diff --git a/404.html b/404.html index 25d93672..03121758 100644 --- a/404.html +++ b/404.html @@ -1,201 +1,9 @@ - - - - - - - - - - - -This page no longer exists, or maybe it never did? Try https://archive.org? • davegallant - - - - - - - -
-
-
- -
-
-
-This page no longer exists, or maybe it never did? Try https://archive.org? -
- -Gopher -Go Home... - -
-

-This page no longer exists, or maybe it never did? Try https://archive.org? -

-
-
-
-
-
- -
-
- - - \ No newline at end of file +404 Page not found
+

404 Page not found

This is not the page you're looking for.

+
\ No newline at end of file diff --git a/about/index.html b/about/index.html index 13103c3d..e971619e 100644 --- a/about/index.html +++ b/about/index.html @@ -1,209 +1,13 @@ - - - - - - - - - - - -About • davegallant - - - - - - - -
-
-
- -
-
-
-
-
-

About

-
-
- -Posted on - - - -One min read - -
-
-
-

I’m a software engineer with a passion for open-source, infrastructure, tooling and security.

-
-
-
-
-
-
-
- -
-
- - - \ No newline at end of file +About
+

About

I’m a software tinkerer with a passion for infrastructure, tooling, security, and coffee.

Feel free to reach out at me@davegallant.ca.

+
\ No newline at end of file diff --git a/android-chrome-192x192.png b/android-chrome-192x192.png index 91842dce..f6256164 100644 Binary files a/android-chrome-192x192.png and b/android-chrome-192x192.png differ diff --git a/android-chrome-512x512.png b/android-chrome-512x512.png index aab9ea97..e6f588e2 100644 Binary files a/android-chrome-512x512.png and b/android-chrome-512x512.png differ diff --git a/apple-touch-icon.png b/apple-touch-icon.png index f3c47aa3..3faefa82 100644 Binary files a/apple-touch-icon.png and b/apple-touch-icon.png differ diff --git a/assets/css/main.ab98e12b.css b/assets/css/main.ab98e12b.css deleted file mode 100644 index 0770c5d0..00000000 --- a/assets/css/main.ab98e12b.css +++ /dev/null @@ -1,6 +0,0 @@ -/*! normalize.css v8.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details{display:block}summary{display:list-item}[hidden],template{display:none} -@charset "UTF-8"; -/*! - * Theme Name: Minimo - * Author: Munif Tanjim - */body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen-Sans,Ubuntu,Cantarell,Open Sans,Helvetica Neue,sans-serif;font-size:1em;line-height:1.5;color:#37474f;word-wrap:break-word}@media screen and (min-width:480px){body{font-size:1.125em}}.title,h1,h2,h3,h4,h5,h6{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen-Sans,Ubuntu,Cantarell,Open Sans,Helvetica Neue,sans-serif;font-weight:700;line-height:1.2;color:#263238;margin:0 0 .625em}.comment-content h2,.comment-content h3,.comment-content h4,.comment-content h5,.comment-content h6,.entry-content h2,.entry-content h3,.entry-content h4,.entry-content h5,.entry-content h6{margin-top:1.5em}.comment-content h2:first-child,.comment-content h3:first-child,.comment-content h4:first-child,.comment-content h5:first-child,.comment-content h6:first-child,.entry-content h2:first-child,.entry-content h3:first-child,.entry-content h4:first-child,.entry-content h5:first-child,.entry-content h6:first-child{margin-top:0}.site-title,h1{font-size:2em}h2{font-size:1.75em}h3{font-size:1.5em}h4{font-size:1.375em}h5{font-size:1.25em}h6{font-size:1.125em}p{margin:0 0 1.5em}p:last-child{margin:0}blockquote,cite,dfn,em,i{font-style:italic}blockquote{font-size:1.125em;padding-left:1em;border-left:.2em solid #bdbdbd}address,blockquote{margin:0 0 1.5em}code,kbd,pre,samp,var{font-family:Menlo,Consolas,Monaco,Ubuntu Mono,Liberation Mono,Lucida Console,monospace;background:#eee;color:#212121;border:1px solid #dcdcdc;border-radius:.25em;padding:.1em .25em}pre{overflow:auto;word-wrap:normal;text-align:initial;margin-bottom:1.5em;padding:.75em 1em}pre code,pre kbd,pre samp,pre var{background:none;color:inherit;border:0;padding:0}code,kbd,samp,var{font-size:.9375em}.highlight pre{border:0;margin:0}.comment-content .highlight,.entry-content .highlight{margin-bottom:1.5em}abbr,acronym{border-bottom:1px dotted #212121;cursor:help}ins,mark{background:#212121;text-decoration:none}big{font-size:125%}.desc{font-style:italic}html{box-sizing:border-box}*,:after,:before{box-sizing:inherit}blockquote,q{quotes:"" ""}blockquote:after,blockquote:before,q:after,q:before{content:""}blockquote :last-child,q :last-child{margin-bottom:0}hr{border:0;height:1px;margin:2em 0;background-color:#bdbdbd}img{max-width:100%;height:auto}figure{margin:1em 0}a{color:#212121;text-decoration:none;transition:color .1s ease-in-out}a:focus{outline-color:#ffcd00;outline-color:var(--color-accent)}a:active,a:hover{outline:0}a:active,a:focus,a:hover{color:#37474f}a.button{display:inline-block}ol,ul{padding:0;margin:0 0 1.5em 1.5em}ul.task-list{list-style:none}ul.task-list label{font-weight:inherit}ul.task-list input{width:auto;margin-left:-1.5em}li ol,li ul{margin-bottom:0;margin-left:1.5em}dt{font-weight:700}dd{margin:0 1.5em 1.5em}table,td,th{border:1px solid #bdbdbd}table{width:100%;margin:0 0 1.5em;table-layout:fixed;border-collapse:separate;border-spacing:0;border-width:1px 0 0 1px}caption,td,th{font-weight:400;text-align:left}th{font-weight:700}td,th{border-width:0 1px 1px 0}td,th{padding:.375em}.button,button,input[type=button],input[type=reset],input[type=submit]{width:auto;padding:.5em .75em;border:1px solid #bdbdbd;border-radius:.2em;background:#fff;color:#37474f;font-size:1em;font-weight:700;line-height:1.15;text-align:center;letter-spacing:1px;white-space:nowrap;text-transform:uppercase;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;cursor:pointer;transition:.1s ease-in-out}.button:focus,button:focus,input[type=button]:focus,input[type=reset]:focus,input[type=submit]:focus{outline-color:#ffcd00;outline-color:var(--color-accent)}.button:active,.button:hover,button:active,button:hover,input[type=button]:active,input[type=button]:hover,input[type=reset]:active,input[type=reset]:hover,input[type=submit]:active,input[type=submit]:hover{outline:0}.button:active,.button:focus,.button:hover,button:active,button:focus,button:hover,input[type=button]:active,input[type=button]:focus,input[type=button]:hover,input[type=reset]:active,input[type=reset]:focus,input[type=reset]:hover,input[type=submit]:active,input[type=submit]:focus,input[type=submit]:hover{background:#37474f;color:#fff}input,select,textarea{width:100%;padding:.625em .875em;border:1px solid #bdbdbd;border-radius:.2em;color:#37474f;transition:.1s ease-in-out}input:focus,select:focus,textarea:focus{border-color:#ffcd00;border-color:var(--color-accent);outline-color:transparent}input[type=checkbox],input[type=radio]{width:auto}label{font-weight:700;letter-spacing:1px}.menu ul{list-style:none;margin:0}.menu li{text-transform:uppercase}.menu li.current>a{font-weight:700;pointer-events:none}.main-menu>div{display:flex;align-items:center}.main-menu li{display:inline-block;margin-right:.625em}.main-menu li:last-child{margin-right:0}.sidebar-menu .item{display:flex;flex-flow:row wrap;justify-content:flex-end}.sidebar-menu .has-current>a{font-style:italic}.sidebar-menu .sub-menu{display:none;padding-left:0;flex:100%;flex-shrink:0}.sidebar-menu .sub-menu .item:not(.has-children){padding-right:1.2em}.sub-menu-toggler{border:0;padding:0;margin-left:.2em;font-weight:400;width:1em}.sub-menu-toggler:active,.sub-menu-toggler:focus,.sub-menu-toggler:hover{background:none}.sub-menu-toggler>.sign{position:relative;top:-2px}.sub-menu-toggler>.sign:after{content:"+"}.toggled>.sub-menu{display:block}.toggled>.sub-menu-toggler>.sign:after{content:"–"}.menu a,.sidebar-toggler span,.sub-menu-toggler,.widget-social_menu a{color:#455a64}.menu a:focus,.menu a:hover,.sidebar-toggler span:focus,.sidebar-toggler span:hover,.sub-menu-toggler:focus,.sub-menu-toggler:hover,.widget-social_menu a:focus,.widget-social_menu a:hover{color:#263238}.entry-nav .sep-before:nth-child(2):before{width:2em;margin:1em 0}.entry-nav div a{display:block;font-style:italic}.entry-nav div span{display:block;font-style:normal;font-size:.875em}.page-links{margin-top:2em}.page-link{display:inline-block;padding:.25em .625em}.page-link:first-child{padding-left:0}.page-link:last-child{padding-right:0}.page-link.current{font-weight:700}.page-link.dots{padding:0}body{background:#fff}.site{overflow-x:hidden}.main{width:100%;padding:2em 0;transition:margin-left .2s}.sidebar.toggled~.main{margin-left:300px}@media screen and (min-width:920px){.main{width:auto}.has-sidebar .main{float:left;width:calc(100% - 300px);margin-left:300px;padding-left:2em}}.container{width:100%;max-width:740px;padding:0 20px;margin:0 auto}.has-sidebar .container{margin-left:0}.sep-after:after,.sep-before:before{content:"";display:block;width:4em;margin-top:2.5em;margin-bottom:2.5em;border-bottom:.125em solid #bdbdbd}.sidebar{visibility:hidden;float:left;left:-300px;position:absolute;width:300px;max-width:100%;min-height:100%;padding:2em 0;margin-right:-100%;outline:0;z-index:99999;transition:left .2s;text-align:right;background:#fff}.sidebar.toggled{visibility:visible;left:0}.sidebar .sep-after:after{margin-left:auto}@media screen and (min-width:920px){.sidebar{visibility:visible;left:0}}.sidebar-toggler{background:none;border:0}.sidebar-toggler .icon{font-size:1.25em}.sidebar-toggler:active,.sidebar-toggler:focus,.sidebar-toggler:hover{background:none}.main .sidebar-toggler{padding:0;position:absolute;right:20px}.main .sidebar-toggler .close,.main .sidebar-toggler[aria-expanded=true]{display:none}.main-menu .sidebar-toggler{position:static;margin-right:.75em}.main-menu .sidebar-toggler[aria-expanded=true]{display:inline-block}.sidebar .sidebar-toggler{position:absolute;top:.5em;left:.5em;z-index:2027}.sidebar .sidebar-toggler .open{display:none}@media screen and (min-width:920px){.sidebar-toggler{display:none}}.sidebar-overlay{display:none}.sidebar.toggled .sidebar-overlay{display:block}.sidebar.toggled .sidebar-overlay:after{content:"";display:block;position:fixed;top:0;right:0;bottom:0;left:0;z-index:-2027;background:#fff;opacity:.75}@media screen and (min-width:920px){.sidebar.toggled .sidebar-overlay{display:none}}.header .sep-after:after{border-bottom-color:#ffcd00;border-bottom-color:var(--color-accent)}.has-cover .header .sep-after:after,.site-header{display:none}.error404 .site-header,.home .site-header{display:flex}.header-info{margin-top:1.5em}.header-info .title{margin-bottom:0}.header-info .desc{margin:.5em 0 0}.header-info .taxonomy-name{font-size:.875em;margin-right:.25em;font-style:italic}.entry-meta{margin-top:.75em}.entry-meta span{font-size:.9375em;margin-right:.75em;font-style:italic}.entry-meta .icon{margin-right:.25em}.entry-cover figure{margin-top:2em;margin-bottom:2.5em}.entry-cover img{display:block}.entry-cover figcaption{text-align:center;margin:.25em auto 0;padding:0}.entry-cover figcaption span{font-size:.875em}.cover-wide{padding:0;max-width:1080px}.cover-full{padding:0;max-width:100%}.cover-full img{width:100%}details,summary{display:block}summary{cursor:pointer}.no-details details:not([open])>:not(summary){display:none}.no-details details>summary:before{content:"\25BC";display:inline-block;margin-right:.25em;transition:.1s;-webkit-transform:rotate(-90deg);transform:rotate(-90deg)}.no-details details[open]>summary:before{-webkit-transform:rotate(0deg);transform:rotate(0deg)}.entry-toc{margin-bottom:2.5em}.entry-toc ul{list-style:none}.entry-toc nav>ul{margin:0}.comment-content>:last-child,.comment-content>:last-child>:last-child,.entry-content>:last-child,.entry-content>:last-child>:last-child{margin-bottom:0}.comment-content a,.entry-content a{border-bottom:.125em dashed #bdbdbd}.comment-content a:focus,.comment-content a:hover,.entry-content a:focus,.entry-content a:hover{border-bottom-color:#ffcd00;border-bottom-color:var(--color-accent)}.comment-content a.footnote-return,.entry-content a.footnote-return{border-bottom:none}.entry-footer .container>div{margin-top:.5em}.entry-footer .container>div:first-child{margin-top:2.5em}.entry-footer .icon{margin-right:.375em}.comments ol{list-style:none}.comments ol.comment-list{margin:0}.comments-title{font-size:1.25em;margin-bottom:1.5em}.comment{position:relative;margin:1em 0}.comment-header{min-height:3em}.comment .avatar{float:left;height:3em;width:3em;border-radius:.25em;margin-right:.75em}.comment-meta{font-size:.875em}.comment .fn{display:inline-block;margin-top:.1em}.comment .reply{position:absolute;right:0;margin-top:-2em}.comment .reply,.comment .reply a{display:inline-block}.comment-content{margin-top:.75em;border-radius:.25em;border:1px solid #bdbdbd;padding:1em 1em 2em}.comment-respond{margin:1.5em 0}.comment-reply-title small{display:inline-block;font-size:.5em;margin-left:1em}.comment-form label{display:inline-block;margin-bottom:.25em}.comment-form>div{margin-top:1em}.comment-submission-feedback{display:none;position:relative;border-radius:.25em;border:1px solid #bdbdbd;padding:1.5em;margin-bottom:1.5em}.comment-submission-feedback a{position:absolute;top:1.5em;right:1.5em;font-size:.875em}.comment-submission-feedback:target{display:block}.list{margin:0 auto;list-style:none}.entry+.list-container{margin-top:2.5em}.list .item{display:flex;width:100%;margin-top:1em}.list .item:first-of-type{margin-top:0}.list .item .meta{flex:0 0 6em}.list .item .meta span{font-size:.875em}.list .item-header{flex:1}.list .item-title{font-size:1em;font-weight:400;margin-bottom:0;line-height:inherit}.list .item .icon{margin-right:.25em}.taxonomy-cloud{display:flex;flex-wrap:wrap;align-items:center}.taxonomy-cloud li{max-width:100%;padding:0 1.5em .5em 0;text-overflow:ellipsis;white-space:nowrap;overflow:hidden}.footer .sep-before:before{border-bottom-color:#ffcd00;border-bottom-color:var(--color-accent)}.footer a{font-style:italic}.footer .container>div,.footer .container>section{width:100%;margin-top:1em}.footer .container>div:first-child,.footer .container>section:first-child{margin-top:0}.error404 .gopher{margin:0}.error404 .gopher img{width:17.5em}.error404 .gopher a{display:block;border:0}.error404 .gopher figcaption{margin-top:1em}.error404 .gopher .title{margin-bottom:0}.home-widgets .sep-before:before{display:none}.entry+.home-widgets .sep-before:before{display:block}.icon{display:inline-block;stroke:currentColor;fill:none;position:relative;top:2px}.icon,img.emoji{height:1em;width:1em}img.emoji{margin:0 .05em 0 .1em;vertical-align:-.1em}.layout-archive .list .item{padding-left:1em}.layout-archive .list .item .meta{flex:0 0 3.5em}.archive-group.sep-after:last-child:after{display:none}.search-results li{height:2.5em;line-height:2em;border:1px solid #bdbdbd;border-top:0 solid #bdbdbd}.search-results li:last-child{border-radius:0 0 .2em .2em}.search-results li.results-empty,.search-results li.searching{font-style:italic}.search-results li a{display:block;padding:.25em .875em}.widget-title{margin-bottom:1em}.widget.sep-after:after{margin-top:1.5em;margin-bottom:1.5em}.widget.sep-after:last-of-type:after{display:none}.sidebar .widget-title{margin-bottom:.5em;font-size:1.25em}.sidebar .widget .container{padding:0}.main-menu+.header-widgets{margin-top:1em}.widget-about .logo{max-width:5em}.widget-about .logo a{display:block;line-height:0}.sidebar .widget-about .logo{margin-left:auto}.widget-about .site-title{margin-bottom:0;font-size:1.75em}.sidebar .widget-about.sep-after:after{border-bottom-color:#ffcd00;border-bottom-color:var(--color-accent)}.widget-breadcrumbs ol{list-style:none;margin:0}.widget-breadcrumbs li{display:inline-block}.widget-breadcrumbs li:after{display:inline-block;padding:0 .25em;speak:none}.widget-breadcrumbs li:last-child:after{display:none}.widget-breadcrumbs li span{font-weight:700}.sidebar .widget-recent_posts .meta{display:none}.sidebar .widget-recent_posts .item{margin-top:0}.widget-search .search-form{position:relative}.widget-search .search-submit{position:absolute;top:0;right:0;height:2.5em;width:2.5em;border-radius:0 .2em .2em 0}.layout-search .widget-search header{display:none}.layout-search .widget-search .search-term{height:2.5em;padding-right:3em;border-radius:.2em .2em 0 0}.widget-social_menu ul{list-style:none;margin:0}.widget-social_menu li{display:inline-block;margin-right:.625em}.widget-social_menu li:last-child{margin-right:0}.widget-social_menu li a{font-size:1.125em}.sidebar .widget-social_menu li{margin-right:0;margin-left:.625em}.sidebar .widget-taxonomy_cloud .taxonomy-cloud{justify-content:flex-end;font-size:.875em}.sidebar .widget-taxonomy_cloud li{padding:0 0 .4em .8em}.comment .says,.screen-reader-text{position:absolute;clip:rect(1px,1px,1px,1px);-webkit-clip-path:inset(50%);clip-path:inset(50%);height:1px;width:1px;margin:-1px;padding:0;border:0;overflow:hidden;word-wrap:normal!important}.comment .says:focus,.screen-reader-text:focus{display:block;left:.5em;top:.5em;clip:auto;-webkit-clip-path:none;clip-path:none;height:auto;width:auto;padding:1em;border-radius:.25em;font-size:.875em;font-weight:700;line-height:normal;text-decoration:none;background:#212121;color:#fafafa!important;z-index:100000}.align-center{text-align:center}.align-center>blockquote{display:inline-block}.align-center>ol,.align-center>ul{display:inline-block;text-align:initial}.align-center li{word-wrap:normal}.convo ol{display:table;list-style:none;margin:0}.convo li{display:table-row}.convo li>div{display:table-cell;padding-bottom:1.5em}.convo .person{font-size:.9em;font-style:italic;text-align:right}.convo .sep{padding-left:.75em;padding-right:.5em}.text-shortcode *{color:inherit;font-size:1em} diff --git a/assets/css/rtl.bf9d5394.css b/assets/css/rtl.bf9d5394.css deleted file mode 100644 index cbef49fb..00000000 --- a/assets/css/rtl.bf9d5394.css +++ /dev/null @@ -1 +0,0 @@ -blockquote{padding-left:0;padding-right:1em;border-left:0;border-right:.2em solid #bdbdbd}body{direction:rtl}ol,ul{margin:0 2em 1.5em 0}li>ol,li>ul{padding-left:0;padding-right:1.5em;margin-left:0;margin-right:.5em}caption,td,th{text-align:right}.main-menu li{margin-right:0;margin-left:.625em}.main-menu li:last-child{margin-left:0}.sidebar-menu .sub-menu{padding-right:0}.sidebar-menu .sub-menu .item:not(.has-children){padding-right:0;padding-left:1.2em}.sub-menu-toggler{margin-left:0;margin-right:.2em}.page-link:first-child{padding-left:.625em;padding-right:0}.page-link:last-child{padding-left:0;padding-right:.625em}.page-link.next .icon,.page-link.prev .icon{-webkit-transform:rotate(180deg);transform:rotate(180deg)}.main{transition:margin-right .2s}.sidebar.toggled~.main{margin-left:0;margin-right:300px}@media screen and (min-width:920px){.has-sidebar .main{float:right;margin-left:0;margin-right:300px;padding-left:0;padding-right:2em}}.has-sidebar .container{margin-left:auto;margin-right:0}.sidebar{float:right;left:auto;right:-300px;margin-right:0;margin-left:-100%;transition:right .2s;text-align:left}.sidebar.toggled{right:0}.sidebar .sep-after:after{margin-left:0;margin-right:auto}@media screen and (min-width:920px){.sidebar{left:auto;right:0}}.main .sidebar-toggler{right:auto;left:20px}.main-menu .sidebar-toggler{margin-right:0;margin-left:.75em}.sidebar .sidebar-toggler{left:auto;right:.5em}.header-info .taxonomy-name{margin-right:0;margin-left:.25em}.entry-meta>span{display:inline-block}.entry-meta span{margin-right:0;margin-left:.75em}.entry-meta .icon,.no-details details>summary:before{margin-right:0;margin-left:.25em}.entry-footer .icon{margin-right:0;margin-left:.375em}.comment .avatar{float:right;margin-right:0;margin-left:.75em}.comment .reply{right:auto;left:0}.comment-reply-title small{margin-left:0;margin-right:1em}.comment-submission-feedback a{right:auto;left:1.5em}.list .item .icon{margin-right:0;margin-left:.25em}.taxonomy-cloud li{padding:0 0 .5em 1.5em}img.emoji{margin:0 .1em 0 .05em}.layout-archive .list .item{padding-left:0;padding-right:1em}.sidebar .widget-about .logo{margin-left:0;margin-right:auto}.widget-search .search-submit{right:auto;left:0;border-radius:.2em 0 0 0}.layout-search .widget-search .search-term{padding-right:.875em;padding-left:3em}.widget-social_menu li{margin-right:0;margin-left:.625em}.widget-social_menu li:last-child{margin-left:0}.sidebar .widget-social_menu li{margin-left:0;margin-right:.625em}.sidebar .widget-taxonomy_cloud li{padding:0 .8em .4em 0}.screen-reader-text:focus{left:auto;right:.5em}.convo .sep{padding-left:.5em;padding-right:.75em} diff --git a/assets/gopher.png b/assets/gopher.png deleted file mode 100644 index 7b5adc14..00000000 Binary files a/assets/gopher.png and /dev/null differ diff --git a/assets/js/algolia_search.d220ba26.js b/assets/js/algolia_search.d220ba26.js deleted file mode 100644 index 797c0aae..00000000 --- a/assets/js/algolia_search.d220ba26.js +++ /dev/null @@ -1,8 +0,0 @@ -!function(e){var t={};function r(n){if(t[n])return t[n].exports;var o=t[n]={i:n,l:!1,exports:{}};return e[n].call(o.exports,o,o.exports,r),o.l=!0,o.exports}r.m=e,r.c=t,r.d=function(e,t,n){r.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)r.d(n,o,function(t){return e[t]}.bind(null,o));return n},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,"a",t),t},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.p="",r(r.s=18)}([function(e,t,r){"use strict";r.d(t,"a",function(){return n}),r.d(t,"d",function(){return o}),r.d(t,"c",function(){return a}),r.d(t,"b",function(){return i});var n=function(e,t){0===e.length?t.innerHTML="
  • \n ".concat(t.dataset.resultsEmpty,"\n
    • "):t.innerHTML=e.reduce(function(e,t){var r=t.href,n=t.title;return"".concat(e,"
  • ").concat(n,"
    • ")},"")},o=function(e){e.innerHTML="
  • \n ".concat(e.dataset.searching,"…\n
    • ")},a=function(e){if("URLSearchParams"in window)return new URLSearchParams(window.location.search).get(e);e=e.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");var t=new RegExp("[\\?&]"+e+"=([^&#]*)").exec(location.search);return null===t?"":decodeURIComponent(t[1].replace(/\+/g," "))},i=function(e,t){var r=new XMLHttpRequest;r.open("GET",e,!0),r.onload=function(){if(r.status>=200&&r.status<400){var e=JSON.parse(r.responseText);t(null,e)}else t(new Error(r.statusText))},r.onerror=function(){t(new Error("Failed to get JSON! ".concat(r.statusText)))},r.send()}},function(e,t){var r=Object.prototype.hasOwnProperty,n=Object.prototype.toString;e.exports=function(e,t,o){if("[object Function]"!==n.call(t))throw new TypeError("iterator must be a function");var a=e.length;if(a===+a)for(var i=0;i was loaded but did not call our provided callback"),JSONPScriptError:a("JSONPScriptError"," - - - -
    -
    -
    - -
    -
    -
    -
    -

    Authors

    -
    -
    -
    -
    -
      -
    -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/authors/index.xml b/authors/index.xml deleted file mode 100644 index 34bedf86..00000000 --- a/authors/index.xml +++ /dev/null @@ -1 +0,0 @@ -Authors on davegallant/authors/Recent content in Authors on davegallantHugo -- gohugo.ioen-us \ No newline at end of file diff --git a/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html b/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html index 3d1ec207..4bda2184 100644 --- a/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html +++ b/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html @@ -1,307 +1,68 @@ - - - - - - - - - - - -AppGate SDP on Arch Linux • davegallant - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -
    -

    AppGate SDP on Arch Linux

    -
    -
    - -Posted on - - - -3 mins read - -
    -
    -
    -

    AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP 4.3.2 working on Arch Linux.

    -

    Depending on the AppGate SDP Server that is running, you may require a client that is more recent than the latest package on AUR. -As of right now, the latest AUR is 4.2.2-1.

    -

    These steps highlight how to get it working with Python3.8 by making a 1 line modification to AppGate source code.

    -

    Packaging

    -

    We already know the community package is currently out of date, so let’s clone it:

    -
    git clone https://aur.archlinux.org/appgate-sdp.git
-cd appgate-sdp
-

    You’ll likely notice that the version is not what we want, so let’s modify the PKGBUILD to the following:

    -
    # Maintainer: Pawel Mosakowski <pawel at mosakowski dot net>
-pkgname=appgate-sdp
-conflicts=('appgate-sdp-headless')
-pkgver=4.3.2
-_download_pkgver=4.3
-pkgrel=1
-epoch=
-pkgdesc="Software Defined Perimeter - GUI client"
-arch=('x86_64')
-url="https://www.cyxtera.com/essential-defense/appgate-sdp/support"
-license=('custom')
-# dependecies calculated by namcap
-depends=('gconf' 'libsecret' 'gtk3' 'python' 'nss' 'libxss' 'nodejs' 'dnsmasq')
-source=("https://sdpdownloads.cyxtera.com/AppGate-SDP-${_download_pkgver}/clients/${pkgname}_${pkgver}_amd64.deb"
-        "appgatedriver.service")
-options=(staticlibs)
-prepare() {
-    tar -xf data.tar.xz
-}
-package() {
-    cp -dpr "${srcdir}"/{etc,lib,opt,usr} "${pkgdir}"
-    mv -v "$pkgdir/lib/systemd/system" "$pkgdir/usr/lib/systemd/"
-    rm -vrf "$pkgdir/lib"
-    cp -v "$srcdir/appgatedriver.service" "$pkgdir/usr/lib/systemd/system/appgatedriver.service"
-    mkdir -vp "$pkgdir/usr/share/licenses/appgate-sdp"
-    cp -v "$pkgdir/usr/share/doc/appgate/copyright" "$pkgdir/usr/share/licenses/appgate-sdp"
-    cp -v "$pkgdir/usr/share/doc/appgate/LICENSE.github" "$pkgdir/usr/share/licenses/appgate-sdp"
-    cp -v "$pkgdir/usr/share/doc/appgate/LICENSES.chromium.html.bz2" "$pkgdir/usr/share/licenses/appgate-sdp"
-}
-md5sums=('17101aac7623c06d5fbb95f50cf3dbdc'
-         '002644116e20b2d79fdb36b7677ab4cf')
+AppGate SDP on Arch Linux
    
+
    AppGate SDP on Arch Linux
    2020-03-16 by Dave Gallant (updated: 2024-01-01)
    linuxvpnpython
    AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP 4.3.2 working on Arch Linux.
    Depending on the AppGate SDP Server that is running, you may require a client that is more recent than the latest package on AUR.
+As of right now, the latest AUR is 4.2.2-1.
    These steps highlight how to get it working with Python3.8 by making a 1 line modification to AppGate source code.
    Packaging
    We already know the community package is currently out of date, so let’s clone it:
    git clone https://aur.archlinux.org/appgate-sdp.git
+cd appgate-sdp
+
    You’ll likely notice that the version is not what we want, so let’s modify the PKGBUILD to the following:
    # Maintainer: Pawel Mosakowski <pawel at mosakowski dot net>
+pkgname=appgate-sdp
+conflicts=('appgate-sdp-headless')
+pkgver=4.3.2
+_download_pkgver=4.3
+pkgrel=1
+epoch=
+pkgdesc="Software Defined Perimeter - GUI client"
+arch=('x86_64')
+url="https://www.cyxtera.com/essential-defense/appgate-sdp/support"
+license=('custom')
+# dependecies calculated by namcap
+depends=('gconf' 'libsecret' 'gtk3' 'python' 'nss' 'libxss' 'nodejs' 'dnsmasq')
+source=("https://sdpdownloads.cyxtera.com/AppGate-SDP-${_download_pkgver}/clients/${pkgname}_${pkgver}_amd64.deb"
+        "appgatedriver.service")
+options=(staticlibs)
+prepare() {
+    tar -xf data.tar.xz
+}
+package() {
+    cp -dpr "${srcdir}"/{etc,lib,opt,usr} "${pkgdir}"
+    mv -v "$pkgdir/lib/systemd/system" "$pkgdir/usr/lib/systemd/"
+    rm -vrf "$pkgdir/lib"
+    cp -v "$srcdir/appgatedriver.service" "$pkgdir/usr/lib/systemd/system/appgatedriver.service"
+    mkdir -vp "$pkgdir/usr/share/licenses/appgate-sdp"
+    cp -v "$pkgdir/usr/share/doc/appgate/copyright" "$pkgdir/usr/share/licenses/appgate-sdp"
+    cp -v "$pkgdir/usr/share/doc/appgate/LICENSE.github" "$pkgdir/usr/share/licenses/appgate-sdp"
+    cp -v "$pkgdir/usr/share/doc/appgate/LICENSES.chromium.html.bz2" "$pkgdir/usr/share/licenses/appgate-sdp"
+}
+md5sums=('17101aac7623c06d5fbb95f50cf3dbdc'
+         '002644116e20b2d79fdb36b7677ab4cf')
+
    Let’s first make sure we have some dependencies. If you do not have yay, check it out.
    yay -S dnsmasq gconf
+
    Now, let’s install it:
    makepkg -si
+
    Running the client
    Ok, let’s run the client by executing appgate.
    It complains about not being able to connect.
    Easy fix:
    sudo systemctl start appgatedriver.service
+
    Now we should be connected… but DNS is not working?
    Fixing the DNS
    Running resolvectl should display that something is not right.
    Why is the DNS not being set by appgate?
    $ head -3 /opt/appgate/linux/set_dns
+#!/usr/bin/env python3
+'''
+This is used to set and unset the DNS.
+
    It seems like python3 is required for the DNS setting to happen.
+Let’s try to run it.
    $ sudo /opt/appgate/linux/set_dns
+/opt/appgate/linux/set_dns:88: SyntaxWarning: "is" with a literal. Did you mean "=="?
+  servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers]
+Traceback (most recent call last):
+  File "/opt/appgate/linux/set_dns", line 30, in <module>
+    import dbus
+ModuleNotFoundError: No module named 'dbus'
+
    Ok, let’s install it:
    $ sudo python3.8 -m pip install dbus-python
+
    Will it work now? Not yet. There’s another issue:
    $ sudo /opt/appgate/linux/set_dns
+/opt/appgate/linux/set_dns:88: SyntaxWarning: "is" with a literal. Did you mean "=="?
+  servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers]
+module 'platform' has no attribute 'linux_distribution'
+
    This is a breaking change in Python3.8.
    So what is calling platform.linux_distribution?
    Let’s search for it:
    $ sudo grep -r 'linux_distribution' /opt/appgate/linux/
+/opt/appgate/linux/nm.py:    if platform.linux_distribution()[0] != 'Fedora':
+
    Aha! So this is in the local AppGate source code. This should be an easy fix. Let’s just replace this line with:
    if True: # Since we are not using Fedora :)
+
    Wrapping up
    It turns out there are breaking changes in Python3.8.
    The docs say Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.
    I suppose this highlights one of the caveats of relying upon the system’s python, rather than having an isolated, dedicated environment for all dependencies.
    
+
    Dave Gallant
    
+
    
\ No newline at end of file
diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/index.html b/blog/2021/09/06/what-to-do-with-a-homelab/index.html
index 47bb8f9e..9207dd09 100644
--- a/blog/2021/09/06/what-to-do-with-a-homelab/index.html
+++ b/blog/2021/09/06/what-to-do-with-a-homelab/index.html
@@ -1,259 +1,15 @@
-
-
-
-
-
-
-
-
-
-
-
-What To Do With A Homelab • davegallant
-
-
-
-
-
-
-
-
    
-
    
-
    
-
-
    
-
    
-
    
-
    
-
    
-
    What To Do With A Homelab
    
-
    
-
    
-
-Posted on 
-
-
-
-4 mins read
-
-
    
-
    
-
    
-
    A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.
    
-
    Do you want host your own Media server? Ad blocker? Web server?
+What to do with a homelab
    
+
    What to do with a homelab
    2021-09-06 by Dave Gallant (updated: 2024-01-01)
    A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.
    Do you want host your own Media server? Ad blocker? Web server?
 Are you interested in learning more about Linux? Virtualization? Networking? Security?
-Building a homelab can be an entertaining playground to enhance your computer skills.
    
-
    One of the best parts about building a homelab is that it doesn’t have to be a large investment in terms of hardware. One of the simplest ways to build a homelab is out of a refurbished computer.
-Having multiple machines/nodes provides the advantage of increased redundancy, but starting out with a single node is enough to reap many of the benefits of having a homelab.
    
-
    Virtualization#
    
-
    Virtualizing your hardware is an organized way of dividing up your machine’s resources. This can be done with something such as a Virtual Machine or something lighter like a container using LXC or runC.
-Containers have much less overhead in terms of boot time and storage allocation. This Stack Overflow answer sums it up nicely.
    
-
    image
    
-
    A hypervisor such as Proxmox can be installed in minutes on a new machine. It provides a web interface and a straight-forward way to spin up new VMs and containers. Even if your plan is to run mostly docker containers, Proxmox can be a useful abstraction for managing VMs, disks and running scheduled backups. You can even run docker within an LXC container by enabling nested virtualization. You’ll want to ensure that VT-d and VT-x are enabled in the BIOS if you decide to install a hypervisor to manage your virtualization.
    
-
    Services#
    
-
    So what are some useful services to deploy?
    
-
      
-
    • Jellyfin or Plex - basically a self-hosted Netflix that can be used to stream from multiple devices, and the best part is that you manage the content! Unlike Plex, Jellyfin is open source and can be found here.
      • 
-
    • changedetection - is a self-hosted equivalent to something like visualping.io that will notify you when a webpage changes and keep track of the diffs
      • 
-
    • Adguard or Pihole - can block a list of known trackers for all clients on your local network. I’ve used pihole for a long time, but have recently switched to Adguard since the UI is more modern and it has the ability to toggle on/off a pre-defined list of services, including Netflix (this is useful if you have stealthy young kids). Either of these will speed up your internet experience, simply because you won’t need to download all of the extra tracking bloat.
      • 
-
    • Gitea - A lightweight git server. I use this to mirror git repos from GitHub, GitLab, etc.
      • 
-
    • Homer - A customizable landing page for services you need to access (including the ability to quickly search).
      • 
-
    • Uptime Kuma - A fancy tool for monitoring the uptime of services.
      • 
-
    
-
    There is a large number of services you can self-host, including your own applications that you might be developing. awesome-self-hosted provides a curated list of services that might be of interest to you.
    
-
    VPN#
    
-
    You could certainly setup and manage your own VPN by using something like OpenVPN, but there is also something else you can try: tailscale. It is a very quick way to create fully-encrypted connections between clients. With its MagicDNS, your can reference the names of machines like homer rather than using an IP address. By using this mesh-like VPN, you can easily create a secure tunnel to your homelab from anywhere.
    
-
    Monitoring#
    
-
    dashboard
    
-
    Monitoring can become an important aspect of your homelab after it starts to become something that is relied upon. One of the simplest ways to setup some monitoring is using netdata. It can be installed on individual containers, VMs, and also a hypervisor (such as Proxmox). All of the monitoring works out of the box by detecting disks, memory, network interfaces, etc.
    
-
    Additionally, agents installed on different machines can all be centrally viewed in netdata, and it can alert you when some of your infrastructure is down or in a degraded state. Adding additional nodes to netdata is as simple as a 1-line shell command.
    
