google account. I wondered what sort of wizardry was going on under the hood and discovered that it's a hosted instance of [invidious](https://invidious.io/).
I recently stumbled upon [yewtu.be](https://yewtu.be) and found it intriguing. It not only allows for you to watch YouTube without *being on YouTube*, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it's a hosted instance of [invidious](https://invidious.io/).
![requestly](/images/watching-youtube-in-private/computerphile.png)
Wow, this is cool, and **JavaScript is not required**.
I started to use yewtu.be as my primary client for watching videos. I subscribe to about a dozen channels and I really only want to a see list of the latest videos from my subscriptions, and not have so much of my data collected and used. A few days ago, yewtu.be went down briefly, and that motivated me enough to self-host invidious.
I started to use [yewtu.be](https://yewtu.be) as my primary client for watching videos. I subscribe to several YouTube channels and I prefer the interface invidiuous provides due to its simplicity. It's also nice to be in control of my search and watch history.
There are several other hosted instances listed [here](https://docs.invidious.io/instances/), but being able to easily backup my own instance (along with watch history) is more compelling in my case.
A few days ago, yewtu.be went down briefly, and that motivated me enough to self-host invidious. There are several other hosted instances listed [here](https://docs.invidious.io/instances/), but being able to easily backup my own instance (including subscriptions and watch history) is more compelling in my case.
### Hosting invidious
@@ -100,7 +100,7 @@ After invidious was up and running, I installed [Tailscale](https://tailscale.co
I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.
Without subjecting my entire household to this, I went looking for a way to redirect paths at the browser level. I found the lightweight proxy [requestly](https://requestly.io/), which can be used to modify http requests in my browser. I created the following rules:
I went looking for a way to redirect paths at the browser level. I found the lightweight proxy [requestly](https://requestly.io/), which can be used to modify http requests in my browser. I created the following rules:
![requestly](/images/watching-youtube-in-private/requestly-rules.png)

2
public/404.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

6
public/about/index.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -324,9 +326,7 @@ One min read
<div class='container entry-content'>
<p>I&rsquo;m a software engineer with a passion for open-source, infrastructure, tooling and security.</p>
<div class='container entry-content'><p>I&rsquo;m a software engineer with a passion for open-source, infrastructure, tooling and security.</p>
</div>

2
public/authors/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

8
public/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -324,8 +326,7 @@ if (!doNotTrack) {
<div class='container entry-content'>
<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p>
<div class='container entry-content'><p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p>
<p>Depending on the AppGate SDP Server that is running, you may require a client that is more recent than the latest package on <a href="https://aur.archlinux.org/packages/appgate-sdp/">AUR</a>.
As of right now, the latest AUR is <code>4.2.2-1</code>.</p>
<p>These steps highlight how to get it working with <code>Python3.8</code> by making a 1 line modification to AppGate source code.</p>
@@ -408,8 +409,7 @@ Let&rsquo;s try to run it.</p>
</span></span></code></pre></div><h1 id="wrapping-up">Wrapping up</h1>
<p>It turns out there are <a href="https://docs.python.org/3.7/library/platform.html#platform.linux_distribution">breaking changes</a> in Python3.8.</p>
<p>The docs say <code>Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.</code></p>
<p>I suppose this highlights one of the caveats of relying upon the system&rsquo;s python, rather than having an isolated, dedicated environment for all dependencies.</p>
</div>
<p>I suppose this highlights one of the caveats of relying upon the system&rsquo;s python, rather than having an isolated, dedicated environment for all dependencies.</p></div>
<footer class='entry-footer'>

18
public/blog/2021/09/06/what-to-do-with-a-homelab/index.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -324,19 +326,18 @@ if (!doNotTrack) {
<div class='container entry-content'>
<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p>
<div class='container entry-content'><p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p>
<p>Do you want host your own Media server? Ad blocker? Web server?
Are you interested in learning more about Linux? Virtualization? Networking? Security?
Building a homelab can be an entertaining playground to enhance your computer skills.</p>
<p>One of the best parts about building a homelab is that it doesn&rsquo;t have to be a large investment in terms of hardware. One of the simplest ways to build a homelab is out of a <a href="https://ca.refurb.io/products/hp-800-g1-usff-intel-core-i5-4570s-16gb-ram-512gb-ssd-wifi-windows-10-pro?variant=33049503825943">refurbished computer</a>.
Having multiple machines/nodes provides the advantage of increased redundancy, but starting out with a single node is enough to reap many of the benefits of having a homelab.</p>
<h2 id="virtualization">Virtualization</h2>
<h2 id="virtualization">Virtualization<a href="#virtualization" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Virtualizing your hardware is an organized way of dividing up your machine&rsquo;s resources. This can be done with something such as a <em>Virtual Machine</em> or something lighter like a container using <em>LXC</em> or <em>runC</em>.
Containers have much less overhead in terms of boot time and storage allocation. This <a href="https://stackoverflow.com/questions/16047306/how-is-docker-different-from-a-virtual-machine">Stack Overflow answer</a> sums it up nicely.</p>
<p><img src="/images/proxmox.png" alt="image"></p>
<p>A hypervisor such as <a href="https://www.proxmox.com/en/proxmox-ve/get-started">Proxmox</a> can be installed in minutes on a new machine. It provides a web interface and a straight-forward way to spin up new VMs and containers. Even if your plan is to run mostly docker containers, Proxmox can be a useful abstraction for managing VMs, disks and running scheduled backups. You can even run docker within an LXC container by enabling nested virtualization. You&rsquo;ll want to ensure that VT-d and VT-x are enabled in the BIOS if you decide to install a hypervisor to manage your virtualization.</p>
<h2 id="services">Services</h2>
<h2 id="services">Services<a href="#services" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>So what are some useful services to deploy?</p>
<ul>
<li><a href="https://jellyfin.org/">Jellyfin</a> or <a href="https://www.plex.tv/">Plex</a> - basically a self-hosted Netflix that can be used to stream from multiple devices, and the best part is that you manage the content! Unlike Plex, Jellyfin is open source and can be found <a href="https://github.com/jellyfin/jellyfin">here</a>.</li>
@@ -347,17 +348,16 @@ Containers have much less overhead in terms of boot time and storage allocation.
<li><a href="https://github.com/louislam/uptime-kuma">Uptime Kuma</a> - A fancy tool for monitoring the uptime of services.</li>
</ul>
<p>There is a large number of services you can self-host, including your own applications that you might be developing. <a href="https://github.com/awesome-selfhosted/awesome-selfhosted">awesome-self-hosted</a> provides a curated list of services that might be of interest to you.</p>
<h2 id="vpn">VPN</h2>
<h2 id="vpn">VPN<a href="#vpn" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>You could certainly setup and manage your own VPN by using something like <a href="https://openvpn.net/community-downloads/">OpenVPN</a>, but there is also something else you can try: <a href="https://tailscale.com/">tailscale</a>. It is a very quick way to create fully-encrypted connections between clients. With its <a href="https://tailscale.com/kb/1081/magicdns/">MagicDNS</a>, your can reference the names of machines like <code>homer</code> rather than using an IP address. By using this mesh-like VPN, you can easily create a secure tunnel to your homelab from anywhere.</p>
<h2 id="monitoring">Monitoring</h2>
<h2 id="monitoring">Monitoring<a href="#monitoring" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p><img src="/images/netdata.png" alt="dashboard"></p>
<p>Monitoring can become an important aspect of your homelab after it starts to become something that is relied upon. One of the simplest ways to setup some monitoring is using <a href="https://www.netdata.cloud/">netdata</a>. It can be installed on individual containers, VMs, and also a hypervisor (such as Proxmox). All of the monitoring works out of the box by detecting disks, memory, network interfaces, etc.</p>
<p>Additionally, agents installed on different machines can all be centrally viewed in netdata, and it can alert you when some of your infrastructure is down or in a degraded state. Adding additional nodes to netdata is as simple as a 1-line shell command.</p>
<p>As mentioned above, <a href="https://github.com/louislam/uptime-kuma">Uptime Kuma</a> is a convenient way to track uptime and monitor the availability of your services.</p>
<p><img src="/images/uptime-kuma.png" alt="uptime-kuma"></p>
<h2 id="in-summary">In Summary</h2>
<p>Building out a homelab can be a rewarding experience and it doesn&rsquo;t require buying a rack full of expensive servers to get a significant amount of utility. There are many services that you can run that require very minimal setup, making it possible to get a server up and running in a short period of time, with monitoring, and that can be securely connected to remotely.</p>
</div>
<h2 id="in-summary">In Summary<a href="#in-summary" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Building out a homelab can be a rewarding experience and it doesn&rsquo;t require buying a rack full of expensive servers to get a significant amount of utility. There are many services that you can run that require very minimal setup, making it possible to get a server up and running in a short period of time, with monitoring, and that can be securely connected to remotely.</p></div>
<footer class='entry-footer'>

