deploy: 8a27d7284f

blog/amazon-ebs-csi-driver-terraform/index.html

@@ -78,4 +78,4 @@ UPDATE: This approach can also be used for the aws-efs-csi-driver
 </span></span><span style=display:flex><span>  policy_arn <span style=color:#f92672>=</span> <span style=color:#e6db74>&#34;arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy&#34;</span>
 </span></span><span style=display:flex><span>  role       <span style=color:#f92672>=</span> <span style=color:#66d9ef>aws_iam_role</span>.<span style=color:#66d9ef>ebs_csi_driver</span>.<span style=color:#66d9ef>name</span>
 </span></span><span style=display:flex><span>}
-</span></span></code></pre></div><p>The above configuration follows the docs, binding an IAM role to the service account <code>kube-system/ebs-csi-controller-sa</code> using an OpenID connect provider.</p><p>After applying the changes above, I deployed <a href=https://docs.aws.amazon.com/eks/latest/userguide/ebs-sample-app.html class=link--external target=_blank rel=noreferrer>the sample application</a> and noticed that the persistent volume claims were bound to EBS volumes.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.7c8af88eeccecd293ae36612443495a37cdbbed5ef6f1407a082711eea42df840233fc50872c5a6c6f83cb73434e98a73ec61deae89c0a32ba04ae19f0f7f24f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>
+</span></span></code></pre></div><p>The above configuration follows the docs, binding an IAM role to the service account <code>kube-system/ebs-csi-controller-sa</code> using an OpenID connect provider.</p><p>After applying the changes above, I deployed <a href=https://docs.aws.amazon.com/eks/latest/userguide/ebs-sample-app.html class=link--external target=_blank rel=noreferrer>the sample application</a> and noticed that the persistent volume claims were bound to EBS volumes.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.de5935a2d4f514c800df64101f395e9d0dde9eec95d5b8e337e08f1d470224bc2b2c3c04c3a97bca97bbb6702e16726b467d47bbbba5f75b489840434c67167f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>

blog/appgate-sdp-on-arch-linux/index.html

@@ -63,4 +63,4 @@ Let&rsquo;s try to run it.</p><div class=highlight><pre tabindex=0 style=color:#
 </span></span></code></pre></div><p>This is a breaking change in Python3.8.</p><p>So what is calling <code>platform.linux_distribution</code>?</p><p>Let&rsquo;s search for it:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-shell data-lang=shell><span style=display:flex><span>$ sudo grep -r <span style=color:#e6db74>&#39;linux_distribution&#39;</span> /opt/appgate/linux/
 </span></span><span style=display:flex><span>/opt/appgate/linux/nm.py:    <span style=color:#66d9ef>if</span> platform.linux_distribution<span style=color:#f92672>()[</span>0<span style=color:#f92672>]</span> !<span style=color:#f92672>=</span> <span style=color:#e6db74>&#39;Fedora&#39;</span>:
 </span></span></code></pre></div><p>Aha! So this is in the local AppGate source code. This should be an easy fix. Let&rsquo;s just replace this line with:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-python data-lang=python><span style=display:flex><span><span style=color:#66d9ef>if</span> <span style=color:#66d9ef>True</span>: <span style=color:#75715e># Since we are not using Fedora :)</span>
-</span></span></code></pre></div><h1 id=wrapping-up>Wrapping up<a href=#wrapping-up class=post-heading__anchor aria-hidden=true>#</a></h1><p>It turns out there are <a href=https://docs.python.org/3.7/library/platform.html#platform.linux_distribution class=link--external target=_blank rel=noreferrer>breaking changes</a> in Python3.8.</p><p>The docs say <code>Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.</code></p><p>I suppose this highlights one of the caveats of relying upon the system&rsquo;s python, rather than having an isolated, dedicated environment for all dependencies.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.7c8af88eeccecd293ae36612443495a37cdbbed5ef6f1407a082711eea42df840233fc50872c5a6c6f83cb73434e98a73ec61deae89c0a32ba04ae19f0f7f24f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>
+</span></span></code></pre></div><h1 id=wrapping-up>Wrapping up<a href=#wrapping-up class=post-heading__anchor aria-hidden=true>#</a></h1><p>It turns out there are <a href=https://docs.python.org/3.7/library/platform.html#platform.linux_distribution class=link--external target=_blank rel=noreferrer>breaking changes</a> in Python3.8.</p><p>The docs say <code>Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.</code></p><p>I suppose this highlights one of the caveats of relying upon the system&rsquo;s python, rather than having an isolated, dedicated environment for all dependencies.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.de5935a2d4f514c800df64101f395e9d0dde9eec95d5b8e337e08f1d470224bc2b2c3c04c3a97bca97bbb6702e16726b467d47bbbba5f75b489840434c67167f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>