-
    As mentioned above, Uptime Kuma is a convenient way to track uptime and monitor the availability of your services.
    
-
    uptime-kuma
    
-
    In Summary#
    
-
    Building out a homelab can be a rewarding experience and it doesn’t require buying a rack full of expensive servers to get a significant amount of utility. There are many services that you can run that require very minimal setup, making it possible to get a server up and running in a short period of time, with monitoring, and that can be securely connected to remotely.
    
-
-
    
-
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
     © 2020-2022 Dave Gallant 
    
-
    
-
    
-
    
-
    
-
    
-
-
-
\ No newline at end of file
+Building a homelab can be an entertaining playground to enhance your computer skills.
    One of the best parts about building a homelab is that it doesn’t have to be a large investment in terms of hardware. One of the simplest ways to build a homelab is out of a refurbished computer.
+Having multiple machines/nodes provides the advantage of increased redundancy, but starting out with a single node is enough to reap many of the benefits of having a homelab.
    Virtualization
    Virtualizing your hardware is an organized way of dividing up your machine’s resources. This can be done with something such as a Virtual Machine or something lighter like a container using LXC or runC.
+Containers have much less overhead in terms of boot time and storage allocation. This Stack Overflow answer sums it up nicely.
    image
    A hypervisor such as Proxmox can be installed in minutes on a new machine. It provides a web interface and a straight-forward way to spin up new VMs and containers. Even if your plan is to run mostly docker containers, Proxmox can be a useful abstraction for managing VMs, disks and running scheduled backups. You can even run docker within an LXC container by enabling nested virtualization. You’ll want to ensure that VT-d and VT-x are enabled in the BIOS if you decide to install a hypervisor to manage your virtualization.
    Services
    So what are some useful services to deploy?
    • Jellyfin or Plex - basically a self-hosted Netflix that can be used to stream from multiple devices, and the best part is that you manage the content! Unlike Plex, Jellyfin is open source and can be found here.
    • changedetection - is a self-hosted equivalent to something like visualping.io that will notify you when a webpage changes and keep track of the diffs
    • Adguard or Pihole - can block a list of known trackers for all clients on your local network. I’ve used pihole for a long time, but have recently switched to Adguard since the UI is more modern and it has the ability to toggle on/off a pre-defined list of services, including Netflix (this is useful if you have stealthy young kids). Either of these will speed up your internet experience, simply because you won’t need to download all of the extra tracking bloat.
    • Gitea - A lightweight git server. I use this to mirror git repos from GitHub, GitLab, etc.
    • Homer - A customizable landing page for services you need to access (including the ability to quickly search).
    • Uptime Kuma - A fancy tool for monitoring the uptime of services.
    There is a large number of services you can self-host, including your own applications that you might be developing. awesome-self-hosted provides a curated list of services that might be of interest to you.
    VPN
    You could certainly setup and manage your own VPN by using something like OpenVPN, but there is also something else you can try: tailscale. It is a very quick way to create fully-encrypted connections between clients. With its MagicDNS, your can reference the names of machines like homer rather than using an IP address. By using this mesh-like VPN, you can easily create a secure tunnel to your homelab from anywhere.
    Monitoring
    dashboard
    Monitoring can become an important aspect of your homelab after it starts to become something that is relied upon. One of the simplest ways to setup some monitoring is using netdata. It can be installed on individual containers, VMs, and also a hypervisor (such as Proxmox). All of the monitoring works out of the box by detecting disks, memory, network interfaces, etc.
    Additionally, agents installed on different machines can all be centrally viewed in netdata, and it can alert you when some of your infrastructure is down or in a degraded state. Adding additional nodes to netdata is as simple as a 1-line shell command.
    As mentioned above, Uptime Kuma is a convenient way to track uptime and monitor the availability of your services.
    uptime-kuma
    In Summary
    Building out a homelab can be a rewarding experience and it doesn’t require buying a rack full of expensive servers to get a significant amount of utility. There are many services that you can run that require very minimal setup, making it possible to get a server up and running in a short period of time, with monitoring, and that can be securely connected to remotely.
    
+
    Dave Gallant
    +
    \ No newline at end of file diff --git a/images/netdata.png b/blog/2021/09/06/what-to-do-with-a-homelab/netdata.png similarity index 100% rename from images/netdata.png rename to blog/2021/09/06/what-to-do-with-a-homelab/netdata.png diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_300x0_resize_box_3.png b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_300x0_resize_box_3.png new file mode 100644 index 00000000..c4bd8e24 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_300x0_resize_box_3.png differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_300x0_resize_q75_h2_box_3.webp b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..6cb24f63 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_500x0_resize_box_3.png b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_500x0_resize_box_3.png new file mode 100644 index 00000000..d64e5545 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_500x0_resize_box_3.png differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_500x0_resize_q75_h2_box_3.webp b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..84d6a1a2 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_700x0_resize_box_3.png b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_700x0_resize_box_3.png new file mode 100644 index 00000000..331ad27f Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_700x0_resize_box_3.png differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_700x0_resize_q75_h2_box_3.webp b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..35c55c76 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/netdata_hu78bc2e52079d7a1d3cf726e171d4b7dc_70867_700x0_resize_q75_h2_box_3.webp differ diff --git a/images/proxmox.png b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox.png similarity index 100% rename from images/proxmox.png rename to blog/2021/09/06/what-to-do-with-a-homelab/proxmox.png diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_300x0_resize_box_3.png b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_300x0_resize_box_3.png new file mode 100644 index 00000000..789280b7 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_300x0_resize_box_3.png differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_300x0_resize_q75_h2_box_3.webp b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..3c2deefe Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_500x0_resize_box_3.png b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_500x0_resize_box_3.png new file mode 100644 index 00000000..735594a3 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_500x0_resize_box_3.png differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_500x0_resize_q75_h2_box_3.webp b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..221bcc64 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_700x0_resize_box_3.png b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_700x0_resize_box_3.png new file mode 100644 index 00000000..4e6011ee Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_700x0_resize_box_3.png differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_700x0_resize_q75_h2_box_3.webp b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..b524a6ae Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/proxmox_hu301314f34acbd231910aa3e526d496c0_160705_700x0_resize_q75_h2_box_3.webp differ diff --git a/images/uptime-kuma.png b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma.png similarity index 100% rename from images/uptime-kuma.png rename to blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma.png diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_300x0_resize_box_3.png b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_300x0_resize_box_3.png new file mode 100644 index 00000000..856fda81 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_300x0_resize_box_3.png differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_300x0_resize_q75_h2_box_3.webp b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..367b2845 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_500x0_resize_box_3.png b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_500x0_resize_box_3.png new file mode 100644 index 00000000..bdf1fdf9 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_500x0_resize_box_3.png differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_500x0_resize_q75_h2_box_3.webp b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..b6fc8f43 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_700x0_resize_box_3.png b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_700x0_resize_box_3.png new file mode 100644 index 00000000..6ce19142 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_700x0_resize_box_3.png differ diff --git a/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_700x0_resize_q75_h2_box_3.webp b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..a0f8a0c9 Binary files /dev/null and b/blog/2021/09/06/what-to-do-with-a-homelab/uptime-kuma_hue98ab284e327523b28029e370b7b9d34_120263_700x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html b/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html index c655eede..c9551173 100644 --- a/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html +++ b/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html @@ -1,362 +1,119 @@ - - - - - - - - - - - -Why I Threw Out My Dotfiles • davegallant - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -
    -

    Why I Threw Out My Dotfiles

    -
    -
    - -Posted on - - - -5 mins read - -
    -
    -
    -

    Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.

    -

    What is home-manager?#

    -

    Before understanding home-manager, it is worth briefly discussing what nix is. nix is a package manager that originally spawned from a PhD thesis. Unlike other package managers, it uses symbolic links to keep track of the currently installed packages, keeping around the old ones in case you may want to rollback.

    -

    For example, I have used nix to install the package bind which includes dig. You can see that it is available on multiple platforms. The absolute path of dig can be found by running:

    -
    $ ls -lh $(which dig)
-lrwxr-xr-x 73 root 31 Dec  1969 /run/current-system/sw/bin/dig -> /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig
-

    Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This nix pill does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.

    -

    Part of the nix ecosystem includes nixpkgs. Many popular tools can be found already packaged in this repository. As you can see with these stats, there is a large number of existing packages that are being maintained by the community. Contributing a new package is easy, and anyone can do it!

    -

    home-manager leverages the nix package manager (and nixpkgs), as well the nix language so that you can declaratively define your system configuration. I store my nix-config in git so that I can keep track of my packages and configurations, and retain a clean and informative git commit history so that I can understand what changed and why.

    -

    Setting up home-manager#

    -
    -

    ⚠️ If you run this on your main machine, make sure you backup your configuration files first. home-manager is pretty good about not overwriting existing configuration, but it is better to have a backup! Alternatively, you could test this out on a VM or cloud instance.

    -
    -

    The first thing you should do is install nix:

    -
    curl -L https://nixos.org/nix/install | sh
-

    It’s generally not a good idea to curl and execute files from the internet (without verifying integrity), so you might want to download the install script first and take a look before executing it!

    -

    Open up a new shell in your terminal and running nix should work. If not, run . ~/.nix-profile/etc/profile.d/nix.sh

    -

    Now, install home-manager:

    -
    nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager
-nix-channel --update
-nix-shell '<home-manager>' -A install
-

    You should see a wave of /nix/store/* paths being displayed on your screen.

    -

    Now, to start off with a basic configuration, open up ~/.config/nixpkgs/home.nix in the editor of your choice and paste this in (you will want to change userName and homeDirectory):

    -
    { config, pkgs, ... }:
+Why I threw out my dotfiles
    
+
    Why I threw out my dotfiles
    2021-09-08 (updated: 2024-01-01)
    nixdotfileshome‑manager
    Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.
    What is home-manager?
    Before understanding home-manager, it is worth briefly discussing what nix is. nix is a package manager that originally spawned from a PhD thesis. Unlike other package managers, it uses symbolic links to keep track of the currently installed packages, keeping around the old ones in case you may want to rollback.
    For example, I have used nix to install the package bind which includes dig. You can see that it is available on multiple platforms. The absolute path of dig can be found by running:
    $ ls -lh $(which dig)
+lrwxr-xr-x 73 root 31 Dec  1969 /run/current-system/sw/bin/dig -> /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig
+
    Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This nix pill does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.
    Part of the nix ecosystem includes nixpkgs. Many popular tools can be found already packaged in this repository. As you can see with these stats, there is a large number of existing packages that are being maintained by the community. Contributing a new package is easy, and anyone can do it!
    home-manager leverages the nix package manager (and nixpkgs), as well the nix language so that you can declaratively define your system configuration. I store my nix-config in git so that I can keep track of my packages and configurations, and retain a clean and informative git commit history so that I can understand what changed and why.
    Setting up home-manager
    ⚠️ If you run this on your main machine, make sure you backup your configuration files first. home-manager is pretty good about not overwriting existing configuration, but it is better to have a backup! Alternatively, you could test this out on a VM or cloud instance.
    The first thing you should do is install nix:
    curl -L https://nixos.org/nix/install | sh
+
    It’s generally not a good idea to curl and execute files from the internet (without verifying integrity), so you might want to download the install script first and take a look before executing it!
    Open up a new shell in your terminal and running nix should work. If not, run . ~/.nix-profile/etc/profile.d/nix.sh
    Now, install home-manager:
    nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager
+nix-channel --update
+nix-shell '<home-manager>' -A install
+
    You should see a wave of /nix/store/* paths being displayed on your screen.
    Now, to start off with a basic configuration, open up ~/.config/nixpkgs/home.nix in the editor of your choice and paste this in (you will want to change userName and homeDirectory):
    { config, pkgs, ... }:
+
+{
+  programs.home-manager.enable = true;
+
+  home = {
+    username = "dave";
+    homeDirectory = "/home/dave";
+    stateVersion = "21.11";
+    packages = with pkgs; [
+      bind
+      exa
+      fd
+      ripgrep
+    ];
+  };
+
+  programs = {
+
+    git = {
+      enable = true;
+      aliases = {
+        aa = "add -A .";
+        br = "branch";
+        c = "commit -S";
+        ca = "commit -S --amend";
+        cb = "checkout -b";
+        co = "checkout";
+        d = "diff";
+        l =
+          "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
+      };
+
+      delta = {
+        enable = true;
+
+        options = {
+          features = "line-numbers decorations";
+          whitespace-error-style = "22 reverse";
+          plus-style = "green bold ul '#198214'";
+          decorations = {
+            commit-decoration-style = "bold yellow box ul";
+            file-style = "bold yellow ul";
+            file-decoration-style = "none";
+          };
+        };
+      };
+
+      extraConfig = {
+        push = { default = "current"; };
+        pull = { rebase = true; };
+      };
+
+    };
+
+    starship = {
+      enable = true;
+      enableZshIntegration = true;
+
+      settings = {
+        add_newline = false;
+        scan_timeout = 10;
+      };
+    };
+
+    zsh = {
+      enable = true;
+      enableAutosuggestions = true;
+      enableSyntaxHighlighting = true;
+      history.size = 1000000;
+
+      localVariables = {
+        CASE_SENSITIVE = "true";
+        DISABLE_UNTRACKED_FILES_DIRTY = "true";
+        RPROMPT = ""; # override because macOS defaults to filepath
+        ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#838383,underline";
+        ZSH_DISABLE_COMPFIX = "true";
+      };
+
+      initExtra = ''
+        export PAGER=less
+      '';
+
+      shellAliases = {
+        ".." = "cd ..";
+        grep = "rg --smart-case";
+        ls = "exa -la --git";
+      };
+
+      "oh-my-zsh" = {
+        enable = true;
+        plugins = [
+          "gitfast"
+          "last-working-dir"
+        ];
+      };
+
+    };
+
+  };
+}
+
    Save the file and run:
    home-manager switch
+
    You should see another wave of /nix/store/* paths. The new configuration should now be active.
    If you run zsh, you should see that you have starship and access to several other utils such as rg, fd, and exa.
    This basic configuration above is also defining your ~/.config/git/config and .zshrc. If you already have either of these files, home-manager will complain about them already existing.
    If you run cat ~/.zshrc, you will see the way these configuration files are generated.
    You can extend this configuration for programs such as (neo)vim, emacs, alacritty, ssh, etc. To see other programs, take a look at home-manager/modules/programs.
    Gateway To Nix
    In ways, home-manager can be seen as a gateway to the nix ecosystem. If you have enjoyed the way you can declare user configuration with home-manager, you may be interested in expanding your configuration to include other system dependencies and configuration. For example, in Linux you can define your entire system’s configuration (including the kernel, kernel modules, networking, filesystems, etc) in nix. For macOS, there is nix-darwin that includes nix modules for configuring launchd, dock, and other preferences and services. You may also want to check out Nix Flakes: a more recent feature that allows you declare dependencies, and have them automatically pinned and hashed in flake.lock, similar to that of many modern package managers.
    Wrapping up
    The title of this post is slightly misleading, since it’s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I’d say so.
    
+
    Dave Gallant
    
+
    
\ No newline at end of file
diff --git a/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html b/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
index 4dd7ea71..a406ca5e 100644
--- a/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
+++ b/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
@@ -1,229 +1,14 @@
-
-
-
-
-
-
-
-
-
-
-
-Automatically Rotating AWS Access Keys • davegallant
-
-
-
-
-
-
-
-
    
-
    
-
    
-
-
    
-
    
-
    
-
    
-
    
-
    Automatically Rotating AWS Access Keys
    
-
    
-
    
-
-Posted on 
-
-
-
-One min read
-
-
    
-
    
-
    
-
    Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
    
-
    In the longer term, migrating my local workflows to aws-vault seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where AWS suggests). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS’s secure keystore. There is even a rotate command included.
    
-
-
    
-
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
     © 2020-2022 Dave Gallant 
    
-
    
-
    
-
    
-
    
-
    
-
-
-
\ No newline at end of file
+Automatically rotating AWS access keys
    
+
    Automatically rotating AWS access keys
    2021-09-17 (updated: 2024-01-01)
    awspythonsecurityaws‑vault
    Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.
    In the longer term, migrating my local workflows to aws-vault seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where AWS suggests). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS’s secure keystore. There is even a rotate command included.
    
+
    Dave Gallant
    
+
    
\ No newline at end of file
diff --git a/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html b/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html
index 843a1184..d3864aa4 100644
--- a/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html
+++ b/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html
@@ -1,307 +1,52 @@
-
-
-
-
-
-
-
-
-
-
-
-Replacing docker with podman on macOS (and Linux) • davegallant
-
-
-
-
-
-
-
-
    
-
    
-
    
-
-
    
-
    
-
    
-
    
-
    
-
    Replacing docker with podman on macOS (and Linux)
    
-
    
-
    
-
-Posted on 
-
-
-
-5 mins read
-
-
    
-
    
-
    
-
    There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:
    
-
-
-
    Docker has been one of the larger influencers in the container world, helping to standardize the OCI Image Format Specification. For many developers, containers have become synonymous with terms like docker and Dockerfile (a file containing build instructions for a container image). Docker has certainly made it very convenient to build and run containers, but it is not the only solution for doing so.
    
-
    This post briefly describes my experience swapping out docker for podman on macOS.
    
-
    What is a container?#
    
-
    A container is a standard unit of software that packages up all application dependencies within it. Multiple containers can be run on a host machine all sharing the same kernel as the host. Linux namespaces help provide an isolated view of the system, including mnt, pid, net, ipc, uid, cgroup, and time. There is an in-depth video that discusses what containers are made from, and near the end there is a demonstration on how to build your own containers from the command line.
    
-
    By easily allowing the necessary dependencies to live alongside the application code, containers make the “works on my machine” problem less of a problem.
    
-
    Benefits of Podman#
    
-
    One of the most interesting features of Podman is that it is daemonless. There isn’t a process running on your system managing your containers. In contrast, the docker client is reliant upon the docker daemon (often running as root) to be able to build and run containers.
    
-
    Podman is rootless by default. It is now possible to run the docker daemon rootless as well, but it’s still not the default behaviour.
    
-
    I’ve also observed that so far my 2019 16" Macbook Pro hasn’t sounded like a jet engine, although I haven’t performed any disk-intensive operations yet.
    
-
    Installing Podman#
    
-
    Running Podman on macOS is more involved than on Linux, because the podman-machine must run Linux inside of a virtual machine. Fortunately, the installation is made simple with brew (read this if you’re installing Podman on Linux):
    
-
    brew install podman
-
    The podman-machine must be started:
    
-
    # This is not necessary on Linux
-podman machine init
-podman machine start
-
    Running a container#
    
-
    Let’s try to pull an image:
    
-
    $ podman pull alpine
-Trying to pull docker.io/library/alpine:latest...
-Getting image source signatures
-Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
-Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
-Writing manifest to image destination
-Storing signatures
-14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
-
    
-
    If you’re having an issue pulling images, you may need to remove ~/.docker/config.json or remove the set of auths in the configuration as mentioned here.
    
-
    
-
    and then run and exec into the container:
    
-
    $ podman run --rm -ti alpine
-Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network "podman": unexpected end of JSON input
-
    What does this error mean? A bit of searching lead to this github issue.
    
-
    Until the fix is released, a workaround is to just specify a port (even when it’s not needed):
    
-
    podman run -p 4242 --rm -ti alpine
-
    If you’re reading this from the future, there is a good chance specifying a port won’t be needed.
    
-
    Another example of running a container with Podman can be found in the Jellyfin Documentation.
    
-
    Aliasing docker with podman#
    
-
    Force of habit (or other scripts) may have you calling docker. To work around this:
    
-
    alias docker=podman
-
    podman-compose#
    
-
    You may be wondering: what about docker-compose? Well, there claims to be a drop-in replacement for it: podman-compose.
    
-
    pip3 install --user podman-compose
-
    Now let’s create a docker-compose.yml file to test:
    
-
    cat << EOF >> docker-compose.yml
-version: '2'
-services:
-  hello_world:
-    image: ubuntu
-    command: [/bin/echo, 'Hello world']
-EOF
-
    Now run:
    
-
    $ podman-compose up
-podman pod create --name=davegallant.github.io --share net
-40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
-0
-podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
-Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
-Trying to pull docker.io/library/ubuntu:latest...
-Getting image source signatures
-Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
-Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
-Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
-Writing manifest to image destination
-Storing signatures
-1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
-0
-podman start -a davegallant.github.io_hello_world_1
-Hello world
-
    This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.
    
-
    Summary#
    
-
    Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.
    
-
    One caveat to mention is that there isn’t an official graphical user interface for Podman, but there is an open issue considering one. If you rely heavily on Docker Desktop’s UI, you may not be as interested in using podman yet.
    
-
    
-
    Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using sshfs was shared here.
    
-
    
-
    I had been experimenting with Podman on Linux before writing this, but after listening to this podcast episode, I was inspired to give Podman a try on macOS.
    
-
-
    
-
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
     © 2020-2022 Dave Gallant 
    
-
    
-
    
-
    
-
    
-
    
-
-
-
\ No newline at end of file
+Replacing docker with podman on macOS (and Linux)
    
+
    Replacing docker with podman on macOS (and Linux)
    2021-10-11 (updated: 2024-01-02)
    dockerpodmancontainers
    There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:
    Docker has been one of the larger influencers in the container world, helping to standardize the OCI Image Format Specification. For many developers, containers have become synonymous with terms like docker and Dockerfile (a file containing build instructions for a container image). Docker has certainly made it very convenient to build and run containers, but it is not the only solution for doing so.
    This post briefly describes my experience swapping out docker for podman on macOS.
    What is a container?
    A container is a standard unit of software that packages up all application dependencies within it. Multiple containers can be run on a host machine all sharing the same kernel as the host. Linux namespaces help provide an isolated view of the system, including mnt, pid, net, ipc, uid, cgroup, and time. There is an in-depth video that discusses what containers are made from, and near the end there is a demonstration on how to build your own containers from the command line.
    By easily allowing the necessary dependencies to live alongside the application code, containers make the “works on my machine” problem less of a problem.
    Benefits of Podman
    One of the most interesting features of Podman is that it is daemonless. There isn’t a process running on your system managing your containers. In contrast, the docker client is reliant upon the docker daemon (often running as root) to be able to build and run containers.
    Podman is rootless by default. It is now possible to run the docker daemon rootless as well, but it’s still not the default behaviour.
    I’ve also observed that so far my 2019 16" Macbook Pro hasn’t sounded like a jet engine, although I haven’t performed any disk-intensive operations yet.
    Installing Podman
    Running Podman on macOS is more involved than on Linux, because the podman-machine must run Linux inside of a virtual machine. Fortunately, the installation is made simple with brew (read this if you’re installing Podman on Linux):
    brew install podman
+
    The podman-machine must be started:
    # This is not necessary on Linux
+podman machine init
+podman machine start
+
    Running a container
    Let’s try to pull an image:
    $ podman pull alpine
+Trying to pull docker.io/library/alpine:latest...
+Getting image source signatures
+Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
+Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
+Writing manifest to image destination
+Storing signatures
+14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
+
    If you’re having an issue pulling images, you may need to remove ~/.docker/config.json or remove the set of auths in the configuration as mentioned here.
    and then run and exec into the container:
    $ podman run --rm -ti alpine
+Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network "podman": unexpected end of JSON input
+
    What does this error mean? A bit of searching lead to this github issue.
    Until the fix is released, a workaround is to just specify a port (even when it’s not needed):
    podman run -p 4242 --rm -ti alpine
+
    If you’re reading this from the future, there is a good chance specifying a port won’t be needed.
    Another example of running a container with Podman can be found in the Jellyfin Documentation.
    Aliasing docker with podman
    Force of habit (or other scripts) may have you calling docker. To work around this:
    alias docker=podman
+
    podman-compose
    You may be wondering: what about docker-compose? Well, there claims to be a drop-in replacement for it: podman-compose.
    pip3 install --user podman-compose
+
    Now let’s create a docker-compose.yml file to test:
    cat << EOF >> docker-compose.yml
+version: '2'
+services:
+  hello_world:
+    image: ubuntu
+    command: [/bin/echo, 'Hello world']
+EOF
+
    Now run:
    $ podman-compose up
+podman pod create --name=davegallant.github.io --share net
+40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
+0
+podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
+Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
+Trying to pull docker.io/library/ubuntu:latest...
+Getting image source signatures
+Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
+Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
+Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
+Writing manifest to image destination
+Storing signatures
+1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
+0
+podman start -a davegallant.github.io_hello_world_1
+Hello world
+
    This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.
    Summary
    Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.
    One caveat to mention is that there isn’t an official graphical user interface for Podman, but there is an open issue considering one. If you rely heavily on Docker Desktop’s UI, you may not be as interested in using podman yet.
    Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using sshfs was shared here.
    I had been experimenting with Podman on Linux before writing this, but after listening to this podcast episode, I was inspired to give Podman a try on macOS.
    
+
    Dave Gallant
    
+
    
\ No newline at end of file
diff --git a/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html b/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html
index 741c864b..2765909e 100644
--- a/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html
+++ b/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html
@@ -1,306 +1,53 @@
-
-
-
-
-
-
-
-
-
-
-
-Running K3s in LXC on Proxmox • davegallant
-
-
-
-
-
-
-
-
    
-
    
-
    
-
-
    
-
    
-
    
-
    
-
    
-
    Running K3s in LXC on Proxmox
    
-
    
-
    
-
-Posted on 
-
-
-
-4 mins read
-
-
    
-
    
-
    
-
    It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. LXC containers also provide an efficient way to use a machine’s resources.
    
-
    What is K3s?#
    
-
    K3s is a Kubernetes distro that advertises itself as a lightweight binary with a much smaller memory-footprint than traditional k8s. K3s is not a fork of k8s as it seeks to remain as close to upstream as it possibly can.
    
-
    Configure Proxmox#
    
-
    This gist contains snippets and discussion on how to deploy K3s in LXC on Proxmox. It mentions that bridge-nf-call-iptables should be loaded, but I did not understand the benefit of doing this.
    
-
    Disable swap#
    
-
    There is an issue on Kubernetes regarding swap here. There claims to be support for swap in 1.22, but for now let’s disable it:
    
-
    sysctl vm.swappiness=0
-swapoff -a
-
    It might be worth experimenting with swap enabled in the future to see how that might affect performance.
    
-
    Enable IP Forwarding#
    
-
    To avoid IP Forwarding issues with Traefik, run the following on the host:
    
-
    sudo sysctl net.ipv4.ip_forward=1
-sudo sysctl net.ipv6.conf.all.forwarding=1
-sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
-sudo sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf
-
    Create LXC container#
    
-
    Create an LXC container in the Proxmox interface as you normally would. Remember to:
    
-
      
-
    • Uncheck unprivileged container
      • 
-
    • Use a LXC template (I chose a debian 11 template downloaded with pveam)
      • 
-
    • In memory, set swap to 0
      • 
-
    • Create and start the container
      • 
-
    
-
    Modify container config#
    
-
    Now back on the host run pct list to determine what VMID it was given.
    
-
    Open /etc/pve/lxc/$VMID.conf and append:
    
-
    lxc.apparmor.profile: unconfined
+Running K3s in LXC on Proxmox
    
+
    Running K3s in LXC on Proxmox
    2021-11-14 (updated: 2024-01-01)
    k3sproxmoxlxcself‑hosted
    It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. LXC containers also provide an efficient way to use a machine’s resources.
    What is K3s?
    K3s is a Kubernetes distro that advertises itself as a lightweight binary with a much smaller memory-footprint than traditional k8s. K3s is not a fork of k8s as it seeks to remain as close to upstream as it possibly can.
    Configure Proxmox
    This gist contains snippets and discussion on how to deploy K3s in LXC on Proxmox. It mentions that bridge-nf-call-iptables should be loaded, but I did not understand the benefit of doing this.
    Disable swap
    There is an issue on Kubernetes regarding swap here. There claims to be support for swap in 1.22, but for now let’s disable it:
    sudo sysctl vm.swappiness=0
+sudo swapoff -a
+
    It might be worth experimenting with swap enabled in the future to see how that might affect performance.
    Enable IP Forwarding
    To avoid IP Forwarding issues with Traefik, run the following on the host:
    sudo sysctl net.ipv4.ip_forward=1
+sudo sysctl net.ipv6.conf.all.forwarding=1
+sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
+sudo sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf
+
    Create LXC container
    Create an LXC container in the Proxmox interface as you normally would. Remember to:
    • Uncheck unprivileged container
    • Use a LXC template (I chose a debian 11 template downloaded with pveam)
    • In memory, set swap to 0
    • Create and start the container
    Modify container config
    Now back on the host run pct list to determine what VMID it was given.
    Open /etc/pve/lxc/$VMID.conf and append:
    lxc.apparmor.profile: unconfined
 lxc.cap.drop:
-lxc.mount.auto: "proc:rw sys:rw"
+lxc.mount.auto: "proc:rw sys:rw"
 lxc.cgroup2.devices.allow: c 10:200 rwm
-
    All of the above configurations are described in the manpages.
-Notice that cgroup2 is used since Proxmox VE 7.0 has switched to a pure cgroupv2 environment.
    
-
    Thankfully cgroup v2 support has been supported in k3s with these contributions:
    
-
-
    Enable shared host mounts#
    
-
    From within the container, run:
    
-
    echo '#!/bin/sh -e
-ln -s /dev/console /dev/kmsg
-mount --make-rshared /' > /etc/rc.local
-chmod +x /etc/rc.local
-reboot
-
    Install K3s#
    
-
    One of the simplest ways to install K3s on a remote host is to use k3sup.
+
    All of the above configurations are described in the manpages.
+Notice that cgroup2 is used since Proxmox VE 7.0 has switched to a pure cgroupv2 environment.
    Thankfully cgroup v2 support has been supported in k3s with these contributions:
    Enable shared host mounts
    From within the container, run:
    echo '#!/bin/sh -e
+ln -s /dev/console /dev/kmsg
+mount --make-rshared /' > /etc/rc.local
+chmod +x /etc/rc.local
+reboot
+
    Install K3s
    One of the simplest ways to install K3s on a remote host is to use k3sup.
 Ensure that you supply a valid CONTAINER_IP and choose the k3s-version you prefer.
-As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1.22 for cgroup v2 support. See the published releases here.
    
-
    ssh-copy-id root@$CONTAINER_IP
-k3sup install --ip $CONTAINER_IP --user root --k3s-version v1.22.3+k3s1
-
    If all goes well, you should see a path to the kubeconfig generated. I moved this into ~/.kube/config so that kubectl would read this by default.
    
-
    Wrapping up#
    
-
    Installing K3s in LXC on Proxmox works with a few tweaks to the default configuration. I later followed the Tekton’s Getting Started guide and was able to deploy it in a few commands.
    
-
    $ kubectl get all --namespace tekton-pipelines
-NAME                                               READY   STATUS    RESTARTS      AGE
-pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8      1/1     Running   1 (50m ago)   12h
-pod/tekton-dashboard-6bf858f977-qt4hr              1/1     Running   1 (50m ago)   11h
-pod/tekton-pipelines-controller-69fd7498d8-f57m4   1/1     Running   1 (50m ago)   12h
-
-NAME                                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                              AGE
-service/tekton-pipelines-controller   ClusterIP   10.43.44.245    <none>        9090/TCP,8080/TCP                    12h
-service/tekton-pipelines-webhook      ClusterIP   10.43.183.242   <none>        9090/TCP,8008/TCP,443/TCP,8080/TCP   12h
-service/tekton-dashboard              ClusterIP   10.43.87.97     <none>        9097/TCP                             11h
-
-NAME                                          READY   UP-TO-DATE   AVAILABLE   AGE
-deployment.apps/tekton-pipelines-webhook      1/1     1            1           12h
-deployment.apps/tekton-dashboard              1/1     1            1           11h
-deployment.apps/tekton-pipelines-controller   1/1     1            1           12h
-
-NAME                                                     DESIRED   CURRENT   READY   AGE
-replicaset.apps/tekton-pipelines-webhook-8566ff9b6b      1         1         1       12h
-replicaset.apps/tekton-dashboard-6bf858f977              1         1         1       11h
-replicaset.apps/tekton-pipelines-controller-69fd7498d8   1         1         1       12h
-
-NAME                                                           REFERENCE                             TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
-horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook   Deployment/tekton-pipelines-webhook   9%/100%   1         5         1          12h
-
    I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.
    
-
    If I’m feeling adventurous, I might experiment with K3s rootless.
    
-
-
    
-
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
    
-
     © 2020-2022 Dave Gallant 
    
-
    
-
    
-
    
-
    
-
    
-
-
-
\ No newline at end of file
+As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1.22 for cgroup v2 support. See the published releases here.
    ssh-copy-id root@$CONTAINER_IP
+k3sup install --ip $CONTAINER_IP --user root --k3s-version v1.22.3+k3s1
+
    If all goes well, you should see a path to the kubeconfig generated. I moved this into ~/.kube/config so that kubectl would read this by default.
    Wrapping up
    Installing K3s in LXC on Proxmox works with a few tweaks to the default configuration. I later followed the Tekton’s Getting Started guide and was able to deploy it in a few commands.
    $ kubectl get all --namespace tekton-pipelines
+NAME                                               READY   STATUS    RESTARTS      AGE
+pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8      1/1     Running   1 (50m ago)   12h
+pod/tekton-dashboard-6bf858f977-qt4hr              1/1     Running   1 (50m ago)   11h
+pod/tekton-pipelines-controller-69fd7498d8-f57m4   1/1     Running   1 (50m ago)   12h
+
+NAME                                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                              AGE
+service/tekton-pipelines-controller   ClusterIP   10.43.44.245    <none>        9090/TCP,8080/TCP                    12h
+service/tekton-pipelines-webhook      ClusterIP   10.43.183.242   <none>        9090/TCP,8008/TCP,443/TCP,8080/TCP   12h
+service/tekton-dashboard              ClusterIP   10.43.87.97     <none>        9097/TCP                             11h
+
+NAME                                          READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/tekton-pipelines-webhook      1/1     1            1           12h
+deployment.apps/tekton-dashboard              1/1     1            1           11h
+deployment.apps/tekton-pipelines-controller   1/1     1            1           12h
+
+NAME                                                     DESIRED   CURRENT   READY   AGE
+replicaset.apps/tekton-pipelines-webhook-8566ff9b6b      1         1         1       12h
+replicaset.apps/tekton-dashboard-6bf858f977              1         1         1       11h
+replicaset.apps/tekton-pipelines-controller-69fd7498d8   1         1         1       12h
+
+NAME                                                           REFERENCE                             TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
+horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook   Deployment/tekton-pipelines-webhook   9%/100%   1         5         1          12h
+
    I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.
    If I’m feeling adventurous, I might experiment with K3s rootless.
    +
    Dave Gallant
    +
    \ No newline at end of file diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/index.html b/blog/2022/03/13/backing-up-gmail-with-synology/index.html index a08e631c..2931e3ea 100644 --- a/blog/2022/03/13/backing-up-gmail-with-synology/index.html +++ b/blog/2022/03/13/backing-up-gmail-with-synology/index.html @@ -1,247 +1,12 @@ - - - - - - - - - - - -Backing Up Gmail With Synology • davegallant - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -
    -

    Backing Up Gmail With Synology

    -
    -
    - -Posted on - - - -3 mins read - -
    -
    -
    -

    I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.

    -

    The thought of completely de-googling has crossed my mind on occassion. Convenience, coupled with my admiration for Google engineering, has prevented me from doing so thus far. Though, I may end up doing so at some point in the future.

    -

    Synology MailPlus Server#

    -

    Synology products are reasonably priced for what you get (essentially a cloud-in-a-box) and there is very little maintenance required. I’ve recently been in interested in syncing and snapshotting my personal data. I’ve setup Synology’s Cloud Sync and keep copies of most of my cloud data.

    -

    I’ve used tools such as gmvault with success in the past. Setting this up on a cron seems like a viable option. However, I don’t really need a lot of the features it offers and do not plan to restore this data to another account.

    -

    Synology’s MailPlus seems to be a good candidate for backing up this data. By enabling POP3 fetching, it’s possible to fetch all existing emails, as well as periodically fetch all new emails. If a disaster ever did occur, having these emails would be beneficial, as they are an extension of my memory bank.

    -

    Installing MailPlus can be done from the Package Center:

    -

    image

    -

    Next, I went into Synology MailPlus Server and on the left, clicked on Account and ensured my user was marked as active.

    -

    Afterwords, I followed these instructions in order to start backing up emails.

    -

    When entering the POP3 credentials, I created an app password solely for authenticating to POP3 from the Synology device. This is required because I have 2-Step verification enabled on my account. There doesn’t seem to be a more secure way to access POP3 at the moment. It does seem like app password access is limited in scope (when MFA is enabled). These app passwords can’t be used to login to the main Google account.

    -

    I made sure to set the Fetch Range to All in order to get all emails from the beginning of time.

    -

    After this, mail started coming in.

    -

    image

    -

    After fetching 19 years worth of emails, I tried searching for some emails. It only took a few seconds to search through ~50K emails, which is a relief if I ever did have to search for something important.

    -

    Securing Synology#

    -

    Since Synology devices are not hermetically sealed, it’s best to secure them by enabling MFA to help prevent being the victim of ransomware. It is also wise to backup your system settings and volumes to the cloud using a tool such as Hyper Backup. -Encrypting your shared volumes should also be done, since unfortunately DSM does not support full disk encryption.

    -

    Summary#

    -

    Having backups of various forms of cloud data is a good investment, especially in times of war. I certainly feel more at ease for having backed up my emails.