16
public/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -324,9 +326,8 @@ if (!doNotTrack) {
<div class='container entry-content'>
<p>Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (<code>~/.zshrc</code>, <code>~/.config/git/config</code>, <code>~/.config/tmux/tmux.conf</code>, etc). I have tried several different ways to manage them, including <a href="https://www.atlassian.com/git/tutorials/dotfiles">bare git repos</a> and utilities such as <a href="https://www.gnu.org/software/stow/">GNU Stow</a>. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: <a href="https://github.com/nix-community/home-manager">home-manager</a>.</p>
<h2 id="what-is-home-manager">What is home-manager?</h2>
<div class='container entry-content'><p>Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (<code>~/.zshrc</code>, <code>~/.config/git/config</code>, <code>~/.config/tmux/tmux.conf</code>, etc). I have tried several different ways to manage them, including <a href="https://www.atlassian.com/git/tutorials/dotfiles">bare git repos</a> and utilities such as <a href="https://www.gnu.org/software/stow/">GNU Stow</a>. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: <a href="https://github.com/nix-community/home-manager">home-manager</a>.</p>
<h2 id="what-is-home-manager">What is home-manager?<a href="#what-is-home-manager" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Before understanding home-manager, it is worth briefly discussing what nix is. <a href="https://nixos.org/">nix</a> is a package manager that originally spawned from a <a href="https://edolstra.github.io/pubs/phd-thesis.pdf">PhD thesis</a>. Unlike other package managers, it uses symbolic links to keep track of the currently installed packages, keeping around the old ones in case you may want to rollback.</p>
<p>For example, I have used nix to install the package <a href="https://search.nixos.org/packages?channel=unstable&amp;show=bind&amp;from=0&amp;size=50&amp;sort=relevance&amp;type=packages&amp;query=bind">bind</a> which includes <code>dig</code>. You can see that it is available on multiple platforms. The absolute path of <code>dig</code> can be found by running:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span><span style="color:#009;font-weight:bold">$</span> ls -lh <span style="color:#069;font-weight:bold">$(</span>which dig<span style="color:#069;font-weight:bold">)</span>
@@ -334,7 +335,7 @@ if (!doNotTrack) {
</span></span></span></code></pre></div><p>Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This <a href="https://nixos.org/guides/nix-pills/nix-store-paths.html">nix pill</a> does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.</p>
<p>Part of the nix ecosystem includes <a href="https://github.com/NixOS/nixpkgs">nixpkgs</a>. Many popular tools can be found already packaged in this repository. As you can see with these <a href="https://repology.org/repositories/statistics/total">stats</a>, there is a large number of existing packages that are being maintained by the community. Contributing a new package is easy, and anyone can do it!</p>
<p>home-manager leverages the nix package manager (and nixpkgs), as well the nix language so that you can declaratively define your system configuration. I store my <a href="https://github.com/davegallant/nix-config">nix-config</a> in git so that I can keep track of my packages and configurations, and retain a clean and informative git commit history so that I can understand what changed and why.</p>
<h2 id="setting-up-home-manager">Setting up home-manager</h2>
<h2 id="setting-up-home-manager">Setting up home-manager<a href="#setting-up-home-manager" class="hanchor" ariaLabel="Anchor">#</a></h2>
<blockquote>
<p>⚠️ If you run this on your main machine, make sure you backup your configuration files first. home-manager is pretty good about not overwriting existing configuration, but it is better to have a backup! Alternatively, you could test this out on a VM or cloud instance.</p>
</blockquote>
@@ -456,11 +457,10 @@ if (!doNotTrack) {
<p>This basic configuration above is also defining your <code>~/.config/git/config</code> and <code>.zshrc</code>. If you already have either of these files, home-manager will complain about them already existing.</p>
<p>If you run <code>cat ~/.zshrc</code>, you will see the way these configuration files are generated.</p>
<p>You can extend this configuration for programs such as (neo)vim, emacs, alacritty, ssh, etc. To see other programs, take a look at <a href="https://github.com/nix-community/home-manager/tree/master/modules/programs">home-manager/modules/programs</a>.</p>
<h2 id="gateway-to-nix">Gateway To Nix</h2>
<h2 id="gateway-to-nix">Gateway To Nix<a href="#gateway-to-nix" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>In ways, home-manager can be seen as a gateway to the nix ecosystem. If you have enjoyed the way you can declare user configuration with home-manager, you may be interested in expanding your configuration to include other system dependencies and configuration. For example, in Linux you can define your entire system&rsquo;s configuration (including the kernel, kernel modules, networking, filesystems, etc) in nix. For macOS, there is <a href="https://github.com/LnL7/nix-darwin">nix-darwin</a> that includes nix modules for configuring launchd, dock, and other preferences and services. You may also want to check out <a href="https://nixos.wiki/wiki/Flakes">Nix Flakes</a>: a more recent feature that allows you declare dependencies, and have them automatically pinned and hashed in <code>flake.lock</code>, similar to that of many modern package managers.</p>
<h2 id="wrapping-up">Wrapping up</h2>
<p>The title of this post is slightly misleading, since it&rsquo;s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I&rsquo;d say so.</p>
</div>
<h2 id="wrapping-up">Wrapping up<a href="#wrapping-up" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>The title of this post is slightly misleading, since it&rsquo;s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I&rsquo;d say so.</p></div>
<footer class='entry-footer'>

8
public/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -324,10 +326,8 @@ One min read
<div class='container entry-content'>
<p>Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a <a href="https://gist.github.com/davegallant/2c042686a78684a657fe99e20fa7a924#file-aws_access_key_rotator-py">script</a> since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.</p>
<p>In the longer term, migrating my local workflows to <a href="https://github.com/99designs/aws-vault">aws-vault</a> seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where <a href="https://docs.aws.amazon.com/sdkref/latest/guide/file-location.html">AWS suggests</a>). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS&rsquo;s secure keystore. There is even a <a href="https://github.com/99designs/aws-vault/blob/master/USAGE.md#rotating-credentials">rotate command</a> included.</p>
</div>
<div class='container entry-content'><p>Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a <a href="https://gist.github.com/davegallant/2c042686a78684a657fe99e20fa7a924#file-aws_access_key_rotator-py">script</a> since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.</p>
<p>In the longer term, migrating my local workflows to <a href="https://github.com/99designs/aws-vault">aws-vault</a> seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where <a href="https://docs.aws.amazon.com/sdkref/latest/guide/file-location.html">AWS suggests</a>). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS&rsquo;s secure keystore. There is even a <a href="https://github.com/99designs/aws-vault/blob/master/USAGE.md#rotating-credentials">rotate command</a> included.</p></div>
<footer class='entry-footer'>

