From ad8ebbdb0b0a10b94420fd37c5f35d604ed779cd Mon Sep 17 00:00:00 2001 From: davegallant Date: Tue, 2 Jan 2024 17:12:19 +0000 Subject: [PATCH] deploy: aa31beb01c16b71d91e34f543d2b5878e4f18bb5 --- 404.html | 2 +- blog/2020/03/16/appgate-sdp-on-arch-linux/index.html | 2 +- blog/2021/09/06/what-to-do-with-a-homelab/index.html | 6 +++--- blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html | 2 +- .../09/17/automatically-rotating-aws-access-keys/index.html | 2 +- .../index.html | 2 +- blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html | 2 +- blog/2022/03/13/backing-up-gmail-with-synology/index.html | 2 +- .../04/02/virtualizing-my-router-with-pfsense/index.html | 2 +- blog/2022/12/10/watching-youtube-in-private/index.html | 2 +- .../index.html | 2 +- .../10/setting-up-gitea-actions-with-tailscale/index.html | 2 +- categories/index.html | 2 +- en/sitemap.xml | 2 +- index.html | 2 +- page/2/index.html | 2 +- post/index.html | 2 +- post/page/2/index.html | 2 +- sitemap.xml | 2 +- tags/aks/index.html | 2 +- tags/aws-vault/index.html | 2 +- tags/aws/index.html | 2 +- tags/azure/index.html | 2 +- tags/backup/index.html | 2 +- tags/bastion/index.html | 2 +- tags/cloud-sql-proxy/index.html | 2 +- tags/containers/index.html | 2 +- tags/database/index.html | 2 +- tags/degoogle/index.html | 2 +- tags/docker/index.html | 2 +- tags/dotfiles/index.html | 2 +- tags/eks/index.html | 2 +- tags/gitea-actions/index.html | 2 +- tags/gitea/index.html | 2 +- tags/github-actions/index.html | 2 +- tags/gmail/index.html | 2 +- tags/home-manager/index.html | 2 +- tags/index.html | 2 +- tags/invidious/index.html | 2 +- tags/k3s/index.html | 2 +- tags/k8s/index.html | 2 +- tags/kubectl-plugin-socks5-proxy/index.html | 2 +- tags/linux/index.html | 2 +- tags/lxc/index.html | 2 +- tags/nix/index.html | 2 +- tags/openwrt/index.html | 2 +- tags/page/2/index.html | 2 +- tags/page/3/index.html | 4 ++-- tags/page/4/index.html | 2 +- tags/page/5/index.html | 2 +- tags/pfsense/index.html | 2 +- tags/podman/index.html | 2 +- tags/privacy/index.html | 2 +- tags/proxmox/index.html | 2 +- tags/proxmox/index.xml | 2 +- tags/proxy/index.html | 2 +- tags/python/index.html | 2 +- tags/ransomware/index.html | 2 +- tags/router-on-a-stick/index.html | 2 +- tags/router/index.html | 2 +- tags/security/index.html | 2 +- tags/self-hosted/index.html | 2 +- tags/self-hosted/index.xml | 2 +- tags/socat/index.html | 2 +- tags/socks/index.html | 2 +- tags/synology/index.html | 2 +- tags/tailscale/index.html | 2 +- tags/tailscale/index.xml | 2 +- tags/vlan/index.html | 2 +- tags/vpn/index.html | 2 +- tags/yewtu.be/index.html | 2 +- tags/youtube/index.html | 2 +- 72 files changed, 75 insertions(+), 75 deletions(-) diff --git a/404.html b/404.html index 46472b95..0b38f0a2 100644 --- a/404.html +++ b/404.html @@ -1,4 +1,4 @@ 404 Page not found
-

404 Page not found

This is not the page you're looking for.

Dave Gallant
\ No newline at end of file +

404 Page not found

This is not the page you're looking for.

\ No newline at end of file diff --git a/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html b/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html index efa03cb0..82287c9e 100644 --- a/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html +++ b/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html @@ -59,4 +59,4 @@ Let’s try to run it.

This is a breaking change in Python3.8.
So what is calling platform.linux_distribution?
Let’s search for it:
$ sudo grep -r 'linux_distribution' /opt/appgate/linux/
 /opt/appgate/linux/nm.py:    if platform.linux_distribution()[0] != 'Fedora':
 
Aha! So this is in the local AppGate source code. This should be an easy fix. Let’s just replace this line with:
if True: # Since we are not using Fedora :)
-
Wrapping up
It turns out there are breaking changes in Python3.8.
The docs say Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.
I suppose this highlights one of the caveats of relying upon the system’s python, rather than having an isolated, dedicated environment for all dependencies.

\ No newline at end of file
+
Wrapping up
It turns out there are breaking changes in Python3.8.
The docs say Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.
I suppose this highlights one of the caveats of relying upon the system’s python, rather than having an isolated, dedicated environment for all dependencies.

\ No newline at end of file
diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/index.html b/blog/2021/09/06/what-to-do-with-a-homelab/index.html
index 2ac774be..550a3e81 100644
--- a/blog/2021/09/06/what-to-do-with-a-homelab/index.html
+++ b/blog/2021/09/06/what-to-do-with-a-homelab/index.html
@@ -1,9 +1,9 @@
 What to do with a homelab
 

-
What to do with a homelab
2021-09-06 by Dave Gallant (updated: 2024-01-01)
A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.
Do you want host your own Media server? Ad blocker? Web server?
+
What to do with a homelab
2021-09-06 by Dave Gallant (updated: 2024-01-02)
self‑hostedproxmoxtailscale
A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.
Do you want host your own Media server? Ad blocker? Web server?
 Are you interested in learning more about Linux? Virtualization? Networking? Security?
 Building a homelab can be an entertaining playground to enhance your computer skills.
One of the best parts about building a homelab is that it doesn’t have to be a large investment in terms of hardware. One of the simplest ways to build a homelab is out of a refurbished computer.
 Having multiple machines/nodes provides the advantage of increased redundancy, but starting out with a single node is enough to reap many of the benefits of having a homelab.
Virtualization
Virtualizing your hardware is an organized way of dividing up your machine’s resources. This can be done with something such as a Virtual Machine or something lighter like a container using LXC or runC.
-Containers have much less overhead in terms of boot time and storage allocation. This Stack Overflow answer sums it up nicely.
image
A hypervisor such as Proxmox can be installed in minutes on a new machine. It provides a web interface and a straight-forward way to spin up new VMs and containers. Even if your plan is to run mostly docker containers, Proxmox can be a useful abstraction for managing VMs, disks and running scheduled backups. You can even run docker within an LXC container by enabling nested virtualization. You’ll want to ensure that VT-d and VT-x are enabled in the BIOS if you decide to install a hypervisor to manage your virtualization.
Services
So what are some useful services to deploy?
  • Jellyfin or Plex - basically a self-hosted Netflix that can be used to stream from multiple devices, and the best part is that you manage the content! Unlike Plex, Jellyfin is open source and can be found here.
  • changedetection - is a self-hosted equivalent to something like visualping.io that will notify you when a webpage changes and keep track of the diffs
  • Adguard or Pihole - can block a list of known trackers for all clients on your local network. I’ve used pihole for a long time, but have recently switched to Adguard since the UI is more modern and it has the ability to toggle on/off a pre-defined list of services, including Netflix (this is useful if you have stealthy young kids). Either of these will speed up your internet experience, simply because you won’t need to download all of the extra tracking bloat.
  • Gitea - A lightweight git server. I use this to mirror git repos from GitHub, GitLab, etc.
  • Homer - A customizable landing page for services you need to access (including the ability to quickly search).
  • Uptime Kuma - A fancy tool for monitoring the uptime of services.
There is a large number of services you can self-host, including your own applications that you might be developing. awesome-self-hosted provides a curated list of services that might be of interest to you.
VPN
You could certainly setup and manage your own VPN by using something like OpenVPN, but there is also something else you can try: tailscale. It is a very quick way to create fully-encrypted connections between clients. With its MagicDNS, your can reference the names of machines like homer rather than using an IP address. By using this mesh-like VPN, you can easily create a secure tunnel to your homelab from anywhere.
Monitoring
dashboard
Monitoring can become an important aspect of your homelab after it starts to become something that is relied upon. One of the simplest ways to setup some monitoring is using netdata. It can be installed on individual containers, VMs, and also a hypervisor (such as Proxmox). All of the monitoring works out of the box by detecting disks, memory, network interfaces, etc.
Additionally, agents installed on different machines can all be centrally viewed in netdata, and it can alert you when some of your infrastructure is down or in a degraded state. Adding additional nodes to netdata is as simple as a 1-line shell command.
As mentioned above, Uptime Kuma is a convenient way to track uptime and monitor the availability of your services.
uptime-kuma
In Summary
Building out a homelab can be a rewarding experience and it doesn’t require buying a rack full of expensive servers to get a significant amount of utility. There are many services that you can run that require very minimal setup, making it possible to get a server up and running in a short period of time, with monitoring, and that can be securely connected to remotely.
Dave Gallant