    - -
    - -
    -
    -
    -
    -
    -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +Backing up gmail with Synology
    +

    Backing up gmail with Synology

    2022-03-13 (updated: 2024-01-01)
    degooglesynologygmailbackupransomware

    I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.

    The thought of completely de-googling has crossed my mind on occassion. Convenience, coupled with my admiration for Google engineering, has prevented me from doing so thus far. Though, I may end up doing so at some point in the future.

    Synology MailPlus Server

    Synology products are reasonably priced for what you get (essentially a cloud-in-a-box) and there is very little maintenance required. I’ve recently been in interested in syncing and snapshotting my personal data. I’ve setup Synology’s Cloud Sync and keep copies of most of my cloud data.

    I’ve used tools such as gmvault with success in the past. Setting this up on a cron seems like a viable option. However, I don’t really need a lot of the features it offers and do not plan to restore this data to another account.

    Synology’s MailPlus seems to be a good candidate for backing up this data. By enabling POP3 fetching, it’s possible to fetch all existing emails, as well as periodically fetch all new emails. If a disaster ever did occur, having these emails would be beneficial, as they are an extension of my memory bank.

    Installing MailPlus can be done from the Package Center:

    image

    Next, I went into Synology MailPlus Server and on the left, clicked on Account and ensured my user was marked as active.

    Afterwords, I followed these instructions in order to start backing up emails.

    When entering the POP3 credentials, I created an app password solely for authenticating to POP3 from the Synology device. This is required because I have 2-Step verification enabled on my account. There doesn’t seem to be a more secure way to access POP3 at the moment. It does seem like app password access is limited in scope (when MFA is enabled). These app passwords can’t be used to login to the main Google account.

    I made sure to set the Fetch Range to All in order to get all emails from the beginning of time.

    After this, mail started coming in.

    image

    After fetching 19 years worth of emails, I tried searching for some emails. It only took a few seconds to search through ~50K emails, which is a relief if I ever did have to search for something important.

    Securing Synology

    Since Synology devices are not hermetically sealed, it’s best to secure them by enabling MFA to help prevent being the victim of ransomware. It is also wise to backup your system settings and volumes to the cloud using a tool such as Hyper Backup. +Encrypting your shared volumes should also be done, since unfortunately DSM does not support full disk encryption.

    Summary

    Having backups of various forms of cloud data is a good investment, especially in times of war. I certainly feel more at ease for having backed up my emails.

    +
    Dave Gallant
    +
    \ No newline at end of file diff --git a/images/backing-up-gmail-with-synology/install-mailplus-server.png b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server.png similarity index 100% rename from images/backing-up-gmail-with-synology/install-mailplus-server.png rename to blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server.png diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_300x0_resize_box_3.png b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_300x0_resize_box_3.png new file mode 100644 index 00000000..5373c34b Binary files /dev/null and b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_300x0_resize_box_3.png differ diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_300x0_resize_q75_h2_box_3.webp b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..5ea140f1 Binary files /dev/null and b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_500x0_resize_box_3.png b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_500x0_resize_box_3.png new file mode 100644 index 00000000..05ee5597 Binary files /dev/null and b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_500x0_resize_box_3.png differ diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_500x0_resize_q75_h2_box_3.webp b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..f39a5534 Binary files /dev/null and b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_700x0_resize_box_3.png b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_700x0_resize_box_3.png new file mode 100644 index 00000000..1c62a854 Binary files /dev/null and b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_700x0_resize_box_3.png differ diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_700x0_resize_q75_h2_box_3.webp b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..c66a5f9f Binary files /dev/null and b/blog/2022/03/13/backing-up-gmail-with-synology/install-mailplus-server_hu44978467cf355ace52c86216e9adcb07_30909_700x0_resize_q75_h2_box_3.webp differ diff --git a/images/backing-up-gmail-with-synology/mail-plus-incoming-mail.png b/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail.png similarity index 100% rename from images/backing-up-gmail-with-synology/mail-plus-incoming-mail.png rename to blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail.png diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_300x0_resize_box_3.png b/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_300x0_resize_box_3.png new file mode 100644 index 00000000..03ab2b69 Binary files /dev/null and b/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_300x0_resize_box_3.png differ diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_300x0_resize_q75_h2_box_3.webp b/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..4ce13bd4 Binary files /dev/null and b/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_433x0_resize_box_3.png b/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_433x0_resize_box_3.png new file mode 100644 index 00000000..09b76aca Binary files /dev/null and b/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_433x0_resize_box_3.png differ diff --git a/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_433x0_resize_q75_h2_box_3.webp b/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_433x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..538df32a Binary files /dev/null and b/blog/2022/03/13/backing-up-gmail-with-synology/mail-plus-incoming-mail_hu9ddd0265c16cd611df4e36648057a118_53092_433x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html b/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html index e4257bd7..610faa1d 100644 --- a/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html +++ b/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html @@ -1,265 +1,12 @@ - - - - - - - - - - - -Virtualizing My Router With pfSense • davegallant - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -
    -

    Virtualizing My Router With pfSense

    -
    -
    - -Posted on - - - -5 mins read - -
    -
    -
    -

    The problem#

    -

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    -

    pfSense#

    -

    I figured this would be a good opportunity to try pfSense. I’ve heard nothing but positive things about pfSense and the fact it’s been around since 2004, based on FreeBSD, and written in PHP gave me the impression that it would be relatively stable (and I’d expect nothing less because it has an important job to do!). pfSense can be run on many different machines, and there are even some officially supported appliances. Since I already have a machine running Proxmox, why not just run it in a VM? It’d allow for automatic snapshotting of the machine. There is a good video on this by Techno Tim. Tim has a lot of good videos, and this one is about virtualizing pfSense.

    -

    Router on a stick#

    -

    I had initially made the assumption that in order to build a router, you would need more than a single NIC (or a dual-port NIC) in order to support both WAN and LAN. This is simply not the case, because VLANs are awesome! In order to create a router, all you need is a single port NIC and a network switch that supports VLANs (also marketed as a managed switch). I picked up the Netgear GS308E because it has both a sufficient amount of ports for my needs, and it supports VLANs. It also has a nice sturdy metal frame which was a pleasant surprise.

    -

    After setting up this Netgear switch, it shoud be possible to access the web interface at http://192.168.0.239. It may be at a different address. To find the address, try checking your DHCP leases in your router interface (if you plugged it into an existing router). I realized I was unable to access this interface because I was on a different subnet, so I set my machine’s address to 192.168.0.22 in order to temporarily setup this switch. I assigned a static ip address to the switch (in System > Switch Information) so that it was in the same subnet as the rest of my network.

    -

    The web interface is nothing spectactular, but it allows for managing VLANs.

    -

    The following configuration will:

    -
      -
    • assign port 1 to be the LAN (connected to the Proxmox machine)
      • -
    • assign port 8 to be the WAN (connected to my ISP’s modem)
      • -
    -

    In the switch’s web interface, I went to VLAN and then 802.1Q, and then clicked on VLAN Configuration. I configured the ports to look like this:

    -

    vlan-config

    -

    Note that the VLAN Identifier Setting has been setup already with two VLANs (1 and 10). More VLANs can be created (i.e. to isolate IoT devices), but 2 VLANs is all we need for the initial setup of a router.

    -

    To replicate the above configuration, add a new VLAN ID 10 (1 should exist by default).

    -

    Next, go into VLAN Membership and configure VLAN 1’s port membership to be the following:

    -

    vlan-membership-1

    -

    and then configure VLAN 10’s port membership to be the following:

    -

    vlan-membership-10

    -

    Now, go into Port PVID and ensure that port 8 is set to PVID 10.

    -

    vlan-port-pvid

    -

    This above configuration will dedicate two of the eight ports to WAN and LAN. This will allow the internet to flow into the pfSense from the modem.

    -

    Setting up pfSense#

    -

    pfSense is fairly easy to setup. Just download the latest ISO and boot up the virtual machine. -When setting up the machine, I mostly went with all of the defaults. Configuration can be changed later in the web interface, which is quite a bit simpler.

    -

    Since VLANs are going to be leveraged, when you go to Assign Interfaces, VLANs should be setup now like the following:

    -
      -
    • WAN should be vtnet0.10
      • -
    • LAN should be vtnet0
      • -
    -

    After going through the rest of the installation, if everything is connected correctly it should display both WAN and LAN addresses.

    -

    If all goes well, the web interface should be running at https://192.168.1.1.

    -

    pfsense-dashboard

    -

    And this is where the fun begins. There are many tutorials and blogs about how to setup pfSense and various services and packages that can be installed. I’ve already installed pfBlocker-NG.

    -

    Summary#

    -

    It is fairly simple to setup a router with pfSense from within a virtual machine. A physical dedicated routing machine is not necessary and often does not perform as well as software running on faster and more reliable hardware. So far, pfSense has been running for over a week without a single hiccup. pfSense is a mature piece of software that is incredibly powerful and flexible. To avoid some of the instability I had experienced with OpenWrt, I enabled AutoConfigBackup, which is capable of automatically backing up configuration upon every change. I plan to explore and experiment with more services and configuration in the future, so the ability to track all of these changes gives me the peace of mind that experimentation is safe.

    - -
    - -
    -
    -
    -
    -
    -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +Virtualizing my router with pfSense
    +

    Virtualizing my router with pfSense

    2022-04-02 (updated: 2024-01-01)
    pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    pfSense

    I figured this would be a good opportunity to try pfSense. I’ve heard nothing but positive things about pfSense and the fact it’s been around since 2004, based on FreeBSD, and written in PHP gave me the impression that it would be relatively stable (and I’d expect nothing less because it has an important job to do!). pfSense can be run on many different machines, and there are even some officially supported appliances. Since I already have a machine running Proxmox, why not just run it in a VM? It’d allow for automatic snapshotting of the machine. There is a good video on this by Techno Tim. Tim has a lot of good videos, and this one is about virtualizing pfSense.

    Router on a stick

    I had initially made the assumption that in order to build a router, you would need more than a single NIC (or a dual-port NIC) in order to support both WAN and LAN. This is simply not the case, because VLANs are awesome! In order to create a router, all you need is a single port NIC and a network switch that supports VLANs (also marketed as a managed switch). I picked up the Netgear GS308E because it has both a sufficient amount of ports for my needs, and it supports VLANs. It also has a nice sturdy metal frame which was a pleasant surprise.

    After setting up this Netgear switch, it shoud be possible to access the web interface at http://192.168.0.239. It may be at a different address. To find the address, try checking your DHCP leases in your router interface (if you plugged it into an existing router). I realized I was unable to access this interface because I was on a different subnet, so I set my machine’s address to 192.168.0.22 in order to temporarily setup this switch. I assigned a static ip address to the switch (in System > Switch Information) so that it was in the same subnet as the rest of my network.

    The web interface is nothing spectactular, but it allows for managing VLANs.

    The following configuration will:

    • assign port 1 to be the LAN (connected to the Proxmox machine)
    • assign port 8 to be the WAN (connected to my ISP’s modem)

    In the switch’s web interface, I went to VLAN and then 802.1Q, and then clicked on VLAN Configuration. I configured the ports to look like this:

    vlan-config

    Note that the VLAN Identifier Setting has been setup already with two VLANs (1 and 10). More VLANs can be created (i.e. to isolate IoT devices), but 2 VLANs is all we need for the initial setup of a router.

    To replicate the above configuration, add a new VLAN ID 10 (1 should exist by default).

    Next, go into VLAN Membership and configure VLAN 1’s port membership to be the following:

    vlan-membership-1

    and then configure VLAN 10’s port membership to be the following:

    vlan-membership-10

    Now, go into Port PVID and ensure that port 8 is set to PVID 10.

    vlan-port-pvid

    This above configuration will dedicate two of the eight ports to WAN and LAN. This will allow the internet to flow into the pfSense from the modem.

    Setting up pfSense

    pfSense is fairly easy to setup. Just download the latest ISO and boot up the virtual machine. +When setting up the machine, I mostly went with all of the defaults. Configuration can be changed later in the web interface, which is quite a bit simpler.

    Since VLANs are going to be leveraged, when you go to Assign Interfaces, VLANs should be setup now like the following:

    • WAN should be vtnet0.10
    • LAN should be vtnet0

    After going through the rest of the installation, if everything is connected correctly it should display both WAN and LAN addresses.

    If all goes well, the web interface should be running at https://192.168.1.1.

    pfsense-dashboard

    And this is where the fun begins. There are many tutorials and blogs about how to setup pfSense and various services and packages that can be installed. I’ve already installed pfBlocker-NG.

    Summary

    It is fairly simple to setup a router with pfSense from within a virtual machine. A physical dedicated routing machine is not necessary and often does not perform as well as software running on faster and more reliable hardware. So far, pfSense has been running for over a week without a single hiccup. pfSense is a mature piece of software that is incredibly powerful and flexible. To avoid some of the instability I had experienced with OpenWrt, I enabled AutoConfigBackup, which is capable of automatically backing up configuration upon every change. I plan to explore and experiment with more services and configuration in the future, so the ability to track all of these changes gives me the peace of mind that experimentation is safe.

    +
    Dave Gallant
    +
    \ No newline at end of file diff --git a/images/virtualizing-a-router-with-pfsense/netgear-port-pvid.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid.png similarity index 100% rename from images/virtualizing-a-router-with-pfsense/netgear-port-pvid.png rename to blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid.png diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_300x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_300x0_resize_box_3.png new file mode 100644 index 00000000..2d9fa4f3 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_300x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_300x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..dfe254af Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_500x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_500x0_resize_box_3.png new file mode 100644 index 00000000..75f3d1d1 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_500x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_500x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..57242a9e Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_700x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_700x0_resize_box_3.png new file mode 100644 index 00000000..28d24643 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_700x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_700x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..49d34094 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-port-pvid_hucba536e6a1c36d3eba5afa50576e38e1_34094_700x0_resize_q75_h2_box_3.webp differ diff --git a/images/virtualizing-a-router-with-pfsense/netgear-vlan-configuration.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration.png similarity index 100% rename from images/virtualizing-a-router-with-pfsense/netgear-vlan-configuration.png rename to blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration.png diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_300x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_300x0_resize_box_3.png new file mode 100644 index 00000000..147da493 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_300x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_300x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..f6eec9f9 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_500x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_500x0_resize_box_3.png new file mode 100644 index 00000000..7fe7e802 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_500x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_500x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..3247b7f4 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_700x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_700x0_resize_box_3.png new file mode 100644 index 00000000..becd0d9f Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_700x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_700x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..f85294b9 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-configuration_hu15e5056e9ef99b27d88357dc2a65692f_42578_700x0_resize_q75_h2_box_3.webp differ diff --git a/images/virtualizing-a-router-with-pfsense/netgear-vlan-membership-1.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1.png similarity index 100% rename from images/virtualizing-a-router-with-pfsense/netgear-vlan-membership-1.png rename to blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1.png diff --git a/images/virtualizing-a-router-with-pfsense/netgear-vlan-membership-10.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10.png similarity index 100% rename from images/virtualizing-a-router-with-pfsense/netgear-vlan-membership-10.png rename to blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10.png diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_300x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_300x0_resize_box_3.png new file mode 100644 index 00000000..69ca855a Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_300x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_300x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..85f43eff Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_500x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_500x0_resize_box_3.png new file mode 100644 index 00000000..94c74632 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_500x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_500x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..be088172 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_700x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_700x0_resize_box_3.png new file mode 100644 index 00000000..afca5534 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_700x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_700x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..358db32c Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-10_hue1e5d029f0ad357e37b4f4dea2ed5f90_37319_700x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_300x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_300x0_resize_box_3.png new file mode 100644 index 00000000..14342de1 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_300x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_300x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..acdb932d Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_500x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_500x0_resize_box_3.png new file mode 100644 index 00000000..3bc3f3dc Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_500x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_500x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..568aaf9d Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_700x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_700x0_resize_box_3.png new file mode 100644 index 00000000..1cce7e4b Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_700x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_700x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..fa67542b Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/netgear-vlan-membership-1_hue1e5d029f0ad357e37b4f4dea2ed5f90_36344_700x0_resize_q75_h2_box_3.webp differ diff --git a/images/virtualizing-a-router-with-pfsense/pfsense-dashboard.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard.png similarity index 100% rename from images/virtualizing-a-router-with-pfsense/pfsense-dashboard.png rename to blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard.png diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_300x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_300x0_resize_box_3.png new file mode 100644 index 00000000..be30375c Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_300x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_300x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..1b524eb7 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_500x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_500x0_resize_box_3.png new file mode 100644 index 00000000..044410f4 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_500x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_500x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..5925df7f Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_700x0_resize_box_3.png b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_700x0_resize_box_3.png new file mode 100644 index 00000000..6029089f Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_700x0_resize_box_3.png differ diff --git a/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_700x0_resize_q75_h2_box_3.webp b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..9645bb15 Binary files /dev/null and b/blog/2022/04/02/virtualizing-my-router-with-pfsense/pfsense-dashboard_hu7b4fdbe22d7ed98f90e451e0d2c7f8c0_92631_700x0_resize_q75_h2_box_3.webp differ diff --git a/images/watching-youtube-in-private/computerphile.png b/blog/2022/12/10/watching-youtube-in-private/computerphile.png similarity index 100% rename from images/watching-youtube-in-private/computerphile.png rename to blog/2022/12/10/watching-youtube-in-private/computerphile.png diff --git a/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_300x0_resize_box_3.png b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_300x0_resize_box_3.png new file mode 100644 index 00000000..3682cacc Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_300x0_resize_box_3.png differ diff --git a/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_300x0_resize_q75_h2_box_3.webp b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..f793d980 Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_500x0_resize_box_3.png b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_500x0_resize_box_3.png new file mode 100644 index 00000000..e50e46f3 Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_500x0_resize_box_3.png differ diff --git a/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_500x0_resize_q75_h2_box_3.webp b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..76f01642 Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_700x0_resize_box_3.png b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_700x0_resize_box_3.png new file mode 100644 index 00000000..f1e813c6 Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_700x0_resize_box_3.png differ diff --git a/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_700x0_resize_q75_h2_box_3.webp b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..d2cdafbf Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/computerphile_huab6e3127a0b06a834b4e3cd718370398_957247_700x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/12/10/watching-youtube-in-private/index.html b/blog/2022/12/10/watching-youtube-in-private/index.html index f23ca462..1d6ebf97 100644 --- a/blog/2022/12/10/watching-youtube-in-private/index.html +++ b/blog/2022/12/10/watching-youtube-in-private/index.html @@ -1,278 +1,51 @@ - - - - - - - - - - - -Watching YouTube in Private • davegallant - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -
    -

    Watching YouTube in Private

    -
    -
    - -Posted on - - - -2 mins read - -
    -
    -
    -

    I recently stumbled upon yewtu.be and found it intriguing. It not only allows you to watch YouTube without being on YouTube, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it’s a hosted instance of invidious.

    -

    requestly

    -

    Wow, this is cool, and JavaScript is not required.

    -

    I started using yewtu.be as my primary client for watching videos. I subscribe to several YouTube channels and I prefer the interface invidiuous provides due to its simplicity. It’s also nice to be in control of my search and watch history.

    -

    A few days ago, yewtu.be went down briefly, and that motivated me enough to self-host invidious. There are several other hosted instances listed here, but being able to easily backup my own instance (including subscriptions and watch history) is more compelling in my case.

    -

    Hosting invidious#

    -

    The quickest way to get invidious up is with docker-compose as mentioned in the docs.

    -

    I made a few modifications (such as pinning the container’s tag), and ended up with:

    -
    version: "3"
-services:
-
-  invidious:
-    image: quay.io/invidious/invidious:5160d8bae39dc5cc5d51abee90571a03c08d0f2b
-    restart: unless-stopped
-    ports:
-      - "0.0.0.0:3000:3000"
-    environment:
-      INVIDIOUS_CONFIG: |
-        db:
-          dbname: invidious
-          user: kemal
-          password: kemal
-          host: invidious-db
-          port: 5432
-        check_tables: true        
-    healthcheck:
-      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
-      interval: 30s
-      timeout: 5s
-      retries: 2
-    depends_on:
-      - invidious-db
-
-  invidious-db:
-    image: docker.io/library/postgres:14
-    restart: unless-stopped
-    volumes:
-      - postgresdata:/var/lib/postgresql/data
-      - ./config/sql:/config/sql
-      - ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
-    environment:
-      POSTGRES_DB: invidious
-      POSTGRES_USER: kemal
-      POSTGRES_PASSWORD: kemal
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
-
-volumes:
-  postgresdata:
-

    After invidious was up and running, I installed Tailscale on it to leverage its MagicDNS, and I’m now able to access this instance from anywhere at http://invidious:3000/feed/subscriptions.

    - -

    I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.

    -

    I went looking for a way to redirect paths at the browser level. I found the lightweight proxy requestly, which can be used to modify http requests in my browser. I created the following rules:

    -

    requestly

    -

    Now the link https://www.youtube.com/watch?v=-lz30by8-sU will redirect to http://invidious:3000/watch?v=-lz30by8-sU

    -

    I’m still looking for ways to improve this invidious setup. There doesn’t appear to be a way to stream in 4K yet.

    - -
    - -
    -
    -
    -
    -
    -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +Watching YouTube in private
    +

    Watching YouTube in private

    2022-12-10 (updated: 2024-01-01)
    invidiousdegoogleyoutubeyewtu.betailscaleprivacyself‑hosted

    I recently stumbled upon yewtu.be and found it intriguing. It not only allows you to watch YouTube without being on YouTube, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it’s a hosted instance of invidious.

    image

    The layout is simple, and JavaScript is not required.

    I started using yewtu.be as my primary client for watching videos. I subscribe to several YouTube channels and I prefer the interface invidiuous provides due to its simplicity. It’s also nice to be in control of my search and watch history.

    A few days ago, yewtu.be went down briefly, and that motivated me enough to self-host invidious. There are several other hosted instances listed here, but being able to easily backup my own instance (including subscriptions and watch history) is more compelling in my case.

    Hosting invidious

    The quickest way to get invidious up is with docker-compose as mentioned in the docs.

    I made a few modifications, and ended up with:

    version: "3"
+services:
+  invidious:
+    image: quay.io/invidious/invidious
+    restart: unless-stopped
+    ports:
+      - "0.0.0.0:3000:3000"
+    environment:
+      INVIDIOUS_CONFIG: |
+        db:
+          dbname: invidious
+          user: kemal
+          password: kemal
+          host: invidious-db
+          port: 5432
+        check_tables: true        
+    healthcheck:
+      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
+      interval: 30s
+      timeout: 5s
+      retries: 2
+    depends_on:
+      - invidious-db
+
+  invidious-db:
+    image: docker.io/library/postgres:14
+    restart: unless-stopped
+    volumes:
+      - postgresdata:/var/lib/postgresql/data
+      - ./config/sql:/config/sql
+      - ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
+    environment:
+      POSTGRES_DB: invidious
+      POSTGRES_USER: kemal
+      POSTGRES_PASSWORD: kemal
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
+
+volumes:
+  postgresdata:
+

    After invidious was up and running, I installed Tailscale on it to leverage its MagicDNS, and I’m now able to access this instance from anywhere at http://invidious:3000/feed/subscriptions.

    I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.

    I went looking for a way to redirect paths at the browser level. I found the lightweight proxy requestly, which can be used to modify http requests in my browser. I created the following rules:

    requestly

    Now the link https://www.youtube.com/watch?v=-lz30by8-sU will redirect to http://invidious:3000/watch?v=-lz30by8-sU

    I’m still looking for ways to improve this invidious setup. There doesn’t appear to be a way to stream in 4K yet.

    +
    Dave Gallant
    +
    \ No newline at end of file diff --git a/images/watching-youtube-in-private/requestly-rules.png b/blog/2022/12/10/watching-youtube-in-private/requestly-rules.png similarity index 100% rename from images/watching-youtube-in-private/requestly-rules.png rename to blog/2022/12/10/watching-youtube-in-private/requestly-rules.png diff --git a/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_300x0_resize_box_3.png b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_300x0_resize_box_3.png new file mode 100644 index 00000000..a2b4db08 Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_300x0_resize_box_3.png differ diff --git a/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_300x0_resize_q75_h2_box_3.webp b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..48af65a9 Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_500x0_resize_box_3.png b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_500x0_resize_box_3.png new file mode 100644 index 00000000..fdcb6cca Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_500x0_resize_box_3.png differ diff --git a/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_500x0_resize_q75_h2_box_3.webp b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..39e8d85b Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_700x0_resize_box_3.png b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_700x0_resize_box_3.png new file mode 100644 index 00000000..d999a497 Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_700x0_resize_box_3.png differ diff --git a/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_700x0_resize_q75_h2_box_3.webp b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..d024bbfb Binary files /dev/null and b/blog/2022/12/10/watching-youtube-in-private/requestly-rules_hucd7a47e92b94540e7a76322ee330fb89_88020_700x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/index.html b/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/index.html new file mode 100644 index 00000000..2a47816e --- /dev/null +++ b/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/index.html @@ -0,0 +1,20 @@ +Using AKS and SOCKS to connect to a private Azure DB
    +

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Go Public?

    Should the database be migrated to public subnets? Ideally not, since it is good practice to host internal infrastructure in restricted subnets.

    How do others handle this?

    With GCP, connecting to a private db instance from any machine can be achieved with cloud-sql-proxy. This works by proxying requests from your machine to the SQL database instance in the cloud, while the authentication is handled by GCP’s IAM.

    So what about Azure? Is there any solution that is as elegant as cloud-sql-proxy?

    A Bastion

    Similar to what AWS has recommended, perhaps a bastion is the way forward?

    Azure has a fully-managed service called Azure Bastion that provides secure access to virtual machines that do not have public IPs. This looks interesting, but unfortunately it costs money and requires an additional virtual machine.

    Because this adds cost (and complexity), it does not seem like a desirable option in its current state. If it provided a more seamless connection to the database, it would be more appealing.

    SOCKS

    2023-12-13: +An alternative to using a socks proxy is socat. This would allow you to relay tcp connections to a pod running in k8s, and then port-forward them to your localhost. +If this sounds more appealing, install krew-net-forward and then run “kubectl net-forward -i mydb.postgres.database.azure.com -p 5432 -l 5432” to access the database through “localhost:5432”

    SOCKS is a protocol that enables a way to proxy connections by exchanging network packets between the client and the server. There are many implementations and many readily available container images that can run a SOCKS server.

    It’s possible to use this sort of proxy to connect to a private DB, but is it any simpler than using a virtual machine as a jumphost? It wasn’t until I stumbled upon kubectl-plugin-socks5-proxy that I was convinced that using SOCKS could be made simple.

    So how does it work? By installing the kubectl plugin and then running kubectl socks5-proxy, a SOCKS proxy server is spun up in a pod and then opens up port-forwarding session using kubectl.

    As you can see below, this k8s plugin is wrapped up nicely:

    $ kubectl socks5-proxy
+using: namespace=default
+using: port=1080
+using: name=davegallant-proxy
+using: image=serjs/go-socks5-proxy
+Creating SOCKS5 Proxy (Pod)...
+pod/davegallant-proxy created
+

    With the above proxy connection open, it is possible to access both the DNS and private IPs accessible within the k8s cluster. In this case, I am able to access the private database, since there is network connectivity between the k8s cluster and the database.

    Caveats and Conclusion

    The above outlined solution makes some assumptions:

    • there is a k8s cluster
    • the k8s cluster has network connectivity to the desired private database

    If these stars align, than this solution might work as a stopgap for accessing a private Azure DB (and I’m assuming this could work similarly on AWS).

    It would be nice if Azure provided tooling similar to cloud-sql-proxy, so that using private databases would be more of a convenient experience.

    One other thing to note is that some clients (such as dbeaver) do not provide DNS resolution over SOCKS. So in this case, you won’t be able to use DNS as if you were inside the cluster, but instead have to rely on knowing private ip addresses.

    +
    Dave Gallant
    +
    \ No newline at end of file diff --git a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners.png b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners.png new file mode 100644 index 00000000..d733190d Binary files /dev/null and b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners.png differ diff --git a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_300x0_resize_box_3.png b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_300x0_resize_box_3.png new file mode 100644 index 00000000..d01addcb Binary files /dev/null and b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_300x0_resize_box_3.png differ diff --git a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_300x0_resize_q75_h2_box_3.webp b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_300x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..aadff9dd Binary files /dev/null and b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_300x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_500x0_resize_box_3.png b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_500x0_resize_box_3.png new file mode 100644 index 00000000..cb8e8661 Binary files /dev/null and b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_500x0_resize_box_3.png differ diff --git a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_500x0_resize_q75_h2_box_3.webp b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_500x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..2a9c9261 Binary files /dev/null and b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_500x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_700x0_resize_box_3.png b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_700x0_resize_box_3.png new file mode 100644 index 00000000..e262f78f Binary files /dev/null and b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_700x0_resize_box_3.png differ diff --git a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_700x0_resize_q75_h2_box_3.webp b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_700x0_resize_q75_h2_box_3.webp new file mode 100644 index 00000000..81ee6417 Binary files /dev/null and b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners_hub2705fca9eca2ad49032b5d26e38ba63_36278_700x0_resize_q75_h2_box_3.webp differ diff --git a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-workflow.webm b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-workflow.webm new file mode 100644 index 00000000..6300be6a Binary files /dev/null and b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-workflow.webm differ diff --git a/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/index.html b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/index.html new file mode 100644 index 00000000..193a15b4 --- /dev/null +++ b/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/index.html @@ -0,0 +1,117 @@ +Setting up Gitea Actions with Tailscale
    +

    Setting up Gitea Actions with Tailscale

    2023-12-10 (updated: 2024-01-01)
    giteagitea‑actionsgithub‑actionstailscaleself‑hosted

    In this post I’ll go through the process of setting up Gitea Actions and Tailscale, unlocking a simple and secure way to automate workflows.

    What is Gitea?

    Gitea is a lightweight and fast git server that has much of the same look and feel as github. I have been using it in my homelab to mirror repositories hosted on other platforms such as github and gitlab. These mirrors take advantage of the decentralized nature of git by serving as “backups”. One of the main reasons I hadn’t been using it more often was due to the lack of integrated CI/CD. This is no longer the case.

    Gitea Actions

    Gitea Actions have made it into the 1.19.0 release. This feature had been in an experimental state up until 1.21.0 and is now enabled by default 🎉.

    So what are they? If you’ve ever used GitHub Actions (and if you’re reading this, I imagine you have), these will look familiar. Gitea Actions essentially enable the ability to run github workflows on gitea. Workflows between gitea and github are not completely interopable, but a lot of the same workflow syntax is already compatible on gitea. You can find a documented list of unsupported workflows syntax.

    Actions work by using a custom fork of nekos/act. Workflows run in a new container for every job. If you specify an action such as ‘actions/checkout@v3’, it defaults to downloading the scripts from github.com. To avoid internet egress, you could always clone the required actions to your local gitea instance.

    Actions (gitea’s implementation) has me excited because it makes spinning up a network-isolated environment for workflow automation incredibly simple.

    Integration with Tailscale

    So how does Tailscale help here? Well, more recently I’ve been exposing my self-hosted services through a combination of traefik and the tailscale (through the tailscale-traefik proxy integration described here). This allows for a nice looking dns name (i.e. gitea.my-tailnet-name.ts.net) and automatic tls certificate management. I can also share this tailscale node securely with other tailscale users without configuring any firewall rules on my router.

    Deploying Gitea, Traefik, and Tailscale

    In my case, the following is already set up:

    My preferred approach to deploying code in a homelab environment is with docker compose. I have deployed this in a proxmox lxc container based on debian with a hostname gitea. This could be deployed in any environment and with any hostname (as long you updated the tailscale machine name to your preferred subdomain for magic dns).

    The docker-compose.yaml file looks like:

    version: "3.7"
+services:
+  gitea:
+    image: gitea/gitea:1.21.1
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+
+      - GITEA__server__DOMAIN=gitea.my-tailnet-name.ts.net
+      - GITEA__server__ROOT_URL=https://gitea.my-tailnet-name.ts.net
+      - GITEA__server__HTTP_ADDR=0.0.0.0
+      - GITEA__server__LFS_JWT_SECRET=my-secret-jwt
+    restart: always
+    volumes:
+      - ./data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+  traefik:
+    image: traefik:v3.0.0-beta4
+    container_name: traefik
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./traefik/data/traefik.yaml:/traefik.yaml:ro
+      - ./traefik/data/dynamic.yaml:/dynamic.yaml:ro
+      - /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock
+

    traefik/data/traefik.yaml:

    entryPoints:
+  https:
+    address: ":443"
+providers:
+  file:
+    filename: dynamic.yaml
+certificatesResolvers:
+  myresolver:
+    tailscale: {}
+log:
+  level: INFO
+

    and finally traefik/data/dynamic/dynamic.yaml:

    http:
+  routers:
+    gitea:
+      rule: Host(`gitea.my-tailnet-name.ts.net`)
+      entrypoints:
+        - "https"
+      service: gitea
+      tls:
+        certResolver: myresolver
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+          - url: "http://gitea:3000"
+

    Something to consider is whether or not you want to use ssh with git. One method to get this to work with containers is to use ssh container passthrough. I decided to keep it simple and not use ssh, since communicating over https is perfectly fine for my use case.

    After adding the above configuration, running docker compose up -d should be enough to get an instance up and running. It will be accessible at https://gitea.my-tailnet-name.ts.net from within the tailnet.

    Connecting a Runner

    I installed the runner by following the docs. I opted for installing it on a separate host (another lxc container) as recommended in the docs. I used the systemd unit file to ensure that the runner comes back online after system reboots. I installed tailscale on this gitea runner as well, so that it can have the same “networking privileges” as the main instance.

    After registering this runner and starting the daemon, it appeared in /admin/actions/runners:

    image

    Running a workflow

    Now it’s time start running some automation. I used the demo workflow as a starting point to verify that the runner is executing workflows.

    After this, I wanted to make sure that some of my existing workflows could be migrated over.

    The following workflow uses a matrix to run a job for several of my hosts using ansible playbooks that will do various tasks such as patching os updates and updating container images.

    name: Run ansible
+on:
+  push:
+  schedule:
+    - cron: "0 */12 * * *"
+
+jobs:
+  run-ansible-playbook:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        host:
+          - changedetection
+          - homelab
+          - invidious
+          - jackett
+          - ladder
+          - miniflux
+          - plex
+          - qbittorrent
+          - tailscale-exit-node
+          - uptime-kuma
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Install ansible
+        run: |
+          apt update && apt install ansible -y          
+      - name: Run playbook
+        uses: dawidd6/action-ansible-playbook@v2
+        with:
+          playbook: playbooks/main.yml
+          requirements: requirements.yml
+          options: |
+            --inventory inventory
+            --limit ${{ matrix.host }}            
+      - name: Send failure notification
+        uses: dawidd6/action-send-mail@v3
+        if: always() && failure()
+        with:
+          server_address: smtp.gmail.com
+          server_port: 465
+          secure: true
+          username: myuser
+          password: ${{ secrets.MAIL_PASSWORD }}
+          subject: ansible runbook '${{ matrix.host }}' failed
+          to: me@davegallant.ca
+          from: RFD Notify
+          body: |
+            ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}            
+

    And voilà:

    You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have tailscale ssh enabled.

    Areas for improvement

    One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this doesn’t seem possible without adding logic to each workflow.

    Conclusion

    Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources. It likely helps that the codebase is largely written in go.

    By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.