22
public/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -324,28 +326,27 @@ if (!doNotTrack) {
<div class='container entry-content'>
<p>There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:</p>
<div class='container entry-content'><p>There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:</p>
<blockquote class="twitter-tweet"><p lang="en" dir="ltr">...ignoring Docker updates is a paid feature now?? <a href="https://t.co/ZxKW3b9LQM">pic.twitter.com/ZxKW3b9LQM</a></p>&mdash; Brendan Dolan-Gavitt (@moyix) <a href="https://twitter.com/moyix/status/1388586550682861568?ref_src=twsrc%5Etfw">May 1, 2021</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
<p>Docker has been one of the larger influencers in the container world, helping to standardize the <a href="https://github.com/opencontainers/image-spec/blob/main/spec.md">OCI Image Format Specification</a>. For many developers, containers have become synonymous with terms like <code>docker</code> and <code>Dockerfile</code> (a file containing build instructions for a container image). Docker has certainly made it very convenient to build and run containers, but it is not the only solution for doing so.</p>
<p>This post briefly describes my experience swapping out docker for podman on macOS.</p>
<h3 id="what-is-a-container">What is a container?</h3>
<h3 id="what-is-a-container">What is a container?<a href="#what-is-a-container" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>A container is a standard unit of software that packages up all application dependencies within it. Multiple containers can be run on a host machine all sharing the same kernel as the host. Linux namespaces help provide an isolated view of the system, including mnt, pid, net, ipc, uid, cgroup, and time. There is an <a href="https://www.youtube.com/watch?v=sK5i-N34im8">in-depth video</a> that discusses what containers are made from, and <a href="https://youtu.be/sK5i-N34im8?t=2468">near the end</a> there is a demonstration on how to build your own containers from the command line.</p>
<p>By easily allowing the necessary dependencies to live alongside the application code, containers make the &ldquo;works on my machine&rdquo; problem less of a problem.</p>
<h3 id="benefits-of-podman">Benefits of Podman</h3>
<h3 id="benefits-of-podman">Benefits of Podman<a href="#benefits-of-podman" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>One of the most interesting features of Podman is that it is daemonless. There isn&rsquo;t a process running on your system managing your containers. In contrast, the docker client is reliant upon the docker daemon (often running as root) to be able to build and run containers.</p>
<p>Podman is rootless by default. It is now possible to <a href="https://docs.docker.com/engine/security/rootless/">run the docker daemon rootless</a> as well, but it&rsquo;s still not the default behaviour.</p>
<p>I&rsquo;ve also observed that so far my 2019 16&quot; Macbook Pro hasn&rsquo;t sounded like a jet engine, although I haven&rsquo;t performed any disk-intensive operations yet.</p>
<h3 id="installing-podman">Installing Podman</h3>
<h3 id="installing-podman">Installing Podman<a href="#installing-podman" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>Running Podman on macOS is more involved than on Linux, because the podman-machine must run Linux inside of a virtual machine. Fortunately, the installation is made simple with <a href="https://formulae.brew.sh/formula/podman">brew</a> (read <a href="https://podman.io/getting-started/installation#linux-distributions">this</a> if you&rsquo;re installing Podman on Linux):</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>brew install podman
</span></span></code></pre></div><p>The podman-machine must be started:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># This is not necessary on Linux</span>
</span></span><span style="display:flex;"><span>podman machine init
</span></span><span style="display:flex;"><span>podman machine start
</span></span></code></pre></div><h3 id="running-a-container">Running a container</h3>
</span></span></code></pre></div><h3 id="running-a-container">Running a container<a href="#running-a-container" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>Let&rsquo;s try to pull an image:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span><span style="color:#009;font-weight:bold">$</span> podman pull alpine
</span></span><span style="display:flex;"><span><span style="color:#aaa">Trying to pull docker.io/library/alpine:latest...
@@ -366,10 +367,10 @@ if (!doNotTrack) {
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>podman run -p <span style="color:#f60">4242</span> --rm -ti alpine
</span></span></code></pre></div><p>If you&rsquo;re reading this from the future, there is a good chance specifying a port won&rsquo;t be needed.</p>
<p>Another example of running a container with Podman can be found in the <a href="https://jellyfin.org/docs/general/administration/installing.html#podman">Jellyfin Documentation</a>.</p>
<h3 id="aliasing-docker-with-podman">Aliasing docker with podman</h3>
<h3 id="aliasing-docker-with-podman">Aliasing docker with podman<a href="#aliasing-docker-with-podman" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>Force of habit (or other scripts) may have you calling <code>docker</code>. To work around this:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#366">alias</span> <span style="color:#033">docker</span><span style="color:#555">=</span>podman
</span></span></code></pre></div><h3 id="podman-compose">podman-compose</h3>
</span></span></code></pre></div><h3 id="podman-compose">podman-compose<a href="#podman-compose" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>You may be wondering: what about docker-compose? Well, there <em>claims</em> to be a drop-in replacement for it: <a href="https://github.com/containers/podman-compose">podman-compose</a>.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>pip3 install --user podman-compose
</span></span></code></pre></div><p>Now let&rsquo;s create a <code>docker-compose.yml</code> file to test:</p>
@@ -399,14 +400,13 @@ if (!doNotTrack) {
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">podman start -a davegallant.github.io_hello_world_1
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">Hello world
</span></span></span></code></pre></div><p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p>
<h3 id="summary">Summary</h3>
<h3 id="summary">Summary<a href="#summary" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.</p>
<p>One caveat to mention is that there isn&rsquo;t an official graphical user interface for Podman, but there is an <a href="https://github.com/containers/podman/issues/11494">open issue</a> considering one. If you rely heavily on Docker Desktop&rsquo;s UI, you may not be as interested in using podman yet.</p>
<blockquote>
<p>Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using <a href="https://en.wikipedia.org/wiki/SSHFS">sshfs</a> was shared <a href="https://github.com/containers/podman/issues/8016#issuecomment-920015800">here</a>.</p>
</blockquote>
<p>I had been experimenting with Podman on Linux before writing this, but after listening to this <a href="https://kubernetespodcast.com/episode/164-podman/">podcast episode</a>, I was inspired to give Podman a try on macOS.</p>
</div>
<p>I had been experimenting with Podman on Linux before writing this, but after listening to this <a href="https://kubernetespodcast.com/episode/164-podman/">podcast episode</a>, I was inspired to give Podman a try on macOS.</p></div>
<footer class='entry-footer'>