\ No newline at end of file
+Containers have much less overhead in terms of boot time and storage allocation. This Stack Overflow answer sums it up nicely.
image
A hypervisor such as Proxmox can be installed in minutes on a new machine. It provides a web interface and a straight-forward way to spin up new VMs and containers. Even if your plan is to run mostly docker containers, Proxmox can be a useful abstraction for managing VMs, disks and running scheduled backups. You can even run docker within an LXC container by enabling nested virtualization. You’ll want to ensure that VT-d and VT-x are enabled in the BIOS if you decide to install a hypervisor to manage your virtualization.
Services
So what are some useful services to deploy?
  • Jellyfin or Plex - basically a self-hosted Netflix that can be used to stream from multiple devices, and the best part is that you manage the content! Unlike Plex, Jellyfin is open source and can be found here.
  • changedetection - is a self-hosted equivalent to something like visualping.io that will notify you when a webpage changes and keep track of the diffs
  • Adguard or Pihole - can block a list of known trackers for all clients on your local network. I’ve used pihole for a long time, but have recently switched to Adguard since the UI is more modern and it has the ability to toggle on/off a pre-defined list of services, including Netflix (this is useful if you have stealthy young kids). Either of these will speed up your internet experience, simply because you won’t need to download all of the extra tracking bloat.
  • Gitea - A lightweight git server. I use this to mirror git repos from GitHub, GitLab, etc.
  • Homer - A customizable landing page for services you need to access (including the ability to quickly search).
  • Uptime Kuma - A fancy tool for monitoring the uptime of services.
There is a large number of services you can self-host, including your own applications that you might be developing. awesome-self-hosted provides a curated list of services that might be of interest to you.
VPN
You could certainly setup and manage your own VPN by using something like OpenVPN, but there is also something else you can try: tailscale. It is a very quick way to create fully-encrypted connections between clients. With its MagicDNS, your can reference the names of machines like homer rather than using an IP address. By using this mesh-like VPN, you can easily create a secure tunnel to your homelab from anywhere.
Monitoring
dashboard
Monitoring can become an important aspect of your homelab after it starts to become something that is relied upon. One of the simplest ways to setup some monitoring is using netdata. It can be installed on individual containers, VMs, and also a hypervisor (such as Proxmox). All of the monitoring works out of the box by detecting disks, memory, network interfaces, etc.
Additionally, agents installed on different machines can all be centrally viewed in netdata, and it can alert you when some of your infrastructure is down or in a degraded state. Adding additional nodes to netdata is as simple as a 1-line shell command.
As mentioned above, Uptime Kuma is a convenient way to track uptime and monitor the availability of your services.
uptime-kuma
In Summary
Building out a homelab can be a rewarding experience and it doesn’t require buying a rack full of expensive servers to get a significant amount of utility. There are many services that you can run that require very minimal setup, making it possible to get a server up and running in a short period of time, with monitoring, and that can be securely connected to remotely.

\ No newline at end of file
diff --git a/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html b/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html
index c9886f1a..42ecb911 100644
--- a/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html
+++ b/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html
@@ -110,4 +110,4 @@
   };
 }
 
Save the file and run:
home-manager switch
-
You should see another wave of /nix/store/* paths. The new configuration should now be active.
If you run zsh, you should see that you have starship and access to several other utils such as rg, fd, and exa.
This basic configuration above is also defining your ~/.config/git/config and .zshrc. If you already have either of these files, home-manager will complain about them already existing.
If you run cat ~/.zshrc, you will see the way these configuration files are generated.
You can extend this configuration for programs such as (neo)vim, emacs, alacritty, ssh, etc. To see other programs, take a look at home-manager/modules/programs.
Gateway To Nix
In ways, home-manager can be seen as a gateway to the nix ecosystem. If you have enjoyed the way you can declare user configuration with home-manager, you may be interested in expanding your configuration to include other system dependencies and configuration. For example, in Linux you can define your entire system’s configuration (including the kernel, kernel modules, networking, filesystems, etc) in nix. For macOS, there is nix-darwin that includes nix modules for configuring launchd, dock, and other preferences and services. You may also want to check out Nix Flakes: a more recent feature that allows you declare dependencies, and have them automatically pinned and hashed in flake.lock, similar to that of many modern package managers.
Wrapping up
The title of this post is slightly misleading, since it’s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I’d say so.

\ No newline at end of file
+
You should see another wave of /nix/store/* paths. The new configuration should now be active.
If you run zsh, you should see that you have starship and access to several other utils such as rg, fd, and exa.
This basic configuration above is also defining your ~/.config/git/config and .zshrc. If you already have either of these files, home-manager will complain about them already existing.
If you run cat ~/.zshrc, you will see the way these configuration files are generated.
You can extend this configuration for programs such as (neo)vim, emacs, alacritty, ssh, etc. To see other programs, take a look at home-manager/modules/programs.
Gateway To Nix
In ways, home-manager can be seen as a gateway to the nix ecosystem. If you have enjoyed the way you can declare user configuration with home-manager, you may be interested in expanding your configuration to include other system dependencies and configuration. For example, in Linux you can define your entire system’s configuration (including the kernel, kernel modules, networking, filesystems, etc) in nix. For macOS, there is nix-darwin that includes nix modules for configuring launchd, dock, and other preferences and services. You may also want to check out Nix Flakes: a more recent feature that allows you declare dependencies, and have them automatically pinned and hashed in flake.lock, similar to that of many modern package managers.
Wrapping up
The title of this post is slightly misleading, since it’s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I’d say so.

\ No newline at end of file
diff --git a/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html b/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
index 4891dff4..d6000d5b 100644
--- a/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
+++ b/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
@@ -5,4 +5,4 @@ In the longer term, migrating my local workflows to aws-vault seems like a more
 In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.">

-
Automatically rotating AWS access keys
2021-09-17 (updated: 2024-01-01)
awspythonsecurityaws‑vault
Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
In the longer term, migrating my local workflows to aws-vault seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where AWS suggests). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS’s secure keystore. There is even a rotate command included.
Dave Gallant

\ No newline at end of file
+
Automatically rotating AWS access keys
2021-09-17 (updated: 2024-01-01)
awspythonsecurityaws‑vault
Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
In the longer term, migrating my local workflows to aws-vault seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where AWS suggests). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS’s secure keystore. There is even a rotate command included.

\ No newline at end of file
diff --git a/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html b/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html
index 0c9a587e..ebf20ab1 100644
--- a/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html
+++ b/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html
@@ -43,4 +43,4 @@
 0
 podman start -a davegallant.github.io_hello_world_1
 Hello world
-
This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.
Summary
Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.
One caveat to mention is that there isn’t an official graphical user interface for Podman, but there is an open issue considering one. If you rely heavily on Docker Desktop’s UI, you may not be as interested in using podman yet.
Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using sshfs was shared here.
I had been experimenting with Podman on Linux before writing this, but after listening to this podcast episode, I was inspired to give Podman a try on macOS.