    +
    Dave Gallant
    +
    \ No newline at end of file diff --git a/browserconfig.xml b/browserconfig.xml new file mode 100644 index 00000000..b82dfc5d --- /dev/null +++ b/browserconfig.xml @@ -0,0 +1,9 @@ + + + + + + #282828 + + + diff --git a/categories/index.html b/categories/index.html new file mode 100644 index 00000000..ee189a07 --- /dev/null +++ b/categories/index.html @@ -0,0 +1,9 @@ +Categories
    +

    Categories

    Dave Gallant
    +
    \ No newline at end of file diff --git a/categories/index.xml b/categories/index.xml new file mode 100644 index 00000000..a0738453 --- /dev/null +++ b/categories/index.xml @@ -0,0 +1 @@ +Categories on/categories/Recent content in Categories onHugo -- gohugo.ioDave Gallant \ No newline at end of file diff --git a/categories/page/1/index.html b/categories/page/1/index.html new file mode 100644 index 00000000..0cf4ee08 --- /dev/null +++ b/categories/page/1/index.html @@ -0,0 +1 @@ +/categories/ \ No newline at end of file diff --git a/css/.gitkeep b/css/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/css/custom.css b/css/custom.css deleted file mode 100644 index c46ab535..00000000 --- a/css/custom.css +++ /dev/null @@ -1,37 +0,0 @@ -@media (prefers-color-scheme: dark) { - html { - filter: invert(80%); - } - - html img { - filter: invert(100%); - } -} - -.container{ - max-width: 900px; -} - -.site { - max-width: 1200px; -} - -.twitter-tweet-rendered { - display:block; - margin-left:auto; - margin-right:auto; -} - -.hanchor { - visibility: hidden; - color: silver; - font-size: 100%; - transition: 0.2s; - padding-left: 8px; - font-weight: 600; -} - -h2:hover a, h3:hover a, h4:hover a { - visibility: visible; - text-decoration: none; -} diff --git a/css/non-critical.84abe72d2e13924c4967767940c5a6e945550db473f64b927fa091dc697ce443b6d9ff3e2d8f30e3fadfa4142e7282ab04f189ff69c57a23df45dd9ecfb8dff5.css b/css/non-critical.84abe72d2e13924c4967767940c5a6e945550db473f64b927fa091dc697ce443b6d9ff3e2d8f30e3fadfa4142e7282ab04f189ff69c57a23df45dd9ecfb8dff5.css new file mode 100644 index 00000000..f7cfb747 --- /dev/null +++ b/css/non-critical.84abe72d2e13924c4967767940c5a6e945550db473f64b927fa091dc697ce443b6d9ff3e2d8f30e3fadfa4142e7282ab04f189ff69c57a23df45dd9ecfb8dff5.css @@ -0,0 +1,3 @@ +div.code-toolbar{position:relative}div.code-toolbar>.toolbar{opacity:0;position:absolute;right:.2em;top:.3em;transition:opacity .3s ease-in-out;z-index:10}div.code-toolbar:hover>.toolbar{opacity:1}div.code-toolbar:focus-within>.toolbar{opacity:1}div.code-toolbar>.toolbar>.toolbar-item{display:inline-block}div.code-toolbar>.toolbar>.toolbar-item>a{cursor:pointer}div.code-toolbar>.toolbar>.toolbar-item>button{background:none;border:0;color:inherit;font:inherit;line-height:normal;overflow:visible;padding:0;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none}div.code-toolbar>.toolbar>.toolbar-item>a,div.code-toolbar>.toolbar>.toolbar-item>button,div.code-toolbar>.toolbar>.toolbar-item>span{background:#f5f2f0;background:hsla(0,0%,88%,.2);border-radius:.5em;box-shadow:0 2px 0 0 rgba(0,0,0,.2);color:#bbb;font-size:.8em;padding:0 .5em}div.code-toolbar>.toolbar>.toolbar-item>a:focus,div.code-toolbar>.toolbar>.toolbar-item>a:hover,div.code-toolbar>.toolbar>.toolbar-item>button:focus,div.code-toolbar>.toolbar>.toolbar-item>button:hover,div.code-toolbar>.toolbar>.toolbar-item>span:focus,div.code-toolbar>.toolbar>.toolbar-item>span:hover{color:inherit;-webkit-text-decoration:none;text-decoration:none}.command-line-prompt{border-right:1px solid #999;display:block;float:left;font-size:100%;letter-spacing:-1px;margin-right:1em;pointer-events:none;text-align:right;-webkit-user-select:none;-moz-user-select:none;user-select:none}.command-line-prompt>span:before{content:" ";display:block;opacity:.7;padding-right:.8em}.command-line-prompt>span[data-user]:before{content:"[" attr(data-user) "@" attr(data-host) "] $"}.command-line-prompt>span[data-user=root]:before{content:"[" attr(data-user) "@" attr(data-host) "] #"}.command-line-prompt>span[data-prompt]:before{content:attr(data-prompt)}.command-line-prompt>span[data-continuation-prompt]:before{content:attr(data-continuation-prompt)}.command-line span.token.output{opacity:.7} + +/*! MIT License | github.com/schnerring/hugo-theme-gruvbox */ \ No newline at end of file diff --git a/favicon-16x16.png b/favicon-16x16.png index f80f2e37..b8758794 100644 Binary files a/favicon-16x16.png and b/favicon-16x16.png differ diff --git a/favicon-32x32.png b/favicon-32x32.png index 9e266ad9..3d10067a 100644 Binary files a/favicon-32x32.png and b/favicon-32x32.png differ diff --git a/favicon.png b/favicon.png deleted file mode 100644 index acde0887..00000000 Binary files a/favicon.png and /dev/null differ diff --git a/fonts/fira-code-latin-300.woff b/fonts/fira-code-latin-300.woff new file mode 100644 index 00000000..140a94a4 Binary files /dev/null and b/fonts/fira-code-latin-300.woff differ diff --git a/fonts/fira-code-latin-300.woff2 b/fonts/fira-code-latin-300.woff2 new file mode 100644 index 00000000..86eaa9ca Binary files /dev/null and b/fonts/fira-code-latin-300.woff2 differ diff --git a/fonts/fira-code-latin-400.woff b/fonts/fira-code-latin-400.woff new file mode 100644 index 00000000..10a14ac5 Binary files /dev/null and b/fonts/fira-code-latin-400.woff differ diff --git a/fonts/fira-code-latin-400.woff2 b/fonts/fira-code-latin-400.woff2 new file mode 100644 index 00000000..99f05e3f Binary files /dev/null and b/fonts/fira-code-latin-400.woff2 differ diff --git a/fonts/fira-code-latin-500.woff b/fonts/fira-code-latin-500.woff new file mode 100644 index 00000000..b3a2364c Binary files /dev/null and b/fonts/fira-code-latin-500.woff differ diff --git a/fonts/fira-code-latin-500.woff2 b/fonts/fira-code-latin-500.woff2 new file mode 100644 index 00000000..76695cf4 Binary files /dev/null and b/fonts/fira-code-latin-500.woff2 differ diff --git a/fonts/fira-code-latin-600.woff b/fonts/fira-code-latin-600.woff new file mode 100644 index 00000000..837477ef Binary files /dev/null and b/fonts/fira-code-latin-600.woff differ diff --git a/fonts/fira-code-latin-600.woff2 b/fonts/fira-code-latin-600.woff2 new file mode 100644 index 00000000..677b25ae Binary files /dev/null and b/fonts/fira-code-latin-600.woff2 differ diff --git a/fonts/fira-code-latin-700.woff b/fonts/fira-code-latin-700.woff new file mode 100644 index 00000000..0925d245 Binary files /dev/null and b/fonts/fira-code-latin-700.woff differ diff --git a/fonts/fira-code-latin-700.woff2 b/fonts/fira-code-latin-700.woff2 new file mode 100644 index 00000000..b120bb1b Binary files /dev/null and b/fonts/fira-code-latin-700.woff2 differ diff --git a/fonts/roboto-slab-latin-100.woff b/fonts/roboto-slab-latin-100.woff new file mode 100644 index 00000000..4cc73bfc Binary files /dev/null and b/fonts/roboto-slab-latin-100.woff differ diff --git a/fonts/roboto-slab-latin-100.woff2 b/fonts/roboto-slab-latin-100.woff2 new file mode 100644 index 00000000..cc7a1e9d Binary files /dev/null and b/fonts/roboto-slab-latin-100.woff2 differ diff --git a/fonts/roboto-slab-latin-200.woff b/fonts/roboto-slab-latin-200.woff new file mode 100644 index 00000000..e94017f6 Binary files /dev/null and b/fonts/roboto-slab-latin-200.woff differ diff --git a/fonts/roboto-slab-latin-200.woff2 b/fonts/roboto-slab-latin-200.woff2 new file mode 100644 index 00000000..e34ea989 Binary files /dev/null and b/fonts/roboto-slab-latin-200.woff2 differ diff --git a/fonts/roboto-slab-latin-300.woff b/fonts/roboto-slab-latin-300.woff new file mode 100644 index 00000000..349f3053 Binary files /dev/null and b/fonts/roboto-slab-latin-300.woff differ diff --git a/fonts/roboto-slab-latin-300.woff2 b/fonts/roboto-slab-latin-300.woff2 new file mode 100644 index 00000000..3100e32c Binary files /dev/null and b/fonts/roboto-slab-latin-300.woff2 differ diff --git a/fonts/roboto-slab-latin-400.woff b/fonts/roboto-slab-latin-400.woff new file mode 100644 index 00000000..4ef4ab83 Binary files /dev/null and b/fonts/roboto-slab-latin-400.woff differ diff --git a/fonts/roboto-slab-latin-400.woff2 b/fonts/roboto-slab-latin-400.woff2 new file mode 100644 index 00000000..b135852b Binary files /dev/null and b/fonts/roboto-slab-latin-400.woff2 differ diff --git a/fonts/roboto-slab-latin-500.woff b/fonts/roboto-slab-latin-500.woff new file mode 100644 index 00000000..7b21a3ec Binary files /dev/null and b/fonts/roboto-slab-latin-500.woff differ diff --git a/fonts/roboto-slab-latin-500.woff2 b/fonts/roboto-slab-latin-500.woff2 new file mode 100644 index 00000000..ec193de6 Binary files /dev/null and b/fonts/roboto-slab-latin-500.woff2 differ diff --git a/fonts/roboto-slab-latin-600.woff b/fonts/roboto-slab-latin-600.woff new file mode 100644 index 00000000..7c3774e2 Binary files /dev/null and b/fonts/roboto-slab-latin-600.woff differ diff --git a/fonts/roboto-slab-latin-600.woff2 b/fonts/roboto-slab-latin-600.woff2 new file mode 100644 index 00000000..1e20cbf4 Binary files /dev/null and b/fonts/roboto-slab-latin-600.woff2 differ diff --git a/fonts/roboto-slab-latin-700.woff b/fonts/roboto-slab-latin-700.woff new file mode 100644 index 00000000..a1dbdd7f Binary files /dev/null and b/fonts/roboto-slab-latin-700.woff differ diff --git a/fonts/roboto-slab-latin-700.woff2 b/fonts/roboto-slab-latin-700.woff2 new file mode 100644 index 00000000..9813ce22 Binary files /dev/null and b/fonts/roboto-slab-latin-700.woff2 differ diff --git a/fonts/roboto-slab-latin-800.woff b/fonts/roboto-slab-latin-800.woff new file mode 100644 index 00000000..89e8b52d Binary files /dev/null and b/fonts/roboto-slab-latin-800.woff differ diff --git a/fonts/roboto-slab-latin-800.woff2 b/fonts/roboto-slab-latin-800.woff2 new file mode 100644 index 00000000..48c58311 Binary files /dev/null and b/fonts/roboto-slab-latin-800.woff2 differ diff --git a/fonts/roboto-slab-latin-900.woff b/fonts/roboto-slab-latin-900.woff new file mode 100644 index 00000000..88006300 Binary files /dev/null and b/fonts/roboto-slab-latin-900.woff differ diff --git a/fonts/roboto-slab-latin-900.woff2 b/fonts/roboto-slab-latin-900.woff2 new file mode 100644 index 00000000..91ae1576 Binary files /dev/null and b/fonts/roboto-slab-latin-900.woff2 differ diff --git a/images/logo.png b/images/logo.png deleted file mode 100644 index 23ecde6b..00000000 Binary files a/images/logo.png and /dev/null differ diff --git a/index.html b/index.html index 9f6ff9c3..816f95bc 100644 --- a/index.html +++ b/index.html @@ -1,312 +1,10 @@ - - - - - - - - - - - -davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Entries

    -
    - -
    -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +— Software Engineer
    +

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >

    Virtualizing my router with pfSense

    2022-04-02 (updated: 2024-01-01)
    pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    Read more >

    Backing up gmail with Synology

    2022-03-13 (updated: 2024-01-01)
    degooglesynologygmailbackupransomware

    I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.

    Read more >

    Running K3s in LXC on Proxmox

    2021-11-14 (updated: 2024-01-01)
    k3sproxmoxlxcself‑hosted
    It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
    Read more >

    Automatically rotating AWS access keys

    2021-09-17 (updated: 2024-01-01)
    awspythonsecurityaws‑vault
    Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
    Read more >

    Why I threw out my dotfiles

    2021-09-08 (updated: 2024-01-01)
    nixdotfileshome‑manager

    Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.

    Read more >

    What to do with a homelab

    2021-09-06 by Dave Gallant (updated: 2024-01-01)