blog/index.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Blog on davegallant.ca</title><link>/blog/</link><description>Recent content in Blog on davegallant.ca</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>Dave Gallant</copyright><atom:link href="/blog/index.xml" rel="self" type="application/rss+xml"/><item><title>Using a Realtek NIC with OPNsense</title><link>/blog/using-a-realtek-nic-with-opnsense/</link><pubDate>Mon, 21 Apr 2025 17:17:46 -0400</pubDate><guid>/blog/using-a-realtek-nic-with-opnsense/</guid><description>&lt;p>For the past few years, I&amp;rsquo;ve been running pfSense (and more recently OPNsense) in a virtual machine within Proxmox. This has been running fine with a single onboard Intel NIC. A few months ago, I upgraded to a machine that has a CPU that supports hardware-accelerated transcoding, has more SATA ports, and has more PCI slots for future expansion. With the goal of having a dedicated NIC for WAN, I bought an inexpensive 1Gbps PCIe NIC (TG-3468) despite reading about some of the concerns around Realtek NICs (sluggish performance, driver instability, and in some cases system crashes).&lt;/p>
-&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and some commonly documented workarounds did not solve my problems.&lt;/p></description></item><item><title>Replicating TrueNAS datasets to sftpgo over Tailscale</title><link>/blog/replicating-truenas-datasets-to-sftpgo-over-tailscale/</link><pubDate>Thu, 17 Apr 2025 22:03:33 -0400</pubDate><guid>/blog/replicating-truenas-datasets-to-sftpgo-over-tailscale/</guid><description>&lt;p>I&amp;rsquo;ve recently spun up an instance of TrueNAS SCALE after salvaging a couple hard drives from a past computer build and decided I could use additional network storage for various backups such as Proxmox VMs and home directory backups.&lt;/p></description></item><item><title>Opting out of haveibeenpwned</title><link>/blog/opting-out-of-haveibeenpwned/</link><pubDate>Sun, 16 Feb 2025 21:15:07 -0500</pubDate><guid>/blog/opting-out-of-haveibeenpwned/</guid><description>&lt;p>Data breaches are a concern for anyone trying to live a life of relative privacy. Last month, PowerSchool informed its customers that &lt;a
+&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and commonly documented workarounds did not solve my problems.&lt;/p></description></item><item><title>Replicating TrueNAS datasets to sftpgo over Tailscale</title><link>/blog/replicating-truenas-datasets-to-sftpgo-over-tailscale/</link><pubDate>Thu, 17 Apr 2025 22:03:33 -0400</pubDate><guid>/blog/replicating-truenas-datasets-to-sftpgo-over-tailscale/</guid><description>&lt;p>I&amp;rsquo;ve recently spun up an instance of TrueNAS SCALE after salvaging a couple hard drives from a past computer build and decided I could use additional network storage for various backups such as Proxmox VMs and home directory backups.&lt;/p></description></item><item><title>Opting out of haveibeenpwned</title><link>/blog/opting-out-of-haveibeenpwned/</link><pubDate>Sun, 16 Feb 2025 21:15:07 -0500</pubDate><guid>/blog/opting-out-of-haveibeenpwned/</guid><description>&lt;p>Data breaches are a concern for anyone trying to live a life of relative privacy. Last month, PowerSchool informed its customers that &lt;a
 href="https://www.bleepingcomputer.com/news/security/powerschool-hacker-claims-they-stole-data-of-62-million-students/"
 class="link--external" target="_blank" rel="noreferrer"
 >hackers stole data of 62 million students&lt;/a>. This may not have impacted you, but unless you have been practicing &lt;a

blog/replacing-docker-with-podman-on-macos/index.html

@@ -47,4 +47,4 @@
 </span></span><span style=display:flex><span>0
 </span></span><span style=display:flex><span>podman start -a davegallant.github.io_hello_world_1
 </span></span><span style=display:flex><span>Hello world
-</span></span></code></pre></div><p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p><h3 id=summary>Summary<a href=#summary class=post-heading__anchor aria-hidden=true>#</a></h3><p>Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.</p><p>One caveat to mention is that there isn&rsquo;t an official graphical user interface for Podman, but there is an <a href=https://github.com/containers/podman/issues/11494 class=link--external target=_blank rel=noreferrer>open issue</a> considering one. If you rely heavily on Docker Desktop&rsquo;s UI, you may not be as interested in using podman yet.</p><blockquote><p>Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using <a href=https://en.wikipedia.org/wiki/SSHFS class=link--external target=_blank rel=noreferrer>sshfs</a> was shared <a href=https://github.com/containers/podman/issues/8016#issuecomment-920015800 class=link--external target=_blank rel=noreferrer>here</a>.</p></blockquote><p>I had been experimenting with Podman on Linux before writing this, but after listening to this <a href=https://kubernetespodcast.com/episode/164-podman/ class=link--external target=_blank rel=noreferrer>podcast episode</a>, I was inspired to give Podman a try on macOS.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.7c8af88eeccecd293ae36612443495a37cdbbed5ef6f1407a082711eea42df840233fc50872c5a6c6f83cb73434e98a73ec61deae89c0a32ba04ae19f0f7f24f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>
+</span></span></code></pre></div><p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p><h3 id=summary>Summary<a href=#summary class=post-heading__anchor aria-hidden=true>#</a></h3><p>Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.</p><p>One caveat to mention is that there isn&rsquo;t an official graphical user interface for Podman, but there is an <a href=https://github.com/containers/podman/issues/11494 class=link--external target=_blank rel=noreferrer>open issue</a> considering one. If you rely heavily on Docker Desktop&rsquo;s UI, you may not be as interested in using podman yet.</p><blockquote><p>Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using <a href=https://en.wikipedia.org/wiki/SSHFS class=link--external target=_blank rel=noreferrer>sshfs</a> was shared <a href=https://github.com/containers/podman/issues/8016#issuecomment-920015800 class=link--external target=_blank rel=noreferrer>here</a>.</p></blockquote><p>I had been experimenting with Podman on Linux before writing this, but after listening to this <a href=https://kubernetespodcast.com/episode/164-podman/ class=link--external target=_blank rel=noreferrer>podcast episode</a>, I was inspired to give Podman a try on macOS.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.de5935a2d4f514c800df64101f395e9d0dde9eec95d5b8e337e08f1d470224bc2b2c3c04c3a97bca97bbb6702e16726b467d47bbbba5f75b489840434c67167f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>

