dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-06 00:33:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switch to gruvbox theme

Browse Source
This commit is contained in:
Dave Gallant
2024-01-01 23:33:36 -05:00
parent c545a5a8c8
commit 66cff08323
513 changed files with 8930 additions and 20205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
content/about.md
View File

@@ -1,10 +0,0 @@
---
title: About
weight: -210
disable_comments: true
hide_date: true
---
I'm a software tinkerer with a passion for infrastructure, tooling, security, and coffee.
Feel free to reach out at [me@davegallant.ca](mailto:me@davegallant.ca).

3
content/post/appgate-sdp-on-arch-linux/index.md
View File

@@ -2,8 +2,7 @@
title: "AppGate SDP on Arch Linux"
date: 2020-03-16T22:00:15-04:00
draft: false
keywords: ['linux', 'vpn']
description: ""
comments: true
tags: ['linux', 'vpn', 'python']
author: "Dave Gallant"
---

29
content/post/automatically-rotating-aws-keys/index.md
View File

@@ -3,37 +3,10 @@ title: "Automatically rotating AWS access keys"
date: 2021-09-17T12:48:33-04:00
lastmod: 2021-09-17T12:48:33-04:00
draft: false
keywords: []
description: ""
comments: true
tags: ['aws', 'python', 'security', 'aws-vault']
categories: []
author: ""
# You can also close(false) or open(true) something for this content.
# P.S. comment can only be closed
comment: false
toc: false
autoCollapseToc: false
postMetaInFooter: false
hiddenFromHomePage: false
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false
flowchartDiagrams:
enable: false
options: ""
sequenceDiagrams:
enable: false
options: ""
---
<!--more-->
Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a [script](https://gist.github.com/davegallant/2c042686a78684a657fe99e20fa7a924#file-aws_access_key_rotator-py) since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
In the longer term, migrating my local workflows to [aws-vault](https://github.com/99designs/aws-vault) seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where [AWS suggests](https://docs.aws.amazon.com/sdkref/latest/guide/file-location.html)). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS's secure keystore. There is even a [rotate command](https://github.com/99designs/aws-vault/blob/master/USAGE.md#rotating-credentials) included.

37
content/post/backing-up-gmail-with-synology/index.md
View File

@@ -2,39 +2,14 @@
title: "Backing up gmail with Synology"
date: 2022-03-13T18:49:10-04:00
lastmod: 2022-03-13T18:49:10-04:00
comments: true
draft: false
keywords: []
description: ""
tags: ['degoogle', 'synology', 'gmail', 'backup', 'ransomware']
categories: []
author: ""
# You can also close(false) or open(true) something for this content.
# P.S. comment can only be closed
comment: false
toc: false
autoCollapseToc: false
postMetaInFooter: false
hiddenFromHomePage: false
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false
flowchartDiagrams:
enable: false
options: ""
sequenceDiagrams:
enable: false
options: ""
tags: ["degoogle", "synology", "gmail", "backup", "ransomware"]
---
<!--more-->
I've used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
I've used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
<!--more-->
The thought of completely de-googling has crossed my mind on occassion. Convenience, coupled with my admiration for Google engineering, has prevented me from doing so thus far. Though, I may end up doing so at some point in the future.
@@ -42,7 +17,7 @@ The thought of completely de-googling has crossed my mind on occassion. Convenie
Synology products are reasonably priced for what you get (essentially a cloud-in-a-box) and there is very little maintenance required. I've recently been in interested in syncing and snapshotting my personal data. I've setup [Synology's Cloud Sync](https://www.synology.com/en-ca/dsm/feature/cloud_sync) and keep copies of most of my cloud data.
I've used tools such as [gmvault](http://www.gmvault.org) with success in the past. Setting this up on a cron seems like a viable option. However, I don't really need a lot of the features it offers and do not plan to restore this data to another account.
I've used tools such as [gmvault](http://www.gmvault.org) with success in the past. Setting this up on a cron seems like a viable option. However, I don't really need a lot of the features it offers and do not plan to restore this data to another account.
Synology's MailPlus seems to be a good candidate for backing up this data. By enabling POP3 fetching, it's possible to fetch all existing emails, as well as periodically fetch all new emails. If a disaster ever did occur, having these emails would be beneficial, as they are an extension of my memory bank.
@@ -62,7 +37,7 @@ After this, mail started coming in.
![image](mail-plus-incoming-mail.png)
After fetching 19 years worth of emails, I tried searching for some emails. It only took a few seconds to search through ~50K emails, which is a relief if I ever did have to search for something important.
After fetching 19 years worth of emails, I tried searching for some emails. It only took a few seconds to search through ~50K emails, which is a relief if I ever did have to search for something important.
## Securing Synology