    A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/index.xml b/index.xml index 25d58e6b..e508721d 100644 --- a/index.xml +++ b/index.xml @@ -1 +1,27 @@ -davegallant/Recent content on davegallantHugo -- gohugo.ioen-usSat, 10 Dec 2022 21:46:55 -0500About/about/Mon, 01 Jan 0001 00:00:00 +0000/about/I&rsquo;m a software engineer with a passion for open-source, infrastructure, tooling and security.Watching YouTube in Private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/Virtualizing My Router With pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/Backing Up Gmail With Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Replacing docker with podman on macOS (and Linux)/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Mon, 11 Oct 2021 10:43:35 -0400/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Automatically Rotating AWS Access Keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/Why I Threw Out My Dotfiles/blog/2021/09/08/why-i-threw-out-my-dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/blog/2021/09/08/why-i-threw-out-my-dotfiles/What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p>AppGate SDP on Arch Linux/blog/2020/03/16/appgate-sdp-on-arch-linux/Mon, 16 Mar 2020 22:00:15 -0400/blog/2020/03/16/appgate-sdp-on-arch-linux/<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p><link>/page/search/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/page/search/</guid><description>test</description></item></channel></rss> \ No newline at end of file +<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title/><link>/</link><description>Recent content on</description><generator>Hugo -- gohugo.io</generator><copyright>Dave Gallant</copyright><lastBuildDate>Sun, 10 Dec 2023 17:22:11 -0500</lastBuildDate><atom:link href="/index.xml" rel="self" type="application/rss+xml"/><item><title>About/about/Mon, 01 Jan 0001 00:00:00 +0000/about/I&rsquo;m a software tinkerer with a passion for infrastructure, tooling, security, and coffee. +Feel free to reach out at me@davegallant.ca.Setting up Gitea Actions with Tailscale/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/Sun, 10 Dec 2023 17:22:11 -0500/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/<p>In this post I&rsquo;ll go through the process of setting up Gitea Actions and <a +href="https://tailscale.com/" +class="link--external" target="_blank" rel="noreferrer" +>Tailscale</a>, unlocking a simple and secure way to automate workflows.</p>Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p>Watching YouTube in private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/<p>I recently stumbled upon <a +href="https://yewtu.be" +class="link--external" target="_blank" rel="noreferrer" +>yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a +href="https://invidious.io/" +class="link--external" target="_blank" rel="noreferrer" +>invidious</a>.</p>Virtualizing my router with pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/<p>My aging router has been running <a +href="https://en.wikipedia.org/wiki/OpenWrt" +class="link--external" target="_blank" rel="noreferrer" +>OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a +href="https://openwrt.org/packages/index/start" +class="link--external" target="_blank" rel="noreferrer" +>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p>Backing up gmail with Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/<p>I&rsquo;ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.</p>Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.Replacing docker with podman on macOS (and Linux)/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Mon, 11 Oct 2021 10:43:35 -0400/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/<p>There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:</p>Automatically rotating AWS access keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.Why I threw out my dotfiles/blog/2021/09/08/why-i-threw-out-my-dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/blog/2021/09/08/why-i-threw-out-my-dotfiles/<p>Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (<code>~/.zshrc</code>, <code>~/.config/git/config</code>, <code>~/.config/tmux/tmux.conf</code>, etc). I have tried several different ways to manage them, including <a +href="https://www.atlassian.com/git/tutorials/dotfiles" +class="link--external" target="_blank" rel="noreferrer" +>bare git repos</a> and utilities such as <a +href="https://www.gnu.org/software/stow/" +class="link--external" target="_blank" rel="noreferrer" +>GNU Stow</a>. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: <a +href="https://github.com/nix-community/home-manager" +class="link--external" target="_blank" rel="noreferrer" +>home-manager</a>.</p>What to do with a homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p>AppGate SDP on Arch Linux/blog/2020/03/16/appgate-sdp-on-arch-linux/Mon, 16 Mar 2020 22:00:15 -0400/blog/2020/03/16/appgate-sdp-on-arch-linux/<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p> \ No newline at end of file diff --git a/js/.gitkeep b/js/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/js/flexsearch.6008453bea2c3113a5612f78b88f04db99ba8fb4ce62b8ee2facd2970062f3f2cf949bebc2b610a40366d44598c9a453b7c6d502e4089844ce707f118ae649db.js b/js/flexsearch.6008453bea2c3113a5612f78b88f04db99ba8fb4ce62b8ee2facd2970062f3f2cf949bebc2b610a40366d44598c9a453b7c6d502e4089844ce707f118ae649db.js new file mode 100644 index 00000000..c5f328a9 --- /dev/null +++ b/js/flexsearch.6008453bea2c3113a5612f78b88f04db99ba8fb4ce62b8ee2facd2970062f3f2cf949bebc2b610a40366d44598c9a453b7c6d502e4089844ce707f118ae649db.js @@ -0,0 +1,201 @@ +(()=>{var oe=Object.create;var te=Object.defineProperty;var se=Object.getOwnPropertyDescriptor;var ae=Object.getOwnPropertyNames;var re=Object.getPrototypeOf,le=Object.prototype.hasOwnProperty;var ue=(e,n)=>()=>(n||e((n={exports:{}}).exports,n),n.exports);var he=(e,n,i,o)=>{if(n&&typeof n=="object"||typeof n=="function")for(let s of ae(n))!le.call(e,s)&&s!==i&&te(e,s,{get:()=>n[s],enumerable:!(o=se(n,s))||o.enumerable});return e};var ce=(e,n,i)=>(i=e!=null?oe(re(e)):{},he(n||!e||!e.__esModule?te(i,"default",{value:e,enumerable:!0}):i,e));var ne=ue((exports,module)=>{(function _f(self){"use strict";try{module&&(self=module)}catch(e){}self._factory=_f;var t;function u(e){return typeof e!="undefined"?e:!0}function aa(e){let n=Array(e);for(let i=0;i=this.B&&(A||!m[f])){var r=L(w,o,k),l="";switch(this.G){case"full":if(2r;h--)if(h-r>=this.B){var p=L(w,o,k,s,r);l=f.substring(r,h),M(this,m,l,p,e,i)}break}case"reverse":if(1=this.B&&M(this,m,l,L(w,o,k,s,h),e,i);l=""}case"forward":if(1=this.B&&M(this,m,l,r,e,i);break}default:if(this.C&&(r=Math.min(r/this.C(n,f,k)|0,w-1)),M(this,m,f,r,e,i),A&&1=this.B&&!s[f]){s[f]=1;let y=this.l&&f>r;M(this,g,y?r:f,L(l+(o/2>l?0:1),o,k,h-1,p-1),e,i,y?f:r)}}}}}this.m||(this.register[e]=1)}}return this};function L(e,n,i,o,s){return i&&1=this.B&&!i[w])if(this.s||r||this.map[w])p[A++]=w,i[w]=1;else return o;e=p,s=e.length}if(!s)return o;n||(n=100),h=this.depth&&1=o))));w++);if(m){if(r)return ta(p,o,0);n[n.length]=p;return}}return!i&&p}function ta(e,n,i){return e=e.length===1?e[0]:[].concat.apply([],e),i||e.length>n?e.slice(i,i+n):e}function ua(e,n,i,o){return i?(o=o&&n>i,e=(e=e[o?n:i])&&e[o?i:n]):e=e[n],e}t.contain=function(e){return!!this.register[e]},t.update=function(e,n){return this.remove(e).add(e,n)},t.remove=function(e,n){let i=this.register[e];if(i){if(this.m)for(let o=0,s;on||i)&&(s=s.slice(i,i+n)),o&&(s=za.call(this,s)),{tag:e,result:s}}function za(e){let n=Array(e.length);for(let i=0,o;i{e.ctrlKey&&e.key==="/"?(e.preventDefault(),j.focus()):e.key==="Escape"&&(j.blur(),z.classList.add("search__suggestions--hidden"))});document.addEventListener("click",e=>{z.contains(e.target)||z.classList.add("search__suggestions--hidden")});document.addEventListener("keydown",e=>{if(z.classList.contains("search__suggestions--hidden"))return;let i=[...z.querySelectorAll("a")];if(i.length===0)return;let o=i.indexOf(document.activeElement);if(e.key==="ArrowDown"){e.preventDefault();let s=o+10?o-1:0,i[nextIndex].focus())});(function(){let e=new ie.Document({tokenize:"forward",cache:100,document:{id:"id",store:["href","title","description"],index:["title","description","content"]}});e.add({id:0,href:"/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/",title:"Setting up Gitea Actions with Tailscale",description:`In this post I’ll go through the process of setting up Gitea Actions and Tailscale, unlocking a simple and secure way to automate workflows. +`,content:`In this post I’ll go through the process of setting up Gitea Actions and Tailscale, unlocking a simple and secure way to automate workflows. +What is Gitea?# Gitea is a lightweight and fast git server that has much of the same look and feel as github. I have been using it in my homelab to mirror repositories hosted on other platforms such as github and gitlab. These mirrors take advantage of the decentralized nature of git by serving as “backups”. One of the main reasons I hadn’t been using it more often was due to the lack of integrated CI/CD. This is no longer the case. +Gitea Actions# Gitea Actions have made it into the 1.19.0 release. This feature had been in an experimental state up until 1.21.0 and is now enabled by default \u{1F389}. +So what are they? If you’ve ever used GitHub Actions (and if you’re reading this, I imagine you have), these will look familiar. Gitea Actions essentially enable the ability to run github workflows on gitea. Workflows between gitea and github are not completely interopable, but a lot of the same workflow syntax is already compatible on gitea. You can find a documented list of unsupported workflows syntax. +Actions work by using a custom fork of nekos/act. Workflows run in a new container for every job. If you specify an action such as ‘actions/checkout@v3’, it defaults to downloading the scripts from github.com. To avoid internet egress, you could always clone the required actions to your local gitea instance. +Actions (gitea’s implementation) has me excited because it makes spinning up a network-isolated environment for workflow automation incredibly simple. +Integration with Tailscale# So how does Tailscale help here? Well, more recently I’ve been exposing my self-hosted services through a combination of traefik and the tailscale (through the tailscale-traefik proxy integration described here). This allows for a nice looking dns name (i.e. gitea.my-tailnet-name.ts.net) and automatic tls certificate management. I can also share this tailscale node securely with other tailscale users without configuring any firewall rules on my router. +Deploying Gitea, Traefik, and Tailscale# In my case, the following is already set up: +docker-compose is installed tailscale is installed on the gitea host tailscale magic dns is enabled My preferred approach to deploying code in a homelab environment is with docker compose. I have deployed this in a proxmox lxc container based on debian with a hostname gitea. This could be deployed in any environment and with any hostname (as long you updated the tailscale machine name to your preferred subdomain for magic dns). +The docker-compose.yaml file looks like: +version: "3.7" services: gitea: image: gitea/gitea:1.21.1 container_name: gitea environment: - USER_UID=1000 - USER_GID=1000 - GITEA__server__DOMAIN=gitea.my-tailnet-name.ts.net - GITEA__server__ROOT_URL=https://gitea.my-tailnet-name.ts.net - GITEA__server__HTTP_ADDR=0.0.0.0 - GITEA__server__LFS_JWT_SECRET=my-secret-jwt restart: always volumes: - ./data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro traefik: image: traefik:v3.0.0-beta4 container_name: traefik security_opt: - no-new-privileges:true restart: unless-stopped ports: - 80:80 - 443:443 volumes: - ./traefik/data/traefik.yaml:/traefik.yaml:ro - ./traefik/data/dynamic.yaml:/dynamic.yaml:ro - /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock traefik/data/traefik.yaml: +entryPoints: https: address: ":443" providers: file: filename: dynamic.yaml certificatesResolvers: myresolver: tailscale: {} log: level: INFO and finally traefik/data/dynamic/dynamic.yaml: +http: routers: gitea: rule: Host(\`gitea.my-tailnet-name.ts.net\`) entrypoints: - "https" service: gitea tls: certResolver: myresolver services: gitea: loadBalancer: servers: - url: "http://gitea:3000" Something to consider is whether or not you want to use ssh with git. One method to get this to work with containers is to use ssh container passthrough. I decided to keep it simple and not use ssh, since communicating over https is perfectly fine for my use case. +After adding the above configuration, running docker compose up -d should be enough to get an instance up and running. It will be accessible at https://gitea.my-tailnet-name.ts.net from within the tailnet. +Connecting a Runner# I installed the runner by following the docs. I opted for installing it on a separate host (another lxc container) as recommended in the docs. I used the systemd unit file to ensure that the runner comes back online after system reboots. I installed tailscale on this gitea runner as well, so that it can have the same “networking privileges” as the main instance. +After registering this runner and starting the daemon, it appeared in /admin/actions/runners: +Running a workflow# Now it’s time start running some automation. I used the demo workflow as a starting point to verify that the runner is executing workflows. +After this, I wanted to make sure that some of my existing workflows could be migrated over. +The following workflow uses a matrix to run a job for several of my hosts using ansible playbooks that will do various tasks such as patching os updates and updating container images. +name: Run ansible on: push: schedule: - cron: "0 */12 * * *" jobs: run-ansible-playbook: runs-on: ubuntu-latest strategy: matrix: host: - changedetection - homelab - invidious - jackett - ladder - miniflux - plex - qbittorrent - tailscale-exit-node - uptime-kuma steps: - name: Check out repository code uses: actions/checkout@v4 - name: Install ansible run: | apt update && apt install ansible -y - name: Run playbook uses: dawidd6/action-ansible-playbook@v2 with: playbook: playbooks/main.yml requirements: requirements.yml options: | --inventory inventory --limit \${{ matrix.host }} - name: Send failure notification uses: dawidd6/action-send-mail@v3 if: always() && failure() with: server_address: smtp.gmail.com server_port: 465 secure: true username: myuser password: \${{ secrets.MAIL_PASSWORD }} subject: ansible runbook '\${{ matrix.host }}' failed to: me@davegallant.ca from: RFD Notify body: | \${{ github.server_url }}/\${{ github.repository }}/actions/runs/\${{ github.run_number }} And voil\xE0: +You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have tailscale ssh enabled. +Areas for improvement# One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this doesn’t seem possible without adding logic to each workflow. +Conclusion# Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources. It likely helps that the codebase is largely written in go. +By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection. +`}).add({id:1,href:"/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/",title:"Using AKS and SOCKS to connect to a private Azure DB",description:`I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this. +`,content:`I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this. +Go Public?# Should the database be migrated to public subnets? Ideally not, since it is good practice to host internal infrastructure in restricted subnets. +How do others handle this?# With GCP, connecting to a private db instance from any machine can be achieved with cloud-sql-proxy. This works by proxying requests from your machine to the SQL database instance in the cloud, while the authentication is handled by GCP’s IAM. +So what about Azure? Is there any solution that is as elegant as cloud-sql-proxy? +A Bastion# Similar to what AWS has recommended, perhaps a bastion is the way forward? +Azure has a fully-managed service called Azure Bastion that provides secure access to virtual machines that do not have public IPs. This looks interesting, but unfortunately it costs money and requires an additional virtual machine. +Because this adds cost (and complexity), it does not seem like a desirable option in its current state. If it provided a more seamless connection to the database, it would be more appealing. +SOCKS# 2023-12-13: An alternative to using a socks proxy is socat. This would allow you to relay tcp connections to a pod running in k8s, and then port-forward them to your localhost. If this sounds more appealing, install krew-net-forward and then run “kubectl net-forward -i mydb.postgres.database.azure.com -p 5432 -l 5432” to access the database through “localhost:5432” +SOCKS is a protocol that enables a way to proxy connections by exchanging network packets between the client and the server. There are many implementations and many readily available container images that can run a SOCKS server. +It’s possible to use this sort of proxy to connect to a private DB, but is it any simpler than using a virtual machine as a jumphost? It wasn’t until I stumbled upon kubectl-plugin-socks5-proxy that I was convinced that using SOCKS could be made simple. +So how does it work? By installing the kubectl plugin and then running kubectl socks5-proxy, a SOCKS proxy server is spun up in a pod and then opens up port-forwarding session using kubectl. +As you can see below, this k8s plugin is wrapped up nicely: +$ kubectl socks5-proxy using: namespace=default using: port=1080 using: name=davegallant-proxy using: image=serjs/go-socks5-proxy Creating SOCKS5 Proxy (Pod)... pod/davegallant-proxy created With the above proxy connection open, it is possible to access both the DNS and private IPs accessible within the k8s cluster. In this case, I am able to access the private database, since there is network connectivity between the k8s cluster and the database. +Caveats and Conclusion# The above outlined solution makes some assumptions: +there is a k8s cluster the k8s cluster has network connectivity to the desired private database If these stars align, than this solution might work as a stopgap for accessing a private Azure DB (and I’m assuming this could work similarly on AWS). +It would be nice if Azure provided tooling similar to cloud-sql-proxy, so that using private databases would be more of a convenient experience. +One other thing to note is that some clients (such as dbeaver) do not provide DNS resolution over SOCKS. So in this case, you won’t be able to use DNS as if you were inside the cluster, but instead have to rely on knowing private ip addresses. +`}).add({id:2,href:"/blog/2022/12/10/watching-youtube-in-private/",title:"Watching YouTube in private",description:`I recently stumbled upon yewtu.be and found it intriguing. It not only allows you to watch YouTube without being on YouTube, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it’s a hosted instance of invidious. +`,content:`I recently stumbled upon yewtu.be and found it intriguing. It not only allows you to watch YouTube without being on YouTube, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it’s a hosted instance of invidious. +The layout is simple, and JavaScript is not required. +I started using yewtu.be as my primary client for watching videos. I subscribe to several YouTube channels and I prefer the interface invidiuous provides due to its simplicity. It’s also nice to be in control of my search and watch history. +A few days ago, yewtu.be went down briefly, and that motivated me enough to self-host invidious. There are several other hosted instances listed here, but being able to easily backup my own instance (including subscriptions and watch history) is more compelling in my case. +Hosting invidious# The quickest way to get invidious up is with docker-compose as mentioned in the docs. +I made a few modifications, and ended up with: +version: "3" services: invidious: image: quay.io/invidious/invidious restart: unless-stopped ports: - "0.0.0.0:3000:3000" environment: INVIDIOUS_CONFIG: | db: dbname: invidious user: kemal password: kemal host: invidious-db port: 5432 check_tables: true healthcheck: test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1 interval: 30s timeout: 5s retries: 2 depends_on: - invidious-db invidious-db: image: docker.io/library/postgres:14 restart: unless-stopped volumes: - postgresdata:/var/lib/postgresql/data - ./config/sql:/config/sql - ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh environment: POSTGRES_DB: invidious POSTGRES_USER: kemal POSTGRES_PASSWORD: kemal healthcheck: test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"] volumes: postgresdata: After invidious was up and running, I installed Tailscale on it to leverage its MagicDNS, and I’m now able to access this instance from anywhere at http://invidious:3000/feed/subscriptions. +Redirecting YouTube links# I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious. +I went looking for a way to redirect paths at the browser level. I found the lightweight proxy requestly, which can be used to modify http requests in my browser. I created the following rules: +Now the link https://www.youtube.com/watch?v=-lz30by8-sU will redirect to http://invidious:3000/watch?v=-lz30by8-sU +I’m still looking for ways to improve this invidious setup. There doesn’t appear to be a way to stream in 4K yet. +`}).add({id:3,href:"/blog/2022/04/02/virtualizing-my-router-with-pfsense/",title:"Virtualizing my router with pfSense",description:`My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on! +`,content:`My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on! +pfSense# I figured this would be a good opportunity to try pfSense. I’ve heard nothing but positive things about pfSense and the fact it’s been around since 2004, based on FreeBSD, and written in PHP gave me the impression that it would be relatively stable (and I’d expect nothing less because it has an important job to do!). pfSense can be run on many different machines, and there are even some officially supported appliances. Since I already have a machine running Proxmox, why not just run it in a VM? It’d allow for automatic snapshotting of the machine. There is a good video on this by Techno Tim. Tim has a lot of good videos, and this one is about virtualizing pfSense. +Router on a stick# I had initially made the assumption that in order to build a router, you would need more than a single NIC (or a dual-port NIC) in order to support both WAN and LAN. This is simply not the case, because VLANs are awesome! In order to create a router, all you need is a single port NIC and a network switch that supports VLANs (also marketed as a managed switch). I picked up the Netgear GS308E because it has both a sufficient amount of ports for my needs, and it supports VLANs. It also has a nice sturdy metal frame which was a pleasant surprise. +After setting up this Netgear switch, it shoud be possible to access the web interface at http://192.168.0.239. It may be at a different address. To find the address, try checking your DHCP leases in your router interface (if you plugged it into an existing router). I realized I was unable to access this interface because I was on a different subnet, so I set my machine’s address to 192.168.0.22 in order to temporarily setup this switch. I assigned a static ip address to the switch (in System > Switch Information) so that it was in the same subnet as the rest of my network. +The web interface is nothing spectactular, but it allows for managing VLANs. +The following configuration will: +assign port 1 to be the LAN (connected to the Proxmox machine) assign port 8 to be the WAN (connected to my ISP’s modem) In the switch’s web interface, I went to VLAN and then 802.1Q, and then clicked on VLAN Configuration. I configured the ports to look like this: +Note that the VLAN Identifier Setting has been setup already with two VLANs (1 and 10). More VLANs can be created (i.e. to isolate IoT devices), but 2 VLANs is all we need for the initial setup of a router. +To replicate the above configuration, add a new VLAN ID 10 (1 should exist by default). +Next, go into VLAN Membership and configure VLAN 1’s port membership to be the following: +and then configure VLAN 10’s port membership to be the following: +Now, go into Port PVID and ensure that port 8 is set to PVID 10. +This above configuration will dedicate two of the eight ports to WAN and LAN. This will allow the internet to flow into the pfSense from the modem. +Setting up pfSense# pfSense is fairly easy to setup. Just download the latest ISO and boot up the virtual machine. When setting up the machine, I mostly went with all of the defaults. Configuration can be changed later in the web interface, which is quite a bit simpler. +Since VLANs are going to be leveraged, when you go to Assign Interfaces, VLANs should be setup now like the following: +WAN should be vtnet0.10 LAN should be vtnet0 After going through the rest of the installation, if everything is connected correctly it should display both WAN and LAN addresses. +If all goes well, the web interface should be running at https://192.168.1.1. +And this is where the fun begins. There are many tutorials and blogs about how to setup pfSense and various services and packages that can be installed. I’ve already installed pfBlocker-NG. +Summary# It is fairly simple to setup a router with pfSense from within a virtual machine. A physical dedicated routing machine is not necessary and often does not perform as well as software running on faster and more reliable hardware. So far, pfSense has been running for over a week without a single hiccup. pfSense is a mature piece of software that is incredibly powerful and flexible. To avoid some of the instability I had experienced with OpenWrt, I enabled AutoConfigBackup, which is capable of automatically backing up configuration upon every change. I plan to explore and experiment with more services and configuration in the future, so the ability to track all of these changes gives me the peace of mind that experimentation is safe. +`}).add({id:4,href:"/blog/2022/03/13/backing-up-gmail-with-synology/",title:"Backing up gmail with Synology",description:`I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines. +`,content:`I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines. +The thought of completely de-googling has crossed my mind on occassion. Convenience, coupled with my admiration for Google engineering, has prevented me from doing so thus far. Though, I may end up doing so at some point in the future. +Synology MailPlus Server# Synology products are reasonably priced for what you get (essentially a cloud-in-a-box) and there is very little maintenance required. I’ve recently been in interested in syncing and snapshotting my personal data. I’ve setup Synology’s Cloud Sync and keep copies of most of my cloud data. +I’ve used tools such as gmvault with success in the past. Setting this up on a cron seems like a viable option. However, I don’t really need a lot of the features it offers and do not plan to restore this data to another account. +Synology’s MailPlus seems to be a good candidate for backing up this data. By enabling POP3 fetching, it’s possible to fetch all existing emails, as well as periodically fetch all new emails. If a disaster ever did occur, having these emails would be beneficial, as they are an extension of my memory bank. +Installing MailPlus can be done from the Package Center: +Next, I went into Synology MailPlus Server and on the left, clicked on Account and ensured my user was marked as active. +Afterwords, I followed these instructions in order to start backing up emails. +When entering the POP3 credentials, I created an app password solely for authenticating to POP3 from the Synology device. This is required because I have 2-Step verification enabled on my account. There doesn’t seem to be a more secure way to access POP3 at the moment. It does seem like app password access is limited in scope (when MFA is enabled). These app passwords can’t be used to login to the main Google account. +I made sure to set the Fetch Range to All in order to get all emails from the beginning of time. +After this, mail started coming in. +After fetching 19 years worth of emails, I tried searching for some emails. It only took a few seconds to search through ~50K emails, which is a relief if I ever did have to search for something important. +Securing Synology# Since Synology devices are not hermetically sealed, it’s best to secure them by enabling MFA to help prevent being the victim of ransomware. It is also wise to backup your system settings and volumes to the cloud using a tool such as Hyper Backup. Encrypting your shared volumes should also be done, since unfortunately DSM does not support full disk encryption. +Summary# Having backups of various forms of cloud data is a good investment, especially in times of war. I certainly feel more at ease for having backed up my emails. +`}).add({id:5,href:"/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/",title:"Running K3s in LXC on Proxmox",description:"It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.",content:`It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. LXC containers also provide an efficient way to use a machine’s resources. +What is K3s?# K3s is a Kubernetes distro that advertises itself as a lightweight binary with a much smaller memory-footprint than traditional k8s. K3s is not a fork of k8s as it seeks to remain as close to upstream as it possibly can. +Configure Proxmox# This gist contains snippets and discussion on how to deploy K3s in LXC on Proxmox. It mentions that bridge-nf-call-iptables should be loaded, but I did not understand the benefit of doing this. +Disable swap# There is an issue on Kubernetes regarding swap here. There claims to be support for swap in 1.22, but for now let’s disable it: +sudo sysctl vm.swappiness=0 sudo swapoff -a It might be worth experimenting with swap enabled in the future to see how that might affect performance. +Enable IP Forwarding# To avoid IP Forwarding issues with Traefik, run the following on the host: +sudo sysctl net.ipv4.ip_forward=1 sudo sysctl net.ipv6.conf.all.forwarding=1 sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf sudo sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf Create LXC container# Create an LXC container in the Proxmox interface as you normally would. Remember to: +Uncheck unprivileged container Use a LXC template (I chose a debian 11 template downloaded with pveam) In memory, set swap to 0 Create and start the container Modify container config# Now back on the host run pct list to determine what VMID it was given. +Open /etc/pve/lxc/$VMID.conf and append: +lxc.apparmor.profile: unconfined lxc.cap.drop: lxc.mount.auto: "proc:rw sys:rw" lxc.cgroup2.devices.allow: c 10:200 rwm All of the above configurations are described in the manpages. Notice that cgroup2 is used since Proxmox VE 7.0 has switched to a pure cgroupv2 environment. +Thankfully cgroup v2 support has been supported in k3s with these contributions: +https://github.com/k3s-io/k3s/pull/2584 https://github.com/k3s-io/k3s/pull/2844 Enable shared host mounts# From within the container, run: +echo '#!/bin/sh -e ln -s /dev/console /dev/kmsg mount --make-rshared /' > /etc/rc.local chmod +x /etc/rc.local reboot Install K3s# One of the simplest ways to install K3s on a remote host is to use k3sup. Ensure that you supply a valid CONTAINER_IP and choose the k3s-version you prefer. As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1.22 for cgroup v2 support. See the published releases here. +ssh-copy-id root@$CONTAINER_IP k3sup install --ip $CONTAINER_IP --user root --k3s-version v1.22.3+k3s1 If all goes well, you should see a path to the kubeconfig generated. I moved this into ~/.kube/config so that kubectl would read this by default. +Wrapping up# Installing K3s in LXC on Proxmox works with a few tweaks to the default configuration. I later followed the Tekton’s Getting Started guide and was able to deploy it in a few commands. +$ kubectl get all --namespace tekton-pipelines NAME READY STATUS RESTARTS AGE pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8 1/1 Running 1 (50m ago) 12h pod/tekton-dashboard-6bf858f977-qt4hr 1/1 Running 1 (50m ago) 11h pod/tekton-pipelines-controller-69fd7498d8-f57m4 1/1 Running 1 (50m ago) 12h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/tekton-pipelines-controller ClusterIP 10.43.44.245 <none> 9090/TCP,8080/TCP 12h service/tekton-pipelines-webhook ClusterIP 10.43.183.242 <none> 9090/TCP,8008/TCP,443/TCP,8080/TCP 12h service/tekton-dashboard ClusterIP 10.43.87.97 <none> 9097/TCP 11h NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/tekton-pipelines-webhook 1/1 1 1 12h deployment.apps/tekton-dashboard 1/1 1 1 11h deployment.apps/tekton-pipelines-controller 1/1 1 1 12h NAME DESIRED CURRENT READY AGE replicaset.apps/tekton-pipelines-webhook-8566ff9b6b 1 1 1 12h replicaset.apps/tekton-dashboard-6bf858f977 1 1 1 11h replicaset.apps/tekton-pipelines-controller-69fd7498d8 1 1 1 12h NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h I made sure to install Tailscale in the container so that I can easily access K3s from anywhere. +If I’m feeling adventurous, I might experiment with K3s rootless. +`}).add({id:6,href:"/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/",title:"Replacing docker with podman on macOS (and Linux)",description:`There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker: +`,content:`There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker: +...ignoring Docker updates is a paid feature now?? pic.twitter.com/ZxKW3b9LQM +— Brendan Dolan-Gavitt (@moyix) May 1, 2021 Docker has been one of the larger influencers in the container world, helping to standardize the OCI Image Format Specification. For many developers, containers have become synonymous with terms like docker and Dockerfile (a file containing build instructions for a container image). Docker has certainly made it very convenient to build and run containers, but it is not the only solution for doing so. +This post briefly describes my experience swapping out docker for podman on macOS. +What is a container?# A container is a standard unit of software that packages up all application dependencies within it. Multiple containers can be run on a host machine all sharing the same kernel as the host. Linux namespaces help provide an isolated view of the system, including mnt, pid, net, ipc, uid, cgroup, and time. There is an in-depth video that discusses what containers are made from, and near the end there is a demonstration on how to build your own containers from the command line. +By easily allowing the necessary dependencies to live alongside the application code, containers make the “works on my machine” problem less of a problem. +Benefits of Podman# One of the most interesting features of Podman is that it is daemonless. There isn’t a process running on your system managing your containers. In contrast, the docker client is reliant upon the docker daemon (often running as root) to be able to build and run containers. +Podman is rootless by default. It is now possible to run the docker daemon rootless as well, but it’s still not the default behaviour. +I’ve also observed that so far my 2019 16" Macbook Pro hasn’t sounded like a jet engine, although I haven’t performed any disk-intensive operations yet. +Installing Podman# Running Podman on macOS is more involved than on Linux, because the podman-machine must run Linux inside of a virtual machine. Fortunately, the installation is made simple with brew (read this if you’re installing Podman on Linux): +brew install podman The podman-machine must be started: +# This is not necessary on Linux podman machine init podman machine start Running a container# Let’s try to pull an image: +$ podman pull alpine Trying to pull docker.io/library/alpine:latest... Getting image source signatures Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab Writing manifest to image destination Storing signatures 14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab If you’re having an issue pulling images, you may need to remove ~/.docker/config.json or remove the set of auths in the configuration as mentioned here. +and then run and exec into the container: +$ podman run --rm -ti alpine Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network "podman": unexpected end of JSON input What does this error mean? A bit of searching lead to this github issue. +Until the fix is released, a workaround is to just specify a port (even when it’s not needed): +podman run -p 4242 --rm -ti alpine If you’re reading this from the future, there is a good chance specifying a port won’t be needed. +Another example of running a container with Podman can be found in the Jellyfin Documentation. +Aliasing docker with podman# Force of habit (or other scripts) may have you calling docker. To work around this: +alias docker=podman podman-compose# You may be wondering: what about docker-compose? Well, there claims to be a drop-in replacement for it: podman-compose. +pip3 install --user podman-compose Now let’s create a docker-compose.yml file to test: +cat << EOF >> docker-compose.yml version: '2' services: hello_world: image: ubuntu command: [/bin/echo, 'Hello world'] EOF Now run: +$ podman-compose up podman pod create --name=davegallant.github.io --share net 40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e 0 podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf) Trying to pull docker.io/library/ubuntu:latest... Getting image source signatures Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17 Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17 Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2 Writing manifest to image destination Storing signatures 1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576 0 podman start -a davegallant.github.io_hello_world_1 Hello world This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development. +Summary# Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers. +One caveat to mention is that there isn’t an official graphical user interface for Podman, but there is an open issue considering one. If you rely heavily on Docker Desktop’s UI, you may not be as interested in using podman yet. +Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using sshfs was shared here. +I had been experimenting with Podman on Linux before writing this, but after listening to this podcast episode, I was inspired to give Podman a try on macOS. +`}).add({id:7,href:"/blog/2021/09/17/automatically-rotating-aws-access-keys/",title:"Automatically rotating AWS access keys",description:`Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.`,content:`Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where AWS suggests). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS’s secure keystore. There is even a rotate command included. +`}).add({id:8,href:"/blog/2021/09/08/why-i-threw-out-my-dotfiles/",title:"Why I threw out my dotfiles",description:`Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager. +`,content:`Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager. +What is home-manager?# Before understanding home-manager, it is worth briefly discussing what nix is. nix is a package manager that originally spawned from a PhD thesis. Unlike other package managers, it uses symbolic links to keep track of the currently installed packages, keeping around the old ones in case you may want to rollback. +For example, I have used nix to install the package bind which includes dig. You can see that it is available on multiple platforms. The absolute path of dig can be found by running: +$ ls -lh $(which dig) lrwxr-xr-x 73 root 31 Dec 1969 /run/current-system/sw/bin/dig -> /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This nix pill does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix. +Part of the nix ecosystem includes nixpkgs. Many popular tools can be found already packaged in this repository. As you can see with these stats, there is a large number of existing packages that are being maintained by the community. Contributing a new package is easy, and anyone can do it! +home-manager leverages the nix package manager (and nixpkgs), as well the nix language so that you can declaratively define your system configuration. I store my nix-config in git so that I can keep track of my packages and configurations, and retain a clean and informative git commit history so that I can understand what changed and why. +Setting up home-manager# \u26A0\uFE0F If you run this on your main machine, make sure you backup your configuration files first. home-manager is pretty good about not overwriting existing configuration, but it is better to have a backup! Alternatively, you could test this out on a VM or cloud instance. +The first thing you should do is install nix: +curl -L https://nixos.org/nix/install | sh It’s generally not a good idea to curl and execute files from the internet (without verifying integrity), so you might want to download the install script first and take a look before executing it! +Open up a new shell in your terminal and running nix should work. If not, run . ~/.nix-profile/etc/profile.d/nix.sh +Now, install home-manager: +nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager nix-channel --update nix-shell '<home-manager>' -A install You should see a wave of /nix/store/* paths being displayed on your screen. +Now, to start off with a basic configuration, open up ~/.config/nixpkgs/home.nix in the editor of your choice and paste this in (you will want to change userName and homeDirectory): +{ config, pkgs, ... }: { programs.home-manager.enable = true; home = { username = "dave"; homeDirectory = "/home/dave"; stateVersion = "21.11"; packages = with pkgs; [ bind exa fd ripgrep ]; }; programs = { git = { enable = true; aliases = { aa = "add -A ."; br = "branch"; c = "commit -S"; ca = "commit -S --amend"; cb = "checkout -b"; co = "checkout"; d = "diff"; l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"; }; delta = { enable = true; options = { features = "line-numbers decorations"; whitespace-error-style = "22 reverse"; plus-style = "green bold ul '#198214'"; decorations = { commit-decoration-style = "bold yellow box ul"; file-style = "bold yellow ul"; file-decoration-style = "none"; }; }; }; extraConfig = { push = { default = "current"; }; pull = { rebase = true; }; }; }; starship = { enable = true; enableZshIntegration = true; settings = { add_newline = false; scan_timeout = 10; }; }; zsh = { enable = true; enableAutosuggestions = true; enableSyntaxHighlighting = true; history.size = 1000000; localVariables = { CASE_SENSITIVE = "true"; DISABLE_UNTRACKED_FILES_DIRTY = "true"; RPROMPT = ""; # override because macOS defaults to filepath ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#838383,underline"; ZSH_DISABLE_COMPFIX = "true"; }; initExtra = '' export PAGER=less ''; shellAliases = { ".." = "cd .."; grep = "rg --smart-case"; ls = "exa -la --git"; }; "oh-my-zsh" = { enable = true; plugins = [ "gitfast" "last-working-dir" ]; }; }; }; } Save the file and run: +home-manager switch You should see another wave of /nix/store/* paths. The new configuration should now be active. +If you run zsh, you should see that you have starship and access to several other utils such as rg, fd, and exa. +This basic configuration above is also defining your ~/.config/git/config and .zshrc. If you already have either of these files, home-manager will complain about them already existing. +If you run cat ~/.zshrc, you will see the way these configuration files are generated. +You can extend this configuration for programs such as (neo)vim, emacs, alacritty, ssh, etc. To see other programs, take a look at home-manager/modules/programs. +Gateway To Nix# In ways, home-manager can be seen as a gateway to the nix ecosystem. If you have enjoyed the way you can declare user configuration with home-manager, you may be interested in expanding your configuration to include other system dependencies and configuration. For example, in Linux you can define your entire system’s configuration (including the kernel, kernel modules, networking, filesystems, etc) in nix. For macOS, there is nix-darwin that includes nix modules for configuring launchd, dock, and other preferences and services. You may also want to check out Nix Flakes: a more recent feature that allows you declare dependencies, and have them automatically pinned and hashed in flake.lock, similar to that of many modern package managers. +Wrapping up# The title of this post is slightly misleading, since it’s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I’d say so. +`}).add({id:9,href:"/blog/2021/09/06/what-to-do-with-a-homelab/",title:"What to do with a homelab",description:`A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process. +`,content:`A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process. +Do you want host your own Media server? Ad blocker? Web server? Are you interested in learning more about Linux? Virtualization? Networking? Security? Building a homelab can be an entertaining playground to enhance your computer skills. +One of the best parts about building a homelab is that it doesn’t have to be a large investment in terms of hardware. One of the simplest ways to build a homelab is out of a refurbished computer. Having multiple machines/nodes provides the advantage of increased redundancy, but starting out with a single node is enough to reap many of the benefits of having a homelab. +Virtualization# Virtualizing your hardware is an organized way of dividing up your machine’s resources. This can be done with something such as a Virtual Machine or something lighter like a container using LXC or runC. Containers have much less overhead in terms of boot time and storage allocation. This Stack Overflow answer sums it up nicely. +A hypervisor such as Proxmox can be installed in minutes on a new machine. It provides a web interface and a straight-forward way to spin up new VMs and containers. Even if your plan is to run mostly docker containers, Proxmox can be a useful abstraction for managing VMs, disks and running scheduled backups. You can even run docker within an LXC container by enabling nested virtualization. You’ll want to ensure that VT-d and VT-x are enabled in the BIOS if you decide to install a hypervisor to manage your virtualization. +Services# So what are some useful services to deploy? +Jellyfin or Plex - basically a self-hosted Netflix that can be used to stream from multiple devices, and the best part is that you manage the content! Unlike Plex, Jellyfin is open source and can be found here. changedetection - is a self-hosted equivalent to something like visualping.io that will notify you when a webpage changes and keep track of the diffs Adguard or Pihole - can block a list of known trackers for all clients on your local network. I’ve used pihole for a long time, but have recently switched to Adguard since the UI is more modern and it has the ability to toggle on/off a pre-defined list of services, including Netflix (this is useful if you have stealthy young kids). Either of these will speed up your internet experience, simply because you won’t need to download all of the extra tracking bloat. Gitea - A lightweight git server. I use this to mirror git repos from GitHub, GitLab, etc. Homer - A customizable landing page for services you need to access (including the ability to quickly search). Uptime Kuma - A fancy tool for monitoring the uptime of services. There is a large number of services you can self-host, including your own applications that you might be developing. awesome-self-hosted provides a curated list of services that might be of interest to you. +VPN# You could certainly setup and manage your own VPN by using something like OpenVPN, but there is also something else you can try: tailscale. It is a very quick way to create fully-encrypted connections between clients. With its MagicDNS, your can reference the names of machines like homer rather than using an IP address. By using this mesh-like VPN, you can easily create a secure tunnel to your homelab from anywhere. +Monitoring# Monitoring can become an important aspect of your homelab after it starts to become something that is relied upon. One of the simplest ways to setup some monitoring is using netdata. It can be installed on individual containers, VMs, and also a hypervisor (such as Proxmox). All of the monitoring works out of the box by detecting disks, memory, network interfaces, etc. +Additionally, agents installed on different machines can all be centrally viewed in netdata, and it can alert you when some of your infrastructure is down or in a degraded state. Adding additional nodes to netdata is as simple as a 1-line shell command. +As mentioned above, Uptime Kuma is a convenient way to track uptime and monitor the availability of your services. +In Summary# Building out a homelab can be a rewarding experience and it doesn’t require buying a rack full of expensive servers to get a significant amount of utility. There are many services that you can run that require very minimal setup, making it possible to get a server up and running in a short period of time, with monitoring, and that can be securely connected to remotely. +`}).add({id:10,href:"/blog/2020/03/16/appgate-sdp-on-arch-linux/",title:"AppGate SDP on Arch Linux",description:`AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP 4.3.2 working on Arch Linux. +`,content:`AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP 4.3.2 working on Arch Linux. +Depending on the AppGate SDP Server that is running, you may require a client that is more recent than the latest package on AUR. As of right now, the latest AUR is 4.2.2-1. +These steps highlight how to get it working with Python3.8 by making a 1 line modification to AppGate source code. +Packaging# We already know the community package is currently out of date, so let’s clone it: +git clone https://aur.archlinux.org/appgate-sdp.git cd appgate-sdp You’ll likely notice that the version is not what we want, so let’s modify the PKGBUILD to the following: +# Maintainer: Pawel Mosakowski <pawel at mosakowski dot net> pkgname=appgate-sdp conflicts=('appgate-sdp-headless') pkgver=4.3.2 _download_pkgver=4.3 pkgrel=1 epoch= pkgdesc="Software Defined Perimeter - GUI client" arch=('x86_64') url="https://www.cyxtera.com/essential-defense/appgate-sdp/support" license=('custom') # dependecies calculated by namcap depends=('gconf' 'libsecret' 'gtk3' 'python' 'nss' 'libxss' 'nodejs' 'dnsmasq') source=("https://sdpdownloads.cyxtera.com/AppGate-SDP-\${_download_pkgver}/clients/\${pkgname}_\${pkgver}_amd64.deb" "appgatedriver.service") options=(staticlibs) prepare() { tar -xf data.tar.xz } package() { cp -dpr "\${srcdir}"/{etc,lib,opt,usr} "\${pkgdir}" mv -v "$pkgdir/lib/systemd/system" "$pkgdir/usr/lib/systemd/" rm -vrf "$pkgdir/lib" cp -v "$srcdir/appgatedriver.service" "$pkgdir/usr/lib/systemd/system/appgatedriver.service" mkdir -vp "$pkgdir/usr/share/licenses/appgate-sdp" cp -v "$pkgdir/usr/share/doc/appgate/copyright" "$pkgdir/usr/share/licenses/appgate-sdp" cp -v "$pkgdir/usr/share/doc/appgate/LICENSE.github" "$pkgdir/usr/share/licenses/appgate-sdp" cp -v "$pkgdir/usr/share/doc/appgate/LICENSES.chromium.html.bz2" "$pkgdir/usr/share/licenses/appgate-sdp" } md5sums=('17101aac7623c06d5fbb95f50cf3dbdc' '002644116e20b2d79fdb36b7677ab4cf') Let’s first make sure we have some dependencies. If you do not have yay, check it out. +yay -S dnsmasq gconf Now, let’s install it: +makepkg -si Running the client# Ok, let’s run the client by executing appgate. +It complains about not being able to connect. +Easy fix: +sudo systemctl start appgatedriver.service Now we should be connected… but DNS is not working? +Fixing the DNS# Running resolvectl should display that something is not right. +Why is the DNS not being set by appgate? +$ head -3 /opt/appgate/linux/set_dns #!/usr/bin/env python3 ''' This is used to set and unset the DNS. It seems like python3 is required for the DNS setting to happen. Let’s try to run it. +$ sudo /opt/appgate/linux/set_dns /opt/appgate/linux/set_dns:88: SyntaxWarning: "is" with a literal. Did you mean "=="? servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers] Traceback (most recent call last): File "/opt/appgate/linux/set_dns", line 30, in <module> import dbus ModuleNotFoundError: No module named 'dbus' Ok, let’s install it: +$ sudo python3.8 -m pip install dbus-python Will it work now? Not yet. There’s another issue: +$ sudo /opt/appgate/linux/set_dns /opt/appgate/linux/set_dns:88: SyntaxWarning: "is" with a literal. Did you mean "=="? servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers] module 'platform' has no attribute 'linux_distribution' This is a breaking change in Python3.8. +So what is calling platform.linux_distribution? +Let’s search for it: +$ sudo grep -r 'linux_distribution' /opt/appgate/linux/ /opt/appgate/linux/nm.py: if platform.linux_distribution()[0] != 'Fedora': Aha! So this is in the local AppGate source code. This should be an easy fix. Let’s just replace this line with: +if True: # Since we are not using Fedora :) Wrapping up# It turns out there are breaking changes in Python3.8. +The docs say Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package. +I suppose this highlights one of the caveats of relying upon the system’s python, rather than having an isolated, dedicated environment for all dependencies. +`}),j.addEventListener("input",function(){let i=this.value,o=e.search(i,5,{enrich:!0}),s=new Map;for(let r of o.flatMap(l=>l.result))s.has(r.href)||s.set(r.doc.href,r.doc);if(z.innerHTML="",z.classList.remove("search__suggestions--hidden"),s.size===0&&i){let r=document.createElement("div");r.innerHTML=`No results for "${i}"`,r.classList.add("search__no-results"),z.appendChild(r);return}for(let[r,l]of s){let h=document.createElement("a");h.href=r,h.classList.add("search__suggestion-item"),z.appendChild(h);let p=document.createElement("div");p.textContent=l.title,p.classList.add("search__suggestion-title"),h.appendChild(p);let g=document.createElement("div");if(g.textContent=l.description,g.classList.add("search__suggestion-description"),h.appendChild(g),z.childElementCount===5)break}})})();})(); +//! Source: https://github.com/h-enk/doks/blob/master/assets/js/index.js +/*! Source: https://dev.to/shubhamprakash/trap-focus-using-javascript-6a3 */ +//! Source: https://discourse.gohugo.io/t/range-length-or-last-element/3803/2 diff --git a/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js b/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js new file mode 100644 index 00000000..0e228c4b --- /dev/null +++ b/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js @@ -0,0 +1,21 @@ +(()=>{var re=Object.create;var K=Object.defineProperty;var ne=Object.getOwnPropertyDescriptor;var ae=Object.getOwnPropertyNames;var ie=Object.getPrototypeOf,se=Object.prototype.hasOwnProperty;var Y=(n,c)=>()=>(c||n((c={exports:{}}).exports,c),c.exports);var oe=(n,c,g,S)=>{if(c&&typeof c=="object"||typeof c=="function")for(let s of ae(c))!se.call(n,s)&&s!==g&&K(n,s,{get:()=>c[s],enumerable:!(S=ne(c,s))||S.enumerable});return n};var V=(n,c,g)=>(g=n!=null?re(ie(n)):{},oe(c||!n||!n.__esModule?K(g,"default",{value:n,enumerable:!0}):g,n));var J=Y((ce,B)=>{var ue=typeof window!="undefined"?window:typeof WorkerGlobalScope!