\ No newline at end of file
+
This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.
Summary
Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.
One caveat to mention is that there isn’t an official graphical user interface for Podman, but there is an open issue considering one. If you rely heavily on Docker Desktop’s UI, you may not be as interested in using podman yet.
Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using sshfs was shared here.
I had been experimenting with Podman on Linux before writing this, but after listening to this podcast episode, I was inspired to give Podman a try on macOS.

\ No newline at end of file
diff --git a/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html b/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html
index 5f584874..4677fe31 100644
--- a/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html
+++ b/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html
@@ -44,4 +44,4 @@ As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1
 
 NAME                                                           REFERENCE                             TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
 horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook   Deployment/tekton-pipelines-webhook   9%/100%   1         5         1          12h
-
I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.
If I’m feeling adventurous, I might experiment with K3s rootless.

\ No newline at end of file
+
I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.
If I’m feeling adventurous, I might experiment with K3s rootless.

\ No newline at end of file
diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/index.html b/blog/2022/03/13/backing-up-gmail-with-synology/index.html
index 627ce5a6..fa9e2a55 100644
--- a/blog/2022/03/13/backing-up-gmail-with-synology/index.html
+++ b/blog/2022/03/13/backing-up-gmail-with-synology/index.html
@@ -3,4 +3,4 @@
 ">

 
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
The thought of completely de-googling has crossed my mind on occassion. Convenience, coupled with my admiration for Google engineering, has prevented me from doing so thus far. Though, I may end up doing so at some point in the future.
Synology MailPlus Server
Synology products are reasonably priced for what you get (essentially a cloud-in-a-box) and there is very little maintenance required. I’ve recently been in interested in syncing and snapshotting my personal data. I’ve setup Synology’s Cloud Sync and keep copies of most of my cloud data.
I’ve used tools such as gmvault with success in the past. Setting this up on a cron seems like a viable option. However, I don’t really need a lot of the features it offers and do not plan to restore this data to another account.
Synology’s MailPlus seems to be a good candidate for backing up this data. By enabling POP3 fetching, it’s possible to fetch all existing emails, as well as periodically fetch all new emails. If a disaster ever did occur, having these emails would be beneficial, as they are an extension of my memory bank.
Installing MailPlus can be done from the Package Center:
image
Next, I went into Synology MailPlus Server and on the left, clicked on Account and ensured my user was marked as active.
Afterwords, I followed these instructions in order to start backing up emails.
When entering the POP3 credentials, I created an app password solely for authenticating to POP3 from the Synology device. This is required because I have 2-Step verification enabled on my account. There doesn’t seem to be a more secure way to access POP3 at the moment. It does seem like app password access is limited in scope (when MFA is enabled). These app passwords can’t be used to login to the main Google account.
I made sure to set the Fetch Range to All in order to get all emails from the beginning of time.
After this, mail started coming in.
image
After fetching 19 years worth of emails, I tried searching for some emails. It only took a few seconds to search through ~50K emails, which is a relief if I ever did have to search for something important.
Securing Synology
Since Synology devices are not hermetically sealed, it’s best to secure them by enabling MFA to help prevent being the victim of ransomware. It is also wise to backup your system settings and volumes to the cloud using a tool such as Hyper Backup.
-Encrypting your shared volumes should also be done, since unfortunately DSM does not support full disk encryption.
Summary
Having backups of various forms of cloud data is a good investment, especially in times of war. I certainly feel more at ease for having backed up my emails.
Dave Gallant

\ No newline at end of file
+Encrypting your shared volumes should also be done, since unfortunately DSM does not support full disk encryption.
Summary
Having backups of various forms of cloud data is a good investment, especially in times of war. I certainly feel more at ease for having backed up my emails.

\ No newline at end of file
diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html b/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html
index 0134b3c6..66f1cd4d 100644
--- a/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html
+++ b/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html
@@ -3,4 +3,4 @@
 ">

 
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
pfSense
I figured this would be a good opportunity to try pfSense. I’ve heard nothing but positive things about pfSense and the fact it’s been around since 2004, based on FreeBSD, and written in PHP gave me the impression that it would be relatively stable (and I’d expect nothing less because it has an important job to do!). pfSense can be run on many different machines, and there are even some officially supported appliances. Since I already have a machine running Proxmox, why not just run it in a VM? It’d allow for automatic snapshotting of the machine. There is a good video on this by Techno Tim. Tim has a lot of good videos, and this one is about virtualizing pfSense.
Router on a stick
I had initially made the assumption that in order to build a router, you would need more than a single NIC (or a dual-port NIC) in order to support both WAN and LAN. This is simply not the case, because VLANs are awesome! In order to create a router, all you need is a single port NIC and a network switch that supports VLANs (also marketed as a managed switch). I picked up the Netgear GS308E because it has both a sufficient amount of ports for my needs, and it supports VLANs. It also has a nice sturdy metal frame which was a pleasant surprise.
After setting up this Netgear switch, it shoud be possible to access the web interface at http://192.168.0.239. It may be at a different address. To find the address, try checking your DHCP leases in your router interface (if you plugged it into an existing router). I realized I was unable to access this interface because I was on a different subnet, so I set my machine’s address to 192.168.0.22 in order to temporarily setup this switch. I assigned a static ip address to the switch (in System > Switch Information) so that it was in the same subnet as the rest of my network.
The web interface is nothing spectactular, but it allows for managing VLANs.
The following configuration will:
  • assign port 1 to be the LAN (connected to the Proxmox machine)
  • assign port 8 to be the WAN (connected to my ISP’s modem)
In the switch’s web interface, I went to VLAN and then 802.1Q, and then clicked on VLAN Configuration. I configured the ports to look like this:
vlan-config
Note that the VLAN Identifier Setting has been setup already with two VLANs (1 and 10). More VLANs can be created (i.e. to isolate IoT devices), but 2 VLANs is all we need for the initial setup of a router.
To replicate the above configuration, add a new VLAN ID 10 (1 should exist by default).
Next, go into VLAN Membership and configure VLAN 1’s port membership to be the following:
vlan-membership-1
and then configure VLAN 10’s port membership to be the following:
vlan-membership-10
Now, go into Port PVID and ensure that port 8 is set to PVID 10.
vlan-port-pvid
This above configuration will dedicate two of the eight ports to WAN and LAN. This will allow the internet to flow into the pfSense from the modem.
Setting up pfSense
pfSense is fairly easy to setup. Just download the latest ISO and boot up the virtual machine.
-When setting up the machine, I mostly went with all of the defaults. Configuration can be changed later in the web interface, which is quite a bit simpler.
Since VLANs are going to be leveraged, when you go to Assign Interfaces, VLANs should be setup now like the following:
  • WAN should be vtnet0.10
  • LAN should be vtnet0
After going through the rest of the installation, if everything is connected correctly it should display both WAN and LAN addresses.
If all goes well, the web interface should be running at https://192.168.1.1.
pfsense-dashboard
And this is where the fun begins. There are many tutorials and blogs about how to setup pfSense and various services and packages that can be installed. I’ve already installed pfBlocker-NG.
Summary
It is fairly simple to setup a router with pfSense from within a virtual machine. A physical dedicated routing machine is not necessary and often does not perform as well as software running on faster and more reliable hardware. So far, pfSense has been running for over a week without a single hiccup. pfSense is a mature piece of software that is incredibly powerful and flexible. To avoid some of the instability I had experienced with OpenWrt, I enabled AutoConfigBackup, which is capable of automatically backing up configuration upon every change. I plan to explore and experiment with more services and configuration in the future, so the ability to track all of these changes gives me the peace of mind that experimentation is safe.
Dave Gallant

\ No newline at end of file
+When setting up the machine, I mostly went with all of the defaults. Configuration can be changed later in the web interface, which is quite a bit simpler.
Since VLANs are going to be leveraged, when you go to Assign Interfaces, VLANs should be setup now like the following:
After going through the rest of the installation, if everything is connected correctly it should display both WAN and LAN addresses.
If all goes well, the web interface should be running at https://192.168.1.1.
pfsense-dashboard
And this is where the fun begins. There are many tutorials and blogs about how to setup pfSense and various services and packages that can be installed. I’ve already installed pfBlocker-NG.
Summary
It is fairly simple to setup a router with pfSense from within a virtual machine. A physical dedicated routing machine is not necessary and often does not perform as well as software running on faster and more reliable hardware. So far, pfSense has been running for over a week without a single hiccup. pfSense is a mature piece of software that is incredibly powerful and flexible. To avoid some of the instability I had experienced with OpenWrt, I enabled AutoConfigBackup, which is capable of automatically backing up configuration upon every change. I plan to explore and experiment with more services and configuration in the future, so the ability to track all of these changes gives me the peace of mind that experimentation is safe.