blog/running-k3s-in-lxc-on-proxmox/index.html

@@ -48,4 +48,4 @@ As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1
 </span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010>
 </span></span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010></span>NAME                                                           REFERENCE                             TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
 </span></span><span style=display:flex><span>horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook   Deployment/tekton-pipelines-webhook   9%/100%   1         5         1          12h
-</span></span></code></pre></div><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p><p>If I&rsquo;m feeling adventurous, I might experiment with <a href=https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental class=link--external target=_blank rel=noreferrer>K3s rootless</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.7c8af88eeccecd293ae36612443495a37cdbbed5ef6f1407a082711eea42df840233fc50872c5a6c6f83cb73434e98a73ec61deae89c0a32ba04ae19f0f7f24f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>
+</span></span></code></pre></div><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p><p>If I&rsquo;m feeling adventurous, I might experiment with <a href=https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental class=link--external target=_blank rel=noreferrer>K3s rootless</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.de5935a2d4f514c800df64101f395e9d0dde9eec95d5b8e337e08f1d470224bc2b2c3c04c3a97bca97bbb6702e16726b467d47bbbba5f75b489840434c67167f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>

blog/setting-up-gitea-actions-with-tailscale/index.html

@@ -88,4 +88,4 @@
 </span></span><span style=display:flex><span>          <span style=color:#f92672>from</span>: <span style=color:#ae81ff>RFD Notify</span>
 </span></span><span style=display:flex><span>          <span style=color:#f92672>body</span>: |<span style=color:#e6db74>
 </span></span></span><span style=display:flex><span><span style=color:#e6db74>            ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}</span>            
-</span></span></code></pre></div><p>And voilà:</p><p><img src=gitea-workflow.png alt=image></p><p>You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have <a href=https://tailscale.com/tailscale-ssh class=link--external target=_blank rel=noreferrer>tailscale ssh</a> enabled.</p><h2 id=areas-for-improvement>Areas for improvement<a href=#areas-for-improvement class=post-heading__anchor aria-hidden=true>#</a></h2><p>One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this <a href=https://github.com/go-gitea/gitea/issues/23725 class=link--external target=_blank rel=noreferrer>doesn&rsquo;t seem possible</a> without adding logic to each workflow.</p><h2 id=conclusion>Conclusion<a href=#conclusion class=post-heading__anchor aria-hidden=true>#</a></h2><p>Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources. It likely helps that the codebase is largely written in go.</p><p>By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.</p><p>Check out my gitea instance exposed via Funnel <a href=https://gitea.snake-cloud.ts.net class=link--external target=_blank rel=noreferrer>here</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.7c8af88eeccecd293ae36612443495a37cdbbed5ef6f1407a082711eea42df840233fc50872c5a6c6f83cb73434e98a73ec61deae89c0a32ba04ae19f0f7f24f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>
+</span></span></code></pre></div><p>And voilà:</p><p><img src=gitea-workflow.png alt=image></p><p>You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have <a href=https://tailscale.com/tailscale-ssh class=link--external target=_blank rel=noreferrer>tailscale ssh</a> enabled.</p><h2 id=areas-for-improvement>Areas for improvement<a href=#areas-for-improvement class=post-heading__anchor aria-hidden=true>#</a></h2><p>One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this <a href=https://github.com/go-gitea/gitea/issues/23725 class=link--external target=_blank rel=noreferrer>doesn&rsquo;t seem possible</a> without adding logic to each workflow.</p><h2 id=conclusion>Conclusion<a href=#conclusion class=post-heading__anchor aria-hidden=true>#</a></h2><p>Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources. It likely helps that the codebase is largely written in go.</p><p>By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.</p><p>Check out my gitea instance exposed via Funnel <a href=https://gitea.snake-cloud.ts.net class=link--external target=_blank rel=noreferrer>here</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.de5935a2d4f514c800df64101f395e9d0dde9eec95d5b8e337e08f1d470224bc2b2c3c04c3a97bca97bbb6702e16726b467d47bbbba5f75b489840434c67167f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>