26
public/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -324,24 +326,23 @@ if (!doNotTrack) {
<div class='container entry-content'>
<p>It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as <a href="https://helm.sh">Helm</a> and <a href="https://tekton.dev">Tekton</a>. I decided to deploy <a href="https://k3s.io">K3s</a>, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. LXC containers also provide an efficient way to use a machine&rsquo;s resources.</p>
<h2 id="what-is-k3s">What is K3s?</h2>
<div class='container entry-content'><p>It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as <a href="https://helm.sh">Helm</a> and <a href="https://tekton.dev">Tekton</a>. I decided to deploy <a href="https://k3s.io">K3s</a>, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. LXC containers also provide an efficient way to use a machine&rsquo;s resources.</p>
<h2 id="what-is-k3s">What is K3s?<a href="#what-is-k3s" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>K3s is a Kubernetes distro that advertises itself as a lightweight binary with a much smaller memory-footprint than traditional k8s. K3s is not a fork of k8s as it seeks to remain as close to upstream as it possibly can.</p>
<h2 id="configure-proxmox">Configure Proxmox</h2>
<h2 id="configure-proxmox">Configure Proxmox<a href="#configure-proxmox" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>This <a href="https://gist.github.com/triangletodd/02f595cd4c0dc9aac5f7763ca2264185">gist</a> contains snippets and discussion on how to deploy K3s in LXC on Proxmox. It mentions that <code>bridge-nf-call-iptables</code> should be loaded, but I did not understand the benefit of doing this.</p>
<h2 id="disable-swap">Disable swap</h2>
<h2 id="disable-swap">Disable swap<a href="#disable-swap" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>There is an issue on Kubernetes regarding swap <a href="https://github.com/kubernetes/kubernetes/issues/53533">here</a>. There claims to be support for swap in 1.22, but for now let&rsquo;s disable it:</p>
<pre tabindex="0"><code>sysctl vm.swappiness=0
swapoff -a
</code></pre><p>It might be worth experimenting with swap enabled in the future to see how that might affect performance.</p>
<h3 id="enable-ip-forwarding">Enable IP Forwarding</h3>
<h3 id="enable-ip-forwarding">Enable IP Forwarding<a href="#enable-ip-forwarding" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>To avoid IP Forwarding issues with Traefik, run the following on the host:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo sysctl net.ipv4.ip_forward<span style="color:#555">=</span><span style="color:#f60">1</span>
</span></span><span style="display:flex;"><span>sudo sysctl net.ipv6.conf.all.forwarding<span style="color:#555">=</span><span style="color:#f60">1</span>
</span></span><span style="display:flex;"><span>sudo sed -i <span style="color:#c30">&#39;s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g&#39;</span> /etc/sysctl.conf
</span></span><span style="display:flex;"><span>sudo sed -i <span style="color:#c30">&#39;s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g&#39;</span> /etc/sysctl.conf
</span></span></code></pre></div><h2 id="create-lxc-container">Create LXC container</h2>
</span></span></code></pre></div><h2 id="create-lxc-container">Create LXC container<a href="#create-lxc-container" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Create an LXC container in the Proxmox interface as you normally would. Remember to:</p>
<ul>
<li>Uncheck <code>unprivileged container</code></li>
@@ -349,7 +350,7 @@ swapoff -a
<li>In memory, set swap to 0</li>
<li>Create and start the container</li>
</ul>
<h3 id="modify-container-config">Modify container config</h3>
<h3 id="modify-container-config">Modify container config<a href="#modify-container-config" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>Now back on the host run <code>pct list</code> to determine what VMID it was given.</p>
<p>Open <code>/etc/pve/lxc/$VMID.conf</code> and append:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>lxc.apparmor.profile: unconfined
@@ -363,21 +364,21 @@ Notice that <code>cgroup2</code> is used since Proxmox VE 7.0 has switched to a
<li><a href="https://github.com/k3s-io/k3s/pull/2584">https://github.com/k3s-io/k3s/pull/2584</a></li>
<li><a href="https://github.com/k3s-io/k3s/pull/2844">https://github.com/k3s-io/k3s/pull/2844</a></li>
</ul>
<h2 id="enable-shared-host-mounts">Enable shared host mounts</h2>
<h2 id="enable-shared-host-mounts">Enable shared host mounts<a href="#enable-shared-host-mounts" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>From within the container, run:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#366">echo</span> <span style="color:#c30">&#39;#!/bin/sh -e
</span></span></span><span style="display:flex;"><span><span style="color:#c30">ln -s /dev/console /dev/kmsg
</span></span></span><span style="display:flex;"><span><span style="color:#c30">mount --make-rshared /&#39;</span> &gt; /etc/rc.local
</span></span><span style="display:flex;"><span>chmod +x /etc/rc.local
</span></span><span style="display:flex;"><span>reboot
</span></span></code></pre></div><h2 id="install-k3s">Install K3s</h2>
</span></span></code></pre></div><h2 id="install-k3s">Install K3s<a href="#install-k3s" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>One of the simplest ways to install K3s on a remote host is to use <a href="https://github.com/alexellis/k3sup">k3sup</a>.
Ensure that you supply a valid <code>CONTAINER_IP</code> and choose the <code>k3s-version</code> you prefer.
As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1.22 for cgroup v2 support. See the published releases <a href="https://github.com/k3s-io/k3s/releases">here</a>.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>ssh-copy-id root@<span style="color:#033">$CONTAINER_IP</span>
</span></span><span style="display:flex;"><span>k3sup install --ip <span style="color:#033">$CONTAINER_IP</span> --user root --k3s-version v1.22.3+k3s1
</span></span></code></pre></div><p>If all goes well, you should see a path to the <code>kubeconfig</code> generated. I moved this into <code>~/.kube/config</code> so that kubectl would read this by default.</p>
<h2 id="wrapping-up">Wrapping up</h2>
<h2 id="wrapping-up">Wrapping up<a href="#wrapping-up" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Installing K3s in LXC on Proxmox works with a few tweaks to the default configuration. I later followed the Tekton&rsquo;s <a href="https://tekton.dev/docs/getting-started/">Getting Started</a> guide and was able to deploy it in a few commands.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span><span style="color:#009;font-weight:bold">$</span> kubectl get all --namespace tekton-pipelines
</span></span><span style="display:flex;"><span><span style="color:#aaa">NAME READY STATUS RESTARTS AGE
@@ -403,8 +404,7 @@ As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1
</span></span></span><span style="display:flex;"><span><span style="color:#a00;background-color:#faa"></span><span style="color:#aaa">NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
</span></span></span><span style="display:flex;"><span><span style="color:#aaa">horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h
</span></span></span></code></pre></div><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p>
<p>If I&rsquo;m feeling adventurous, I might experiment with <a href="https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental">K3s rootless</a>.</p>
</div>
<p>If I&rsquo;m feeling adventurous, I might experiment with <a href="https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental">K3s rootless</a>.</p></div>
<footer class='entry-footer'>

14
public/blog/2022/03/13/backing-up-gmail-with-synology/index.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -324,10 +326,9 @@ if (!doNotTrack) {
<div class='container entry-content'>
<p>I&rsquo;ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.</p>
<div class='container entry-content'><p>I&rsquo;ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.</p>
<p>The thought of completely de-googling has crossed my mind on occassion. Convenience, coupled with my admiration for Google engineering, has prevented me from doing so thus far. Though, I may end up doing so at some point in the future.</p>
<h2 id="synology-mailplus-server">Synology MailPlus Server</h2>
<h2 id="synology-mailplus-server">Synology MailPlus Server<a href="#synology-mailplus-server" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Synology products are reasonably priced for what you get (essentially a cloud-in-a-box) and there is very little maintenance required. I&rsquo;ve recently been in interested in syncing and snapshotting my personal data. I&rsquo;ve setup <a href="https://www.synology.com/en-ca/dsm/feature/cloud_sync">Synology&rsquo;s Cloud Sync</a> and keep copies of most of my cloud data.</p>
<p>I&rsquo;ve used tools such as <a href="http://www.gmvault.org">gmvault</a> with success in the past. Setting this up on a cron seems like a viable option. However, I don&rsquo;t really need a lot of the features it offers and do not plan to restore this data to another account.</p>
<p>Synology&rsquo;s MailPlus seems to be a good candidate for backing up this data. By enabling POP3 fetching, it&rsquo;s possible to fetch all existing emails, as well as periodically fetch all new emails. If a disaster ever did occur, having these emails would be beneficial, as they are an extension of my memory bank.</p>
@@ -340,12 +341,11 @@ if (!doNotTrack) {
<p>After this, mail started coming in.</p>
<p><img src="/images/backing-up-gmail-with-synology/mail-plus-incoming-mail.png" alt="image"></p>
<p>After fetching 19 years worth of emails, I tried searching for some emails. It only took a few seconds to search through ~50K emails, which is a relief if I ever did have to search for something important.</p>
<h2 id="securing-synology">Securing Synology</h2>
<h2 id="securing-synology">Securing Synology<a href="#securing-synology" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Since Synology devices are not hermetically sealed, it&rsquo;s best to secure them by <a href="https://kb.synology.com/en-us/DSM/tutorial/How_to_add_extra_security_to_your_Synology_NAS#x_anchor_id8">enabling MFA</a> to help prevent being the <a href="https://www.bleepingcomputer.com/news/security/qlocker-ransomware-returns-to-target-qnap-nas-devices-worldwide/">victim of ransomware</a>. It is also wise to backup your system settings and volumes to the cloud using a tool such as <a href="https://www.synology.com/en-ca/dsm/feature/hyper_backup">Hyper Backup</a>.
Encrypting your shared volumes should also be done, since unfortunately <a href="https://community.synology.com/enu/forum/12/post/144665">DSM does not support full disk encryption</a>.</p>
<h2 id="summary">Summary</h2>
<p>Having backups of various forms of cloud data is a good investment, especially in <a href="https://en.wikipedia.org/wiki/2022_Ukraine_cyberattacks">times of war</a>. I certainly feel more at ease for having backed up my emails.</p>
</div>
<h2 id="summary">Summary<a href="#summary" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Having backups of various forms of cloud data is a good investment, especially in <a href="https://en.wikipedia.org/wiki/2022_Ukraine_cyberattacks">times of war</a>. I certainly feel more at ease for having backed up my emails.</p></div>
<footer class='entry-footer'>