\ No newline at end of file
diff --git a/blog/2022/12/10/watching-youtube-in-private/index.html b/blog/2022/12/10/watching-youtube-in-private/index.html
index c4a02aa6..61ca50c2 100644
--- a/blog/2022/12/10/watching-youtube-in-private/index.html
+++ b/blog/2022/12/10/watching-youtube-in-private/index.html
@@ -42,4 +42,4 @@
 
 volumes:
   postgresdata:
-
After invidious was up and running, I installed Tailscale on it to leverage its MagicDNS, and I’m now able to access this instance from anywhere at http://invidious:3000/feed/subscriptions.
I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.
I went looking for a way to redirect paths at the browser level. I found the lightweight proxy requestly, which can be used to modify http requests in my browser. I created the following rules:
requestly
Now the link https://www.youtube.com/watch?v=-lz30by8-sU will redirect to http://invidious:3000/watch?v=-lz30by8-sU
I’m still looking for ways to improve this invidious setup. There doesn’t appear to be a way to stream in 4K yet.

\ No newline at end of file
+
After invidious was up and running, I installed Tailscale on it to leverage its MagicDNS, and I’m now able to access this instance from anywhere at http://invidious:3000/feed/subscriptions.
I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.
I went looking for a way to redirect paths at the browser level. I found the lightweight proxy requestly, which can be used to modify http requests in my browser. I created the following rules:
requestly
Now the link https://www.youtube.com/watch?v=-lz30by8-sU will redirect to http://invidious:3000/watch?v=-lz30by8-sU
I’m still looking for ways to improve this invidious setup. There doesn’t appear to be a way to stream in 4K yet.

\ No newline at end of file
diff --git a/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/index.html b/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/index.html
index 3519f367..d075adbe 100644
--- a/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/index.html
+++ b/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/index.html
@@ -11,4 +11,4 @@ If this sounds more appealing, install using: image=serjs/go-socks5-proxy
 Creating SOCKS5 Proxy (Pod)...
 pod/davegallant-proxy created
-
With the above proxy connection open, it is possible to access both the DNS and private IPs accessible within the k8s cluster. In this case, I am able to access the private database, since there is network connectivity between the k8s cluster and the database.
Caveats and Conclusion
The above outlined solution makes some assumptions:
If these stars align, than this solution might work as a stopgap for accessing a private Azure DB (and I’m assuming this could work similarly on AWS).
It would be nice if Azure provided tooling similar to cloud-sql-proxy, so that using private databases would be more of a convenient experience.
One other thing to note is that some clients (such as dbeaver) do not provide DNS resolution over SOCKS. So in this case, you won’t be able to use DNS as if you were inside the cluster, but instead have to rely on knowing private ip addresses.

\ No newline at end of file
+
With the above proxy connection open, it is possible to access both the DNS and private IPs accessible within the k8s cluster. In this case, I am able to access the private database, since there is network connectivity between the k8s cluster and the database.
Caveats and Conclusion
The above outlined solution makes some assumptions:
If these stars align, than this solution might work as a stopgap for accessing a private Azure DB (and I’m assuming this could work similarly on AWS).
It would be nice if Azure provided tooling similar to cloud-sql-proxy, so that using private databases would be more of a convenient experience.
One other thing to note is that some clients (such as dbeaver) do not provide DNS resolution over SOCKS. So in this case, you won’t be able to use DNS as if you were inside the cluster, but instead have to rely on knowing private ip addresses.

\ No newline at end of file
diff --git a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/index.html b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/index.html
index 3ca91a2c..cb958904 100644
--- a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/index.html
+++ b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/index.html
@@ -108,4 +108,4 @@
           from: RFD Notify
           body: |
             ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}            
-
And voilà:
You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have tailscale ssh enabled.
Areas for improvement
One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this doesn’t seem possible without adding logic to each workflow.
Conclusion
Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources. It likely helps that the codebase is largely written in go.
By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.

\ No newline at end of file
+
And voilà:
You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have tailscale ssh enabled.
Areas for improvement
One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this doesn’t seem possible without adding logic to each workflow.
Conclusion
Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources. It likely helps that the codebase is largely written in go.
By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.

\ No newline at end of file
diff --git a/categories/index.html b/categories/index.html
index 2268d4ef..a2afc1c5 100644
--- a/categories/index.html
+++ b/categories/index.html
@@ -1,4 +1,4 @@
 Categories
 