blog/using-aks-and-socks-to-connect-to-a-private-azure-db/index.html

@@ -15,4 +15,4 @@ If this sounds more appealing, install <a href=https://github.com/antitree/krew-
 </span></span><span style=display:flex><span>using: image=serjs/go-socks5-proxy
 </span></span><span style=display:flex><span>Creating SOCKS5 Proxy (Pod)...
 </span></span><span style=display:flex><span>pod/davegallant-proxy created
-</span></span></code></pre></div><p>With the above proxy connection open, it is possible to access both the DNS and private IPs accessible within the k8s cluster. In this case, I am able to access the private database, since there is network connectivity between the k8s cluster and the database.</p><h2 id=caveats-and-conclusion>Caveats and Conclusion<a href=#caveats-and-conclusion class=post-heading__anchor aria-hidden=true>#</a></h2><p>The above outlined solution makes some assumptions:</p><ul><li>there is a k8s cluster</li><li>the k8s cluster has network connectivity to the desired private database</li></ul><p>If these stars align, than this solution might work as a stopgap for accessing a private Azure DB (and I&rsquo;m assuming this could work similarly on AWS).</p><p>It would be nice if Azure provided tooling similar to cloud-sql-proxy, so that using private databases would be more of a convenient experience.</p><p><del>One other thing to note is that some clients (such as <a href=https://dbeaver.io/ class=link--external target=_blank rel=noreferrer>dbeaver</a>) <a href=https://github.com/dbeaver/dbeaver/issues/872 class=link--external target=_blank rel=noreferrer>do not provide DNS resolution over SOCKS</a>. So in this case, you won&rsquo;t be able to use DNS as if you were inside the cluster, but instead have to rely on knowing private ip addresses.</del></p><blockquote><p><strong>2025-01-16:</strong>: DNS over SOCKS now works with the latest dbeaver client.</p></blockquote></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.7c8af88eeccecd293ae36612443495a37cdbbed5ef6f1407a082711eea42df840233fc50872c5a6c6f83cb73434e98a73ec61deae89c0a32ba04ae19f0f7f24f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>
+</span></span></code></pre></div><p>With the above proxy connection open, it is possible to access both the DNS and private IPs accessible within the k8s cluster. In this case, I am able to access the private database, since there is network connectivity between the k8s cluster and the database.</p><h2 id=caveats-and-conclusion>Caveats and Conclusion<a href=#caveats-and-conclusion class=post-heading__anchor aria-hidden=true>#</a></h2><p>The above outlined solution makes some assumptions:</p><ul><li>there is a k8s cluster</li><li>the k8s cluster has network connectivity to the desired private database</li></ul><p>If these stars align, than this solution might work as a stopgap for accessing a private Azure DB (and I&rsquo;m assuming this could work similarly on AWS).</p><p>It would be nice if Azure provided tooling similar to cloud-sql-proxy, so that using private databases would be more of a convenient experience.</p><p><del>One other thing to note is that some clients (such as <a href=https://dbeaver.io/ class=link--external target=_blank rel=noreferrer>dbeaver</a>) <a href=https://github.com/dbeaver/dbeaver/issues/872 class=link--external target=_blank rel=noreferrer>do not provide DNS resolution over SOCKS</a>. So in this case, you won&rsquo;t be able to use DNS as if you were inside the cluster, but instead have to rely on knowing private ip addresses.</del></p><blockquote><p><strong>2025-01-16:</strong>: DNS over SOCKS now works with the latest dbeaver client.</p></blockquote></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.de5935a2d4f514c800df64101f395e9d0dde9eec95d5b8e337e08f1d470224bc2b2c3c04c3a97bca97bbb6702e16726b467d47bbbba5f75b489840434c67167f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>

blog/watching-youtube-in-private/index.html

@@ -67,4 +67,4 @@
 </span></span><span style=display:flex><span>        }
 </span></span><span style=display:flex><span>    ]
 </span></span><span style=display:flex><span>}
-</span></span></code></pre></div><p>Now the link <a href="https://www.youtube.com/watch?v=-lz30by8-sU" class=link--external target=_blank rel=noreferrer>https://www.youtube.com/watch?v=-lz30by8-sU</a> will redirect to <a href="http://invidious:3000/watch?v=-lz30by8-sU" class=link--external target=_blank rel=noreferrer>http://invidious:3000/watch?v=-lz30by8-sU</a></p><p>I&rsquo;m still looking for ways to improve this invidious setup. There doesn&rsquo;t appear to be a way to stream in 4K yet.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.7c8af88eeccecd293ae36612443495a37cdbbed5ef6f1407a082711eea42df840233fc50872c5a6c6f83cb73434e98a73ec61deae89c0a32ba04ae19f0f7f24f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>
+</span></span></code></pre></div><p>Now the link <a href="https://www.youtube.com/watch?v=-lz30by8-sU" class=link--external target=_blank rel=noreferrer>https://www.youtube.com/watch?v=-lz30by8-sU</a> will redirect to <a href="http://invidious:3000/watch?v=-lz30by8-sU" class=link--external target=_blank rel=noreferrer>http://invidious:3000/watch?v=-lz30by8-sU</a></p><p>I&rsquo;m still looking for ways to improve this invidious setup. There doesn&rsquo;t appear to be a way to stream in 4K yet.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.de5935a2d4f514c800df64101f395e9d0dde9eec95d5b8e337e08f1d470224bc2b2c3c04c3a97bca97bbb6702e16726b467d47bbbba5f75b489840434c67167f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>