16
public/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -324,12 +326,11 @@ if (!doNotTrack) {
<div class='container entry-content'>
<h2 id="the-problem">The problem</h2>
<div class='container entry-content'><h2 id="the-problem">The problem<a href="#the-problem" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>My aging router has been running <a href="https://en.wikipedia.org/wiki/OpenWrt">OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a href="https://openwrt.org/packages/index/start">large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p>
<h2 id="pfsense">pfSense</h2>
<h2 id="pfsense">pfSense<a href="#pfsense" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>I figured this would be a good opportunity to try <a href="https://en.wikipedia.org/wiki/PfSense">pfSense</a>. I&rsquo;ve heard nothing but positive things about pfSense and the fact it&rsquo;s been around since 2004, based on FreeBSD, and written in PHP gave me the impression that it would be relatively stable (and I&rsquo;d expect nothing less because it has an important job to do!). pfSense can be run on many different machines, and there are even some <a href="https://www.netgate.com/appliances">officially supported appliances</a>. Since I already have a machine running Proxmox, why not just run it in a VM? It&rsquo;d allow for automatic snapshotting of the machine. There is a good <a href="https://www.youtube.com/watch?v=hdoBQNI_Ab8">video</a> on this by Techno Tim. Tim has a lot of good videos, and this one is about virtualizing pfSense.</p>
<h2 id="router-on-a-stick">Router on a stick</h2>
<h2 id="router-on-a-stick">Router on a stick<a href="#router-on-a-stick" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>I had initially made the assumption that in order to build a router, you would need more than a single NIC (or a dual-port NIC) in order to support both WAN and LAN. This is simply <a href="https://en.wikipedia.org/wiki/Router_on_a_stick">not the case</a>, because VLANs are awesome! In order to create a router, all you need is a single port NIC and a network switch that supports VLANs (also marketed as a managed switch). I picked up the Netgear GS308E because it has both a sufficient amount of ports for my needs, and it supports VLANs. It also has a nice sturdy metal frame which was a pleasant surprise.</p>
<p>After setting up this Netgear switch, it shoud be possible to access the web interface at <a href="http://192.168.0.239">http://192.168.0.239</a>. It may be at a different address. To find the address, try checking your DHCP leases in your router interface (if you plugged it into an existing router). I realized I was unable to access this interface because I was on a different subnet, so I set my machine&rsquo;s address to <code>192.168.0.22</code> in order to temporarily setup this switch. I assigned a static ip address to the switch (in <code>System &gt; Switch Information</code>) so that it was in the same subnet as the rest of my network.</p>
<p>The web interface is nothing spectactular, but it allows for managing VLANs.</p>
@@ -349,7 +350,7 @@ if (!doNotTrack) {
<p>Now, go into <code>Port PVID</code> and ensure that port 8 is set to PVID 10.</p>
<p><img src="/images/virtualizing-a-router-with-pfsense/netgear-port-pvid.png" alt="vlan-port-pvid"></p>
<p>This above configuration will dedicate two of the eight ports to WAN and LAN. This will allow the internet to flow into the pfSense from the modem.</p>
<h2 id="setting-up-pfsense">Setting up pfSense</h2>
<h2 id="setting-up-pfsense">Setting up pfSense<a href="#setting-up-pfsense" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>pfSense is fairly easy to setup. Just <a href="https://www.pfsense.org/download/">download the latest ISO</a> and boot up the virtual machine.
When setting up the machine, I mostly went with all of the defaults. Configuration can be changed later in the web interface, which is quite a bit simpler.</p>
<p>Since VLANs are going to be leveraged, when you go to <code>Assign Interfaces</code>, VLANs should be setup now like the following:</p>
@@ -361,9 +362,8 @@ When setting up the machine, I mostly went with all of the defaults. Configurati
<p>If all goes well, the web interface should be running at <a href="https://192.168.1.1">https://192.168.1.1</a>.</p>
<p><img src="/images/virtualizing-a-router-with-pfsense/pfsense-dashboard.png" alt="pfsense-dashboard"></p>
<p>And this is where the fun begins. There are many tutorials and blogs about how to setup pfSense and various services and packages that can be installed. I&rsquo;ve already installed <a href="https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html">pfBlocker-NG</a>.</p>
<h2 id="summary">Summary</h2>
<p>It is fairly simple to setup a router with pfSense from within a virtual machine. A physical dedicated routing machine is not necessary and often does not perform as well as software running on faster and more reliable hardware. So far, pfSense has been running for over a week without a single hiccup. pfSense is a mature piece of software that is incredibly powerful and flexible. To avoid some of the instability I had experienced with OpenWrt, I enabled <a href="https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html">AutoConfigBackup</a>, which is capable of automatically backing up configuration upon every change. I plan to explore and experiment with more services and configuration in the future, so the ability to track all of these changes gives me the peace of mind that experimentation is safe.</p>
</div>
<h2 id="summary">Summary<a href="#summary" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>It is fairly simple to setup a router with pfSense from within a virtual machine. A physical dedicated routing machine is not necessary and often does not perform as well as software running on faster and more reliable hardware. So far, pfSense has been running for over a week without a single hiccup. pfSense is a mature piece of software that is incredibly powerful and flexible. To avoid some of the instability I had experienced with OpenWrt, I enabled <a href="https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html">AutoConfigBackup</a>, which is capable of automatically backing up configuration upon every change. I plan to explore and experiment with more services and configuration in the future, so the ability to track all of these changes gives me the peace of mind that experimentation is safe.</p></div>
<footer class='entry-footer'>