-
Categories
Dave Gallant

\ No newline at end of file
+
Categories

\ No newline at end of file
diff --git a/en/sitemap.xml b/en/sitemap.xml
index d31e1db1..e84ab9a7 100644
--- a/en/sitemap.xml
+++ b/en/sitemap.xml
@@ -1 +1 @@
-/2024-01-02T09:33:25-05:00/tags/gitea/2024-01-01T23:33:36-05:00/tags/gitea-actions/2024-01-01T23:33:36-05:00/tags/github-actions/2024-01-01T23:33:36-05:00/post/2024-01-02T09:33:25-05:00/tags/self-hosted/2024-01-01T23:33:36-05:00/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/2024-01-01T23:33:36-05:00/tags/2024-01-02T09:33:25-05:00/tags/tailscale/2024-01-01T23:33:36-05:00/tags/aks/2024-01-01T23:33:36-05:00/tags/aws/2024-01-01T23:33:36-05:00/tags/azure/2024-01-01T23:33:36-05:00/tags/bastion/2024-01-01T23:33:36-05:00/tags/cloud-sql-proxy/2024-01-01T23:33:36-05:00/tags/database/2024-01-01T23:33:36-05:00/tags/eks/2024-01-01T23:33:36-05:00/tags/k8s/2024-01-01T23:33:36-05:00/tags/kubectl-plugin-socks5-proxy/2024-01-01T23:33:36-05:00/tags/proxy/2024-01-01T23:33:36-05:00/tags/socat/2024-01-01T23:33:36-05:00/tags/socks/2024-01-01T23:33:36-05:00/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/2024-01-01T23:33:36-05:00/tags/degoogle/2024-01-01T23:33:36-05:00/tags/invidious/2024-01-01T23:33:36-05:00/tags/privacy/2024-01-01T23:33:36-05:00/blog/2022/12/10/watching-youtube-in-private/2024-01-01T23:33:36-05:00/tags/yewtu.be/2024-01-01T23:33:36-05:00/tags/youtube/2024-01-01T23:33:36-05:00/tags/openwrt/2024-01-01T23:33:36-05:00/tags/pfsense/2024-01-01T23:33:36-05:00/tags/proxmox/2024-01-01T23:33:36-05:00/tags/router/2024-01-01T23:33:36-05:00/tags/router-on-a-stick/2024-01-01T23:33:36-05:00/blog/2022/04/02/virtualizing-my-router-with-pfsense/2024-01-01T23:33:36-05:00/tags/vlan/2024-01-01T23:33:36-05:00/blog/2022/03/13/backing-up-gmail-with-synology/2024-01-01T23:33:36-05:00/tags/backup/2024-01-01T23:33:36-05:00/tags/gmail/2024-01-01T23:33:36-05:00/tags/ransomware/2024-01-01T23:33:36-05:00/tags/synology/2024-01-01T23:33:36-05:00/tags/k3s/2024-01-01T23:33:36-05:00/tags/lxc/2024-01-01T23:33:36-05:00/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/2024-01-01T23:33:36-05:00/tags/containers/2024-01-02T09:33:25-05:00/tags/docker/2024-01-02T09:33:25-05:00/tags/podman/2024-01-02T09:33:25-05:00/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/2024-01-02T09:33:25-05:00/blog/2021/09/17/automatically-rotating-aws-access-keys/2024-01-01T23:33:36-05:00/tags/aws-vault/2024-01-01T23:33:36-05:00/tags/python/2024-01-01T23:33:36-05:00/tags/security/2024-01-01T23:33:36-05:00/tags/dotfiles/2024-01-01T23:33:36-05:00/tags/home-manager/2024-01-01T23:33:36-05:00/tags/nix/2024-01-01T23:33:36-05:00/blog/2021/09/08/why-i-threw-out-my-dotfiles/2024-01-01T23:33:36-05:00/blog/2021/09/06/what-to-do-with-a-homelab/2024-01-01T23:33:36-05:00/blog/2020/03/16/appgate-sdp-on-arch-linux/2024-01-01T23:33:36-05:00/tags/linux/2024-01-01T23:33:36-05:00/tags/vpn/2024-01-01T23:33:36-05:00/categories/
\ No newline at end of file
+/2024-01-02T12:09:57-05:00/tags/gitea/2024-01-01T23:33:36-05:00/tags/gitea-actions/2024-01-01T23:33:36-05:00/tags/github-actions/2024-01-01T23:33:36-05:00/post/2024-01-02T12:09:57-05:00/tags/self-hosted/2024-01-02T12:09:57-05:00/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/2024-01-01T23:33:36-05:00/tags/2024-01-02T12:09:57-05:00/tags/tailscale/2024-01-02T12:09:57-05:00/tags/aks/2024-01-01T23:33:36-05:00/tags/aws/2024-01-01T23:33:36-05:00/tags/azure/2024-01-01T23:33:36-05:00/tags/bastion/2024-01-01T23:33:36-05:00/tags/cloud-sql-proxy/2024-01-01T23:33:36-05:00/tags/database/2024-01-01T23:33:36-05:00/tags/eks/2024-01-01T23:33:36-05:00/tags/k8s/2024-01-01T23:33:36-05:00/tags/kubectl-plugin-socks5-proxy/2024-01-01T23:33:36-05:00/tags/proxy/2024-01-01T23:33:36-05:00/tags/socat/2024-01-01T23:33:36-05:00/tags/socks/2024-01-01T23:33:36-05:00/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/2024-01-01T23:33:36-05:00/tags/degoogle/2024-01-01T23:33:36-05:00/tags/invidious/2024-01-01T23:33:36-05:00/tags/privacy/2024-01-01T23:33:36-05:00/blog/2022/12/10/watching-youtube-in-private/2024-01-01T23:33:36-05:00/tags/yewtu.be/2024-01-01T23:33:36-05:00/tags/youtube/2024-01-01T23:33:36-05:00/tags/openwrt/2024-01-01T23:33:36-05:00/tags/pfsense/2024-01-01T23:33:36-05:00/tags/proxmox/2024-01-02T12:09:57-05:00/tags/router/2024-01-01T23:33:36-05:00/tags/router-on-a-stick/2024-01-01T23:33:36-05:00/blog/2022/04/02/virtualizing-my-router-with-pfsense/2024-01-01T23:33:36-05:00/tags/vlan/2024-01-01T23:33:36-05:00/blog/2022/03/13/backing-up-gmail-with-synology/2024-01-01T23:33:36-05:00/tags/backup/2024-01-01T23:33:36-05:00/tags/gmail/2024-01-01T23:33:36-05:00/tags/ransomware/2024-01-01T23:33:36-05:00/tags/synology/2024-01-01T23:33:36-05:00/tags/k3s/2024-01-01T23:33:36-05:00/tags/lxc/2024-01-01T23:33:36-05:00/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/2024-01-01T23:33:36-05:00/tags/containers/2024-01-02T09:33:25-05:00/tags/docker/2024-01-02T09:33:25-05:00/tags/podman/2024-01-02T09:33:25-05:00/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/2024-01-02T09:33:25-05:00/blog/2021/09/17/automatically-rotating-aws-access-keys/2024-01-01T23:33:36-05:00/tags/aws-vault/2024-01-01T23:33:36-05:00/tags/python/2024-01-01T23:33:36-05:00/tags/security/2024-01-01T23:33:36-05:00/tags/dotfiles/2024-01-01T23:33:36-05:00/tags/home-manager/2024-01-01T23:33:36-05:00/tags/nix/2024-01-01T23:33:36-05:00/blog/2021/09/08/why-i-threw-out-my-dotfiles/2024-01-01T23:33:36-05:00/blog/2021/09/06/what-to-do-with-a-homelab/2024-01-02T12:09:57-05:00/blog/2020/03/16/appgate-sdp-on-arch-linux/2024-01-01T23:33:36-05:00/tags/linux/2024-01-01T23:33:36-05:00/tags/vpn/2024-01-01T23:33:36-05:00/categories/
\ No newline at end of file
diff --git a/index.html b/index.html
index fd226bf4..54a048fa 100644
--- a/index.html
+++ b/index.html
@@ -2,4 +2,4 @@
 

 
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >
Running K3s in LXC on Proxmox
2021-11-14 (updated: 2024-01-01)
k3sproxmoxlxcself‑hosted
It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
Read more >
Automatically rotating AWS access keys
2021-09-17 (updated: 2024-01-01)
awspythonsecurityaws‑vault
Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
-In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >
Why I threw out my dotfiles
2021-09-08 (updated: 2024-01-01)
nixdotfileshome‑manager
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
Read more >
What to do with a homelab
2021-09-06 by Dave Gallant (updated: 2024-01-01)
A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.
Read more >
Dave Gallant

\ No newline at end of file
+In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >
Why I threw out my dotfiles
2021-09-08 (updated: 2024-01-01)
nixdotfileshome‑manager
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
Read more >
What to do with a homelab
2021-09-06 by Dave Gallant (updated: 2024-01-02)
self‑hostedproxmoxtailscale
A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.
Read more >

\ No newline at end of file
diff --git a/page/2/index.html b/page/2/index.html
index 034cde17..733d972e 100644
--- a/page/2/index.html
+++ b/page/2/index.html
@@ -2,4 +2,4 @@
 

 
Dave Gallant

\ No newline at end of file
+Newer Posts

\ No newline at end of file
diff --git a/post/index.html b/post/index.html
index 444c27f0..78282de4 100644
--- a/post/index.html
+++ b/post/index.html
@@ -2,4 +2,4 @@
 

 
Posts
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >
Running K3s in LXC on Proxmox
2021-11-14 (updated: 2024-01-01)
k3sproxmoxlxcself‑hosted
It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
Read more >
Automatically rotating AWS access keys
2021-09-17 (updated: 2024-01-01)
awspythonsecurityaws‑vault
Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
-In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >
Why I threw out my dotfiles
2021-09-08 (updated: 2024-01-01)
nixdotfileshome‑manager
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
Read more >
What to do with a homelab
2021-09-06 by Dave Gallant (updated: 2024-01-01)
A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.
Read more >
Dave Gallant

\ No newline at end of file
+In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >
Why I threw out my dotfiles
2021-09-08 (updated: 2024-01-01)
nixdotfileshome‑manager
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
Read more >
What to do with a homelab
2021-09-06 by Dave Gallant (updated: 2024-01-02)
self‑hostedproxmoxtailscale
A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.
Read more >

\ No newline at end of file
diff --git a/post/page/2/index.html b/post/page/2/index.html
index d5969a28..4d58fbc9 100644
--- a/post/page/2/index.html
+++ b/post/page/2/index.html
@@ -2,4 +2,4 @@
 