="undefined"&&self instanceof WorkerGlobalScope?self:{};var b=function(n){var c=/(?:^|\s)lang(?:uage)?-([\w-]+)(?=\s|$)/i,g=0,S={},s={manual:n.Prism&&n.Prism.manual,disableWorkerMessageHandler:n.Prism&&n.Prism.disableWorkerMessageHandler,util:{encode:function t(r){return r instanceof a?new a(r.type,t(r.content),r.alias):Array.isArray(r)?r.map(t):r.replace(/&/g,"&").replace(/"+l.content+""};function e(t,r,o,u){t.lastIndex=r;var l=t.exec(o);if(l&&u&&l[1]){var f=l[1].length;l.index+=f,l[0]=l[0].slice(f)}return l}function i(t,r,o,u,l,f){for(var x in o)if(!(!o.hasOwnProperty(x)||!o[x])){var m=o[x];m=Array.isArray(m)?m:[m];for(var A=0;A=f.reach);C+=_.value.length,_=_.next){var P=_.value;if(r.length>t.length)return;if(!(P instanceof a)){var L=1,E;if(N){if(E=e(z,C,t,I),!E||E.index>=t.length)break;var M=E.index,R=E.index+E[0].length,$=C;for($+=_.value.length;M>=$;)_=_.next,$+=_.value.length;if($-=_.value.length,C=$,_.value instanceof a)continue;for(var O=_;O!==r.tail&&($f.reach&&(f.reach=Z);var G=_.prev;j&&(G=w(r,G,j),C+=j.length),d(r,G,L);var te=new a(x,T?s.tokenize(H,T):H,W,H);if(_=w(r,G,te),X&&w(r,_,X),L>1){var q={cause:x+","+A,reach:Z};i(t,r,o,_.prev,C,q),f&&q.reach>f.reach&&(f.reach=q.reach)}}}}}}function p(){var t={value:null,prev:null,next:null},r={value:null,prev:t,next:null};t.next=r,this.head=t,this.tail=r,this.length=0}function w(t,r,o){var u=r.next,l={value:o,prev:r,next:u};return r.next=l,u.prev=l,t.length++,l}function d(t,r,o){for(var u=r.next,l=0;l/,greedy:!0},prolog:{pattern:/<\?[\s\S]+?\?>/,greedy:!0},doctype:{pattern:/"'[\]]|"[^"]*"|'[^']*')+(?:\[(?:[^<"'\]]|"[^"]*"|'[^']*'|<(?!!--)|)*\]\s*)?>/i,greedy:!0,inside:{"internal-subset":{pattern:/(^[^\[]*\[)[\s\S]+(?=\]>$)/,lookbehind:!0,greedy:!0,inside:null},string:{pattern:/"[^"]*"|'[^']*'/,greedy:!0},punctuation:/^$|[[\]]/,"doctype-tag":/^DOCTYPE/i,name:/[^\s<>'"]+/}},cdata:{pattern://i,greedy:!0},tag:{pattern:/<\/?(?!\d)[^\s>\/=$<%]+(?:\s(?:\s*[^\s>\/=]+(?:\s*=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+(?=[\s>]))|(?=[\s/>])))+)?\s*\/?>/,greedy:!0,inside:{tag:{pattern:/^<\/?[^\s>\/]+/,inside:{punctuation:/^<\/?/,namespace:/^[^\s>\/:]+:/}},"special-attr":[],"attr-value":{pattern:/=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+)/,inside:{punctuation:[{pattern:/^=/,alias:"attr-equals"},{pattern:/^(\s*)["']|["']$/,lookbehind:!0}]}},punctuation:/\/?>/,"attr-name":{pattern:/[^\s>\/]+/,inside:{namespace:/^[^\s>\/:]+:/}}}},entity:[{pattern:/&[\da-z]{1,8};/i,alias:"named-entity"},/&#x?[\da-f]{1,8};/i]};b.languages.markup.tag.inside["attr-value"].inside.entity=b.languages.markup.entity;b.languages.markup.doctype.inside["internal-subset"].inside=b.languages.markup;b.hooks.add("wrap",function(n){n.type==="entity"&&(n.attributes.title=n.content.replace(/&/,"&"))});Object.defineProperty(b.languages.markup.tag,"addInlined",{value:function(c,g){var S={};S["language-"+g]={pattern:/(^$)/i,lookbehind:!0,inside:b.languages[g]},S.cdata=/^$/i;var s={"included-cdata":{pattern://i,inside:S}};s["language-"+g]={pattern:/[\s\S]+/,inside:b.languages[g]};var a={};a[c]={pattern:RegExp(/(<__[^>]*>)(?:))*\]\]>|(?!)/.source.replace(/__/g,function(){return c}),"i"),lookbehind:!0,greedy:!0,inside:s},b.languages.insertBefore("markup","cdata",a)}});Object.defineProperty(b.languages.markup.tag,"addAttribute",{value:function(n,c){b.languages.markup.tag.inside["special-attr"].push({pattern:RegExp(/(^|["'\s])/.source+"(?:"+n+")"+/\s*=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+(?=[\s>]))/.source,"i"),lookbehind:!0,inside:{"attr-name":/^[^\s=]+/,"attr-value":{pattern:/=[\s\S]+/,inside:{value:{pattern:/(^=\s*(["']|(?!["'])))\S[\s\S]*(?=\2$)/,lookbehind:!0,alias:[c,"language-"+c],inside:b.languages[c]},punctuation:[{pattern:/^=/,alias:"attr-equals"},/"|'/]}}}})}});b.languages.html=b.languages.markup;b.languages.mathml=b.languages.markup;b.languages.svg=b.languages.markup;b.languages.xml=b.languages.extend("markup",{});b.languages.ssml=b.languages.xml;b.languages.atom=b.languages.xml;b.languages.rss=b.languages.xml;(function(n){var c=/(?:"(?:\\(?:\r\n|[\s\S])|[^"\\\r\n])*"|'(?:\\(?:\r\n|[\s\S])|[^'\\\r\n])*')/;n.languages.css={comment:/\/\*[\s\S]*?\*\//,atrule:{pattern:RegExp("@[\\w-](?:"+/[^;{\s"']|\s+(?!\s)/.source+"|"+c.source+")*?"+/(?:;|(?=\s*\{))/.source),inside:{rule:/^@[\w-]+/,"selector-function-argument":{pattern:/(\bselector\s*\(\s*(?![\s)]))(?:[^()\s]|\s+(?![\s)])|\((?:[^()]|\([^()]*\))*\))+(?=\s*\))/,lookbehind:!0,alias:"selector"},keyword:{pattern:/(^|[^\w-])(?:and|not|only|or)(?![\w-])/,lookbehind:!0}}},url:{pattern:RegExp("\\burl\\((?:"+c.source+"|"+/(?:[^\\\r\n()"']|\\[\s\S])*/.source+")\\)","i"),greedy:!0,inside:{function:/^url/i,punctuation:/^\(|\)$/,string:{pattern:RegExp("^"+c.source+"$"),alias:"url"}}},selector:{pattern:RegExp(`(^|[{}\\s])[^{}\\s](?:[^{};"'\\s]|\\s+(?![\\s{])|`+c.source+")*(?=\\s*\\{)"),lookbehind:!0},string:{pattern:c,greedy:!0},property:{pattern:/(^|[^-\w\xA0-\uFFFF])(?!\s)[-_a-z\xA0-\uFFFF](?:(?!\s)[-\w\xA0-\uFFFF])*(?=\s*:)/i,lookbehind:!0},important:/!important\b/i,function:{pattern:/(^|[^-a-z0-9])[-a-z0-9]+(?=\()/i,lookbehind:!0},punctuation:/[(){};:,]/},n.languages.css.atrule.inside.rest=n.languages.css;var g=n.languages.markup;g&&(g.tag.addInlined("style","css"),g.tag.addAttribute("style","css"))})(b);b.languages.clike={comment:[{pattern:/(^|[^\\])\/\*[\s\S]*?(?:\*\/|$)/,lookbehind:!0,greedy:!0},{pattern:/(^|[^\\:])\/\/.*/,lookbehind:!0,greedy:!0}],string:{pattern:/(["'])(?:\\(?:\r\n|[\s\S])|(?!\1)[^\\\r\n])*\1/,greedy:!0},"class-name":{pattern:/(\b(?:class|extends|implements|instanceof|interface|new|trait)\s+|\bcatch\s+\()[\w.\\]+/i,lookbehind:!0,inside:{punctuation:/[.\\]/}},keyword:/\b(?:break|catch|continue|do|else|finally|for|function|if|in|instanceof|new|null|return|throw|try|while)\b/,boolean:/\b(?:false|true)\b/,function:/\b\w+(?=\()/,number:/\b0x[\da-f]+\b|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:e[+-]?\d+)?/i,operator:/[<>]=?|[!=]=?=?|--?|\+\+?|&&?|\|\|?|[?*/~^%]/,punctuation:/[{}[\];(),.:]/};b.languages.javascript=b.languages.extend("clike",{"class-name":[b.languages.clike["class-name"],{pattern:/(^|[^$\w\xA0-\uFFFF])(?!\s)[_$A-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\.(?:constructor|prototype))/,lookbehind:!0}],keyword:[{pattern:/((?:^|\})\s*)catch\b/,lookbehind:!0},{pattern:/(^|[^.]|\.\.\.\s*)\b(?:as|assert(?=\s*\{)|async(?=\s*(?:function\b|\(|[$\w\xA0-\uFFFF]|$))|await|break|case|class|const|continue|debugger|default|delete|do|else|enum|export|extends|finally(?=\s*(?:\{|$))|for|from(?=\s*(?:['"]|$))|function|(?:get|set)(?=\s*(?:[#\[$\w\xA0-\uFFFF]|$))|if|implements|import|in|instanceof|interface|let|new|null|of|package|private|protected|public|return|static|super|switch|this|throw|try|typeof|undefined|var|void|while|with|yield)\b/,lookbehind:!0}],function:/#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*(?:\.\s*(?:apply|bind|call)\s*)?\()/,number:{pattern:RegExp(/(^|[^\w$])/.source+"(?:"+(/NaN|Infinity/.source+"|"+/0[bB][01]+(?:_[01]+)*n?/.source+"|"+/0[oO][0-7]+(?:_[0-7]+)*n?/.source+"|"+/0[xX][\dA-Fa-f]+(?:_[\dA-Fa-f]+)*n?/.source+"|"+/\d+(?:_\d+)*n/.source+"|"+/(?:\d+(?:_\d+)*(?:\.(?:\d+(?:_\d+)*)?)?|\.\d+(?:_\d+)*)(?:[Ee][+-]?\d+(?:_\d+)*)?/.source)+")"+/(?![\w$])/.source),lookbehind:!0},operator:/--|\+\+|\*\*=?|=>|&&=?|\|\|=?|[!=]==|<<=?|>>>?=?|[-+*/%&|^!=<>]=?|\.{3}|\?\?=?|\?\.?|[~:]/});b.languages.javascript["class-name"][0].pattern=/(\b(?:class|extends|implements|instanceof|interface|new)\s+)[\w.\\]+/;b.languages.insertBefore("javascript","keyword",{regex:{pattern:RegExp(/((?:^|[^$\w\xA0-\uFFFF."'\])\s]|\b(?:return|yield))\s*)/.source+/\//.source+"(?:"+/(?:\[(?:[^\]\\\r\n]|\\.)*\]|\\.|[^/\\\[\r\n])+\/[dgimyus]{0,7}/.source+"|"+/(?:\[(?:[^[\]\\\r\n]|\\.|\[(?:[^[\]\\\r\n]|\\.|\[(?:[^[\]\\\r\n]|\\.)*\])*\])*\]|\\.|[^/\\\[\r\n])+\/[dgimyus]{0,7}v[dgimyus]{0,7}/.source+")"+/(?=(?:\s|\/\*(?:[^*]|\*(?!\/))*\*\/)*(?:$|[\r\n,.;:})\]]|\/\/))/.source),lookbehind:!0,greedy:!0,inside:{"regex-source":{pattern:/^(\/)[\s\S]+(?=\/[a-z]*$)/,lookbehind:!0,alias:"language-regex",inside:b.languages.regex},"regex-delimiter":/^\/|\/$/,"regex-flags":/^[a-z]+$/}},"function-variable":{pattern:/#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*[=:]\s*(?:async\s*)?(?:\bfunction\b|(?:\((?:[^()]|\([^()]*\))*\)|(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*)\s*=>))/,alias:"function"},parameter:[{pattern:/(function(?:\s+(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*)?\s*\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\))/,lookbehind:!0,inside:b.languages.javascript},{pattern:/(^|[^$\w\xA0-\uFFFF])(?!\s)[_$a-z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*=>)/i,lookbehind:!0,inside:b.languages.javascript},{pattern:/(\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\)\s*=>)/,lookbehind:!0,inside:b.languages.javascript},{pattern:/((?:\b|\s|^)(?!(?:as|async|await|break|case|catch|class|const|continue|debugger|default|delete|do|else|enum|export|extends|finally|for|from|function|get|if|implements|import|in|instanceof|interface|let|new|null|of|package|private|protected|public|return|set|static|super|switch|this|throw|try|typeof|undefined|var|void|while|with|yield)(?![$\w\xA0-\uFFFF]))(?:(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*\s*)\(\s*|\]\s*\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\)\s*\{)/,lookbehind:!0,inside:b.languages.javascript}],constant:/\b[A-Z](?:[A-Z_]|\dx?)*\b/});b.languages.insertBefore("javascript","string",{hashbang:{pattern:/^#!.*/,greedy:!0,alias:"comment"},"template-string":{pattern:/`(?:\\[\s\S]|\$\{(?:[^{}]|\{(?:[^{}]|\{[^}]*\})*\})+\}|(?!\$\{)[^\\`])*`/,greedy:!0,inside:{"template-punctuation":{pattern:/^`|`$/,alias:"string"},interpolation:{pattern:/((?:^|[^\\])(?:\\{2})*)\$\{(?:[^{}]|\{(?:[^{}]|\{[^}]*\})*\})+\}/,lookbehind:!0,inside:{"interpolation-punctuation":{pattern:/^\$\{|\}$/,alias:"punctuation"},rest:b.languages.javascript}},string:/[\s\S]+/}},"string-property":{pattern:/((?:^|[,{])[ \t]*)(["'])(?:\\(?:\r\n|[\s\S])|(?!\2)[^\\\r\n])*\2(?=\s*:)/m,lookbehind:!0,greedy:!0,alias:"property"}});b.languages.insertBefore("javascript","operator",{"literal-property":{pattern:/((?:^|[,{])[ \t]*)(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*:)/m,lookbehind:!0,alias:"property"}});b.languages.markup&&(b.languages.markup.tag.addInlined("script","javascript"),b.languages.markup.tag.addAttribute(/on(?:abort|blur|change|click|composition(?:end|start|update)|dblclick|error|focus(?:in|out)?|key(?:down|up)|load|mouse(?:down|enter|leave|move|out|over|up)|reset|resize|scroll|select|slotchange|submit|unload|wheel)/.source,"javascript"));b.languages.js=b.languages.javascript;(function(){if(typeof b=="undefined"||typeof document=="undefined")return;Element.prototype.matches||(Element.prototype.matches=Element.prototype.msMatchesSelector||Element.prototype.webkitMatchesSelector);var n="Loading\u2026",c=function(h,v){return"\u2716 Error "+h+" while fetching file: "+v},g="\u2716 Error: File does not exist or is empty",S={js:"javascript",py:"python",rb:"ruby",ps1:"powershell",psm1:"powershell",sh:"bash",bat:"batch",h:"c",tex:"latex"},s="data-src-status",a="loading",e="loaded",i="failed",p="pre[data-src]:not(["+s+'="'+e+'"]):not(['+s+'="'+a+'"])';function w(h,v,k){var t=new XMLHttpRequest;t.open("GET",h,!0),t.onreadystatechange=function(){t.readyState==4&&(t.status<400&&t.responseText?v(t.responseText):t.status>=400?k(c(t.status,t.statusText)):k(g))},t.send(null)}function d(h){var v=/^\s*(\d+)\s*(?:(,)\s*(?:(\d+)\s*)?)?$/.exec(h||"");if(v){var k=Number(v[1]),t=v[2],r=v[3];return t?r?[k,Number(r)]:[k,void 0]:[k,k]}}b.hooks.add("before-highlightall",function(h){h.selector+=", "+p}),b.hooks.add("before-sanity-check",function(h){var v=h.element;if(v.matches(p)){h.code="",v.setAttribute(s,a);var k=v.appendChild(document.createElement("CODE"));k.textContent=n;var t=v.getAttribute("data-src"),r=h.language;if(r==="none"){var o=(/\.(\w+)$/.exec(t)||[,"none"])[1];r=S[o]||o}b.util.setLanguage(k,r),b.util.setLanguage(v,r);var u=b.plugins.autoloader;u&&u.loadLanguages(r),w(t,function(l){v.setAttribute(s,e);var f=d(v.getAttribute("data-range"));if(f){var x=l.split(/\r\n?|\n/g),m=f[0],A=f[1]==null?x.length:f[1];m<0&&(m+=x.length),m=Math.max(0,Math.min(m-1,x.length)),A<0&&(A+=x.length),A=Math.max(0,Math.min(A,x.length)),l=x.slice(m,A).join(` +`),v.hasAttribute("data-start")||v.setAttribute("data-start",String(m+1))}k.textContent=l,b.highlightElement(k)},function(l){v.setAttribute(s,i),k.textContent=l})}}),b.plugins.fileHighlight={highlight:function(v){for(var k=(v||document).querySelectorAll(p),t=0,r;r=k[t++];)b.highlightElement(r)}};var y=!1;b.fileHighlight=function(){y||(console.warn("Prism.fileHighlight is deprecated. Use `Prism.plugins.fileHighlight.highlight` instead."),y=!0),b.plugins.fileHighlight.highlight.apply(this,arguments)}})()});var Q=Y((de,U)=>{(function(){if(typeof Prism=="undefined")return;var n=Object.assign||function(a,e){for(var i in e)e.hasOwnProperty(i)&&(a[i]=e[i]);return a};function c(a){this.defaults=n({},a)}function g(a){return a.replace(/-(\w)/g,function(e,i){return i.toUpperCase()})}function S(a){for(var e=0,i=0;ie&&(w[y]=` +`+w[y],d=h)}i[p]=w.join("")}return i.join(` +`)}},typeof U!="undefined"&&U.exports&&(U.exports=c),Prism.plugins.NormalizeWhitespace=new c({"remove-trailing":!0,"remove-indent":!0,"left-trim":!0,"right-trim":!0}),Prism.hooks.add("before-sanity-check",function(a){var e=Prism.plugins.NormalizeWhitespace;if(!(a.settings&&a.settings["whitespace-normalization"]===!1)&&Prism.util.isActive(a.element,"whitespace-normalization",!0)){if((!a.element||!a.element.parentNode)&&a.code){a.code=e.normalize(a.code,a.settings);return}var i=a.element.parentNode;if(!(!a.code||!i||i.nodeName.toLowerCase()!=="pre")){a.settings==null&&(a.settings={});for(var p in s)if(Object.hasOwnProperty.call(s,p)){var w=s[p];if(i.hasAttribute("data-"+p))try{var d=JSON.parse(i.getAttribute("data-"+p)||"true");typeof d===w&&(a.settings[p]=d)}catch(u){}}for(var y=i.childNodes,h="",v="",k=!1,t=0;t/,greedy:!0},prolog:{pattern:/<\?[\s\S]+?\?>/,greedy:!0},doctype:{pattern:/"'[\]]|"[^"]*"|'[^']*')+(?:\[(?:[^<"'\]]|"[^"]*"|'[^']*'|<(?!!--)|)*\]\s*)?>/i,greedy:!0,inside:{"internal-subset":{pattern:/(^[^\[]*\[)[\s\S]+(?=\]>$)/,lookbehind:!0,greedy:!0,inside:null},string:{pattern:/"[^"]*"|'[^']*'/,greedy:!0},punctuation:/^$|[[\]]/,"doctype-tag":/^DOCTYPE/i,name:/[^\s<>'"]+/}},cdata:{pattern://i,greedy:!0},tag:{pattern:/<\/?(?!\d)[^\s>\/=$<%]+(?:\s(?:\s*[^\s>\/=]+(?:\s*=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+(?=[\s>]))|(?=[\s/>])))+)?\s*\/?>/,greedy:!0,inside:{tag:{pattern:/^<\/?[^\s>\/]+/,inside:{punctuation:/^<\/?/,namespace:/^[^\s>\/:]+:/}},"special-attr":[],"attr-value":{pattern:/=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+)/,inside:{punctuation:[{pattern:/^=/,alias:"attr-equals"},{pattern:/^(\s*)["']|["']$/,lookbehind:!0}]}},punctuation:/\/?>/,"attr-name":{pattern:/[^\s>\/]+/,inside:{namespace:/^[^\s>\/:]+:/}}}},entity:[{pattern:/&[\da-z]{1,8};/i,alias:"named-entity"},/&#x?[\da-f]{1,8};/i]};Prism.languages.markup.tag.inside["attr-value"].inside.entity=Prism.languages.markup.entity;Prism.languages.markup.doctype.inside["internal-subset"].inside=Prism.languages.markup;Prism.hooks.add("wrap",function(n){n.type==="entity"&&(n.attributes.title=n.content.replace(/&/,"&"))});Object.defineProperty(Prism.languages.markup.tag,"addInlined",{value:function(c,g){var S={};S["language-"+g]={pattern:/(^$)/i,lookbehind:!0,inside:Prism.languages[g]},S.cdata=/^$/i;var s={"included-cdata":{pattern://i,inside:S}};s["language-"+g]={pattern:/[\s\S]+/,inside:Prism.languages[g]};var a={};a[c]={pattern:RegExp(/(<__[^>]*>)(?:))*\]\]>|(?!)/.source.replace(/__/g,function(){return c}),"i"),lookbehind:!0,greedy:!0,inside:s},Prism.languages.insertBefore("markup","cdata",a)}});Object.defineProperty(Prism.languages.markup.tag,"addAttribute",{value:function(n,c){Prism.languages.markup.tag.inside["special-attr"].push({pattern:RegExp(/(^|["'\s])/.source+"(?:"+n+")"+/\s*=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+(?=[\s>]))/.source,"i"),lookbehind:!0,inside:{"attr-name":/^[^\s=]+/,"attr-value":{pattern:/=[\s\S]+/,inside:{value:{pattern:/(^=\s*(["']|(?!["'])))\S[\s\S]*(?=\2$)/,lookbehind:!0,alias:[c,"language-"+c],inside:Prism.languages[c]},punctuation:[{pattern:/^=/,alias:"attr-equals"},/"|'/]}}}})}});Prism.languages.html=Prism.languages.markup;Prism.languages.mathml=Prism.languages.markup;Prism.languages.svg=Prism.languages.markup;Prism.languages.xml=Prism.languages.extend("markup",{});Prism.languages.ssml=Prism.languages.xml;Prism.languages.atom=Prism.languages.xml;Prism.languages.rss=Prism.languages.xml;(function(n){var c=/(?:"(?:\\(?:\r\n|[\s\S])|[^"\\\r\n])*"|'(?:\\(?:\r\n|[\s\S])|[^'\\\r\n])*')/;n.languages.css={comment:/\/\*[\s\S]*?\*\//,atrule:{pattern:RegExp("@[\\w-](?:"+/[^;{\s"']|\s+(?!\s)/.source+"|"+c.source+")*?"+/(?:;|(?=\s*\{))/.source),inside:{rule:/^@[\w-]+/,"selector-function-argument":{pattern:/(\bselector\s*\(\s*(?![\s)]))(?:[^()\s]|\s+(?![\s)])|\((?:[^()]|\([^()]*\))*\))+(?=\s*\))/,lookbehind:!0,alias:"selector"},keyword:{pattern:/(^|[^\w-])(?:and|not|only|or)(?![\w-])/,lookbehind:!0}}},url:{pattern:RegExp("\\burl\\((?:"+c.source+"|"+/(?:[^\\\r\n()"']|\\[\s\S])*/.source+")\\)","i"),greedy:!0,inside:{function:/^url/i,punctuation:/^\(|\)$/,string:{pattern:RegExp("^"+c.source+"$"),alias:"url"}}},selector:{pattern:RegExp(`(^|[{}\\s])[^{}\\s](?:[^{};"'\\s]|\\s+(?![\\s{])|`+c.source+")*(?=\\s*\\{)"),lookbehind:!0},string:{pattern:c,greedy:!0},property:{pattern:/(^|[^-\w\xA0-\uFFFF])(?!\s)[-_a-z\xA0-\uFFFF](?:(?!\s)[-\w\xA0-\uFFFF])*(?=\s*:)/i,lookbehind:!0},important:/!important\b/i,function:{pattern:/(^|[^-a-z0-9])[-a-z0-9]+(?=\()/i,lookbehind:!0},punctuation:/[(){};:,]/},n.languages.css.atrule.inside.rest=n.languages.css;var g=n.languages.markup;g&&(g.tag.addInlined("style","css"),g.tag.addAttribute("style","css"))})(Prism);Prism.languages.clike={comment:[{pattern:/(^|[^\\])\/\*[\s\S]*?(?:\*\/|$)/,lookbehind:!0,greedy:!0},{pattern:/(^|[^\\:])\/\/.*/,lookbehind:!0,greedy:!0}],string:{pattern:/(["'])(?:\\(?:\r\n|[\s\S])|(?!\1)[^\\\r\n])*\1/,greedy:!0},"class-name":{pattern:/(\b(?:class|extends|implements|instanceof|interface|new|trait)\s+|\bcatch\s+\()[\w.\\]+/i,lookbehind:!0,inside:{punctuation:/[.\\]/}},keyword:/\b(?:break|catch|continue|do|else|finally|for|function|if|in|instanceof|new|null|return|throw|try|while)\b/,boolean:/\b(?:false|true)\b/,function:/\b\w+(?=\()/,number:/\b0x[\da-f]+\b|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:e[+-]?\d+)?/i,operator:/[<>]=?|[!=]=?=?|--?|\+\+?|&&?|\|\|?|[?*/~^%]/,punctuation:/[{}[\];(),.:]/};Prism.languages.javascript=Prism.languages.extend("clike",{"class-name":[Prism.languages.clike["class-name"],{pattern:/(^|[^$\w\xA0-\uFFFF])(?!\s)[_$A-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\.(?:constructor|prototype))/,lookbehind:!0}],keyword:[{pattern:/((?:^|\})\s*)catch\b/,lookbehind:!0},{pattern:/(^|[^.]|\.\.\.\s*)\b(?:as|assert(?=\s*\{)|async(?=\s*(?:function\b|\(|[$\w\xA0-\uFFFF]|$))|await|break|case|class|const|continue|debugger|default|delete|do|else|enum|export|extends|finally(?=\s*(?:\{|$))|for|from(?=\s*(?:['"]|$))|function|(?:get|set)(?=\s*(?:[#\[$\w\xA0-\uFFFF]|$))|if|implements|import|in|instanceof|interface|let|new|null|of|package|private|protected|public|return|static|super|switch|this|throw|try|typeof|undefined|var|void|while|with|yield)\b/,lookbehind:!0}],function:/#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*(?:\.\s*(?:apply|bind|call)\s*)?\()/,number:{pattern:RegExp(/(^|[^\w$])/.source+"(?:"+(/NaN|Infinity/.source+"|"+/0[bB][01]+(?:_[01]+)*n?/.source+"|"+/0[oO][0-7]+(?:_[0-7]+)*n?/.source+"|"+/0[xX][\dA-Fa-f]+(?:_[\dA-Fa-f]+)*n?/.source+"|"+/\d+(?:_\d+)*n/.source+"|"+/(?:\d+(?:_\d+)*(?:\.(?:\d+(?:_\d+)*)?)?|\.\d+(?:_\d+)*)(?:[Ee][+-]?\d+(?:_\d+)*)?/.source)+")"+/(?![\w$])/.source),lookbehind:!0},operator:/--|\+\+|\*\*=?|=>|&&=?|\|\|=?|[!=]==|<<=?|>>>?=?|[-+*/%&|^!=<>]=?|\.{3}|\?\?=?|\?\.?|[~:]/});Prism.languages.javascript["class-name"][0].pattern=/(\b(?:class|extends|implements|instanceof|interface|new)\s+)[\w.\\]+/;Prism.languages.insertBefore("javascript","keyword",{regex:{pattern:RegExp(/((?:^|[^$\w\xA0-\uFFFF."'\])\s]|\b(?:return|yield))\s*)/.source+/\//.source+"(?:"+/(?:\[(?:[^\]\\\r\n]|\\.)*\]|\\.|[^/\\\[\r\n])+\/[dgimyus]{0,7}/.source+"|"+/(?:\[(?:[^[\]\\\r\n]|\\.|\[(?:[^[\]\\\r\n]|\\.|\[(?:[^[\]\\\r\n]|\\.)*\])*\])*\]|\\.|[^/\\\[\r\n])+\/[dgimyus]{0,7}v[dgimyus]{0,7}/.source+")"+/(?=(?:\s|\/\*(?:[^*]|\*(?!\/))*\*\/)*(?:$|[\r\n,.;:})\]]|\/\/))/.source),lookbehind:!0,greedy:!0,inside:{"regex-source":{pattern:/^(\/)[\s\S]+(?=\/[a-z]*$)/,lookbehind:!0,alias:"language-regex",inside:Prism.languages.regex},"regex-delimiter":/^\/|\/$/,"regex-flags":/^[a-z]+$/}},"function-variable":{pattern:/#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*[=:]\s*(?:async\s*)?(?:\bfunction\b|(?:\((?:[^()]|\([^()]*\))*\)|(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*)\s*=>))/,alias:"function"},parameter:[{pattern:/(function(?:\s+(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*)?\s*\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\))/,lookbehind:!0,inside:Prism.languages.javascript},{pattern:/(^|[^$\w\xA0-\uFFFF])(?!\s)[_$a-z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*=>)/i,lookbehind:!0,inside:Prism.languages.javascript},{pattern:/(\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\)\s*=>)/,lookbehind:!0,inside:Prism.languages.javascript},{pattern:/((?:\b|\s|^)(?!(?:as|async|await|break|case|catch|class|const|continue|debugger|default|delete|do|else|enum|export|extends|finally|for|from|function|get|if|implements|import|in|instanceof|interface|let|new|null|of|package|private|protected|public|return|set|static|super|switch|this|throw|try|typeof|undefined|var|void|while|with|yield)(?![$\w\xA0-\uFFFF]))(?:(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*\s*)\(\s*|\]\s*\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\)\s*\{)/,lookbehind:!0,inside:Prism.languages.javascript}],constant:/\b[A-Z](?:[A-Z_]|\dx?)*\b/});Prism.languages.insertBefore("javascript","string",{hashbang:{pattern:/^#!.*/,greedy:!0,alias:"comment"},"template-string":{pattern:/`(?:\\[\s\S]|\$\{(?:[^{}]|\{(?:[^{}]|\{[^}]*\})*\})+\}|(?!\$\{)[^\\`])*`/,greedy:!0,inside:{"template-punctuation":{pattern:/^`|`$/,alias:"string"},interpolation:{pattern:/((?:^|[^\\])(?:\\{2})*)\$\{(?:[^{}]|\{(?:[^{}]|\{[^}]*\})*\})+\}/,lookbehind:!0,inside:{"interpolation-punctuation":{pattern:/^\$\{|\}$/,alias:"punctuation"},rest:Prism.languages.javascript}},string:/[\s\S]+/}},"string-property":{pattern:/((?:^|[,{])[ \t]*)(["'])(?:\\(?:\r\n|[\s\S])|(?!\2)[^\\\r\n])*\2(?=\s*:)/m,lookbehind:!0,greedy:!0,alias:"property"}});Prism.languages.insertBefore("javascript","operator",{"literal-property":{pattern:/((?:^|[,{])[ \t]*)(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*:)/m,lookbehind:!0,alias:"property"}});Prism.languages.markup&&(Prism.languages.markup.tag.addInlined("script","javascript"),Prism.languages.markup.tag.addAttribute(/on(?:abort|blur|change|click|composition(?:end|start|update)|dblclick|error|focus(?:in|out)?|key(?:down|up)|load|mouse(?:down|enter|leave|move|out|over|up)|reset|resize|scroll|select|slotchange|submit|unload|wheel)/.source,"javascript"));Prism.languages.js=Prism.languages.javascript;(function(n){var c="\\b(?:BASH|BASHOPTS|BASH_ALIASES|BASH_ARGC|BASH_ARGV|BASH_CMDS|BASH_COMPLETION_COMPAT_DIR|BASH_LINENO|BASH_REMATCH|BASH_SOURCE|BASH_VERSINFO|BASH_VERSION|COLORTERM|COLUMNS|COMP_WORDBREAKS|DBUS_SESSION_BUS_ADDRESS|DEFAULTS_PATH|DESKTOP_SESSION|DIRSTACK|DISPLAY|EUID|GDMSESSION|GDM_LANG|GNOME_KEYRING_CONTROL|GNOME_KEYRING_PID|GPG_AGENT_INFO|GROUPS|HISTCONTROL|HISTFILE|HISTFILESIZE|HISTSIZE|HOME|HOSTNAME|HOSTTYPE|IFS|INSTANCE|JOB|LANG|LANGUAGE|LC_ADDRESS|LC_ALL|LC_IDENTIFICATION|LC_MEASUREMENT|LC_MONETARY|LC_NAME|LC_NUMERIC|LC_PAPER|LC_TELEPHONE|LC_TIME|LESSCLOSE|LESSOPEN|LINES|LOGNAME|LS_COLORS|MACHTYPE|MAILCHECK|MANDATORY_PATH|NO_AT_BRIDGE|OLDPWD|OPTERR|OPTIND|ORBIT_SOCKETDIR|OSTYPE|PAPERSIZE|PATH|PIPESTATUS|PPID|PS1|PS2|PS3|PS4|PWD|RANDOM|REPLY|SECONDS|SELINUX_INIT|SESSION|SESSIONTYPE|SESSION_MANAGER|SHELL|SHELLOPTS|SHLVL|SSH_AUTH_SOCK|TERM|UID|UPSTART_EVENTS|UPSTART_INSTANCE|UPSTART_JOB|UPSTART_SESSION|USER|WINDOWID|XAUTHORITY|XDG_CONFIG_DIRS|XDG_CURRENT_DESKTOP|XDG_DATA_DIRS|XDG_GREETER_DATA_DIR|XDG_MENU_PREFIX|XDG_RUNTIME_DIR|XDG_SEAT|XDG_SEAT_PATH|XDG_SESSION_DESKTOP|XDG_SESSION_ID|XDG_SESSION_PATH|XDG_SESSION_TYPE|XDG_VTNR|XMODIFIERS)\\b",g={pattern:/(^(["']?)\w+\2)[ \t]+\S.*/,lookbehind:!0,alias:"punctuation",inside:null},S={bash:g,environment:{pattern:RegExp("\\$"+c),alias:"constant"},variable:[{pattern:/\$?\(\([\s\S]+?\)\)/,greedy:!0,inside:{variable:[{pattern:/(^\$\(\([\s\S]+)\)\)/,lookbehind:!0},/^\$\(\(/],number:/\b0x[\dA-Fa-f]+\b|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:[Ee]-?\d+)?/,operator:/--|\+\+|\*\*=?|<<=?|>>=?|&&|\|\||[=!+\-*/%<>^&|]=?|[?~:]/,punctuation:/\(\(?|\)\)?|,|;/}},{pattern:/\$\((?:\([^)]+\)|[^()])+\)|`[^`]+`/,greedy:!0,inside:{variable:/^\$\(|^`|\)$|`$/}},{pattern:/\$\{[^}]+\}/,greedy:!0,inside:{operator:/:[-=?+]?|[!\/]|##?|%%?|\^\^?|,,?/,punctuation:/[\[\]]/,environment:{pattern:RegExp("(\\{)"+c),lookbehind:!0,alias:"constant"}}},/\$(?:\w+|[#?*!@$])/],entity:/\\(?:[abceEfnrtv\\"]|O?[0-7]{1,3}|U[0-9a-fA-F]{8}|u[0-9a-fA-F]{4}|x[0-9a-fA-F]{1,2})/};n.languages.bash={shebang:{pattern:/^#!\s*\/.*/,alias:"important"},comment:{pattern:/(^|[^"{\\$])#.*/,lookbehind:!0},"function-name":[{pattern:/(\bfunction\s+)[\w-]+(?=(?:\s*\(?:\s*\))?\s*\{)/,lookbehind:!0,alias:"function"},{pattern:/\b[\w-]+(?=\s*\(\s*\)\s*\{)/,alias:"function"}],"for-or-select":{pattern:/(\b(?:for|select)\s+)\w+(?=\s+in\s)/,alias:"variable",lookbehind:!0},"assign-left":{pattern:/(^|[\s;|&]|[<>]\()\w+(?:\.\w+)*(?=\+?=)/,inside:{environment:{pattern:RegExp("(^|[\\s;|&]|[<>]\\()"+c),lookbehind:!0,alias:"constant"}},alias:"variable",lookbehind:!0},parameter:{pattern:/(^|\s)-{1,2}(?:\w+:[+-]?)?\w+(?:\.\w+)*(?=[=\s]|$)/,alias:"variable",lookbehind:!0},string:[{pattern:/((?:^|[^<])<<-?\s*)(\w+)\s[\s\S]*?(?:\r?\n|\r)\2/,lookbehind:!0,greedy:!0,inside:S},{pattern:/((?:^|[^<])<<-?\s*)(["'])(\w+)\2\s[\s\S]*?(?:\r?\n|\r)\3/,lookbehind:!0,greedy:!0,inside:{bash:g}},{pattern:/(^|[^\\](?:\\\\)*)"(?:\\[\s\S]|\$\([^)]+\)|\$(?!\()|`[^`]+`|[^"\\`$])*"/,lookbehind:!0,greedy:!0,inside:S},{pattern:/(^|[^$\\])'[^']*'/,lookbehind:!0,greedy:!0},{pattern:/\$'(?:[^'\\]|\\[\s\S])*'/,greedy:!0,inside:{entity:S.entity}}],environment:{pattern:RegExp("\\$?"+c),alias:"constant"},variable:S.variable,function:{pattern:/(^|[\s;|&]|[<>]\()(?:add|apropos|apt|apt-cache|apt-get|aptitude|aspell|automysqlbackup|awk|basename|bash|bc|bconsole|bg|bzip2|cal|cargo|cat|cfdisk|chgrp|chkconfig|chmod|chown|chroot|cksum|clear|cmp|column|comm|composer|cp|cron|crontab|csplit|curl|cut|date|dc|dd|ddrescue|debootstrap|df|diff|diff3|dig|dir|dircolors|dirname|dirs|dmesg|docker|docker-compose|du|egrep|eject|env|ethtool|expand|expect|expr|fdformat|fdisk|fg|fgrep|file|find|fmt|fold|format|free|fsck|ftp|fuser|gawk|git|gparted|grep|groupadd|groupdel|groupmod|groups|grub-mkconfig|gzip|halt|head|hg|history|host|hostname|htop|iconv|id|ifconfig|ifdown|ifup|import|install|ip|java|jobs|join|kill|killall|less|link|ln|locate|logname|logrotate|look|lpc|lpr|lprint|lprintd|lprintq|lprm|ls|lsof|lynx|make|man|mc|mdadm|mkconfig|mkdir|mke2fs|mkfifo|mkfs|mkisofs|mknod|mkswap|mmv|more|most|mount|mtools|mtr|mutt|mv|nano|nc|netstat|nice|nl|node|nohup|notify-send|npm|nslookup|op|open|parted|passwd|paste|pathchk|ping|pkill|pnpm|podman|podman-compose|popd|pr|printcap|printenv|ps|pushd|pv|quota|quotacheck|quotactl|ram|rar|rcp|reboot|remsync|rename|renice|rev|rm|rmdir|rpm|rsync|scp|screen|sdiff|sed|sendmail|seq|service|sftp|sh|shellcheck|shuf|shutdown|sleep|slocate|sort|split|ssh|stat|strace|su|sudo|sum|suspend|swapon|sync|sysctl|tac|tail|tar|tee|time|timeout|top|touch|tr|traceroute|tsort|tty|umount|uname|unexpand|uniq|units|unrar|unshar|unzip|update-grub|uptime|useradd|userdel|usermod|users|uudecode|uuencode|v|vcpkg|vdir|vi|vim|virsh|vmstat|wait|watch|wc|wget|whereis|which|who|whoami|write|xargs|xdg-open|yarn|yes|zenity|zip|zsh|zypper)(?=$|[)\s;|&])/,lookbehind:!0},keyword:{pattern:/(^|[\s;|&]|[<>]\()(?:case|do|done|elif|else|esac|fi|for|function|if|in|select|then|until|while)(?=$|[)\s;|&])/,lookbehind:!0},builtin:{pattern:/(^|[\s;|&]|[<>]\()(?:\.|:|alias|bind|break|builtin|caller|cd|command|continue|declare|echo|enable|eval|exec|exit|export|getopts|hash|help|let|local|logout|mapfile|printf|pwd|read|readarray|readonly|return|set|shift|shopt|source|test|times|trap|type|typeset|ulimit|umask|unalias|unset)(?=$|[)\s;|&])/,lookbehind:!0,alias:"class-name"},boolean:{pattern:/(^|[\s;|&]|[<>]\()(?:false|true)(?=$|[)\s;|&])/,lookbehind:!0},"file-descriptor":{pattern:/\B&\d\b/,alias:"important"},operator:{pattern:/\d?<>|>\||\+=|=[=~]?|!=?|<<[<-]?|[&\d]?>>|\d[<>]&?|[<>][&=]?|&[>&]?|\|[&|]?/,inside:{"file-descriptor":{pattern:/^\d/,alias:"important"}}},punctuation:/\$?\(\(?|\)\)?|\.\.|[{}[\];\\]/,number:{pattern:/(^|\s)(?:[1-9]\d*|0)(?:[.,]\d+)?\b/,lookbehind:!0}},g.inside=n.languages.bash;for(var s=["comment","function-name","for-or-select","assign-left","parameter","string","environment","function","keyword","builtin","boolean","file-descriptor","operator","punctuation","number"],a=S.variable[1].inside,e=0;e>/g,function($,O){return"(?:"+R[+O]+")"})}function g(E,R,$){return RegExp(c(E,R),$||"")}function S(E,R){for(var $=0;$>/g,function(){return"(?:"+E+")"});return E.replace(/<>/g,"[^\\s\\S]")}var s={type:"bool byte char decimal double dynamic float int long object sbyte short string uint ulong ushort var void",typeDeclaration:"class enum interface record struct",contextual:"add alias and ascending async await by descending from(?=\\s*(?:\\w|$)) get global group into init(?=\\s*;) join let nameof not notnull on or orderby partial remove select set unmanaged value when where with(?=\\s*{)",other:"abstract as base break case catch checked const continue default delegate do else event explicit extern finally fixed for foreach goto if implicit in internal is lock namespace new null operator out override params private protected public readonly ref return sealed sizeof stackalloc static switch this throw try typeof unchecked unsafe using virtual volatile while yield"};function a(E){return"\\b(?:"+E.trim().replace(/ /g,"|")+")\\b"}var e=a(s.typeDeclaration),i=RegExp(a(s.type+" "+s.typeDeclaration+" "+s.contextual+" "+s.other)),p=a(s.typeDeclaration+" "+s.contextual+" "+s.other),w=a(s.type+" "+s.typeDeclaration+" "+s.other),d=S(/<(?:[^<>;=+\-*/%&|^]|<>)*>/.source,2),y=S(/\((?:[^()]|<>)*\)/.source,2),h=/@?\b[A-Za-z_]\w*\b/.source,v=c(/<<0>>(?:\s*<<1>>)?/.source,[h,d]),k=c(/(?!<<0>>)<<1>>(?:\s*\.\s*<<1>>)*/.source,[p,v]),t=/\[\s*(?:,\s*)*\]/.source,r=c(/<<0>>(?:\s*(?:\?\s*)?<<1>>)*(?:\s*\?)?/.source,[k,t]),o=c(/[^,()<>[\];=+\-*/%&|^]|<<0>>|<<1>>|<<2>>/.source,[d,y,t]),u=c(/\(<<0>>+(?:,<<0>>+)+\)/.source,[o]),l=c(/(?:<<0>>|<<1>>)(?:\s*(?:\?\s*)?<<2>>)*(?:\s*\?)?/.source,[u,k,t]),f={keyword:i,punctuation:/[<>()?,.:[\]]/},x=/'(?:[^\r\n'\\]|\\.|\\[Uux][\da-fA-F]{1,8})'/.source,m=/"(?:\\.|[^\\"\r\n])*"/.source,A=/@"(?:""|\\[\s\S]|[^\\"])*"(?!")/.source;n.languages.csharp=n.languages.extend("clike",{string:[{pattern:g(/(^|[^$\\])<<0>>/.source,[A]),lookbehind:!0,greedy:!0},{pattern:g(/(^|[^@$\\])<<0>>/.source,[m]),lookbehind:!0,greedy:!0}],"class-name":[{pattern:g(/(\busing\s+static\s+)<<0>>(?=\s*;)/.source,[k]),lookbehind:!0,inside:f},{pattern:g(/(\busing\s+<<0>>\s*=\s*)<<1>>(?=\s*;)/.source,[h,l]),lookbehind:!0,inside:f},{pattern:g(/(\busing\s+)<<0>>(?=\s*=)/.source,[h]),lookbehind:!0},{pattern:g(/(\b<<0>>\s+)<<1>>/.source,[e,v]),lookbehind:!0,inside:f},{pattern:g(/(\bcatch\s*\(\s*)<<0>>/.source,[k]),lookbehind:!0,inside:f},{pattern:g(/(\bwhere\s+)<<0>>/.source,[h]),lookbehind:!0},{pattern:g(/(\b(?:is(?:\s+not)?|as)\s+)<<0>>/.source,[r]),lookbehind:!0,inside:f},{pattern:g(/\b<<0>>(?=\s+(?!<<1>>|with\s*\{)<<2>>(?:\s*[=,;:{)\]]|\s+(?:in|when)\b))/.source,[l,w,h]),inside:f}],keyword:i,number:/(?:\b0(?:x[\da-f_]*[\da-f]|b[01_]*[01])|(?:\B\.\d+(?:_+\d+)*|\b\d+(?:_+\d+)*(?:\.\d+(?:_+\d+)*)?)(?:e[-+]?\d+(?:_+\d+)*)?)(?:[dflmu]|lu|ul)?\b/i,operator:/>>=?|<<=?|[-=]>|([-+&|])\1|~|\?\?=?|[-+*/%&|^!=<>]=?/,punctuation:/\?\.?|::|[{}[\];(),.:]/}),n.languages.insertBefore("csharp","number",{range:{pattern:/\.\./,alias:"operator"}}),n.languages.insertBefore("csharp","punctuation",{"named-parameter":{pattern:g(/([(,]\s*)<<0>>(?=\s*:)/.source,[h]),lookbehind:!0,alias:"punctuation"}}),n.languages.insertBefore("csharp","class-name",{namespace:{pattern:g(/(\b(?:namespace|using)\s+)<<0>>(?:\s*\.\s*<<0>>)*(?=\s*[;{])/.source,[h]),lookbehind:!0,inside:{punctuation:/\./}},"type-expression":{pattern:g(/(\b(?:default|sizeof|typeof)\s*\(\s*(?!\s))(?:[^()\s]|\s(?!\s)|<<0>>)*(?=\s*\))/.source,[y]),lookbehind:!0,alias:"class-name",inside:f},"return-type":{pattern:g(/<<0>>(?=\s+(?:<<1>>\s*(?:=>|[({]|\.\s*this\s*\[)|this\s*\[))/.source,[l,k]),inside:f,alias:"class-name"},"constructor-invocation":{pattern:g(/(\bnew\s+)<<0>>(?=\s*[[({])/.source,[l]),lookbehind:!0,inside:f,alias:"class-name"},"generic-method":{pattern:g(/<<0>>\s*<<1>>(?=\s*\()/.source,[h,d]),inside:{function:g(/^<<0>>/.source,[h]),generic:{pattern:RegExp(d),alias:"class-name",inside:f}}},"type-list":{pattern:g(/\b((?:<<0>>\s+<<1>>|record\s+<<1>>\s*<<5>>|where\s+<<2>>)\s*:\s*)(?:<<3>>|<<4>>|<<1>>\s*<<5>>|<<6>>)(?:\s*,\s*(?:<<3>>|<<4>>|<<6>>))*(?=\s*(?:where|[{;]|=>|$))/.source,[e,v,h,l,i.source,y,/\bnew\s*\(\s*\)/.source]),lookbehind:!0,inside:{"record-arguments":{pattern:g(/(^(?!new\s*\()<<0>>\s*)<<1>>/.source,[v,y]),lookbehind:!0,greedy:!0,inside:n.languages.csharp},keyword:i,"class-name":{pattern:RegExp(l),greedy:!0,inside:f},punctuation:/[,()]/}},preprocessor:{pattern:/(^[\t ]*)#.*/m,lookbehind:!0,alias:"property",inside:{directive:{pattern:/(#)\b(?:define|elif|else|endif|endregion|error|if|line|nullable|pragma|region|undef|warning)\b/,lookbehind:!0,alias:"keyword"}}}});var F=m+"|"+x,T=c(/\/(?![*/])|\/\/[^\r\n]*[\r\n]|\/\*(?:[^*]|\*(?!\/))*\*\/|<<0>>/.source,[F]),I=S(c(/[^"'/()]|<<0>>|\(<>*\)/.source,[T]),2),N=/\b(?:assembly|event|field|method|module|param|property|return|type)\b/.source,W=c(/<<0>>(?:\s*\(<<1>>*\))?/.source,[k,I]);n.languages.insertBefore("csharp","class-name",{attribute:{pattern:g(/((?:^|[^\s\w>)?])\s*\[\s*)(?:<<0>>\s*:\s*)?<<1>>(?:\s*,\s*<<1>>)*(?=\s*\])/.source,[N,W]),lookbehind:!0,greedy:!0,inside:{target:{pattern:g(/^<<0>>(?=\s*:)/.source,[N]),alias:"keyword"},"attribute-arguments":{pattern:g(/\(<<0>>*\)/.source,[I]),inside:n.languages.csharp},"class-name":{pattern:RegExp(k),inside:{punctuation:/\./}},punctuation:/[:,]/}}});var D=/:[^}\r\n]+/.source,z=S(c(/[^"'/()]|<<0>>|\(<>*\)/.source,[T]),2),_=c(/\{(?!\{)(?:(?![}:])<<0>>)*<<1>>?\}/.source,[z,D]),C=S(c(/[^"'/()]|\/(?!\*)|\/\*(?:[^*]|\*(?!\/))*\*\/|<<0>>|\(<>*\)/.source,[F]),2),P=c(/\{(?!\{)(?:(?![}:])<<0>>)*<<1>>?\}/.source,[C,D]);function L(E,R){return{interpolation:{pattern:g(/((?:^|[^{])(?:\{\{)*)<<0>>/.source,[E]),lookbehind:!0,inside:{"format-string":{pattern:g(/(^\{(?:(?![}:])<<0>>)*)<<1>>(?=\}$)/.source,[R,D]),lookbehind:!0,inside:{punctuation:/^:/}},punctuation:/^\{|\}$/,expression:{pattern:/[\s\S]+/,alias:"language-csharp",inside:n.languages.csharp}}},string:/[\s\S]+/}}n.languages.insertBefore("csharp","string",{"interpolation-string":[{pattern:g(/(^|[^\\])(?:\$@|@\$)"(?:""|\\[\s\S]|\{\{|<<0>>|[^\\{"])*"/.source,[_]),lookbehind:!0,greedy:!0,inside:L(_,z)},{pattern:g(/(^|[^@\\])\$"(?:\\.|\{\{|<<0>>|[^\\"{])*"/.source,[P]),lookbehind:!0,greedy:!0,inside:L(P,C)}],char:{pattern:RegExp(x),greedy:!0}}),n.languages.dotnet=n.languages.cs=n.languages.csharp})(Prism);Prism.languages.hcl={comment:/(?:\/\/|#).*|\/\*[\s\S]*?(?:\*\/|$)/,heredoc:{pattern:/<<-?(\w+\b)[\s\S]*?^[ \t]*\1/m,greedy:!0,alias:"string"},keyword:[{pattern:/(?:data|resource)\s+(?:"(?:\\[\s\S]|[^\\"])*")(?=\s+"[\w-]+"\s+\{)/i,inside:{type:{pattern:/(resource|data|\s+)(?:"(?:\\[\s\S]|[^\\"])*")/i,lookbehind:!0,alias:"variable"}}},{pattern:/(?:backend|module|output|provider|provisioner|variable)\s+(?:[\w-]+|"(?:\\[\s\S]|[^\\"])*")\s+(?=\{)/i,inside:{type:{pattern:/(backend|module|output|provider|provisioner|variable)\s+(?:[\w-]+|"(?:\\[\s\S]|[^\\"])*")\s+/i,lookbehind:!0,alias:"variable"}}},/[\w-]+(?=\s+\{)/],property:[/[-\w\.]+(?=\s*=(?!=))/,/"(?:\\[\s\S]|[^\\"])+"(?=\s*[:=])/],string:{pattern:/"(?:[^\\$"]|\\[\s\S]|\$(?:(?=")|\$+(?!\$)|[^"${])|\$\{(?:[^{}"]|"(?:[^\\"]|\\[\s\S])*")*\})*"/,greedy:!0,inside:{interpolation:{pattern:/(^|[^$])\$\{(?:[^{}"]|"(?:[^\\"]|\\[\s\S])*")*\}/,lookbehind:!0,inside:{type:{pattern:/(\b(?:count|data|local|module|path|self|terraform|var)\b\.)[\w\*]+/i,lookbehind:!0,alias:"variable"},keyword:/\b(?:count|data|local|module|path|self|terraform|var)\b/i,function:/\w+(?=\()/,string:{pattern:/"(?:\\[\s\S]|[^\\"])*"/,greedy:!0},number:/\b0x[\da-f]+\b|\b\d+(?:\.\d*)?(?:e[+-]?\d+)?/i,punctuation:/[!\$#%&'()*+,.\/;<=>@\[\\\]^`{|}~?:]/}}}},number:/\b0x[\da-f]+\b|\b\d+(?:\.\d*)?(?:e[+-]?\d+)?/i,boolean:/\b(?:false|true)\b/i,punctuation:/[=\[\]{}]/};(function(n){n.languages.ignore={comment:/^#.*/m,entry:{pattern:/\S(?:.*(?:(?:\\ )|\S))?/,alias:"string",inside:{operator:/^!|\*\*?|\?/,regex:{pattern:/(^|[^\\])\[[^\[\]]*\]/,lookbehind:!0},punctuation:/\//}}},n.languages.gitignore=n.languages.ignore,n.languages.hgignore=n.languages.ignore,n.languages.npmignore=n.languages.ignore})(Prism);Prism.languages.json={property:{pattern:/(^|[^\\])"(?:\\.|[^\\"\r\n])*"(?=\s*:)/,lookbehind:!0,greedy:!0},string:{pattern:/(^|[^\\])"(?:\\.|[^\\"\r\n])*"(?!\s*:)/,lookbehind:!0,greedy:!0},comment:{pattern:/\/\/.*|\/\*[\s\S]*?(?:\*\/|$)/,greedy:!0},number:/-?\b\d+(?:\.\d+)?(?:e[+-]?\d+)?\b/i,punctuation:/[{}[\],]/,operator:/:/,boolean:/\b(?:false|true)\b/,null:{pattern:/\bnull\b/,alias:"keyword"}};Prism.languages.webmanifest=Prism.languages.json;(function(n){var c=/(?:\\.|[^\\\n\r]|(?:\n|\r\n?)(?![\r\n]))/.source;function g(d){return d=d.replace(//g,function(){return c}),RegExp(/((?:^|[^\\])(?:\\{2})*)/.source+"(?:"+d+")")}var S=/(?:\\.|``(?:[^`\r\n]|`(?!`))+``|`[^`\r\n]+`|[^\\|\r\n`])+/.source,s=/\|?__(?:\|__)+\|?(?:(?:\n|\r\n?)|(?![\s\S]))/.source.replace(/__/g,function(){return S}),a=/\|?[ \t]*:?-{3,}:?[ \t]*(?:\|[ \t]*:?-{3,}:?[ \t]*)+\|?(?:\n|\r\n?)/.source;n.languages.markdown=n.languages.extend("markup",{}),n.languages.insertBefore("markdown","prolog",{"front-matter-block":{pattern:/(^(?:\s*[\r\n])?)---(?!.)[\s\S]*?[\r\n]---(?!.)/,lookbehind:!0,greedy:!0,inside:{punctuation:/^---|---$/,"front-matter":{pattern:/\S+(?:\s+\S+)*/,alias:["yaml","language-yaml"],inside:n.languages.yaml}}},blockquote:{pattern:/^>(?:[\t ]*>)*/m,alias:"punctuation"},table:{pattern:RegExp("^"+s+a+"(?:"+s+")*","m"),inside:{"table-data-rows":{pattern:RegExp("^("+s+a+")(?:"+s+")*$"),lookbehind:!0,inside:{"table-data":{pattern:RegExp(S),inside:n.languages.markdown},punctuation:/\|/}},"table-line":{pattern:RegExp("^("+s+")"+a+"$"),lookbehind:!0,inside:{punctuation:/\||:?-{3,}:?/}},"table-header-row":{pattern:RegExp("^"+s+"$"),inside:{"table-header":{pattern:RegExp(S),alias:"important",inside:n.languages.markdown},punctuation:/\|/}}}},code:[{pattern:/((?:^|\n)[ \t]*\n|(?:^|\r\n?)[ \t]*\r\n?)(?: {4}|\t).+(?:(?:\n|\r\n?)(?: {4}|\t).+)*/,lookbehind:!0,alias:"keyword"},{pattern:/^```[\s\S]*?^```$/m,greedy:!0,inside:{"code-block":{pattern:/^(```.*(?:\n|\r\n?))[\s\S]+?(?=(?:\n|\r\n?)^```$)/m,lookbehind:!0},"code-language":{pattern:/^(```).+/,lookbehind:!0},punctuation:/```/}}],title:[{pattern:/\S.*(?:\n|\r\n?)(?:==+|--+)(?=[ \t]*$)/m,alias:"important",inside:{punctuation:/==+$|--+$/}},{pattern:/(^\s*)#.+/m,lookbehind:!0,alias:"important",inside:{punctuation:/^#+|#+$/}}],hr:{pattern:/(^\s*)([*-])(?:[\t ]*\2){2,}(?=\s*$)/m,lookbehind:!0,alias:"punctuation"},list:{pattern:/(^\s*)(?:[*+-]|\d+\.)(?=[\t ].)/m,lookbehind:!0,alias:"punctuation"},"url-reference":{pattern:/!?\[[^\]]+\]:[\t ]+(?:\S+|<(?:\\.|[^>\\])+>)(?:[\t ]+(?:"(?:\\.|[^"\\])*"|'(?:\\.|[^'\\])*'|\((?:\\.|[^)\\])*\)))?/,inside:{variable:{pattern:/^(!?\[)[^\]]+/,lookbehind:!0},string:/(?:"(?:\\.|[^"\\])*"|'(?:\\.|[^'\\])*'|\((?:\\.|[^)\\])*\))$/,punctuation:/^[\[\]!:]|[<>]/},alias:"url"},bold:{pattern:g(/\b__(?:(?!_)|_(?:(?!_))+_)+__\b|\*\*(?:(?!\*)|\*(?:(?!\*))+\*)+\*\*/.source),lookbehind:!0,greedy:!0,inside:{content:{pattern:/(^..)[\s\S]+(?=..$)/,lookbehind:!0,inside:{}},punctuation:/\*\*|__/}},italic:{pattern:g(/\b_(?:(?!_)|__(?:(?!_))+__)+_\b|\*(?:(?!\*)|\*\*(?:(?!\*))+\*\*)+\*/.source),lookbehind:!0,greedy:!0,inside:{content:{pattern:/(^.)[\s\S]+(?=.$)/,lookbehind:!0,inside:{}},punctuation:/[*_]/}},strike:{pattern:g(/(~~?)(?:(?!~))+\2/.source),lookbehind:!0,greedy:!0,inside:{content:{pattern:/(^~~?)[\s\S]+(?=\1$)/,lookbehind:!0,inside:{}},punctuation:/~~?/}},"code-snippet":{pattern:/(^|[^\\`])(?:``[^`\r\n]+(?:`[^`\r\n]+)*``(?!`)|`[^`\r\n]+`(?!`))/,lookbehind:!0,greedy:!0,alias:["code","keyword"]},url:{pattern:g(/!?\[(?:(?!\]))+\](?:\([^\s)]+(?:[\t ]+"(?:\\.|[^"\\])*")?\)|[ \t]?\[(?:(?!\]))+\])/.source),lookbehind:!0,greedy:!0,inside:{operator:/^!/,content:{pattern:/(^\[)[^\]]+(?=\])/,lookbehind:!0,inside:{}},variable:{pattern:/(^\][ \t]?\[)[^\]]+(?=\]$)/,lookbehind:!0},url:{pattern:/(^\]\()[^\s)]+/,lookbehind:!0},string:{pattern:/(^[ \t]+)"(?:\\.|[^"\\])*"(?=\)$)/,lookbehind:!0}}}}),["url","bold","italic","strike"].forEach(function(d){["url","bold","italic","strike","code-snippet"].forEach(function(y){d!==y&&(n.languages.markdown[d].inside.content.inside[y]=n.languages.markdown[y])})}),n.hooks.add("after-tokenize",function(d){if(d.language!=="markdown"&&d.language!=="md")return;function y(h){if(!(!h||typeof h=="string"))for(var v=0,k=h.length;v",quot:'"'},p=String.fromCodePoint||String.fromCharCode;function w(d){var y=d.replace(e,"");return y=y.replace(/&(\w{1,8}|#x?[\da-f]{1,8});/gi,function(h,v){if(v=v.toLowerCase(),v[0]==="#"){var k;return v[1]==="x"?k=parseInt(v.slice(2),16):k=Number(v.slice(1)),p(k)}else{var t=i[v];return t||h}}),y}n.languages.md=n.languages.markdown})(Prism);(function(n){var c=n.languages.powershell={comment:[{pattern:/(^|[^`])<#[\s\S]*?#>/,lookbehind:!0},{pattern:/(^|[^`])#.*/,lookbehind:!0}],string:[{pattern:/"(?:`[\s\S]|[^`"])*"/,greedy:!0,inside:null},{pattern:/'(?:[^']|'')*'/,greedy:!0}],namespace:/\[[a-z](?:\[(?:\[[^\]]*\]|[^\[\]])*\]|[^\[\]])*\]/i,boolean:/\$(?:false|true)\b/i,variable:/\$\w+\b/,function:[/\b(?:Add|Approve|Assert|Backup|Block|Checkpoint|Clear|Close|Compare|Complete|Compress|Confirm|Connect|Convert|ConvertFrom|ConvertTo|Copy|Debug|Deny|Disable|Disconnect|Dismount|Edit|Enable|Enter|Exit|Expand|Export|Find|ForEach|Format|Get|Grant|Group|Hide|Import|Initialize|Install|Invoke|Join|Limit|Lock|Measure|Merge|Move|New|Open|Optimize|Out|Ping|Pop|Protect|Publish|Push|Read|Receive|Redo|Register|Remove|Rename|Repair|Request|Reset|Resize|Resolve|Restart|Restore|Resume|Revoke|Save|Search|Select|Send|Set|Show|Skip|Sort|Split|Start|Step|Stop|Submit|Suspend|Switch|Sync|Tee|Test|Trace|Unblock|Undo|Uninstall|Unlock|Unprotect|Unpublish|Unregister|Update|Use|Wait|Watch|Where|Write)-[a-z]+\b/i,/\b(?:ac|cat|chdir|clc|cli|clp|clv|compare|copy|cp|cpi|cpp|cvpa|dbp|del|diff|dir|ebp|echo|epal|epcsv|epsn|erase|fc|fl|ft|fw|gal|gbp|gc|gci|gcs|gdr|gi|gl|gm|gp|gps|group|gsv|gu|gv|gwmi|iex|ii|ipal|ipcsv|ipsn|irm|iwmi|iwr|kill|lp|ls|measure|mi|mount|move|mp|mv|nal|ndr|ni|nv|ogv|popd|ps|pushd|pwd|rbp|rd|rdr|ren|ri|rm|rmdir|rni|rnp|rp|rv|rvpa|rwmi|sal|saps|sasv|sbp|sc|select|set|shcm|si|sl|sleep|sls|sort|sp|spps|spsv|start|sv|swmi|tee|trcm|type|write)\b/i],keyword:/\b(?:Begin|Break|Catch|Class|Continue|Data|Define|Do|DynamicParam|Else|ElseIf|End|Exit|Filter|Finally|For|ForEach|From|Function|If|InlineScript|Parallel|Param|Process|Return|Sequence|Switch|Throw|Trap|Try|Until|Using|Var|While|Workflow)\b/i,operator:{pattern:/(^|\W)(?:!|-(?:b?(?:and|x?or)|as|(?:Not)?(?:Contains|In|Like|Match)|eq|ge|gt|is(?:Not)?|Join|le|lt|ne|not|Replace|sh[lr])\b|-[-=]?|\+[+=]?|[*\/%]=?)/i,lookbehind:!0},punctuation:/[|{}[\];(),.]/};c.string[0].inside={function:{pattern:/(^|[^`])\$\((?:\$\([^\r\n()]*\)|(?!\$\()[^\r\n)])*\)/,lookbehind:!0,inside:c},boolean:c.boolean,variable:c.variable}})(Prism);(function(n){var c=/(?:[\w-]+|'[^'\n\r]*'|"(?:\\.|[^\\"\r\n])*")/.source;function g(S){return S.replace(/__/g,function(){return c})}n.languages.toml={comment:{pattern:/#.*/,greedy:!0},table:{pattern:RegExp(g(/(^[\t ]*\[\s*(?:\[\s*)?)__(?:\s*\.\s*__)*(?=\s*\])/.source),"m"),lookbehind:!0,greedy:!0,alias:"class-name"},key:{pattern:RegExp(g(/(^[\t ]*|[{,]\s*)__(?:\s*\.\s*__)*(?=\s*=)/.source),"m"),lookbehind:!0,greedy:!0,alias:"property"},string:{pattern:/"""(?:\\[\s\S]|[^\\])*?"""|'''[\s\S]*?'''|'[^'\n\r]*'|"(?:\\.|[^\\"\r\n])*"/,greedy:!0},date:[{pattern:/\b\d{4}-\d{2}-\d{2}(?:[T\s]\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})?)?\b/i,alias:"number"},{pattern:/\b\d{2}:\d{2}:\d{2}(?:\.\d+)?\b/,alias:"number"}],number:/(?:\b0(?:x[\da-zA-Z]+(?:_[\da-zA-Z]+)*|o[0-7]+(?:_[0-7]+)*|b[10]+(?:_[10]+)*))\b|[-+]?\b\d+(?:_\d+)*(?:\.\d+(?:_\d+)*)?(?:[eE][+-]?\d+(?:_\d+)*)?\b|[-+]?\b(?:inf|nan)\b/,boolean:/\b(?:false|true)\b/,punctuation:/[.,=[\]{}]/}})(Prism);(function(n){var c=/[*&][^\s[\]{},]+/,g=/!(?:<[\w\-%#;/?:@&=+$,.!~*'()[\]]+>|(?:[a-zA-Z\d-]*!)?[\w\-%#;/?:@&=+$.~*'()]+)?/,S="(?:"+g.source+"(?:[ ]+"+c.source+")?|"+c.source+"(?:[ ]+"+g.source+")?)",s=/(?:[^\s\x00-\x08\x0e-\x1f!"#%&'*,\-:>?@[\]`{|}\x7f-\x84\x86-\x9f\ud800-\udfff\ufffe\uffff]|[?:-])(?:[ \t]*(?:(?![#:])|:))*/.source.replace(//g,function(){return/[^\s\x00-\x08\x0e-\x1f,[\]{}\x7f-\x84\x86-\x9f\ud800-\udfff\ufffe\uffff]/.source}),a=/"(?:[^"\\\r\n]|\\.)*"|'(?:[^'\\\r\n]|\\.)*'/.source;function e(i,p){p=(p||"").replace(/m/g,"")+"m";var w=/([:\-,[{]\s*(?:\s<>[ \t]+)?)(?:<>)(?=[ \t]*(?:$|,|\]|\}|(?:[\r\n]\s*)?#))/.source.replace(/<>/g,function(){return S}).replace(/<>/g,function(){return i});return RegExp(w,p)}n.languages.yaml={scalar:{pattern:RegExp(/([\-:]\s*(?:\s<>[ \t]+)?[|>])[ \t]*(?:((?:\r?\n|\r)[ \t]+)\S[^\r\n]*(?:\2[^\r\n]+)*)/.source.replace(/<>/g,function(){return S})),lookbehind:!0,alias:"string"},comment:/#.*/,key:{pattern:RegExp(/((?:^|[:\-,[{\r\n?])[ \t]*(?:<>[ \t]+)?)<>(?=\s*:\s)/.source.replace(/<>/g,function(){return S}).replace(/<>/g,function(){return"(?:"+s+"|"+a+")"})),lookbehind:!0,greedy:!0,alias:"atrule"},directive:{pattern:/(^[ \t]*)%.+/m,lookbehind:!0,alias:"important"},datetime:{pattern:e(/\d{4}-\d\d?-\d\d?(?:[tT]|[ \t]+)\d\d?:\d{2}:\d{2}(?:\.\d*)?(?:[ \t]*(?:Z|[-+]\d\d?(?::\d{2})?))?|\d{4}-\d{2}-\d{2}|\d\d?:\d{2}(?::\d{2}(?:\.\d*)?)?/.source),lookbehind:!0,alias:"number"},boolean:{pattern:e(/false|true/.source,"i"),lookbehind:!0,alias:"important"},null:{pattern:e(/null|~/.source,"i"),lookbehind:!0,alias:"important"},string:{pattern:e(a),lookbehind:!0,greedy:!0},number:{pattern:e(/[+-]?(?:0x[\da-f]+|0o[0-7]+|(?:\d+(?:\.\d*)?|\.\d+)(?:e[+-]?\d+)?|\.inf|\.nan)/.source,"i"),lookbehind:!0},tag:g,important:c,punctuation:/---|[:[\]{}\-,|>?]|\.\.\./},n.languages.yml=n.languages.yaml})(Prism);var Fe=V(Q());(function(){if(typeof Prism=="undefined"||typeof document=="undefined")return;var n=[],c={},g=function(){};Prism.plugins.toolbar={};var S=Prism.plugins.toolbar.registerButton=function(e,i){var p;if(typeof i=="function"?p=i:p=function(w){var d;return typeof i.onClick=="function"?(d=document.createElement("button"),d.type="button",d.addEventListener("click",function(){i.onClick.call(this,w)})):typeof i.url=="string"?(d=document.createElement("a"),d.href=i.url):d=document.createElement("span"),i.className&&d.classList.add(i.className),d.textContent=i.text,d},e in c){console.warn('There is a button with the key "'+e+'" registered already.');return}n.push(c[e]=p)};function s(e){for(;e;){var i=e.getAttribute("data-toolbar-order");if(i!=null)return i=i.trim(),i.length?i.split(/\s*,\s*/g):[];e=e.parentElement}}var a=Prism.plugins.toolbar.hook=function(e){var i=e.element.parentNode;if(!(!i||!/pre/i.test(i.nodeName))&&!i.parentNode.classList.contains("code-toolbar")){var p=document.createElement("div");p.classList.add("code-toolbar"),i.parentNode.insertBefore(p,i),p.appendChild(i);var w=document.createElement("div");w.classList.add("toolbar");var d=n,y=s(e.element);y&&(d=y.map(function(h){return c[h]||g})),d.forEach(function(h){var v=h(e);if(v){var k=document.createElement("div");k.classList.add("toolbar-item"),k.appendChild(v),w.appendChild(k)}}),p.appendChild(w)}};S("label",function(e){var i=e.element.parentNode;if(!(!i||!/pre/i.test(i.nodeName))&&i.hasAttribute("data-label")){var p,w,d=i.getAttribute("data-label");try{w=document.querySelector("template#"+d)}catch(y){}return w?p=w.content:(i.hasAttribute("data-url")?(p=document.createElement("a"),p.href=i.getAttribute("data-url")):p=document.createElement("span"),p.textContent=d),p}}),Prism.hooks.add("complete",a)})();(function(){if(typeof Prism=="undefined"||typeof document=="undefined")return;if(!Prism.plugins.toolbar){console.warn("Copy to Clipboard plugin loaded before Toolbar plugin.");return}function n(a,e){a.addEventListener("click",function(){g(e)})}function c(a){var e=document.createElement("textarea");e.value=a.getText(),e.style.top="0",e.style.left="0",e.style.position="fixed",document.body.appendChild(e),e.focus(),e.select();try{var i=document.execCommand("copy");setTimeout(function(){i?a.success():a.error()},1)}catch(p){setTimeout(function(){a.error(p)},1)}document.body.removeChild(e)}function g(a){navigator.clipboard?navigator.clipboard.writeText(a.getText()).then(a.success,function(){c(a)}):c(a)}function S(a){window.getSelection().selectAllChildren(a)}function s(a){var e={copy:"Copy","copy-error":"Press Ctrl+C to copy","copy-success":"Copied!","copy-timeout":5e3},i="data-prismjs-";for(var p in e){for(var w=i+p,d=a;d&&!d.hasAttribute(w);)d=d.parentElement;d&&(e[p]=d.getAttribute(w))}return e}Prism.plugins.toolbar.registerButton("copy-to-clipboard",function(a){var e=a.element,i=s(e),p=document.createElement("button");p.className="copy-to-clipboard-button",p.setAttribute("type","button");var w=document.createElement("span");return p.appendChild(w),y("copy"),n(p,{getText:function(){return e.textContent},success:function(){y("copy-success"),d()},error:function(){y("copy-error"),setTimeout(function(){S(e)},1),d()}}),p;function d(){setTimeout(function(){y("copy")},i["copy-timeout"])}function y(h){w.textContent=i[h],p.setAttribute("data-copy-state",h)}})})();(function(){if(typeof Prism=="undefined"||typeof document=="undefined")return;var n=/(?:^|\s)command-line(?:\s|$)/,c="command-line-prompt",g="".startsWith?function(e,i){return e.startsWith(i)}:function(e,i){return e.indexOf(i)===0},S="".endsWith?function(e,i){return e.endsWith(i)}:function(e,i){var p=e.length;return e.substring(p-i.length,p)===i};function s(e){var i=e.vars=e.vars||{};return"command-line"in i}function a(e){var i=e.vars=e.vars||{};return i["command-line"]=i["command-line"]||{}}Prism.hooks.add("before-highlight",function(e){var i=a(e);if(i.complete||!e.code){i.complete=!0;return}var p=e.element.parentElement;if(!p||!/pre/i.test(p.nodeName)||!n.test(p.className)&&!n.test(e.element.className)){i.complete=!0;return}var w=e.element.querySelector("."+c);w&&w.remove();var d=e.code.split(` +`);i.numberOfLines=d.length;var y=i.outputLines=[],h=p.getAttribute("data-output"),v=p.getAttribute("data-filter-output");if(h!==null)h.split(",").forEach(function(f){var x=f.split("-"),m=parseInt(x[0],10),A=x.length===2?parseInt(x[1],10):m;if(!isNaN(m)&&!isNaN(A)){m<1&&(m=1),A>d.length&&(A=d.length),m--,A--;for(var F=m;F<=A;F++)y[F]=d[F],d[F]=""}});else if(v)for(var k=0;k0&&o&&g(l,o)&&(d[u]=l.slice(o.length),t.add(u)))}e.code=d.join(` +`)}),Prism.hooks.add("before-insert",function(e){var i=a(e);if(!i.complete){for(var p=e.highlightedCode.split(` +`),w=i.outputLines||[],d=0,y=p.length;d'+Prism.util.encode(w[d])+"":p[d]=''+p[d]+"";e.highlightedCode=p.join(` +`)}}),Prism.hooks.add("complete",function(e){if(!s(e))return;var i=a(e);if(i.complete)return;var p=e.element.parentElement;n.test(e.element.className)&&(e.element.className=e.element.className.replace(n," ")),n.test(p.className)||(p.className+=" command-line");function w(T,I){return(p.getAttribute(T)||I).replace(/"/g,""")}var d="",y=i.numberOfLines||0,h=w("data-prompt",""),v;if(h!=="")v='';else{var k=w("data-user","user"),t=w("data-host","localhost");v=''}for(var r=i.continuationLineIndicies||new Set,o=w("data-continuation-prompt",">"),u='',l=0;l + * @author Lea Verou + * @namespace + * @public + *) +*/ diff --git a/keybase.txt b/keybase.txt deleted file mode 100644 index 9ae498da..00000000 --- a/keybase.txt +++ /dev/null @@ -1,56 +0,0 @@ -================================================================== -https://keybase.io/dgallant --------------------------------------------------------------------- - -I hereby claim: - - * I am an admin of https://davegallant.github.io - * I am dgallant (https://keybase.io/dgallant) on keybase. - * I have a public key ASDIaXVCZNVLcI2nLjiVywkkpRY2wzTUb1nMiDsbGz1mFwo - -To do so, I am signing this object: - -{ - "body": { - "key": { - "eldest_kid": "0120132311ef8d70a8f35f284eb17a45cbcdf653ce040064dfd4a336d48e2dd3c5ee0a", - "host": "keybase.io", - "kid": "0120c869754264d54b708da72e3895cb0924a51636c334d46f59cc883b1b1b3d66170a", - "uid": "117fb0e36a0168fe7c1cb75c32fa1119", - "username": "dgallant" - }, - "merkle_root": { - "ctime": 1584423716, - "hash": "a447336f6b4b3fdc7acd69bfb67724ba417d355c35dff289f0b71edd9a61eb0abca168842e35d030a7f72684961e284ff3e72169cccc822f123124ab1f28bae8", - "hash_meta": "877e40ccac9c0bb3897269f3e270219cfc3b8f51b218249053cb9cef216394c6", - "seqno": 15418771 - }, - "service": { - "entropy": "GF5GAzsSwbL3MwyHTrWacqXg", - "hostname": "davegallant.github.io", - "protocol": "https:" - }, - "type": "web_service_binding", - "version": 2 - }, - "client": { - "name": "keybase.io go client", - "version": "5.3.0" - }, - "ctime": 1584424574, - "expire_in": 504576000, - "prev": "09dc7ed70fa820ed3f8bcfaef95804ab477cc82a1f1de366e38e59ef611631b1", - "seqno": 51, - "tag": "signature" -} - -which yields the signature: - -hKRib2R5hqhkZXRhY2hlZMOpaGFzaF90eXBlCqNrZXnEIwEgyGl1QmTVS3CNpy44lcsJJKUWNsM01G9ZzIg7Gxs9ZhcKp3BheWxvYWTESpcCM8QgCdx+1w+oIO0/i8+u+VgEq0d8yCofHeNm445Z72EWMbHEIATfVmncQJ7AOYvyF/Cmi0WNPdLXRg0owqqF/mgfpwa7AgHCo3NpZ8RASN9ahvUTPy4rvmYlLIwDzyu0fmUiNktCIi2VHDNQfLzzAKCPd6uh54dvGMtoB2JG4DZsRQN56PWx/auuGr5JC6hzaWdfdHlwZSCkaGFzaIKkdHlwZQildmFsdWXEIEaFPIAAHow3jTSI4d1GnlmNomNiJPYzYNDjpGd5QMfDo3RhZ80CAqd2ZXJzaW9uAQ== - -And finally, I am proving ownership of this host by posting or -appending to this document. - -View my publicly-auditable identity here: https://keybase.io/dgallant - -================================================================== diff --git a/mstile-144x144.png b/mstile-144x144.png new file mode 100644 index 00000000..a755b767 Binary files /dev/null and b/mstile-144x144.png differ diff --git a/mstile-150x150.png b/mstile-150x150.png new file mode 100644 index 00000000..b31e628e Binary files /dev/null and b/mstile-150x150.png differ diff --git a/mstile-310x150.png b/mstile-310x150.png new file mode 100644 index 00000000..a26c9473 Binary files /dev/null and b/mstile-310x150.png differ diff --git a/mstile-310x310.png b/mstile-310x310.png new file mode 100644 index 00000000..3f95a019 Binary files /dev/null and b/mstile-310x310.png differ diff --git a/mstile-70x70.png b/mstile-70x70.png new file mode 100644 index 00000000..238cb0aa Binary files /dev/null and b/mstile-70x70.png differ diff --git a/page/1/index.html b/page/1/index.html new file mode 100644 index 00000000..2b641798 --- /dev/null +++ b/page/1/index.html @@ -0,0 +1 @@ +/ \ No newline at end of file diff --git a/page/2/index.html b/page/2/index.html new file mode 100644 index 00000000..c2ece692 --- /dev/null +++ b/page/2/index.html @@ -0,0 +1,10 @@ +— Software Engineer
    +