22
public/blog/2022/12/10/watching-youtube-in-private/index.html
View File

@@ -9,7 +9,7 @@
<meta property='og:description' content=''>
<meta property='og:url' content='/blog/2022/12/10/watching-youtube-in-private/'>
<meta property='og:site_name' content='davegallant'>
<meta property='og:type' content='article'><meta property='article:section' content='post'><meta property='article:tag' content='invidious'><meta property='article:tag' content='degoogle'><meta property='article:tag' content='youtube'><meta property='article:tag' content='yewtu.be'><meta property='article:tag' content='tailscale'><meta property='article:published_time' content='2022-12-10T21:46:55-05:00'/><meta property='article:modified_time' content='2022-12-10T21:46:55-05:00'/><meta name='twitter:card' content='summary'>
<meta property='og:type' content='article'><meta property='article:section' content='post'><meta property='article:tag' content='invidious'><meta property='article:tag' content='degoogle'><meta property='article:tag' content='youtube'><meta property='article:tag' content='yewtu.be'><meta property='article:tag' content='tailscale'><meta property='article:tag' content='privacy'><meta property='article:published_time' content='2022-12-10T21:46:55-05:00'/><meta property='article:modified_time' content='2022-12-10T21:46:55-05:00'/><meta name='twitter:card' content='summary'>
<meta name="generator" content="Hugo 0.108.0">
@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -324,13 +326,12 @@ if (!doNotTrack) {
<div class='container entry-content'>
<p>I recently stumbled upon <a href="https://yewtu.be">yewtu.be</a> and found it intriguing. It not only allows for you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. I wondered what sort of wizardry was going on under the hood and discovered that it&rsquo;s a hosted instance of <a href="https://invidious.io/">invidious</a>.</p>
<div class='container entry-content'><p>I recently stumbled upon <a href="https://yewtu.be">yewtu.be</a> and found it intriguing. It not only allows for you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a href="https://invidious.io/">invidious</a>.</p>
<p><img src="/images/watching-youtube-in-private/computerphile.png" alt="requestly"></p>
<p>Wow, this is cool, and <strong>JavaScript is not required</strong>.</p>
<p>I started to use yewtu.be as my primary client for watching videos. I subscribe to about a dozen channels and I really only want to a see list of the latest videos from my subscriptions, and not have so much of my data collected and used. A few days ago, yewtu.be went down briefly, and that motivated me enough to self-host invidious.</p>
<p>There are several other hosted instances listed <a href="https://docs.invidious.io/instances/">here</a>, but being able to easily backup my own instance (along with watch history) is more compelling in my case.</p>
<h3 id="hosting-invidious">Hosting invidious</h3>
<p>I started to use <a href="https://yewtu.be">yewtu.be</a> as my primary client for watching videos. I subscribe to several YouTube channels and I prefer the interface invidiuous provides due to its simplicity. It&rsquo;s also nice to be in control of my search and watch history.</p>
<p>A few days ago, yewtu.be went down briefly, and that motivated me enough to self-host invidious. There are several other hosted instances listed <a href="https://docs.invidious.io/instances/">here</a>, but being able to easily backup my own instance (including subscriptions and watch history) is more compelling in my case.</p>
<h3 id="hosting-invidious">Hosting invidious<a href="#hosting-invidious" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>The quickest way to get invidious up is with docker-compose as mentioned in the <a href="https://docs.invidious.io/installation/">docs</a>.</p>
<p>I made a few modifications (such as pinning the container&rsquo;s tag), and ended up with:</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#309;font-weight:bold">version</span>:<span style="color:#bbb"> </span><span style="color:#c30">&#34;3&#34;</span><span style="color:#bbb">
@@ -375,13 +376,12 @@ if (!doNotTrack) {
</span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#309;font-weight:bold">volumes</span>:<span style="color:#bbb">
</span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#309;font-weight:bold">postgresdata</span>:<span style="color:#bbb">
</span></span></span></code></pre></div><p>After invidious was up and running, I installed <a href="https://tailscale.com/">Tailscale</a> on it to leverage its MagicDNS, and I&rsquo;m now able to access this instance from anywhere at <a href="http://invidious:3000/feed/subscriptions">http://invidious:3000/feed/subscriptions</a>.</p>
<h3 id="redirecting-youtube-links">Redirecting YouTube links</h3>
<h3 id="redirecting-youtube-links">Redirecting YouTube links<a href="#redirecting-youtube-links" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.</p>
<p>Without subjecting my entire household to this, I went looking for a way to redirect paths at the browser level. I found the lightweight proxy <a href="https://requestly.io/">requestly</a>, which can be used to modify http requests in my browser. I created the following rules:</p>
<p>I went looking for a way to redirect paths at the browser level. I found the lightweight proxy <a href="https://requestly.io/">requestly</a>, which can be used to modify http requests in my browser. I created the following rules:</p>
<p><img src="/images/watching-youtube-in-private/requestly-rules.png" alt="requestly"></p>
<p>Now the link <a href="https://www.youtube.com/watch?v=-lz30by8-sU">https://www.youtube.com/watch?v=-lz30by8-sU</a> will redirect to <a href="http://invidious:3000/watch?v=-lz30by8-sU">http://invidious:3000/watch?v=-lz30by8-sU</a></p>
<p>I&rsquo;m still looking for ways to improve this invidious setup. There doesn&rsquo;t appear to be a way to stream in 4K yet.</p>
</div>
<p>I&rsquo;m still looking for ways to improve this invidious setup. There doesn&rsquo;t appear to be a way to stream in 4K yet.</p></div>
<footer class='entry-footer'>
@@ -396,7 +396,7 @@ if (!doNotTrack) {
><path d="M20.59,13.41l-7.17,7.17a2,2,0,0,1-2.83,0L2,12V2H12l8.59,8.59A2,2,0,0,1,20.59,13.41Z" />
<line x1="7" y1="7" x2="7" y2="7" />
</svg>
<span class='screen-reader-text'>Tags: </span><a class='tag' href='/tags/invidious/'>invidious</a>, <a class='tag' href='/tags/degoogle/'>degoogle</a>, <a class='tag' href='/tags/youtube/'>youtube</a>, <a class='tag' href='/tags/yewtu.be/'>yewtu.be</a>, <a class='tag' href='/tags/tailscale/'>tailscale</a></div>
<span class='screen-reader-text'>Tags: </span><a class='tag' href='/tags/invidious/'>invidious</a>, <a class='tag' href='/tags/degoogle/'>degoogle</a>, <a class='tag' href='/tags/youtube/'>youtube</a>, <a class='tag' href='/tags/yewtu.be/'>yewtu.be</a>, <a class='tag' href='/tags/tailscale/'>tailscale</a>, <a class='tag' href='/tags/privacy/'>privacy</a></div>
</div>
</footer>

14
public/css/custom.css
View File

@@ -21,3 +21,17 @@
margin-left:auto;
margin-right:auto;
}
.hanchor {
visibility: hidden;
color: silver;
font-size: 100%;
transition: 0.2s;
padding-left: 8px;
font-weight: 600;
}
h2:hover a, h3:hover a, h4:hover a {
visibility: visible;
text-decoration: none;
}

2
public/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/page/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

6
public/page/search/index.html
View File

@@ -115,6 +115,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -286,9 +288,7 @@ if (!doNotTrack) {
<div class='entry'>
<div class='container entry-content'>
<p>test</p>
<div class='container entry-content'><p>test</p>
</div>
</div>

2
public/page/search/index.json
View File

File diff suppressed because one or more lines are too long

2
public/post/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

3
public/sitemap.xml
View File

@@ -15,6 +15,9 @@
</url><url>
<loc>/post/</loc>
<lastmod>2022-12-10T21:46:55-05:00</lastmod>
</url><url>
<loc>/tags/privacy/</loc>
<lastmod>2022-12-10T21:46:55-05:00</lastmod>
</url><url>
<loc>/tags/</loc>
<lastmod>2022-12-10T21:46:55-05:00</lastmod>

2
public/tags/adguard/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/aws-vault/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/aws/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/backup/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/containers/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/degoogle/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/docker/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/dotfiles/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/gmail/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/grafana/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/home-manager/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/homelab/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

4
public/tags/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
@@ -335,6 +337,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

9
public/tags/index.xml
View File

@@ -25,6 +25,15 @@
<description></description>
</item>
<item>
<title>privacy</title>
<link>/tags/privacy/</link>
<pubDate>Sat, 10 Dec 2022 21:46:55 -0500</pubDate>
<guid>/tags/privacy/</guid>
<description></description>
</item>
<item>
<title>tailscale</title>
<link>/tags/tailscale/</link>

2
public/tags/invidious/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/jellyfin/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/k3s/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/linux/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/lxc/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/netdata/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/nix/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/openwrt/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/pfsense/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/pihole/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/plex/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/podman/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