blog/why-i-threw-out-my-dotfiles/index.html

@@ -114,4 +114,4 @@
 </span></span><span style=display:flex><span>  };
 </span></span><span style=display:flex><span>}
 </span></span></code></pre></div><p>Save the file and run:</p><pre tabindex=0><code>home-manager switch
-</code></pre><p>You should see another wave of <code>/nix/store/*</code> paths. The new configuration should now be active.</p><p>If you run <code>zsh</code>, you should see that you have <a href=https://starship.rs/ class=link--external target=_blank rel=noreferrer>starship</a> and access to several other utils such as <code>rg</code>, <code>fd</code>, and <code>exa</code>.</p><p>This basic configuration above is also defining your <code>~/.config/git/config</code> and <code>.zshrc</code>. If you already have either of these files, home-manager will complain about them already existing.</p><p>If you run <code>cat ~/.zshrc</code>, you will see the way these configuration files are generated.</p><p>You can extend this configuration for programs such as (neo)vim, emacs, alacritty, ssh, etc. To see other programs, take a look at <a href=https://github.com/nix-community/home-manager/tree/master/modules/programs class=link--external target=_blank rel=noreferrer>home-manager/modules/programs</a>.</p><h2 id=gateway-to-nix>Gateway To Nix<a href=#gateway-to-nix class=post-heading__anchor aria-hidden=true>#</a></h2><p>In ways, home-manager can be seen as a gateway to the nix ecosystem. If you have enjoyed the way you can declare user configuration with home-manager, you may be interested in expanding your configuration to include other system dependencies and configuration. For example, in Linux you can define your entire system&rsquo;s configuration (including the kernel, kernel modules, networking, filesystems, etc) in nix. For macOS, there is <a href=https://github.com/LnL7/nix-darwin class=link--external target=_blank rel=noreferrer>nix-darwin</a> that includes nix modules for configuring launchd, dock, and other preferences and services. You may also want to check out <a href=https://nixos.wiki/wiki/Flakes class=link--external target=_blank rel=noreferrer>Nix Flakes</a>: a more recent feature that allows you declare dependencies, and have them automatically pinned and hashed in <code>flake.lock</code>, similar to that of many modern package managers.</p><h2 id=wrapping-up>Wrapping up<a href=#wrapping-up class=post-heading__anchor aria-hidden=true>#</a></h2><p>The title of this post is slightly misleading, since it&rsquo;s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I&rsquo;d say so.</p><p>You can find my nix config <a href=https://github.com/davegallant/nix-config class=link--external target=_blank rel=noreferrer>here</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.7c8af88eeccecd293ae36612443495a37cdbbed5ef6f1407a082711eea42df840233fc50872c5a6c6f83cb73434e98a73ec61deae89c0a32ba04ae19f0f7f24f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>
+</code></pre><p>You should see another wave of <code>/nix/store/*</code> paths. The new configuration should now be active.</p><p>If you run <code>zsh</code>, you should see that you have <a href=https://starship.rs/ class=link--external target=_blank rel=noreferrer>starship</a> and access to several other utils such as <code>rg</code>, <code>fd</code>, and <code>exa</code>.</p><p>This basic configuration above is also defining your <code>~/.config/git/config</code> and <code>.zshrc</code>. If you already have either of these files, home-manager will complain about them already existing.</p><p>If you run <code>cat ~/.zshrc</code>, you will see the way these configuration files are generated.</p><p>You can extend this configuration for programs such as (neo)vim, emacs, alacritty, ssh, etc. To see other programs, take a look at <a href=https://github.com/nix-community/home-manager/tree/master/modules/programs class=link--external target=_blank rel=noreferrer>home-manager/modules/programs</a>.</p><h2 id=gateway-to-nix>Gateway To Nix<a href=#gateway-to-nix class=post-heading__anchor aria-hidden=true>#</a></h2><p>In ways, home-manager can be seen as a gateway to the nix ecosystem. If you have enjoyed the way you can declare user configuration with home-manager, you may be interested in expanding your configuration to include other system dependencies and configuration. For example, in Linux you can define your entire system&rsquo;s configuration (including the kernel, kernel modules, networking, filesystems, etc) in nix. For macOS, there is <a href=https://github.com/LnL7/nix-darwin class=link--external target=_blank rel=noreferrer>nix-darwin</a> that includes nix modules for configuring launchd, dock, and other preferences and services. You may also want to check out <a href=https://nixos.wiki/wiki/Flakes class=link--external target=_blank rel=noreferrer>Nix Flakes</a>: a more recent feature that allows you declare dependencies, and have them automatically pinned and hashed in <code>flake.lock</code>, similar to that of many modern package managers.</p><h2 id=wrapping-up>Wrapping up<a href=#wrapping-up class=post-heading__anchor aria-hidden=true>#</a></h2><p>The title of this post is slightly misleading, since it&rsquo;s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I&rsquo;d say so.</p><p>You can find my nix config <a href=https://github.com/davegallant/nix-config class=link--external target=_blank rel=noreferrer>here</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.de5935a2d4f514c800df64101f395e9d0dde9eec95d5b8e337e08f1d470224bc2b2c3c04c3a97bca97bbb6702e16726b467d47bbbba5f75b489840434c67167f.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>