    Dave Gallant
    +
    \ No newline at end of file diff --git a/page/index.html b/page/index.html deleted file mode 100644 index fae62c3a..00000000 --- a/page/index.html +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - - - - - -Pages • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Pages

    -
    -
    -
    -
    -
      -
    • -
      - -Posted on - - -
      -
      -

      - -

      -
      -
      • -
    -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/page/index.xml b/page/index.xml deleted file mode 100644 index 0e964438..00000000 --- a/page/index.xml +++ /dev/null @@ -1 +0,0 @@ -Pages on davegallant/page/Recent content in Pages on davegallantHugo -- gohugo.ioen-us<link>/page/search/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/page/search/</guid><description>test</description></item></channel></rss> \ No newline at end of file diff --git a/page/page/1/index.html b/page/page/1/index.html deleted file mode 100644 index 7d435207..00000000 --- a/page/page/1/index.html +++ /dev/null @@ -1 +0,0 @@ -<!doctype html><html><head><title>/page/ \ No newline at end of file diff --git a/page/search/index.html b/page/search/index.html deleted file mode 100644 index af7fc040..00000000 --- a/page/search/index.html +++ /dev/null @@ -1,211 +0,0 @@ - - - - - - - - - - - - • davegallant - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    -
    -
    -
    -
    -