336
public/tags/privacy/index.html Normal file
View File

@@ -0,0 +1,336 @@
<!DOCTYPE html>
<html lang='en' dir='auto'><head>
<meta charset='utf-8'>
<meta name='viewport' content='width=device-width, initial-scale=1'>
<meta name='description' content='personal blog'>
<meta name='theme-color' content='#8979b3'>
<meta property='og:title' content='Tag: privacy • davegallant'>
<meta property='og:description' content='personal blog'>
<meta property='og:url' content='/tags/privacy/'>
<meta property='og:site_name' content='davegallant'>
<meta property='og:type' content='website'><meta property='og:updated_time' content='2022-12-10T21:46:55-05:00'/><meta name='twitter:card' content='summary'>
<meta name="generator" content="Hugo 0.108.0">
<title>Tag: privacy • davegallant</title>
<link rel='canonical' href='/tags/privacy/'>
<link href="/tags/privacy/index.xml" rel="alternate" type="application/rss+xml" title="davegallant" />
<link rel='icon' href='/favicon.ico'>
<link rel='stylesheet' href='/assets/css/main.ab98e12b.css'><link rel='stylesheet' href='/css/custom.css'><style>
:root{--color-accent:#8979b3;}
</style>
<script type="application/javascript">
var doNotTrack = false;
if (!doNotTrack) {
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-98710982-2', 'auto');
ga('send', 'pageview');
}
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
</head>
<body class='term type-tags taxonomy-tag has-sidebar'>
<div class='site'><div id='sidebar' class='sidebar'>
<a class='screen-reader-text' href='#main-menu'>Skip to Main Menu</a>
<div class='container'><section class='widget widget-about sep-after'>
<header>
<div class='logo'>
<a href='/'>
<img src='/images/logo.png'>
</a>
</div>
<h2 class='title site-title '>
<a href='/'>
davegallant
</a>
</h2>
<div class='desc'>
personal blog
</div>
</header>
</section>
<section class='widget widget-taxonomy_cloud sep-after'>
<header>
<h4 class='title widget-title'>Tags</h4>
</header>
<div class='container list-container'>
<ul class='list taxonomy-cloud'><li>
<a href='/tags/adguard/' style='font-size:1em'>adguard</a>
</li><li>
<a href='/tags/aws/' style='font-size:1em'>aws</a>
</li><li>
<a href='/tags/aws-vault/' style='font-size:1em'>aws-vault</a>
</li><li>
<a href='/tags/backup/' style='font-size:1em'>backup</a>
</li><li>
<a href='/tags/containers/' style='font-size:1em'>containers</a>
</li><li>
<a href='/tags/degoogle/' style='font-size:2em'>degoogle</a>
</li><li>
<a href='/tags/docker/' style='font-size:1em'>docker</a>
</li><li>
<a href='/tags/dotfiles/' style='font-size:1em'>dotfiles</a>
</li><li>
<a href='/tags/gmail/' style='font-size:1em'>gmail</a>
</li><li>
<a href='/tags/grafana/' style='font-size:1em'>grafana</a>
</li><li>
<a href='/tags/home-manager/' style='font-size:1em'>home-manager</a>
</li><li>
<a href='/tags/homelab/' style='font-size:1em'>homelab</a>
</li><li>
<a href='/tags/invidious/' style='font-size:1em'>invidious</a>
</li><li>
<a href='/tags/jellyfin/' style='font-size:1em'>jellyfin</a>
</li><li>
<a href='/tags/k3s/' style='font-size:1em'>k3s</a>
</li><li>
<a href='/tags/linux/' style='font-size:1em'>linux</a>
</li><li>
<a href='/tags/lxc/' style='font-size:1em'>lxc</a>
</li><li>
<a href='/tags/netdata/' style='font-size:1em'>netdata</a>
</li><li>
<a href='/tags/nix/' style='font-size:1em'>nix</a>
</li><li>
<a href='/tags/openwrt/' style='font-size:1em'>openwrt</a>
</li><li>
<a href='/tags/pfsense/' style='font-size:1em'>pfsense</a>
</li><li>
<a href='/tags/pihole/' style='font-size:1em'>pihole</a>
</li><li>
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>
<a href='/tags/python/' style='font-size:2em'>python</a>
</li><li>
<a href='/tags/ransomware/' style='font-size:1em'>ransomware</a>
</li><li>
<a href='/tags/router/' style='font-size:1em'>router</a>
</li><li>
<a href='/tags/router-on-a-stick/' style='font-size:1em'>router-on-a-stick</a>
</li><li>
<a href='/tags/security/' style='font-size:1em'>security</a>
</li><li>
<a href='/tags/synology/' style='font-size:1em'>synology</a>
</li><li>
<a href='/tags/tailscale/' style='font-size:2em'>tailscale</a>
</li><li>
<a href='/tags/virtualization/' style='font-size:1em'>virtualization</a>
</li><li>
<a href='/tags/vlan/' style='font-size:1em'>vlan</a>
</li><li>
<a href='/tags/vpn/' style='font-size:1em'>vpn</a>
</li><li>
<a href='/tags/yewtu.be/' style='font-size:1em'>yewtu.be</a>
</li><li>
<a href='/tags/youtube/' style='font-size:1em'>youtube</a>
</li></ul>
</div>
</section>
<section class='widget widget-social_menu sep-after'><nav aria-label='Social Menu'>
<ul><li>
<a href='https://github.com/davegallant' target='_blank' rel='noopener me'>
<span class='screen-reader-text'>Open Github account in new tab</span><svg
class="icon"
xmlns="http://www.w3.org/2000/svg"
viewbox="0 0 24 24"
stroke-linecap="round"
stroke-linejoin="round"
stroke-width="2"
aria-hidden="true"
><path d="M9 19c-5 1.5-5-2.5-7-3m14 6v-3.87a3.37 3.37 0 0 0-.94-2.61c3.14-.35 6.44-1.54 6.44-7A5.44 5.44 0 0 0 20 4.77 5.07 5.07 0 0 0 19.91 1S18.73.65 16 2.48a13.38 13.38 0 0 0-7 0C6.27.65 5.09 1 5.09 1A5.07 5.07 0 0 0 5 4.77a5.44 5.44 0 0 0-1.5 3.78c0 5.42 3.3 6.61 6.44 7A3.37 3.37 0 0 0 9 18.13V22" />
</svg>
</a>
</li><li>
<a href='https://twitter.com/dave_gallant_' target='_blank' rel='noopener me'>
<span class='screen-reader-text'>Open Twitter account in new tab</span><svg
class="icon"
xmlns="http://www.w3.org/2000/svg"
viewbox="0 0 24 24"
stroke-linecap="round"
stroke-linejoin="round"
stroke-width="2"
aria-hidden="true"
><path d="M23 3a10.9 10.9 0 0 1-3.14 1.53 4.48 4.48 0 0 0-7.86 3v1A10.66 10.66 0 0 1 3 4s-4 9 5 13a11.64 11.64 0 0 1-7 2c9 5 20 0 20-11.5a4.5 4.5 0 0 0-.08-.83A7.72 7.72 0 0 0 23 3z" />
</svg>
</a>
</li><li>
<a href='https://fosstodon.org/@davegallant' target='_blank' rel='noopener me'>
<span class='screen-reader-text'>Open Mastodon account in new tab</span><svg
class="icon"
xmlns="http://www.w3.org/2000/svg"
viewbox="0 0 24 24"
stroke-linecap="round"
stroke-linejoin="round"
stroke-width="2"
aria-hidden="true"
><path fill="#ccc" d="M23.268 5.313c-.35-2.578-2.617-4.61-5.304-5.004C17.51.242 15.792 0 11.813 0h-.03c-3.98 0-4.835.242-5.288.309C3.882.692 1.496 2.518.917 5.127C.64 6.412.61 7.837.661 9.143c.074 1.874.088 3.745.26 5.611c.118 1.24.325 2.47.62 3.68c.55 2.237 2.777 4.098 4.96 4.857c2.336.792 4.849.923 7.256.38c.265-.061.527-.132.786-.213c.585-.184 1.27-.39 1.774-.753a.057.057 0 0 0 .023-.043v-1.809a.052.052 0 0 0-.02-.041a.053.053 0 0 0-.046-.01a20.282 20.282 0 0 1-4.709.545c-2.73 0-3.463-1.284-3.674-1.818a5.593 5.593 0 0 1-.319-1.433a.053.053 0 0 1 .066-.054c1.517.363 3.072.546 4.632.546c.376 0 .75 0 1.125-.01c1.57-.044 3.224-.124 4.768-.422c.038-.008.077-.015.11-.024c2.435-.464 4.753-1.92 4.989-5.604c.008-.145.03-1.52.03-1.67c.002-.512.167-3.63-.024-5.545zm-3.748 9.195h-2.561V8.29c0-1.309-.55-1.976-1.67-1.976c-1.23 0-1.846.79-1.846 2.35v3.403h-2.546V8.663c0-1.56-.617-2.35-1.848-2.35c-1.112 0-1.668.668-1.67 1.977v6.218H4.822V8.102c0-1.31.337-2.35 1.011-3.12c.696-.77 1.608-1.164 2.74-1.164c1.311 0 2.302.5 2.962 1.498l.638 1.06l.638-1.06c.66-.999 1.65-1.498 2.96-1.498c1.13 0 2.043.395 2.74 1.164c.675.77 1.012 1.81 1.012 3.12z"/>
</svg>
</a>
</li><li>
<a href='mailto:dave.gallant@gmail.com' target='_blank' rel='noopener me'>
<span class='screen-reader-text'>Contact via Email</span><svg
class="icon"
xmlns="http://www.w3.org/2000/svg"
viewbox="0 0 24 24"
stroke-linecap="round"
stroke-linejoin="round"
stroke-width="2"
aria-hidden="true"
><path d="M4 4h16c1.1 0 2 .9 2 2v12c0 1.1-.9 2-2 2H4c-1.1 0-2-.9-2-2V6c0-1.1.9-2 2-2z" />
<polyline points="22,6 12,13 2,6" />
</svg>
</a>
</li><li>
<a href='https://linkedin.com/in/dave-gallant' target='_blank' rel='noopener me'>
<span class='screen-reader-text'>Open Linkedin account in new tab</span><svg
class="icon"
xmlns="http://www.w3.org/2000/svg"
viewbox="0 0 24 24"
stroke-linecap="round"
stroke-linejoin="round"
stroke-width="2"
aria-hidden="true"
><path d="M16 8a6 6 0 0 1 6 6v7h-4v-7a2 2 0 0 0-2-2 2 2 0 0 0-2 2v7h-4v-7a6 6 0 0 1 6-6z" />
<rect x="2" y="9" width="4" height="12" />
<circle cx="4" cy="4" r="2" />
</svg>
</a>
</li></ul>
</nav>
</section></div>
<div class='sidebar-overlay'></div>
</div><div class='main'><nav id='main-menu' class='menu main-menu' aria-label='Main Menu'>
<div class='container'>
<a class='screen-reader-text' href='#content'>Skip to Content</a>
<button id='sidebar-toggler' class='sidebar-toggler' aria-controls='sidebar'>
<span class='screen-reader-text'>Toggle Sidebar</span>
<span class='open'><svg
class="icon"
xmlns="http://www.w3.org/2000/svg"
viewbox="0 0 24 24"
stroke-linecap="round"
stroke-linejoin="round"
stroke-width="2"
aria-hidden="true"
><line x1="3" y1="12" x2="21" y2="12" />
<line x1="3" y1="6" x2="21" y2="6" />
<line x1="3" y1="18" x2="21" y2="18" />
</svg>
</span>
<span class='close'><svg
class="icon"
xmlns="http://www.w3.org/2000/svg"
viewbox="0 0 24 24"
stroke-linecap="round"
stroke-linejoin="round"
stroke-width="2"
aria-hidden="true"
><line x1="18" y1="6" x2="6" y2="18" />
<line x1="6" y1="6" x2="18" y2="18" />
</svg>
</span>
</button>
<ul><li class='item'>
<a href='/'>Home</a>
</li><li class='item'>
<a href='/about/'>About</a>
</li><li class='item'>
<a href='/index.xml'>RSS</a>
</li></ul>
</div>
</nav><div class='header-widgets'>
<div class='container'></div>
</div>
<header id='header' class='header site-header'>
<div class='container sep-after'>
</div>
</header>
<main id='content'>
<header class='header'>
<div class='container sep-after'>
<div class='header-info'>
<h1 class='title'><span class='taxonomy-name'>Tag: </span>privacy</h1>
</div>
</div>
</header>
<div class='container list-container'>
<ul class='list'>
<li class='item'>
<div class='meta'>
<span>
<span class='screen-reader-text'>Posted on </span>
<time datetime='2022-12-10T21:46:55-05:00'>2022, Dec 10</time>
</span>
</div>
<header class='item-header'>
<h3 class='item-title'>
<a href='/blog/2022/12/10/watching-youtube-in-private/'>Watching YouTube in Private</a>
</h3>
</header>
</li>
</ul>
</div>
</main>
<footer id='footer' class='footer'>
<div class='container sep-before'><div class='copyright'>
<p> &copy; 2020-2022 Dave Gallant </p>
</div>
</div>
</footer>
</div>
</div><script>window.__assets_js_src="/assets/js/"</script>
<script src='/assets/js/main.c3bcf2df.js'></script>
</body>
</html>