38
content/post/replacing-docker-with-podman-on-macos/index.md
View File

@@ -3,39 +3,14 @@ title: "Replacing docker with podman on macOS (and Linux)"
date: 2021-10-11T10:43:35-04:00
lastmod: 2021-10-11T10:43:35-04:00
draft: false
keywords: []
description: ""
tags: ['docker', 'podman', 'containers']
author: ""
# You can also close(false) or open(true) something for this content.
# P.S. comment can only be closed
comment: false
toc: false
autoCollapseToc: false
postMetaInFooter: false
hiddenFromHomePage: false
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false
flowchartDiagrams:
enable: false
options: ""
sequenceDiagrams:
enable: false
options: ""
comments: true
tags: ["docker", "podman", "containers"]
---
<!--more-->
There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:
<!--more-->
{{< tweet 1388586550682861568 >}}
Docker has been one of the larger influencers in the container world, helping to standardize the [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/main/spec.md). For many developers, containers have become synonymous with terms like `docker` and `Dockerfile` (a file containing build instructions for a container image). Docker has certainly made it very convenient to build and run containers, but it is not the only solution for doing so.
@@ -85,7 +60,7 @@ Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8
Writing manifest to image destination
Storing signatures
14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
````
```
> If you're having an issue pulling images, you may need to remove `~/.docker/config.json` or remove the set of auths in the configuration as mentioned [here](https://stackoverflow.com/a/69121873/1191286).
@@ -118,7 +93,7 @@ alias docker=podman
### podman-compose
You may be wondering: what about docker-compose? Well, there *claims* to be a drop-in replacement for it: [podman-compose](https://github.com/containers/podman-compose).
You may be wondering: what about docker-compose? Well, there _claims_ to be a drop-in replacement for it: [podman-compose](https://github.com/containers/podman-compose).
```sh
pip3 install --user podman-compose
@@ -168,5 +143,4 @@ One caveat to mention is that there isn't an official graphical user interface f
> Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using [sshfs](https://en.wikipedia.org/wiki/SSHFS) was shared [here](https://github.com/containers/podman/issues/8016#issuecomment-920015800).
I had been experimenting with Podman on Linux before writing this, but after listening to this [podcast episode](https://kubernetespodcast.com/episode/164-podman/), I was inspired to give Podman a try on macOS.

23
content/post/running-k3s-in-lxc-on-proxmox/index.md
View File

@@ -3,29 +3,8 @@ title: "Running K3s in LXC on Proxmox"
date: 2021-11-14T10:07:03-05:00
lastmod: 2021-11-14T10:07:03-05:00
draft: false
keywords: []
description: ""
comments: true
tags: ["k3s", "proxmox", "lxc", "self-hosted"]
categories: []
author: ""
comment: false
toc: false
autoCollapseToc: false
postMetaInFooter: false
hiddenFromHomePage: false
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false
flowchartDiagrams:
enable: false
options: ""
sequenceDiagrams:
enable: false
options: ""
---
It has been a while since I've actively used Kubernetes and wanted to explore the evolution of tools such as [Helm](https://helm.sh) and [Tekton](https://tekton.dev). I decided to deploy [K3s](https://k3s.io), since I've had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it'd be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. LXC containers also provide an efficient way to use a machine's resources.

31
content/post/setting-up-gitea-actions-with-tailscale/index.md
View File

@@ -1,40 +1,17 @@
---
title: "Setting up Gitea Actions with Tailscale"
date: 2023-12-10T17:22:11-05:00
comments: true
lastmod: 2023-12-10T17:22:11-05:00
draft: false
keywords: []
description: ""
tags: ["gitea", "gitea actions", "github actions", "tailscale", "self-hosted"]
categories: []
author: ""
# You can also close(false) or open(true) something for this content.
# P.S. comment can only be closed
comment: false
toc: false
autoCollapseToc: false
postMetaInFooter: false
hiddenFromHomePage: false
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false
flowchartDiagrams:
enable: false
options: ""
sequenceDiagrams:
enable: false
options: ""
---
<!--more-->
In this post I'll go through the process of setting up Gitea Actions and [Tailscale](https://tailscale.com/), unlocking a simple and secure way to automate workflows.
<!--more-->
## What is Gitea?
[Gitea](https://about.gitea.com/) is a lightweight and fast git server that has much of the same look and feel as github. I have been using it in my homelab to mirror repositories hosted on other platforms such as github and gitlab. These mirrors take advantage of the decentralized nature of git by serving as "backups". One of the main reasons I hadn't been using it more often was due to the lack of integrated CI/CD. This is no longer the case.
@@ -209,7 +186,7 @@ jobs:
And voilà:
{{< video src="gitea-workflow" >}}
{{< video poster="gitea-workflow" >}}
You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have [tailscale ssh](https://tailscale.com/tailscale-ssh) enabled.

31
content/post/using-aks-and-socks-to-connect-to-a-private-azure-db/index.md
View File

@@ -3,8 +3,7 @@ title: "Using AKS and SOCKS to connect to a private Azure DB"
date: 2023-05-22T16:31:29-04:00
lastmod: 2023-05-22T16:31:29-04:00
draft: false
keywords: []
description: ""
comments: true
tags:
[
"aks",
@@ -20,36 +19,12 @@ tags:
"socat",
"socks",
]
categories: []
author: ""
# You can also close(false) or open(true) something for this content.
# P.S. comment can only be closed
comment: false