index.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>davegallant.ca</title><link>/</link><description>Recent content on davegallant.ca</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>Dave Gallant</copyright><atom:link href="/index.xml" rel="self" type="application/rss+xml"/><item><title>Using a Realtek NIC with OPNsense</title><link>/blog/using-a-realtek-nic-with-opnsense/</link><pubDate>Mon, 21 Apr 2025 17:17:46 -0400</pubDate><guid>/blog/using-a-realtek-nic-with-opnsense/</guid><description>&lt;p>For the past few years, I&amp;rsquo;ve been running pfSense (and more recently OPNsense) in a virtual machine within Proxmox. This has been running fine with a single onboard Intel NIC. A few months ago, I upgraded to a machine that has a CPU that supports hardware-accelerated transcoding, has more SATA ports, and has more PCI slots for future expansion. With the goal of having a dedicated NIC for WAN, I bought an inexpensive 1Gbps PCIe NIC (TG-3468) despite reading about some of the concerns around Realtek NICs (sluggish performance, driver instability, and in some cases system crashes).&lt;/p>
-&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and some commonly documented workarounds did not solve my problems.&lt;/p></description></item><item><title>Replicating TrueNAS datasets to sftpgo over Tailscale</title><link>/blog/replicating-truenas-datasets-to-sftpgo-over-tailscale/</link><pubDate>Thu, 17 Apr 2025 22:03:33 -0400</pubDate><guid>/blog/replicating-truenas-datasets-to-sftpgo-over-tailscale/</guid><description>&lt;p>I&amp;rsquo;ve recently spun up an instance of TrueNAS SCALE after salvaging a couple hard drives from a past computer build and decided I could use additional network storage for various backups such as Proxmox VMs and home directory backups.&lt;/p></description></item><item><title>Opting out of haveibeenpwned</title><link>/blog/opting-out-of-haveibeenpwned/</link><pubDate>Sun, 16 Feb 2025 21:15:07 -0500</pubDate><guid>/blog/opting-out-of-haveibeenpwned/</guid><description>&lt;p>Data breaches are a concern for anyone trying to live a life of relative privacy. Last month, PowerSchool informed its customers that &lt;a
+&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and commonly documented workarounds did not solve my problems.&lt;/p></description></item><item><title>Replicating TrueNAS datasets to sftpgo over Tailscale</title><link>/blog/replicating-truenas-datasets-to-sftpgo-over-tailscale/</link><pubDate>Thu, 17 Apr 2025 22:03:33 -0400</pubDate><guid>/blog/replicating-truenas-datasets-to-sftpgo-over-tailscale/</guid><description>&lt;p>I&amp;rsquo;ve recently spun up an instance of TrueNAS SCALE after salvaging a couple hard drives from a past computer build and decided I could use additional network storage for various backups such as Proxmox VMs and home directory backups.&lt;/p></description></item><item><title>Opting out of haveibeenpwned</title><link>/blog/opting-out-of-haveibeenpwned/</link><pubDate>Sun, 16 Feb 2025 21:15:07 -0500</pubDate><guid>/blog/opting-out-of-haveibeenpwned/</guid><description>&lt;p>Data breaches are a concern for anyone trying to live a life of relative privacy. Last month, PowerSchool informed its customers that &lt;a
 href="https://www.bleepingcomputer.com/news/security/powerschool-hacker-claims-they-stole-data-of-62-million-students/"
 class="link--external" target="_blank" rel="noreferrer"
 >hackers stole data of 62 million students&lt;/a>. This may not have impacted you, but unless you have been practicing &lt;a

sitemap.xml

@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"><sitemap><loc>/en/sitemap.xml</loc><lastmod>2025-04-21T21:49:59-04:00</lastmod></sitemap><sitemap><loc>/de/sitemap.xml</loc></sitemap></sitemapindex>
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"><sitemap><loc>/en/sitemap.xml</loc><lastmod>2025-04-26T18:06:19-04:00</lastmod></sitemap><sitemap><loc>/de/sitemap.xml</loc></sitemap></sitemapindex>

tags/freebsd/index.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>freebsd on davegallant.ca</title><link>/tags/freebsd/</link><description>Recent content in freebsd on davegallant.ca</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>Dave Gallant</copyright><lastBuildDate>Mon, 21 Apr 2025 17:17:46 -0400</lastBuildDate><atom:link href="/tags/freebsd/index.xml" rel="self" type="application/rss+xml"/><item><title>Using a Realtek NIC with OPNsense</title><link>/blog/using-a-realtek-nic-with-opnsense/</link><pubDate>Mon, 21 Apr 2025 17:17:46 -0400</pubDate><guid>/blog/using-a-realtek-nic-with-opnsense/</guid><description>&lt;p>For the past few years, I&amp;rsquo;ve been running pfSense (and more recently OPNsense) in a virtual machine within Proxmox. This has been running fine with a single onboard Intel NIC. A few months ago, I upgraded to a machine that has a CPU that supports hardware-accelerated transcoding, has more SATA ports, and has more PCI slots for future expansion. With the goal of having a dedicated NIC for WAN, I bought an inexpensive 1Gbps PCIe NIC (TG-3468) despite reading about some of the concerns around Realtek NICs (sluggish performance, driver instability, and in some cases system crashes).&lt;/p>
-&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and some commonly documented workarounds did not solve my problems.&lt;/p></description></item></channel></rss>
+&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and commonly documented workarounds did not solve my problems.&lt;/p></description></item></channel></rss>