20
public/tags/privacy/index.xml Normal file
View File

@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>privacy on davegallant</title>
<link>/tags/privacy/</link>
<description>Recent content in privacy on davegallant</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-us</language>
<lastBuildDate>Sat, 10 Dec 2022 21:46:55 -0500</lastBuildDate><atom:link href="/tags/privacy/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Watching YouTube in Private</title>
<link>/blog/2022/12/10/watching-youtube-in-private/</link>
<pubDate>Sat, 10 Dec 2022 21:46:55 -0500</pubDate>
<guid>/blog/2022/12/10/watching-youtube-in-private/</guid>
<description></description>
</item>
</channel>
</rss>

10
public/tags/privacy/page/1/index.html Normal file
View File

@@ -0,0 +1,10 @@
<!DOCTYPE html>
<html lang="en-us">
<head>
<title>/tags/privacy/</title>
<link rel="canonical" href="/tags/privacy/">
<meta name="robots" content="noindex">
<meta charset="utf-8">
<meta http-equiv="refresh" content="0; url=/tags/privacy/">
</head>
</html>

2
public/tags/proxmox/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/python/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/ransomware/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/router-on-a-stick/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/router/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/security/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/synology/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/tailscale/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/virtualization/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/vlan/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/vpn/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/yewtu.be/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

2
public/tags/youtube/index.html
View File

@@ -117,6 +117,8 @@ if (!doNotTrack) {
<a href='/tags/plex/' style='font-size:1em'>plex</a>
</li><li>
<a href='/tags/podman/' style='font-size:1em'>podman</a>
</li><li>
<a href='/tags/privacy/' style='font-size:1em'>privacy</a>
</li><li>
<a href='/tags/proxmox/' style='font-size:2em'>proxmox</a>
</li><li>

14
static/css/custom.css
View File

@@ -21,3 +21,17 @@
margin-left:auto;
margin-right:auto;
}
.hanchor {
visibility: hidden;
color: silver;
font-size: 100%;
transition: 0.2s;
padding-left: 8px;
font-weight: 600;
}
h2:hover a, h3:hover a, h4:hover a {
visibility: visible;
text-decoration: none;
}

4
themes/minimo/layouts/partials/entry/content.html
View File

@@ -1,3 +1,5 @@
<div class='container entry-content'>
{{ .Content }}
{{- with .Content -}}
{{ . | replaceRE "(<h[2-4] id=\"([^\"]+)\".+)(</h[2-4]+>)" `${1}<a href="#${2}" class="hanchor" ariaLabel="Anchor">#</a>${3}`| safeHTML }}
{{- end -}}
</div>