toc: false
autoCollapseToc: false
postMetaInFooter: false
hiddenFromHomePage: false
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false
flowchartDiagrams:
enable: false
options: ""
sequenceDiagrams:
enable: false
options: ""
---
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I'd rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I'd like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
<!--more-->
## The Problem
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I'd rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I'd like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
## Go Public?

32
content/post/virtualizing-a-router-with-pfsense/index.md
View File

@@ -3,8 +3,7 @@ title: "Virtualizing my router with pfSense"
date: 2022-04-02T18:50:09-04:00
lastmod: 2022-04-02T18:50:09-04:00
draft: false
keywords: []
description: ""
comments: true
tags:
[
"pfsense",
@@ -15,37 +14,12 @@ tags:
"vlan",
"self-hosted",
]
categories: []
author: ""
# You can also close(false) or open(true) something for this content.
# P.S. comment can only be closed
comment: false
toc: false
autoCollapseToc: false
postMetaInFooter: false
hiddenFromHomePage: false
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false
flowchartDiagrams:
enable: false
options: ""
sequenceDiagrams:
enable: false
options: ""
---
<!--more-->
## The problem
My aging router has been running [OpenWrt](https://en.wikipedia.org/wiki/OpenWrt) for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a [large index of packages](https://openwrt.org/packages/index/start). Ever since I've connected some standalone wireless access points, I've had less of a need for an off-the-shelf all-in-one wireless router combo. I've also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
<!--more-->
## pfSense
I figured this would be a good opportunity to try [pfSense](https://en.wikipedia.org/wiki/PfSense). I've heard nothing but positive things about pfSense and the fact it's been around since 2004, based on FreeBSD, and written in PHP gave me the impression that it would be relatively stable (and I'd expect nothing less because it has an important job to do!). pfSense can be run on many different machines, and there are even some [officially supported appliances](https://www.netgate.com/appliances). Since I already have a machine running Proxmox, why not just run it in a VM? It'd allow for automatic snapshotting of the machine. There is a good [video](https://www.youtube.com/watch?v=hdoBQNI_Ab8) on this by Techno Tim. Tim has a lot of good videos, and this one is about virtualizing pfSense.

30
content/post/watching-youtube-in-private/index.md
View File

@@ -3,8 +3,7 @@ title: "Watching YouTube in private"
date: 2022-12-10T21:46:55-05:00
lastmod: 2022-12-10T21:46:55-05:00
draft: false
keywords: []
description: ""
comments: true
tags:
[
"invidious",
@@ -15,35 +14,12 @@ tags:
"privacy",
"self-hosted",
]
categories: []
author: ""
# You can also close(false) or open(true) something for this content.
# P.S. comment can only be closed
comment: false
toc: false
autoCollapseToc: false
postMetaInFooter: false
hiddenFromHomePage: false
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false
flowchartDiagrams:
enable: false
options: ""
sequenceDiagrams:
enable: false
options: ""
---
<!--more-->
I recently stumbled upon [yewtu.be](https://yewtu.be) and found it intriguing. It not only allows you to watch YouTube without _being on YouTube_, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it's a hosted instance of [invidious](https://invidious.io/).
<!--more-->
![image](computerphile.png)
The layout is simple, and **JavaScript is not required**.

16
content/post/what-to-do-with-a-homelab/index.md
View File

@@ -3,21 +3,7 @@ title: "What to do with a homelab"
date: 2021-09-06T01:12:54-04:00
lastmod: 2021-09-06T01:12:54-04:00
draft: false
keywords: []
description: ""
tags:
[
"tailscale",
"homelab",
"netdata",
"jellyfin",
"plex",
"pihole",
"virtualization",
"adguard",
"grafana",
"self-hosted",
]
comments: true
author: "Dave Gallant"
---

29
content/post/why-i-threw-out-my-dotfiles/index.md
View File

@@ -3,37 +3,12 @@ title: "Why I threw out my dotfiles"
date: 2021-09-08T00:42:33-04:00
lastmod: 2021-09-08T00:42:33-04:00
draft: false
keywords: []
description: ""
comments: true
tags: ['nix', 'dotfiles', 'home-manager']
categories: []
author: ""
# You can also close(false) or open(true) something for this content.
# P.S. comment can only be closed
comment: false
toc: false
autoCollapseToc: false
postMetaInFooter: false
hiddenFromHomePage: false
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false
flowchartDiagrams:
enable: false
options: ""
sequenceDiagrams:
enable: false
options: ""
---
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (`~/.zshrc`, `~/.config/git/config`, `~/.config/tmux/tmux.conf`, etc). I have tried several different ways to manage them, including [bare git repos](https://www.atlassian.com/git/tutorials/dotfiles) and utilities such as [GNU Stow](https://www.gnu.org/software/stow/). These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: [home-manager](https://github.com/nix-community/home-manager).
<!--more-->
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (`~/.zshrc`, `~/.config/git/config`, `~/.config/tmux/tmux.conf`, etc). I have tried several different ways to manage them, including [bare git repos](https://www.atlassian.com/git/tutorials/dotfiles) and utilities such as [GNU Stow](https://www.gnu.org/software/stow/). These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: [home-manager](https://github.com/nix-community/home-manager).
## What is home-manager?