 
Posts
Dave Gallant

\ No newline at end of file
+Newer Posts

\ No newline at end of file
diff --git a/sitemap.xml b/sitemap.xml
index be94e156..4a4cb4fe 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -1 +1 @@
-/en/sitemap.xml2024-01-02T09:33:25-05:00/de/sitemap.xml
\ No newline at end of file
+/en/sitemap.xml2024-01-02T12:09:57-05:00/de/sitemap.xml
\ No newline at end of file
diff --git a/tags/aks/index.html b/tags/aks/index.html
index a5ab81a3..94524590 100644
--- a/tags/aks/index.html
+++ b/tags/aks/index.html
@@ -1,4 +1,4 @@
 aks
 

-
aks
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
aks
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/aws-vault/index.html b/tags/aws-vault/index.html
index 973ea25f..f0996ddb 100644
--- a/tags/aws-vault/index.html
+++ b/tags/aws-vault/index.html
@@ -2,4 +2,4 @@
 

 
aws-vault
Automatically rotating AWS access keys
2021-09-17 (updated: 2024-01-01)
awspythonsecurityaws‑vault
Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
-In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >
Dave Gallant

\ No newline at end of file
+In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >

\ No newline at end of file
diff --git a/tags/aws/index.html b/tags/aws/index.html
index 779c023c..dea6a36a 100644
--- a/tags/aws/index.html
+++ b/tags/aws/index.html
@@ -2,4 +2,4 @@
 

 
aws
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Automatically rotating AWS access keys
2021-09-17 (updated: 2024-01-01)
awspythonsecurityaws‑vault
Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
-In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >
Dave Gallant

\ No newline at end of file
+In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >

\ No newline at end of file
diff --git a/tags/azure/index.html b/tags/azure/index.html
index 67e47938..fa1f852b 100644
--- a/tags/azure/index.html
+++ b/tags/azure/index.html
@@ -1,4 +1,4 @@
 azure
 

-
azure
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
azure
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/backup/index.html b/tags/backup/index.html
index 13904df1..a91486a8 100644
--- a/tags/backup/index.html
+++ b/tags/backup/index.html
@@ -1,4 +1,4 @@
 backup
 

-
backup
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >
Dave Gallant

\ No newline at end of file
+
backup
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >

\ No newline at end of file
diff --git a/tags/bastion/index.html b/tags/bastion/index.html
index de459ff4..5706c2b2 100644
--- a/tags/bastion/index.html
+++ b/tags/bastion/index.html
@@ -1,4 +1,4 @@
 bastion
 

-
bastion
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
bastion
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/cloud-sql-proxy/index.html b/tags/cloud-sql-proxy/index.html
index 4cb2f71c..a1439f9d 100644
--- a/tags/cloud-sql-proxy/index.html
+++ b/tags/cloud-sql-proxy/index.html
@@ -1,4 +1,4 @@
 cloud-sql-proxy
 

-
cloud-sql-proxy
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
cloud-sql-proxy
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/containers/index.html b/tags/containers/index.html
index f6536871..c81dcaf5 100644
--- a/tags/containers/index.html
+++ b/tags/containers/index.html
@@ -1,4 +1,4 @@
 containers
 

-
containers
Dave Gallant

\ No newline at end of file
+
containers

\ No newline at end of file
diff --git a/tags/database/index.html b/tags/database/index.html
index b4c4ef8a..d6cd18a2 100644
--- a/tags/database/index.html
+++ b/tags/database/index.html
@@ -1,4 +1,4 @@
 database
 

-
database
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
database
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/degoogle/index.html b/tags/degoogle/index.html
index b5f67731..79dffacc 100644
--- a/tags/degoogle/index.html
+++ b/tags/degoogle/index.html
@@ -1,4 +1,4 @@
 degoogle
 

-
degoogle
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >
Dave Gallant

\ No newline at end of file
+
degoogle
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >

\ No newline at end of file
diff --git a/tags/docker/index.html b/tags/docker/index.html
index 48a77a24..ddfdcde4 100644
--- a/tags/docker/index.html
+++ b/tags/docker/index.html
@@ -1,4 +1,4 @@
 docker
 

-
docker
Dave Gallant

\ No newline at end of file
+
docker

\ No newline at end of file
diff --git a/tags/dotfiles/index.html b/tags/dotfiles/index.html
index ef9ec859..6e0f3c3f 100644
--- a/tags/dotfiles/index.html
+++ b/tags/dotfiles/index.html
@@ -1,4 +1,4 @@
 dotfiles
 

-
dotfiles
Why I threw out my dotfiles
2021-09-08 (updated: 2024-01-01)
nixdotfileshome‑manager
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
Read more >
Dave Gallant

\ No newline at end of file
+
dotfiles
Why I threw out my dotfiles
2021-09-08 (updated: 2024-01-01)
nixdotfileshome‑manager
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
Read more >

\ No newline at end of file
diff --git a/tags/eks/index.html b/tags/eks/index.html
index 1587ec11..95b59240 100644
--- a/tags/eks/index.html
+++ b/tags/eks/index.html
@@ -1,4 +1,4 @@
 eks
 

-
eks
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
eks
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/gitea-actions/index.html b/tags/gitea-actions/index.html
index 611c1252..597d21cd 100644
--- a/tags/gitea-actions/index.html
+++ b/tags/gitea-actions/index.html
@@ -1,4 +1,4 @@
 gitea actions
 

-
gitea actions
Dave Gallant

\ No newline at end of file
+
gitea actions

\ No newline at end of file
diff --git a/tags/gitea/index.html b/tags/gitea/index.html
index 9a1d14ef..d1b9a5d9 100644
--- a/tags/gitea/index.html
+++ b/tags/gitea/index.html
@@ -1,4 +1,4 @@
 gitea
 

-
gitea
Dave Gallant

\ No newline at end of file
+
gitea

\ No newline at end of file
diff --git a/tags/github-actions/index.html b/tags/github-actions/index.html
index e049e8ea..c6b10fba 100644
--- a/tags/github-actions/index.html
+++ b/tags/github-actions/index.html
@@ -1,4 +1,4 @@
 github actions
 

-
github actions
Dave Gallant

\ No newline at end of file
+
github actions

\ No newline at end of file
diff --git a/tags/gmail/index.html b/tags/gmail/index.html
index ed7ba214..92e9a55b 100644
--- a/tags/gmail/index.html
+++ b/tags/gmail/index.html
@@ -1,4 +1,4 @@
 gmail
 

-
gmail
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >
Dave Gallant

\ No newline at end of file
+
gmail
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >

\ No newline at end of file
diff --git a/tags/home-manager/index.html b/tags/home-manager/index.html
index 097ac1e5..29c6aa7f 100644
--- a/tags/home-manager/index.html
+++ b/tags/home-manager/index.html
@@ -1,4 +1,4 @@
 home-manager
 

-
home-manager
Why I threw out my dotfiles
2021-09-08 (updated: 2024-01-01)
nixdotfileshome‑manager
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
Read more >
Dave Gallant

\ No newline at end of file
+
home-manager
Why I threw out my dotfiles
2021-09-08 (updated: 2024-01-01)
nixdotfileshome‑manager
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
Read more >

\ No newline at end of file
diff --git a/tags/index.html b/tags/index.html
index 45dbb271..532132a3 100644
--- a/tags/index.html
+++ b/tags/index.html
@@ -1,4 +1,4 @@
 Tags
 

-
Tags
gitea
2023-12-10 (updated: 2024-01-01)
aks
2023-05-22 (updated: 2024-01-01)
aws
2023-05-22 (updated: 2024-01-01)
azure
2023-05-22 (updated: 2024-01-01)
bastion
2023-05-22 (updated: 2024-01-01)
Dave Gallant

\ No newline at end of file
+
Tags
gitea
2023-12-10 (updated: 2024-01-01)
aks
2023-05-22 (updated: 2024-01-01)
aws
2023-05-22 (updated: 2024-01-01)
azure
2023-05-22 (updated: 2024-01-01)
bastion
2023-05-22 (updated: 2024-01-01)