tags/linux/index.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>linux on davegallant.ca</title><link>/tags/linux/</link><description>Recent content in linux on davegallant.ca</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>Dave Gallant</copyright><lastBuildDate>Mon, 21 Apr 2025 17:17:46 -0400</lastBuildDate><atom:link href="/tags/linux/index.xml" rel="self" type="application/rss+xml"/><item><title>Using a Realtek NIC with OPNsense</title><link>/blog/using-a-realtek-nic-with-opnsense/</link><pubDate>Mon, 21 Apr 2025 17:17:46 -0400</pubDate><guid>/blog/using-a-realtek-nic-with-opnsense/</guid><description>&lt;p>For the past few years, I&amp;rsquo;ve been running pfSense (and more recently OPNsense) in a virtual machine within Proxmox. This has been running fine with a single onboard Intel NIC. A few months ago, I upgraded to a machine that has a CPU that supports hardware-accelerated transcoding, has more SATA ports, and has more PCI slots for future expansion. With the goal of having a dedicated NIC for WAN, I bought an inexpensive 1Gbps PCIe NIC (TG-3468) despite reading about some of the concerns around Realtek NICs (sluggish performance, driver instability, and in some cases system crashes).&lt;/p>
-&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and some commonly documented workarounds did not solve my problems.&lt;/p></description></item><item><title>AppGate SDP on Arch Linux</title><link>/blog/appgate-sdp-on-arch-linux/</link><pubDate>Mon, 16 Mar 2020 22:00:15 -0400</pubDate><guid>/blog/appgate-sdp-on-arch-linux/</guid><description>&lt;p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP &lt;code>4.3.2&lt;/code> working on Arch Linux.&lt;/p></description></item></channel></rss>
+&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and commonly documented workarounds did not solve my problems.&lt;/p></description></item><item><title>AppGate SDP on Arch Linux</title><link>/blog/appgate-sdp-on-arch-linux/</link><pubDate>Mon, 16 Mar 2020 22:00:15 -0400</pubDate><guid>/blog/appgate-sdp-on-arch-linux/</guid><description>&lt;p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP &lt;code>4.3.2&lt;/code> working on Arch Linux.&lt;/p></description></item></channel></rss>

tags/nic/index.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>nic on davegallant.ca</title><link>/tags/nic/</link><description>Recent content in nic on davegallant.ca</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>Dave Gallant</copyright><lastBuildDate>Mon, 21 Apr 2025 17:17:46 -0400</lastBuildDate><atom:link href="/tags/nic/index.xml" rel="self" type="application/rss+xml"/><item><title>Using a Realtek NIC with OPNsense</title><link>/blog/using-a-realtek-nic-with-opnsense/</link><pubDate>Mon, 21 Apr 2025 17:17:46 -0400</pubDate><guid>/blog/using-a-realtek-nic-with-opnsense/</guid><description>&lt;p>For the past few years, I&amp;rsquo;ve been running pfSense (and more recently OPNsense) in a virtual machine within Proxmox. This has been running fine with a single onboard Intel NIC. A few months ago, I upgraded to a machine that has a CPU that supports hardware-accelerated transcoding, has more SATA ports, and has more PCI slots for future expansion. With the goal of having a dedicated NIC for WAN, I bought an inexpensive 1Gbps PCIe NIC (TG-3468) despite reading about some of the concerns around Realtek NICs (sluggish performance, driver instability, and in some cases system crashes).&lt;/p>
-&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and some commonly documented workarounds did not solve my problems.&lt;/p></description></item></channel></rss>
+&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and commonly documented workarounds did not solve my problems.&lt;/p></description></item></channel></rss>

tags/opnsense/index.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>opnsense on davegallant.ca</title><link>/tags/opnsense/</link><description>Recent content in opnsense on davegallant.ca</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>Dave Gallant</copyright><lastBuildDate>Mon, 21 Apr 2025 17:17:46 -0400</lastBuildDate><atom:link href="/tags/opnsense/index.xml" rel="self" type="application/rss+xml"/><item><title>Using a Realtek NIC with OPNsense</title><link>/blog/using-a-realtek-nic-with-opnsense/</link><pubDate>Mon, 21 Apr 2025 17:17:46 -0400</pubDate><guid>/blog/using-a-realtek-nic-with-opnsense/</guid><description>&lt;p>For the past few years, I&amp;rsquo;ve been running pfSense (and more recently OPNsense) in a virtual machine within Proxmox. This has been running fine with a single onboard Intel NIC. A few months ago, I upgraded to a machine that has a CPU that supports hardware-accelerated transcoding, has more SATA ports, and has more PCI slots for future expansion. With the goal of having a dedicated NIC for WAN, I bought an inexpensive 1Gbps PCIe NIC (TG-3468) despite reading about some of the concerns around Realtek NICs (sluggish performance, driver instability, and in some cases system crashes).&lt;/p>
-&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and some commonly documented workarounds did not solve my problems.&lt;/p></description></item></channel></rss>
+&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and commonly documented workarounds did not solve my problems.&lt;/p></description></item></channel></rss>