\ No newline at end of file
diff --git a/tags/invidious/index.html b/tags/invidious/index.html
index 15de687a..f7fb8e55 100644
--- a/tags/invidious/index.html
+++ b/tags/invidious/index.html
@@ -1,4 +1,4 @@
 invidious
 

-
invidious
Dave Gallant

\ No newline at end of file
+
invidious

\ No newline at end of file
diff --git a/tags/k3s/index.html b/tags/k3s/index.html
index e7491e16..8def857e 100644
--- a/tags/k3s/index.html
+++ b/tags/k3s/index.html
@@ -1,4 +1,4 @@
 k3s
 

-
k3s
Running K3s in LXC on Proxmox
2021-11-14 (updated: 2024-01-01)
k3sproxmoxlxcself‑hosted
It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
Read more >
Dave Gallant

\ No newline at end of file
+
k3s
Running K3s in LXC on Proxmox
2021-11-14 (updated: 2024-01-01)
k3sproxmoxlxcself‑hosted
It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
Read more >

\ No newline at end of file
diff --git a/tags/k8s/index.html b/tags/k8s/index.html
index bc389e9d..e5b9cd35 100644
--- a/tags/k8s/index.html
+++ b/tags/k8s/index.html
@@ -1,4 +1,4 @@
 k8s
 

-
k8s
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
k8s
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/kubectl-plugin-socks5-proxy/index.html b/tags/kubectl-plugin-socks5-proxy/index.html
index 977815f8..1dc99d28 100644
--- a/tags/kubectl-plugin-socks5-proxy/index.html
+++ b/tags/kubectl-plugin-socks5-proxy/index.html
@@ -1,4 +1,4 @@
 kubectl-plugin-socks5-proxy
 

-
kubectl-plugin-socks5-proxy
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
kubectl-plugin-socks5-proxy
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/linux/index.html b/tags/linux/index.html
index d8b9c46c..98c89726 100644
--- a/tags/linux/index.html
+++ b/tags/linux/index.html
@@ -1,4 +1,4 @@
 linux
 

-
linux
Dave Gallant

\ No newline at end of file
+
linux

\ No newline at end of file
diff --git a/tags/lxc/index.html b/tags/lxc/index.html
index 35d2468c..9836e70a 100644
--- a/tags/lxc/index.html
+++ b/tags/lxc/index.html
@@ -1,4 +1,4 @@
 lxc
 

-
lxc
Running K3s in LXC on Proxmox
2021-11-14 (updated: 2024-01-01)
k3sproxmoxlxcself‑hosted
It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
Read more >
Dave Gallant

\ No newline at end of file
+
lxc
Running K3s in LXC on Proxmox
2021-11-14 (updated: 2024-01-01)
k3sproxmoxlxcself‑hosted
It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
Read more >

\ No newline at end of file
diff --git a/tags/nix/index.html b/tags/nix/index.html
index 1d4aa166..0ca0952e 100644
--- a/tags/nix/index.html
+++ b/tags/nix/index.html
@@ -1,4 +1,4 @@
 nix
 

-
nix
Why I threw out my dotfiles
2021-09-08 (updated: 2024-01-01)
nixdotfileshome‑manager
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
Read more >
Dave Gallant

\ No newline at end of file
+
nix
Why I threw out my dotfiles
2021-09-08 (updated: 2024-01-01)
nixdotfileshome‑manager
Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
Read more >

\ No newline at end of file
diff --git a/tags/openwrt/index.html b/tags/openwrt/index.html
index 8c0f0992..562bb91b 100644
--- a/tags/openwrt/index.html
+++ b/tags/openwrt/index.html
@@ -1,4 +1,4 @@
 openwrt
 

-
openwrt
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Dave Gallant

\ No newline at end of file
+
openwrt
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >

\ No newline at end of file
diff --git a/tags/page/2/index.html b/tags/page/2/index.html
index 3c703c7a..8d06749e 100644
--- a/tags/page/2/index.html
+++ b/tags/page/2/index.html
@@ -3,4 +3,4 @@
 
 
Tags
database
2023-05-22 (updated: 2024-01-01)
eks
2023-05-22 (updated: 2024-01-01)
k8s
2023-05-22 (updated: 2024-01-01)
proxy
2023-05-22 (updated: 2024-01-01)
socat
2023-05-22 (updated: 2024-01-01)
socks
2023-05-22 (updated: 2024-01-01)
degoogle
2022-12-10 (updated: 2024-01-01)
privacy
2022-12-10 (updated: 2024-01-01)

\ No newline at end of file
+Older Posts >

\ No newline at end of file
diff --git a/tags/page/3/index.html b/tags/page/3/index.html
index 5a346bb7..a700c3b6 100644
--- a/tags/page/3/index.html
+++ b/tags/page/3/index.html
@@ -1,6 +1,6 @@
 Tags
 

-
Tags
yewtu.be
2022-12-10 (updated: 2024-01-01)
youtube
2022-12-10 (updated: 2024-01-01)
openwrt
2022-04-02 (updated: 2024-01-01)
pfsense
2022-04-02 (updated: 2024-01-01)
proxmox
2022-04-02 (updated: 2024-01-01)
router
2022-04-02 (updated: 2024-01-01)
vlan
2022-04-02 (updated: 2024-01-01)
backup
2022-03-13 (updated: 2024-01-01)
gmail
2022-03-13 (updated: 2024-01-01)

\ No newline at end of file
+Older Posts >

\ No newline at end of file
diff --git a/tags/page/4/index.html b/tags/page/4/index.html
index 1717c4ea..34a01f5d 100644
--- a/tags/page/4/index.html
+++ b/tags/page/4/index.html
@@ -3,4 +3,4 @@
 
 
Tags
synology
2022-03-13 (updated: 2024-01-01)
k3s
2021-11-14 (updated: 2024-01-01)
lxc
2021-11-14 (updated: 2024-01-01)
docker
2021-10-11 (updated: 2024-01-02)
podman
2021-10-11 (updated: 2024-01-02)
python
2021-09-17 (updated: 2024-01-01)
security
2021-09-17 (updated: 2024-01-01)

\ No newline at end of file
+Older Posts >

\ No newline at end of file
diff --git a/tags/page/5/index.html b/tags/page/5/index.html
index 88c467c2..7bae5973 100644
--- a/tags/page/5/index.html
+++ b/tags/page/5/index.html
@@ -2,4 +2,4 @@
 

 
Tags
dotfiles
2021-09-08 (updated: 2024-01-01)
nix
2021-09-08 (updated: 2024-01-01)
linux
2020-03-16 (updated: 2024-01-01)
vpn
2020-03-16 (updated: 2024-01-01)
Dave Gallant

\ No newline at end of file
+Newer Posts

\ No newline at end of file
diff --git a/tags/pfsense/index.html b/tags/pfsense/index.html
index e1e598ee..015391d1 100644
--- a/tags/pfsense/index.html
+++ b/tags/pfsense/index.html
@@ -1,4 +1,4 @@
 pfsense
 

-
pfsense
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Dave Gallant

\ No newline at end of file
+
pfsense
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >

\ No newline at end of file
diff --git a/tags/podman/index.html b/tags/podman/index.html
index 22e2461f..0ed14784 100644
--- a/tags/podman/index.html
+++ b/tags/podman/index.html
@@ -1,4 +1,4 @@
 podman
 

-
podman
Dave Gallant

\ No newline at end of file
+
podman

\ No newline at end of file
diff --git a/tags/privacy/index.html b/tags/privacy/index.html
index 9697bb64..e67076b8 100644
--- a/tags/privacy/index.html
+++ b/tags/privacy/index.html
@@ -1,4 +1,4 @@
 privacy
 

-
privacy
Dave Gallant

\ No newline at end of file
+
privacy

\ No newline at end of file
diff --git a/tags/proxmox/index.html b/tags/proxmox/index.html
index 4c3643c8..31667713 100644
--- a/tags/proxmox/index.html
+++ b/tags/proxmox/index.html
@@ -1,4 +1,4 @@
 proxmox
 

-
proxmox
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Running K3s in LXC on Proxmox
2021-11-14 (updated: 2024-01-01)
k3sproxmoxlxcself‑hosted
It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
Read more >
Dave Gallant

\ No newline at end of file
+
proxmox
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Running K3s in LXC on Proxmox
2021-11-14 (updated: 2024-01-01)
k3sproxmoxlxcself‑hosted
It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
Read more >

\ No newline at end of file
diff --git a/tags/proxmox/index.xml b/tags/proxmox/index.xml
index 96d84a8d..9c7f78f8 100644
--- a/tags/proxmox/index.xml
+++ b/tags/proxmox/index.xml
@@ -10,4 +10,4 @@
  
  class="link--external" target="_blank" rel="noreferrer"
  
->large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p>Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
\ No newline at end of file
+>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p>Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.What to do with a homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p>
\ No newline at end of file
diff --git a/tags/proxy/index.html b/tags/proxy/index.html
index 92ba6dd2..23565fde 100644
--- a/tags/proxy/index.html
+++ b/tags/proxy/index.html
@@ -1,4 +1,4 @@
 proxy
 

-
proxy
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
proxy
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/python/index.html b/tags/python/index.html
index 31b66496..aab0b201 100644
--- a/tags/python/index.html
+++ b/tags/python/index.html
@@ -2,4 +2,4 @@
 

 
python
Automatically rotating AWS access keys
2021-09-17 (updated: 2024-01-01)
awspythonsecurityaws‑vault
Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
-In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >
Dave Gallant

\ No newline at end of file
+In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >
AppGate SDP on Arch Linux
2020-03-16 by Dave Gallant (updated: 2024-01-01)
linuxvpnpython
AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP 4.3.2 working on Arch Linux.
Read more >

\ No newline at end of file
diff --git a/tags/ransomware/index.html b/tags/ransomware/index.html
index d215a54e..b50e6f49 100644
--- a/tags/ransomware/index.html
+++ b/tags/ransomware/index.html
@@ -1,4 +1,4 @@
 ransomware
 

-
ransomware
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >
Dave Gallant

\ No newline at end of file
+
ransomware
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >

\ No newline at end of file
diff --git a/tags/router-on-a-stick/index.html b/tags/router-on-a-stick/index.html
index ec6ac77f..0254a85e 100644
--- a/tags/router-on-a-stick/index.html
+++ b/tags/router-on-a-stick/index.html
@@ -1,4 +1,4 @@
 router-on-a-stick
 

-
router-on-a-stick
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Dave Gallant

\ No newline at end of file
+
router-on-a-stick
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >

\ No newline at end of file
diff --git a/tags/router/index.html b/tags/router/index.html
index 50e4ed26..f6d2da47 100644
--- a/tags/router/index.html
+++ b/tags/router/index.html
@@ -1,4 +1,4 @@
 router
 

-
router
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Dave Gallant

\ No newline at end of file
+
router
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >

\ No newline at end of file
diff --git a/tags/security/index.html b/tags/security/index.html
index 72ff5bcb..11014d11 100644
--- a/tags/security/index.html
+++ b/tags/security/index.html
@@ -2,4 +2,4 @@
 

 
security
Automatically rotating AWS access keys
2021-09-17 (updated: 2024-01-01)
awspythonsecurityaws‑vault
Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
-In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >
Dave Gallant

\ No newline at end of file
+In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
Read more >

\ No newline at end of file
diff --git a/tags/self-hosted/index.html b/tags/self-hosted/index.html
index 72858e1c..00743d7d 100644
--- a/tags/self-hosted/index.html
+++ b/tags/self-hosted/index.html
@@ -1,4 +1,4 @@
 self-hosted
 

-
self-hosted
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Running K3s in LXC on Proxmox
2021-11-14 (updated: 2024-01-01)
k3sproxmoxlxcself‑hosted
It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
Read more >
Dave Gallant

\ No newline at end of file
+
self-hosted
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Running K3s in LXC on Proxmox
2021-11-14 (updated: 2024-01-01)
k3sproxmoxlxcself‑hosted
It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
Read more >

\ No newline at end of file
diff --git a/tags/self-hosted/index.xml b/tags/self-hosted/index.xml
index 286178a6..132e676a 100644
--- a/tags/self-hosted/index.xml
+++ b/tags/self-hosted/index.xml
@@ -28,4 +28,4 @@
  
  class="link--external" target="_blank" rel="noreferrer"
  
->large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p>Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
\ No newline at end of file
+>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p>Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.What to do with a homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p>
\ No newline at end of file
diff --git a/tags/socat/index.html b/tags/socat/index.html
index b5dd8c57..77964568 100644
--- a/tags/socat/index.html
+++ b/tags/socat/index.html
@@ -1,4 +1,4 @@
 socat
 

-
socat
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
socat
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/socks/index.html b/tags/socks/index.html
index 8324e124..51b7354b 100644
--- a/tags/socks/index.html
+++ b/tags/socks/index.html
@@ -1,4 +1,4 @@
 socks
 

-
socks
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >
Dave Gallant

\ No newline at end of file
+
socks
Using AKS and SOCKS to connect to a private Azure DB
2023-05-22 (updated: 2024-01-01)
aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks
I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.
Read more >

\ No newline at end of file
diff --git a/tags/synology/index.html b/tags/synology/index.html
index de65a3ee..fa70177e 100644
--- a/tags/synology/index.html
+++ b/tags/synology/index.html
@@ -1,4 +1,4 @@
 synology
 

-
synology
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >
Dave Gallant

\ No newline at end of file
+
synology
Backing up gmail with Synology
2022-03-13 (updated: 2024-01-01)
degooglesynologygmailbackupransomware
I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.
Read more >

\ No newline at end of file
diff --git a/tags/tailscale/index.html b/tags/tailscale/index.html
index 5d425650..717da632 100644
--- a/tags/tailscale/index.html
+++ b/tags/tailscale/index.html
@@ -1,4 +1,4 @@
 tailscale
 

-
tailscale
Dave Gallant

\ No newline at end of file
+
tailscale

\ No newline at end of file
diff --git a/tags/tailscale/index.xml b/tags/tailscale/index.xml
index 6559c37a..c44388d7 100644
--- a/tags/tailscale/index.xml
+++ b/tags/tailscale/index.xml
@@ -16,4 +16,4 @@
  
  class="link--external" target="_blank" rel="noreferrer"
  
->invidious</a>.</p>
\ No newline at end of file
+>invidious</a>.</p>What to do with a homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p>
\ No newline at end of file
diff --git a/tags/vlan/index.html b/tags/vlan/index.html
index 0a9661db..be2072a2 100644
--- a/tags/vlan/index.html
+++ b/tags/vlan/index.html
@@ -1,4 +1,4 @@
 vlan
 

-
vlan
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >
Dave Gallant

\ No newline at end of file
+
vlan
Virtualizing my router with pfSense
2022-04-02 (updated: 2024-01-01)
pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted
My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!
Read more >

\ No newline at end of file
diff --git a/tags/vpn/index.html b/tags/vpn/index.html
index b702f470..402b45c1 100644
--- a/tags/vpn/index.html
+++ b/tags/vpn/index.html
@@ -1,4 +1,4 @@
 vpn
 

-
vpn
Dave Gallant

\ No newline at end of file
+
vpn

\ No newline at end of file
diff --git a/tags/yewtu.be/index.html b/tags/yewtu.be/index.html
index f0521dcb..5275dbb8 100644
--- a/tags/yewtu.be/index.html
+++ b/tags/yewtu.be/index.html
@@ -1,4 +1,4 @@
 yewtu.be
 

-
yewtu.be
Dave Gallant

\ No newline at end of file
+
yewtu.be

\ No newline at end of file
diff --git a/tags/youtube/index.html b/tags/youtube/index.html
index e6f7d520..160a66db 100644
--- a/tags/youtube/index.html
+++ b/tags/youtube/index.html
@@ -1,4 +1,4 @@
 youtube
 

-
youtube
Dave Gallant

\ No newline at end of file
+
youtube

\ No newline at end of file