tags/pfsense/index.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>pfsense on davegallant.ca</title><link>/tags/pfsense/</link><description>Recent content in pfsense on davegallant.ca</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>Dave Gallant</copyright><lastBuildDate>Mon, 21 Apr 2025 17:17:46 -0400</lastBuildDate><atom:link href="/tags/pfsense/index.xml" rel="self" type="application/rss+xml"/><item><title>Using a Realtek NIC with OPNsense</title><link>/blog/using-a-realtek-nic-with-opnsense/</link><pubDate>Mon, 21 Apr 2025 17:17:46 -0400</pubDate><guid>/blog/using-a-realtek-nic-with-opnsense/</guid><description>&lt;p>For the past few years, I&amp;rsquo;ve been running pfSense (and more recently OPNsense) in a virtual machine within Proxmox. This has been running fine with a single onboard Intel NIC. A few months ago, I upgraded to a machine that has a CPU that supports hardware-accelerated transcoding, has more SATA ports, and has more PCI slots for future expansion. With the goal of having a dedicated NIC for WAN, I bought an inexpensive 1Gbps PCIe NIC (TG-3468) despite reading about some of the concerns around Realtek NICs (sluggish performance, driver instability, and in some cases system crashes).&lt;/p>
-&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and some commonly documented workarounds did not solve my problems.&lt;/p></description></item><item><title>Virtualizing my router with pfSense</title><link>/blog/virtualizing-a-router-with-pfsense/</link><pubDate>Sat, 02 Apr 2022 18:50:09 -0400</pubDate><guid>/blog/virtualizing-a-router-with-pfsense/</guid><description>&lt;p>My aging router has been running &lt;a
+&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and commonly documented workarounds did not solve my problems.&lt;/p></description></item><item><title>Virtualizing my router with pfSense</title><link>/blog/virtualizing-a-router-with-pfsense/</link><pubDate>Sat, 02 Apr 2022 18:50:09 -0400</pubDate><guid>/blog/virtualizing-a-router-with-pfsense/</guid><description>&lt;p>My aging router has been running &lt;a
 href="https://en.wikipedia.org/wiki/OpenWrt"
 class="link--external" target="_blank" rel="noreferrer"
 >OpenWrt&lt;/a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a &lt;a

tags/proxmox/index.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>proxmox on davegallant.ca</title><link>/tags/proxmox/</link><description>Recent content in proxmox on davegallant.ca</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>Dave Gallant</copyright><lastBuildDate>Mon, 21 Apr 2025 17:17:46 -0400</lastBuildDate><atom:link href="/tags/proxmox/index.xml" rel="self" type="application/rss+xml"/><item><title>Using a Realtek NIC with OPNsense</title><link>/blog/using-a-realtek-nic-with-opnsense/</link><pubDate>Mon, 21 Apr 2025 17:17:46 -0400</pubDate><guid>/blog/using-a-realtek-nic-with-opnsense/</guid><description>&lt;p>For the past few years, I&amp;rsquo;ve been running pfSense (and more recently OPNsense) in a virtual machine within Proxmox. This has been running fine with a single onboard Intel NIC. A few months ago, I upgraded to a machine that has a CPU that supports hardware-accelerated transcoding, has more SATA ports, and has more PCI slots for future expansion. With the goal of having a dedicated NIC for WAN, I bought an inexpensive 1Gbps PCIe NIC (TG-3468) despite reading about some of the concerns around Realtek NICs (sluggish performance, driver instability, and in some cases system crashes).&lt;/p>
-&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and some commonly documented workarounds did not solve my problems.&lt;/p></description></item><item><title>Virtualizing my router with pfSense</title><link>/blog/virtualizing-a-router-with-pfsense/</link><pubDate>Sat, 02 Apr 2022 18:50:09 -0400</pubDate><guid>/blog/virtualizing-a-router-with-pfsense/</guid><description>&lt;p>My aging router has been running &lt;a
+&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and commonly documented workarounds did not solve my problems.&lt;/p></description></item><item><title>Virtualizing my router with pfSense</title><link>/blog/virtualizing-a-router-with-pfsense/</link><pubDate>Sat, 02 Apr 2022 18:50:09 -0400</pubDate><guid>/blog/virtualizing-a-router-with-pfsense/</guid><description>&lt;p>My aging router has been running &lt;a
 href="https://en.wikipedia.org/wiki/OpenWrt"
 class="link--external" target="_blank" rel="noreferrer"
 >OpenWrt&lt;/a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a &lt;a

tags/realtek/index.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>realtek on davegallant.ca</title><link>/tags/realtek/</link><description>Recent content in realtek on davegallant.ca</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>Dave Gallant</copyright><lastBuildDate>Mon, 21 Apr 2025 17:17:46 -0400</lastBuildDate><atom:link href="/tags/realtek/index.xml" rel="self" type="application/rss+xml"/><item><title>Using a Realtek NIC with OPNsense</title><link>/blog/using-a-realtek-nic-with-opnsense/</link><pubDate>Mon, 21 Apr 2025 17:17:46 -0400</pubDate><guid>/blog/using-a-realtek-nic-with-opnsense/</guid><description>&lt;p>For the past few years, I&amp;rsquo;ve been running pfSense (and more recently OPNsense) in a virtual machine within Proxmox. This has been running fine with a single onboard Intel NIC. A few months ago, I upgraded to a machine that has a CPU that supports hardware-accelerated transcoding, has more SATA ports, and has more PCI slots for future expansion. With the goal of having a dedicated NIC for WAN, I bought an inexpensive 1Gbps PCIe NIC (TG-3468) despite reading about some of the concerns around Realtek NICs (sluggish performance, driver instability, and in some cases system crashes).&lt;/p>
-&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and some commonly documented workarounds did not solve my problems.&lt;/p></description></item></channel></rss>
+&lt;p>I&amp;rsquo;ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and commonly documented workarounds did not solve my problems.&lt;/p></description></item></channel></rss>