    test

    -
    -
    -
    -
    -
    -

    Search

    -
    -
    -
    -
    -
      -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/page/search/index.json b/page/search/index.json deleted file mode 100644 index 2a0010f1..00000000 --- a/page/search/index.json +++ /dev/null @@ -1 +0,0 @@ -[{"content":"I\u0026rsquo;m a software engineer with a passion for open-source, infrastructure, tooling and security.\n","href":"/about/","title":"About"},{"content":"","href":"/","title":"davegallant"},{"content":"","href":"/tags/degoogle/","title":"degoogle"},{"content":"","href":"/tags/invidious/","title":"invidious"},{"content":"","href":"/post/","title":"Posts"},{"content":"","href":"/tags/privacy/","title":"privacy"},{"content":"","href":"/tags/","title":"Tags"},{"content":"","href":"/tags/tailscale/","title":"tailscale"},{"content":"I recently stumbled upon yewtu.be and found it intriguing. It not only allows you to watch YouTube without being on YouTube, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it\u0026rsquo;s a hosted instance of invidious.\nWow, this is cool, and JavaScript is not required.\nI started using yewtu.be as my primary client for watching videos. I subscribe to several YouTube channels and I prefer the interface invidiuous provides due to its simplicity. It\u0026rsquo;s also nice to be in control of my search and watch history.\nA few days ago, yewtu.be went down briefly, and that motivated me enough to self-host invidious. There are several other hosted instances listed here, but being able to easily backup my own instance (including subscriptions and watch history) is more compelling in my case.\nHosting invidious The quickest way to get invidious up is with docker-compose as mentioned in the docs.\nI made a few modifications (such as pinning the container\u0026rsquo;s tag), and ended up with:\nversion:\u0026#34;3\u0026#34;services:invidious:image:quay.io/invidious/invidious:5160d8bae39dc5cc5d51abee90571a03c08d0f2brestart:unless-stoppedports:- \u0026#34;0.0.0.0:3000:3000\u0026#34;environment:INVIDIOUS_CONFIG:|db: dbname: invidious user: kemal password: kemal host: invidious-db port: 5432 check_tables: truehealthcheck:test:wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1interval:30stimeout:5sretries:2depends_on:- invidious-dbinvidious-db:image:docker.io/library/postgres:14restart:unless-stoppedvolumes:- postgresdata:/var/lib/postgresql/data- ./config/sql:/config/sql- ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.shenvironment:POSTGRES_DB:invidiousPOSTGRES_USER:kemalPOSTGRES_PASSWORD:kemalhealthcheck:test:[\u0026#34;CMD-SHELL\u0026#34;,\u0026#34;pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB\u0026#34;]volumes:postgresdata:After invidious was up and running, I installed Tailscale on it to leverage its MagicDNS, and I\u0026rsquo;m now able to access this instance from anywhere at http://invidious:3000/feed/subscriptions.\nRedirecting YouTube links I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.\nI went looking for a way to redirect paths at the browser level. I found the lightweight proxy requestly, which can be used to modify http requests in my browser. I created the following rules:\nNow the link https://www.youtube.com/watch?v=-lz30by8-sU will redirect to http://invidious:3000/watch?v=-lz30by8-sU\nI\u0026rsquo;m still looking for ways to improve this invidious setup. There doesn\u0026rsquo;t appear to be a way to stream in 4K yet.\n","href":"/blog/2022/12/10/watching-youtube-in-private/","title":"Watching YouTube in Private"},{"content":"","href":"/tags/yewtu.be/","title":"yewtu.be"},{"content":"","href":"/tags/youtube/","title":"youtube"},{"content":"","href":"/tags/openwrt/","title":"openwrt"},{"content":"","href":"/tags/pfsense/","title":"pfsense"},{"content":"","href":"/tags/proxmox/","title":"proxmox"},{"content":"","href":"/tags/router/","title":"router"},{"content":"","href":"/tags/router-on-a-stick/","title":"router-on-a-stick"},{"content":"The problem My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I\u0026rsquo;ve connected some standalone wireless access points, I\u0026rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I\u0026rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!\npfSense I figured this would be a good opportunity to try pfSense. I\u0026rsquo;ve heard nothing but positive things about pfSense and the fact it\u0026rsquo;s been around since 2004, based on FreeBSD, and written in PHP gave me the impression that it would be relatively stable (and I\u0026rsquo;d expect nothing less because it has an important job to do!). pfSense can be run on many different machines, and there are even some officially supported appliances. Since I already have a machine running Proxmox, why not just run it in a VM? It\u0026rsquo;d allow for automatic snapshotting of the machine. There is a good video on this by Techno Tim. Tim has a lot of good videos, and this one is about virtualizing pfSense.\nRouter on a stick I had initially made the assumption that in order to build a router, you would need more than a single NIC (or a dual-port NIC) in order to support both WAN and LAN. This is simply not the case, because VLANs are awesome! In order to create a router, all you need is a single port NIC and a network switch that supports VLANs (also marketed as a managed switch). I picked up the Netgear GS308E because it has both a sufficient amount of ports for my needs, and it supports VLANs. It also has a nice sturdy metal frame which was a pleasant surprise.\nAfter setting up this Netgear switch, it shoud be possible to access the web interface at http://192.168.0.239. It may be at a different address. To find the address, try checking your DHCP leases in your router interface (if you plugged it into an existing router). I realized I was unable to access this interface because I was on a different subnet, so I set my machine\u0026rsquo;s address to 192.168.0.22 in order to temporarily setup this switch. I assigned a static ip address to the switch (in System \u0026gt; Switch Information) so that it was in the same subnet as the rest of my network.\nThe web interface is nothing spectactular, but it allows for managing VLANs.\nThe following configuration will:\n assign port 1 to be the LAN (connected to the Proxmox machine) assign port 8 to be the WAN (connected to my ISP\u0026rsquo;s modem) In the switch\u0026rsquo;s web interface, I went to VLAN and then 802.1Q, and then clicked on VLAN Configuration. I configured the ports to look like this:\nNote that the VLAN Identifier Setting has been setup already with two VLANs (1 and 10). More VLANs can be created (i.e. to isolate IoT devices), but 2 VLANs is all we need for the initial setup of a router.\nTo replicate the above configuration, add a new VLAN ID 10 (1 should exist by default).\nNext, go into VLAN Membership and configure VLAN 1\u0026rsquo;s port membership to be the following:\nand then configure VLAN 10\u0026rsquo;s port membership to be the following:\nNow, go into Port PVID and ensure that port 8 is set to PVID 10.\nThis above configuration will dedicate two of the eight ports to WAN and LAN. This will allow the internet to flow into the pfSense from the modem.\nSetting up pfSense pfSense is fairly easy to setup. Just download the latest ISO and boot up the virtual machine. When setting up the machine, I mostly went with all of the defaults. Configuration can be changed later in the web interface, which is quite a bit simpler.\nSince VLANs are going to be leveraged, when you go to Assign Interfaces, VLANs should be setup now like the following:\n WAN should be vtnet0.10 LAN should be vtnet0 After going through the rest of the installation, if everything is connected correctly it should display both WAN and LAN addresses.\nIf all goes well, the web interface should be running at https://192.168.1.1.\nAnd this is where the fun begins. There are many tutorials and blogs about how to setup pfSense and various services and packages that can be installed. I\u0026rsquo;ve already installed pfBlocker-NG.\nSummary It is fairly simple to setup a router with pfSense from within a virtual machine. A physical dedicated routing machine is not necessary and often does not perform as well as software running on faster and more reliable hardware. So far, pfSense has been running for over a week without a single hiccup. pfSense is a mature piece of software that is incredibly powerful and flexible. To avoid some of the instability I had experienced with OpenWrt, I enabled AutoConfigBackup, which is capable of automatically backing up configuration upon every change. I plan to explore and experiment with more services and configuration in the future, so the ability to track all of these changes gives me the peace of mind that experimentation is safe.\n","href":"/blog/2022/04/02/virtualizing-my-router-with-pfsense/","title":"Virtualizing My Router With pfSense"},{"content":"","href":"/tags/vlan/","title":"vlan"},{"content":"I\u0026rsquo;ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.\nThe thought of completely de-googling has crossed my mind on occassion. Convenience, coupled with my admiration for Google engineering, has prevented me from doing so thus far. Though, I may end up doing so at some point in the future.\nSynology MailPlus Server Synology products are reasonably priced for what you get (essentially a cloud-in-a-box) and there is very little maintenance required. I\u0026rsquo;ve recently been in interested in syncing and snapshotting my personal data. I\u0026rsquo;ve setup Synology\u0026rsquo;s Cloud Sync and keep copies of most of my cloud data.\nI\u0026rsquo;ve used tools such as gmvault with success in the past. Setting this up on a cron seems like a viable option. However, I don\u0026rsquo;t really need a lot of the features it offers and do not plan to restore this data to another account.\nSynology\u0026rsquo;s MailPlus seems to be a good candidate for backing up this data. By enabling POP3 fetching, it\u0026rsquo;s possible to fetch all existing emails, as well as periodically fetch all new emails. If a disaster ever did occur, having these emails would be beneficial, as they are an extension of my memory bank.\nInstalling MailPlus can be done from the Package Center:\nNext, I went into Synology MailPlus Server and on the left, clicked on Account and ensured my user was marked as active.\nAfterwords, I followed these instructions in order to start backing up emails.\nWhen entering the POP3 credentials, I created an app password solely for authenticating to POP3 from the Synology device. This is required because I have 2-Step verification enabled on my account. There doesn\u0026rsquo;t seem to be a more secure way to access POP3 at the moment. It does seem like app password access is limited in scope (when MFA is enabled). These app passwords can\u0026rsquo;t be used to login to the main Google account.\nI made sure to set the Fetch Range to All in order to get all emails from the beginning of time.\nAfter this, mail started coming in.\nAfter fetching 19 years worth of emails, I tried searching for some emails. It only took a few seconds to search through ~50K emails, which is a relief if I ever did have to search for something important.\nSecuring Synology Since Synology devices are not hermetically sealed, it\u0026rsquo;s best to secure them by enabling MFA to help prevent being the victim of ransomware. It is also wise to backup your system settings and volumes to the cloud using a tool such as Hyper Backup. Encrypting your shared volumes should also be done, since unfortunately DSM does not support full disk encryption.\nSummary Having backups of various forms of cloud data is a good investment, especially in times of war. I certainly feel more at ease for having backed up my emails.\n","href":"/blog/2022/03/13/backing-up-gmail-with-synology/","title":"Backing Up Gmail With Synology"},{"content":"","href":"/tags/backup/","title":"backup"},{"content":"","href":"/tags/gmail/","title":"gmail"},{"content":"","href":"/tags/ransomware/","title":"ransomware"},{"content":"","href":"/tags/synology/","title":"synology"},{"content":"","href":"/tags/k3s/","title":"k3s"},{"content":"","href":"/tags/lxc/","title":"lxc"},{"content":"It has been a while since I\u0026rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I\u0026rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it\u0026rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. LXC containers also provide an efficient way to use a machine\u0026rsquo;s resources.\nWhat is K3s? K3s is a Kubernetes distro that advertises itself as a lightweight binary with a much smaller memory-footprint than traditional k8s. K3s is not a fork of k8s as it seeks to remain as close to upstream as it possibly can.\nConfigure Proxmox This gist contains snippets and discussion on how to deploy K3s in LXC on Proxmox. It mentions that bridge-nf-call-iptables should be loaded, but I did not understand the benefit of doing this.\nDisable swap There is an issue on Kubernetes regarding swap here. There claims to be support for swap in 1.22, but for now let\u0026rsquo;s disable it:\nsysctl vm.swappiness=0 swapoff -a It might be worth experimenting with swap enabled in the future to see how that might affect performance.\nEnable IP Forwarding To avoid IP Forwarding issues with Traefik, run the following on the host:\nsudo sysctl net.ipv4.ip_forward=1 sudo sysctl net.ipv6.conf.all.forwarding=1 sudo sed -i \u0026#39;s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g\u0026#39; /etc/sysctl.conf sudo sed -i \u0026#39;s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g\u0026#39; /etc/sysctl.conf Create LXC container Create an LXC container in the Proxmox interface as you normally would. Remember to:\n Uncheck unprivileged container Use a LXC template (I chose a debian 11 template downloaded with pveam) In memory, set swap to 0 Create and start the container Modify container config Now back on the host run pct list to determine what VMID it was given.\nOpen /etc/pve/lxc/$VMID.conf and append:\nlxc.apparmor.profile: unconfined lxc.cap.drop: lxc.mount.auto: \u0026#34;proc:rw sys:rw\u0026#34; lxc.cgroup2.devices.allow: c 10:200 rwm All of the above configurations are described in the manpages. Notice that cgroup2 is used since Proxmox VE 7.0 has switched to a pure cgroupv2 environment.\nThankfully cgroup v2 support has been supported in k3s with these contributions:\n https://github.com/k3s-io/k3s/pull/2584 https://github.com/k3s-io/k3s/pull/2844 Enable shared host mounts From within the container, run:\necho \u0026#39;#!/bin/sh -e ln -s /dev/console /dev/kmsg mount --make-rshared /\u0026#39; \u0026gt; /etc/rc.local chmod +x /etc/rc.local reboot Install K3s One of the simplest ways to install K3s on a remote host is to use k3sup. Ensure that you supply a valid CONTAINER_IP and choose the k3s-version you prefer. As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1.22 for cgroup v2 support. See the published releases here.\nssh-copy-id root@$CONTAINER_IP k3sup install --ip $CONTAINER_IP --user root --k3s-version v1.22.3+k3s1 If all goes well, you should see a path to the kubeconfig generated. I moved this into ~/.kube/config so that kubectl would read this by default.\nWrapping up Installing K3s in LXC on Proxmox works with a few tweaks to the default configuration. I later followed the Tekton\u0026rsquo;s Getting Started guide and was able to deploy it in a few commands.\n$ kubectl get all --namespace tekton-pipelines NAME READY STATUS RESTARTS AGE pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8 1/1 Running 1 (50m ago) 12h pod/tekton-dashboard-6bf858f977-qt4hr 1/1 Running 1 (50m ago) 11h pod/tekton-pipelines-controller-69fd7498d8-f57m4 1/1 Running 1 (50m ago) 12h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/tekton-pipelines-controller ClusterIP 10.43.44.245 \u0026lt;none\u0026gt; 9090/TCP,8080/TCP 12h service/tekton-pipelines-webhook ClusterIP 10.43.183.242 \u0026lt;none\u0026gt; 9090/TCP,8008/TCP,443/TCP,8080/TCP 12h service/tekton-dashboard ClusterIP 10.43.87.97 \u0026lt;none\u0026gt; 9097/TCP 11h NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/tekton-pipelines-webhook 1/1 1 1 12h deployment.apps/tekton-dashboard 1/1 1 1 11h deployment.apps/tekton-pipelines-controller 1/1 1 1 12h NAME DESIRED CURRENT READY AGE replicaset.apps/tekton-pipelines-webhook-8566ff9b6b 1 1 1 12h replicaset.apps/tekton-dashboard-6bf858f977 1 1 1 11h replicaset.apps/tekton-pipelines-controller-69fd7498d8 1 1 1 12h NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.\nIf I\u0026rsquo;m feeling adventurous, I might experiment with K3s rootless.\n","href":"/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/","title":"Running K3s in LXC on Proxmox"},{"content":"","href":"/tags/containers/","title":"containers"},{"content":"","href":"/tags/docker/","title":"docker"},{"content":"","href":"/tags/podman/","title":"podman"},{"content":"There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:\n...ignoring Docker updates is a paid feature now?? pic.twitter.com/ZxKW3b9LQM\n\u0026mdash; Brendan Dolan-Gavitt (@moyix) May 1, 2021 Docker has been one of the larger influencers in the container world, helping to standardize the OCI Image Format Specification. For many developers, containers have become synonymous with terms like docker and Dockerfile (a file containing build instructions for a container image). Docker has certainly made it very convenient to build and run containers, but it is not the only solution for doing so.\nThis post briefly describes my experience swapping out docker for podman on macOS.\nWhat is a container? A container is a standard unit of software that packages up all application dependencies within it. Multiple containers can be run on a host machine all sharing the same kernel as the host. Linux namespaces help provide an isolated view of the system, including mnt, pid, net, ipc, uid, cgroup, and time. There is an in-depth video that discusses what containers are made from, and near the end there is a demonstration on how to build your own containers from the command line.\nBy easily allowing the necessary dependencies to live alongside the application code, containers make the \u0026ldquo;works on my machine\u0026rdquo; problem less of a problem.\nBenefits of Podman One of the most interesting features of Podman is that it is daemonless. There isn\u0026rsquo;t a process running on your system managing your containers. In contrast, the docker client is reliant upon the docker daemon (often running as root) to be able to build and run containers.\nPodman is rootless by default. It is now possible to run the docker daemon rootless as well, but it\u0026rsquo;s still not the default behaviour.\nI\u0026rsquo;ve also observed that so far my 2019 16\u0026quot; Macbook Pro hasn\u0026rsquo;t sounded like a jet engine, although I haven\u0026rsquo;t performed any disk-intensive operations yet.\nInstalling Podman Running Podman on macOS is more involved than on Linux, because the podman-machine must run Linux inside of a virtual machine. Fortunately, the installation is made simple with brew (read this if you\u0026rsquo;re installing Podman on Linux):\nbrew install podman The podman-machine must be started:\n# This is not necessary on Linux podman machine init podman machine start Running a container Let\u0026rsquo;s try to pull an image:\n$ podman pull alpine Trying to pull docker.io/library/alpine:latest... Getting image source signatures Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab Writing manifest to image destination Storing signatures 14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab If you\u0026rsquo;re having an issue pulling images, you may need to remove ~/.docker/config.json or remove the set of auths in the configuration as mentioned here.\n and then run and exec into the container:\n$ podman run --rm -ti alpine Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network \u0026#34;podman\u0026#34;: unexpected end of JSON input What does this error mean? A bit of searching lead to this github issue.\nUntil the fix is released, a workaround is to just specify a port (even when it\u0026rsquo;s not needed):\npodman run -p 4242 --rm -ti alpine If you\u0026rsquo;re reading this from the future, there is a good chance specifying a port won\u0026rsquo;t be needed.\nAnother example of running a container with Podman can be found in the Jellyfin Documentation.\nAliasing docker with podman Force of habit (or other scripts) may have you calling docker. To work around this:\nalias docker=podman podman-compose You may be wondering: what about docker-compose? Well, there claims to be a drop-in replacement for it: podman-compose.\npip3 install --user podman-compose Now let\u0026rsquo;s create a docker-compose.yml file to test:\ncat \u0026lt;\u0026lt; EOF \u0026gt;\u0026gt; docker-compose.yml version: \u0026#39;2\u0026#39; services: hello_world: image: ubuntu command: [/bin/echo, \u0026#39;Hello world\u0026#39;] EOF Now run:\n$ podman-compose up podman pod create --name=davegallant.github.io --share net 40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e 0 podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world Resolved \u0026#34;ubuntu\u0026#34; as an alias (/etc/containers/registries.conf.d/000-shortnames.conf) Trying to pull docker.io/library/ubuntu:latest... Getting image source signatures Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17 Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17 Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2 Writing manifest to image destination Storing signatures 1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576 0 podman start -a davegallant.github.io_hello_world_1 Hello world This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.\nSummary Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.\nOne caveat to mention is that there isn\u0026rsquo;t an official graphical user interface for Podman, but there is an open issue considering one. If you rely heavily on Docker Desktop\u0026rsquo;s UI, you may not be as interested in using podman yet.\n Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using sshfs was shared here.\n I had been experimenting with Podman on Linux before writing this, but after listening to this podcast episode, I was inspired to give Podman a try on macOS.\n","href":"/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/","title":"Replacing docker with podman on macOS (and Linux)"},{"content":"Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.\nIn the longer term, migrating my local workflows to aws-vault seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where AWS suggests). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS\u0026rsquo;s secure keystore. There is even a rotate command included.\n","href":"/blog/2021/09/17/automatically-rotating-aws-access-keys/","title":"Automatically Rotating AWS Access Keys"},{"content":"","href":"/tags/aws/","title":"aws"},{"content":"","href":"/tags/aws-vault/","title":"aws-vault"},{"content":"","href":"/tags/python/","title":"python"},{"content":"","href":"/tags/security/","title":"security"},{"content":"","href":"/tags/dotfiles/","title":"dotfiles"},{"content":"","href":"/tags/home-manager/","title":"home-manager"},{"content":"","href":"/tags/nix/","title":"nix"},{"content":"Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.\nWhat is home-manager? Before understanding home-manager, it is worth briefly discussing what nix is. nix is a package manager that originally spawned from a PhD thesis. Unlike other package managers, it uses symbolic links to keep track of the currently installed packages, keeping around the old ones in case you may want to rollback.\nFor example, I have used nix to install the package bind which includes dig. You can see that it is available on multiple platforms. The absolute path of dig can be found by running:\n$ ls -lh $(which dig) lrwxr-xr-x 73 root 31 Dec 1969 /run/current-system/sw/bin/dig -\u0026gt; /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This nix pill does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.\nPart of the nix ecosystem includes nixpkgs. Many popular tools can be found already packaged in this repository. As you can see with these stats, there is a large number of existing packages that are being maintained by the community. Contributing a new package is easy, and anyone can do it!\nhome-manager leverages the nix package manager (and nixpkgs), as well the nix language so that you can declaratively define your system configuration. I store my nix-config in git so that I can keep track of my packages and configurations, and retain a clean and informative git commit history so that I can understand what changed and why.\nSetting up home-manager ⚠️ If you run this on your main machine, make sure you backup your configuration files first. home-manager is pretty good about not overwriting existing configuration, but it is better to have a backup! Alternatively, you could test this out on a VM or cloud instance.\n The first thing you should do is install nix:\ncurl -L https://nixos.org/nix/install | sh It\u0026rsquo;s generally not a good idea to curl and execute files from the internet (without verifying integrity), so you might want to download the install script first and take a look before executing it!\nOpen up a new shell in your terminal and running nix should work. If not, run . ~/.nix-profile/etc/profile.d/nix.sh\nNow, install home-manager:\nnix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager nix-channel --update nix-shell \u0026#39;\u0026lt;home-manager\u0026gt;\u0026#39; -A install You should see a wave of /nix/store/* paths being displayed on your screen.\nNow, to start off with a basic configuration, open up ~/.config/nixpkgs/home.nix in the editor of your choice and paste this in (you will want to change userName and homeDirectory):\n{ config, pkgs, ... }: { programs.home-manager.enable = true; home = { username = \u0026#34;dave\u0026#34;; homeDirectory = \u0026#34;/home/dave\u0026#34;; stateVersion = \u0026#34;21.11\u0026#34;; packages = with pkgs; [ bind exa fd ripgrep ]; }; programs = { git = { enable = true; aliases = { aa = \u0026#34;add -A .\u0026#34;; br = \u0026#34;branch\u0026#34;; c = \u0026#34;commit -S\u0026#34;; ca = \u0026#34;commit -S --amend\u0026#34;; cb = \u0026#34;checkout -b\u0026#34;; co = \u0026#34;checkout\u0026#34;; d = \u0026#34;diff\u0026#34;; l = \u0026#34;log --graph --pretty=format:\u0026#39;%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)\u0026lt;%an\u0026gt;%Creset\u0026#39; --abbrev-commit\u0026#34;; }; delta = { enable = true; options = { features = \u0026#34;line-numbers decorations\u0026#34;; whitespace-error-style = \u0026#34;22 reverse\u0026#34;; plus-style = \u0026#34;green bold ul \u0026#39;#198214\u0026#39;\u0026#34;; decorations = { commit-decoration-style = \u0026#34;bold yellow box ul\u0026#34;; file-style = \u0026#34;bold yellow ul\u0026#34;; file-decoration-style = \u0026#34;none\u0026#34;; }; }; }; extraConfig = { push = { default = \u0026#34;current\u0026#34;; }; pull = { rebase = true; }; }; }; starship = { enable = true; enableZshIntegration = true; settings = { add_newline = false; scan_timeout = 10; }; }; zsh = { enable = true; enableAutosuggestions = true; enableSyntaxHighlighting = true; history.size = 1000000; localVariables = { CASE_SENSITIVE = \u0026#34;true\u0026#34;; DISABLE_UNTRACKED_FILES_DIRTY = \u0026#34;true\u0026#34;; RPROMPT = \u0026#34;\u0026#34;; # override because macOS defaults to filepath ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = \u0026#34;fg=#838383,underline\u0026#34;; ZSH_DISABLE_COMPFIX = \u0026#34;true\u0026#34;; }; initExtra = \u0026#39;\u0026#39; export PAGER=less \u0026#39;\u0026#39;; shellAliases = { \u0026#34;..\u0026#34; = \u0026#34;cd ..\u0026#34;; grep = \u0026#34;rg --smart-case\u0026#34;; ls = \u0026#34;exa -la --git\u0026#34;; }; \u0026#34;oh-my-zsh\u0026#34; = { enable = true; plugins = [ \u0026#34;gitfast\u0026#34; \u0026#34;last-working-dir\u0026#34; ]; }; }; }; } Save the file and run:\nhome-manager switch You should see another wave of /nix/store/* paths. The new configuration should now be active.\nIf you run zsh, you should see that you have starship and access to several other utils such as rg, fd, and exa.\nThis basic configuration above is also defining your ~/.config/git/config and .zshrc. If you already have either of these files, home-manager will complain about them already existing.\nIf you run cat ~/.zshrc, you will see the way these configuration files are generated.\nYou can extend this configuration for programs such as (neo)vim, emacs, alacritty, ssh, etc. To see other programs, take a look at home-manager/modules/programs.\nGateway To Nix In ways, home-manager can be seen as a gateway to the nix ecosystem. If you have enjoyed the way you can declare user configuration with home-manager, you may be interested in expanding your configuration to include other system dependencies and configuration. For example, in Linux you can define your entire system\u0026rsquo;s configuration (including the kernel, kernel modules, networking, filesystems, etc) in nix. For macOS, there is nix-darwin that includes nix modules for configuring launchd, dock, and other preferences and services. You may also want to check out Nix Flakes: a more recent feature that allows you declare dependencies, and have them automatically pinned and hashed in flake.lock, similar to that of many modern package managers.\nWrapping up The title of this post is slightly misleading, since it\u0026rsquo;s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I\u0026rsquo;d say so.\n","href":"/blog/2021/09/08/why-i-threw-out-my-dotfiles/","title":"Why I Threw Out My Dotfiles"},{"content":"","href":"/tags/adguard/","title":"adguard"},{"content":"","href":"/tags/grafana/","title":"grafana"},{"content":"","href":"/tags/homelab/","title":"homelab"},{"content":"","href":"/tags/jellyfin/","title":"jellyfin"},{"content":"","href":"/tags/netdata/","title":"netdata"},{"content":"","href":"/tags/pihole/","title":"pihole"},{"content":"","href":"/tags/plex/","title":"plex"},{"content":"","href":"/tags/virtualization/","title":"virtualization"},{"content":"A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.\nDo you want host your own Media server? Ad blocker? Web server? Are you interested in learning more about Linux? Virtualization? Networking? Security? Building a homelab can be an entertaining playground to enhance your computer skills.\nOne of the best parts about building a homelab is that it doesn\u0026rsquo;t have to be a large investment in terms of hardware. One of the simplest ways to build a homelab is out of a refurbished computer. Having multiple machines/nodes provides the advantage of increased redundancy, but starting out with a single node is enough to reap many of the benefits of having a homelab.\nVirtualization Virtualizing your hardware is an organized way of dividing up your machine\u0026rsquo;s resources. This can be done with something such as a Virtual Machine or something lighter like a container using LXC or runC. Containers have much less overhead in terms of boot time and storage allocation. This Stack Overflow answer sums it up nicely.\nA hypervisor such as Proxmox can be installed in minutes on a new machine. It provides a web interface and a straight-forward way to spin up new VMs and containers. Even if your plan is to run mostly docker containers, Proxmox can be a useful abstraction for managing VMs, disks and running scheduled backups. You can even run docker within an LXC container by enabling nested virtualization. You\u0026rsquo;ll want to ensure that VT-d and VT-x are enabled in the BIOS if you decide to install a hypervisor to manage your virtualization.\nServices So what are some useful services to deploy?\n Jellyfin or Plex - basically a self-hosted Netflix that can be used to stream from multiple devices, and the best part is that you manage the content! Unlike Plex, Jellyfin is open source and can be found here. changedetection - is a self-hosted equivalent to something like visualping.io that will notify you when a webpage changes and keep track of the diffs Adguard or Pihole - can block a list of known trackers for all clients on your local network. I\u0026rsquo;ve used pihole for a long time, but have recently switched to Adguard since the UI is more modern and it has the ability to toggle on/off a pre-defined list of services, including Netflix (this is useful if you have stealthy young kids). Either of these will speed up your internet experience, simply because you won\u0026rsquo;t need to download all of the extra tracking bloat. Gitea - A lightweight git server. I use this to mirror git repos from GitHub, GitLab, etc. Homer - A customizable landing page for services you need to access (including the ability to quickly search). Uptime Kuma - A fancy tool for monitoring the uptime of services. There is a large number of services you can self-host, including your own applications that you might be developing. awesome-self-hosted provides a curated list of services that might be of interest to you.\nVPN You could certainly setup and manage your own VPN by using something like OpenVPN, but there is also something else you can try: tailscale. It is a very quick way to create fully-encrypted connections between clients. With its MagicDNS, your can reference the names of machines like homer rather than using an IP address. By using this mesh-like VPN, you can easily create a secure tunnel to your homelab from anywhere.\nMonitoring Monitoring can become an important aspect of your homelab after it starts to become something that is relied upon. One of the simplest ways to setup some monitoring is using netdata. It can be installed on individual containers, VMs, and also a hypervisor (such as Proxmox). All of the monitoring works out of the box by detecting disks, memory, network interfaces, etc.\nAdditionally, agents installed on different machines can all be centrally viewed in netdata, and it can alert you when some of your infrastructure is down or in a degraded state. Adding additional nodes to netdata is as simple as a 1-line shell command.\nAs mentioned above, Uptime Kuma is a convenient way to track uptime and monitor the availability of your services.\nIn Summary Building out a homelab can be a rewarding experience and it doesn\u0026rsquo;t require buying a rack full of expensive servers to get a significant amount of utility. There are many services that you can run that require very minimal setup, making it possible to get a server up and running in a short period of time, with monitoring, and that can be securely connected to remotely.\n","href":"/blog/2021/09/06/what-to-do-with-a-homelab/","title":"What To Do With A Homelab"},{"content":"AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP 4.3.2 working on Arch Linux.\nDepending on the AppGate SDP Server that is running, you may require a client that is more recent than the latest package on AUR. As of right now, the latest AUR is 4.2.2-1.\nThese steps highlight how to get it working with Python3.8 by making a 1 line modification to AppGate source code.\nPackaging We already know the community package is currently out of date, so let\u0026rsquo;s clone it:\ngit clone https://aur.archlinux.org/appgate-sdp.git cd appgate-sdp You\u0026rsquo;ll likely notice that the version is not what we want, so let\u0026rsquo;s modify the PKGBUILD to the following:\n# Maintainer: Pawel Mosakowski \u0026lt;pawel at mosakowski dot net\u0026gt; pkgname=appgate-sdp conflicts=(\u0026#39;appgate-sdp-headless\u0026#39;) pkgver=4.3.2 _download_pkgver=4.3 pkgrel=1 epoch= pkgdesc=\u0026#34;Software Defined Perimeter - GUI client\u0026#34; arch=(\u0026#39;x86_64\u0026#39;) url=\u0026#34;https://www.cyxtera.com/essential-defense/appgate-sdp/support\u0026#34; license=(\u0026#39;custom\u0026#39;) # dependecies calculated by namcap depends=(\u0026#39;gconf\u0026#39; \u0026#39;libsecret\u0026#39; \u0026#39;gtk3\u0026#39; \u0026#39;python\u0026#39; \u0026#39;nss\u0026#39; \u0026#39;libxss\u0026#39; \u0026#39;nodejs\u0026#39; \u0026#39;dnsmasq\u0026#39;) source=(\u0026#34;https://sdpdownloads.cyxtera.com/AppGate-SDP-${_download_pkgver}/clients/${pkgname}_${pkgver}_amd64.deb\u0026#34; \u0026#34;appgatedriver.service\u0026#34;) options=(staticlibs) prepare() { tar -xf data.tar.xz } package() { cp -dpr \u0026#34;${srcdir}\u0026#34;/{etc,lib,opt,usr} \u0026#34;${pkgdir}\u0026#34; mv -v \u0026#34;$pkgdir/lib/systemd/system\u0026#34; \u0026#34;$pkgdir/usr/lib/systemd/\u0026#34; rm -vrf \u0026#34;$pkgdir/lib\u0026#34; cp -v \u0026#34;$srcdir/appgatedriver.service\u0026#34; \u0026#34;$pkgdir/usr/lib/systemd/system/appgatedriver.service\u0026#34; mkdir -vp \u0026#34;$pkgdir/usr/share/licenses/appgate-sdp\u0026#34; cp -v \u0026#34;$pkgdir/usr/share/doc/appgate/copyright\u0026#34; \u0026#34;$pkgdir/usr/share/licenses/appgate-sdp\u0026#34; cp -v \u0026#34;$pkgdir/usr/share/doc/appgate/LICENSE.github\u0026#34; \u0026#34;$pkgdir/usr/share/licenses/appgate-sdp\u0026#34; cp -v \u0026#34;$pkgdir/usr/share/doc/appgate/LICENSES.chromium.html.bz2\u0026#34; \u0026#34;$pkgdir/usr/share/licenses/appgate-sdp\u0026#34; } md5sums=(\u0026#39;17101aac7623c06d5fbb95f50cf3dbdc\u0026#39; \u0026#39;002644116e20b2d79fdb36b7677ab4cf\u0026#39;) Let\u0026rsquo;s first make sure we have some dependencies. If you do not have yay, check it out.\nyay -S dnsmasq gconf Now, let\u0026rsquo;s install it:\nmakepkg -si Running the client Ok, let\u0026rsquo;s run the client by executing appgate.\nIt complains about not being able to connect.\nEasy fix:\nsudo systemctl start appgatedriver.service Now we should be connected\u0026hellip; but DNS is not working?\nFixing the DNS Running resolvectl should display that something is not right.\nWhy is the DNS not being set by appgate?\n$ head -3 /opt/appgate/linux/set_dns #!/usr/bin/env python3 \u0026#39;\u0026#39;\u0026#39; This is used to set and unset the DNS. It seems like python3 is required for the DNS setting to happen. Let\u0026rsquo;s try to run it.\n$ sudo /opt/appgate/linux/set_dns /opt/appgate/linux/set_dns:88: SyntaxWarning: \u0026#34;is\u0026#34; with a literal. Did you mean \u0026#34;==\u0026#34;? servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers] Traceback (most recent call last): File \u0026#34;/opt/appgate/linux/set_dns\u0026#34;, line 30, in \u0026lt;module\u0026gt; import dbus ModuleNotFoundError: No module named \u0026#39;dbus\u0026#39; Ok, let\u0026rsquo;s install it:\n$ sudo python3.8 -m pip install dbus-python Will it work now? Not yet. There\u0026rsquo;s another issue:\n$ sudo /opt/appgate/linux/set_dns /opt/appgate/linux/set_dns:88: SyntaxWarning: \u0026#34;is\u0026#34; with a literal. Did you mean \u0026#34;==\u0026#34;? servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers] module \u0026#39;platform\u0026#39; has no attribute \u0026#39;linux_distribution\u0026#39; This is a breaking change in Python3.8.\nSo what is calling platform.linux_distribution?\nLet\u0026rsquo;s search for it:\n$ sudo grep -r \u0026#39;linux_distribution\u0026#39; /opt/appgate/linux/ /opt/appgate/linux/nm.py: if platform.linux_distribution()[0] != \u0026#39;Fedora\u0026#39;: Aha! So this is in the local AppGate source code. This should be an easy fix. Let\u0026rsquo;s just replace this line with:\nif True: # Since we are not using Fedora :) Wrapping up It turns out there are breaking changes in Python3.8.\nThe docs say Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.\nI suppose this highlights one of the caveats of relying upon the system\u0026rsquo;s python, rather than having an isolated, dedicated environment for all dependencies.\n","href":"/blog/2020/03/16/appgate-sdp-on-arch-linux/","title":"AppGate SDP on Arch Linux"},{"content":"","href":"/tags/linux/","title":"linux"},{"content":"","href":"/tags/vpn/","title":"vpn"},{"content":"test\n","href":"/page/search/","title":""},{"content":"","href":"/authors/","title":"Authors"},{"content":"","href":"/page/","title":"Pages"}] \ No newline at end of file diff --git a/post/index.html b/post/index.html index 3a661a91..635265db 100644 --- a/post/index.html +++ b/post/index.html @@ -1,314 +1,10 @@ - - - - - - - - - - - -Posts • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Posts

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +Posts
    +

    Posts

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >

    Virtualizing my router with pfSense

    2022-04-02 (updated: 2024-01-01)
    pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    Read more >

    Backing up gmail with Synology

    2022-03-13 (updated: 2024-01-01)
    degooglesynologygmailbackupransomware

    I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.

    Read more >

    Running K3s in LXC on Proxmox

    2021-11-14 (updated: 2024-01-01)
    k3sproxmoxlxcself‑hosted
    It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
    Read more >

    Automatically rotating AWS access keys

    2021-09-17 (updated: 2024-01-01)
    awspythonsecurityaws‑vault
    Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
    Read more >

    Why I threw out my dotfiles

    2021-09-08 (updated: 2024-01-01)
    nixdotfileshome‑manager

    Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.

    Read more >

    What to do with a homelab

    2021-09-06 by Dave Gallant (updated: 2024-01-01)

    A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/post/index.xml b/post/index.xml index 1246df26..87581379 100644 --- a/post/index.xml +++ b/post/index.xml @@ -1 +1,26 @@ -Posts on davegallant/post/Recent content in Posts on davegallantHugo -- gohugo.ioen-usSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in Private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/Virtualizing My Router With pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/Backing Up Gmail With Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Replacing docker with podman on macOS (and Linux)/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Mon, 11 Oct 2021 10:43:35 -0400/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Automatically Rotating AWS Access Keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/Why I Threw Out My Dotfiles/blog/2021/09/08/why-i-threw-out-my-dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/blog/2021/09/08/why-i-threw-out-my-dotfiles/What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p>AppGate SDP on Arch Linux/blog/2020/03/16/appgate-sdp-on-arch-linux/Mon, 16 Mar 2020 22:00:15 -0400/blog/2020/03/16/appgate-sdp-on-arch-linux/<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p> \ No newline at end of file +Posts on/post/Recent content in Posts onHugo -- gohugo.ioDave GallantSun, 10 Dec 2023 17:22:11 -0500Setting up Gitea Actions with Tailscale/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/Sun, 10 Dec 2023 17:22:11 -0500/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/<p>In this post I&rsquo;ll go through the process of setting up Gitea Actions and <a +href="https://tailscale.com/" +class="link--external" target="_blank" rel="noreferrer" +>Tailscale</a>, unlocking a simple and secure way to automate workflows.</p>Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p>Watching YouTube in private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/<p>I recently stumbled upon <a +href="https://yewtu.be" +class="link--external" target="_blank" rel="noreferrer" +>yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a +href="https://invidious.io/" +class="link--external" target="_blank" rel="noreferrer" +>invidious</a>.</p>Virtualizing my router with pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/<p>My aging router has been running <a +href="https://en.wikipedia.org/wiki/OpenWrt" +class="link--external" target="_blank" rel="noreferrer" +>OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a +href="https://openwrt.org/packages/index/start" +class="link--external" target="_blank" rel="noreferrer" +>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p>Backing up gmail with Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/<p>I&rsquo;ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.</p>Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.Replacing docker with podman on macOS (and Linux)/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Mon, 11 Oct 2021 10:43:35 -0400/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/<p>There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:</p>Automatically rotating AWS access keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.Why I threw out my dotfiles/blog/2021/09/08/why-i-threw-out-my-dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/blog/2021/09/08/why-i-threw-out-my-dotfiles/<p>Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (<code>~/.zshrc</code>, <code>~/.config/git/config</code>, <code>~/.config/tmux/tmux.conf</code>, etc). I have tried several different ways to manage them, including <a +href="https://www.atlassian.com/git/tutorials/dotfiles" +class="link--external" target="_blank" rel="noreferrer" +>bare git repos</a> and utilities such as <a +href="https://www.gnu.org/software/stow/" +class="link--external" target="_blank" rel="noreferrer" +>GNU Stow</a>. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: <a +href="https://github.com/nix-community/home-manager" +class="link--external" target="_blank" rel="noreferrer" +>home-manager</a>.</p>What to do with a homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p>AppGate SDP on Arch Linux/blog/2020/03/16/appgate-sdp-on-arch-linux/Mon, 16 Mar 2020 22:00:15 -0400/blog/2020/03/16/appgate-sdp-on-arch-linux/<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p> \ No newline at end of file diff --git a/post/page/1/index.html b/post/page/1/index.html index 067be3cb..b79cb460 100644 --- a/post/page/1/index.html +++ b/post/page/1/index.html @@ -1 +1 @@ -/post/ \ No newline at end of file +/post/ \ No newline at end of file diff --git a/post/page/2/index.html b/post/page/2/index.html new file mode 100644 index 00000000..136d4c02 --- /dev/null +++ b/post/page/2/index.html @@ -0,0 +1,10 @@ +Posts
    +

    Posts

    Dave Gallant
    +
    \ No newline at end of file diff --git a/prism-themes/prism-gruvbox-dark.min.54aecc64074623a4f9898544dcbdab9e804f1560ef0b38f4cf8e10fcaaf72264e798cb407c601aca6ecd833ec4eb93d66535581f18d45ba202cf848b70dbc332.css b/prism-themes/prism-gruvbox-dark.min.54aecc64074623a4f9898544dcbdab9e804f1560ef0b38f4cf8e10fcaaf72264e798cb407c601aca6ecd833ec4eb93d66535581f18d45ba202cf848b70dbc332.css new file mode 100644 index 00000000..85461d3e --- /dev/null +++ b/prism-themes/prism-gruvbox-dark.min.54aecc64074623a4f9898544dcbdab9e804f1560ef0b38f4cf8e10fcaaf72264e798cb407c601aca6ecd833ec4eb93d66535581f18d45ba202cf848b70dbc332.css @@ -0,0 +1 @@ +code[class*=language-],pre[class*=language-]{color:#ebdbb2;font-family:Consolas,Monaco,andale mono,monospace;direction:ltr;text-align:left;white-space:pre;word-spacing:normal;word-break:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-hyphens:none;-moz-hyphens:none;-ms-hyphens:none;hyphens:none}pre[class*=language-]::-moz-selection,pre[class*=language-] ::-moz-selection,code[class*=language-]::-moz-selection,code[class*=language-] ::-moz-selection{color:#fbf1c7;background:#7c6f64}pre[class*=language-]::selection,pre[class*=language-] ::selection,code[class*=language-]::selection,code[class*=language-] ::selection{color:#fbf1c7;background:#7c6f64}pre[class*=language-]{padding:1em;margin:.5em 0;overflow:auto}:not(pre)>code[class*=language-],pre[class*=language-]{background:#1d2021}:not(pre)>code[class*=language-]{padding:.1em;border-radius:.3em}.token.comment,.token.prolog,.token.cdata{color:#a89984}.token.delimiter,.token.boolean,.token.keyword,.token.selector,.token.important,.token.atrule{color:#fb4934}.token.operator,.token.punctuation,.token.attr-name{color:#a89984}.token.tag,.token.tag .punctuation,.token.doctype,.token.builtin{color:#fabd2f}.token.entity,.token.number,.token.symbol{color:#d3869b}.token.property,.token.constant,.token.variable{color:#fb4934}.token.string,.token.char{color:#b8bb26}.token.attr-value,.token.attr-value .punctuation{color:#a89984}.token.url{color:#b8bb26;text-decoration:underline}.token.function{color:#fabd2f}.token.regex{background:#b8bb26}.token.bold{font-weight:700}.token.italic{font-style:italic}.token.inserted{background:#a89984}.token.deleted{background:#fb4934} \ No newline at end of file diff --git a/prism-themes/prism-gruvbox-light.min.42a221741efe997fcc94187c39d63c555560678789ac9ca856c74a5f0ddb2aa6c50d38b2ffbecc7a99038cbbd2efa99746e862267f781c559e0cfec10b88a5fc.css b/prism-themes/prism-gruvbox-light.min.42a221741efe997fcc94187c39d63c555560678789ac9ca856c74a5f0ddb2aa6c50d38b2ffbecc7a99038cbbd2efa99746e862267f781c559e0cfec10b88a5fc.css new file mode 100644 index 00000000..70760814 --- /dev/null +++ b/prism-themes/prism-gruvbox-light.min.42a221741efe997fcc94187c39d63c555560678789ac9ca856c74a5f0ddb2aa6c50d38b2ffbecc7a99038cbbd2efa99746e862267f781c559e0cfec10b88a5fc.css @@ -0,0 +1 @@ +code[class*=language-],pre[class*=language-]{color:#3c3836;font-family:Consolas,Monaco,andale mono,monospace;direction:ltr;text-align:left;white-space:pre;word-spacing:normal;word-break:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-hyphens:none;-moz-hyphens:none;-ms-hyphens:none;hyphens:none}pre[class*=language-]::-moz-selection,pre[class*=language-] ::-moz-selection,code[class*=language-]::-moz-selection,code[class*=language-] ::-moz-selection{color:#282828;background:#a89984}pre[class*=language-]::selection,pre[class*=language-] ::selection,code[class*=language-]::selection,code[class*=language-] ::selection{color:#282828;background:#a89984}pre[class*=language-]{padding:1em;margin:.5em 0;overflow:auto}:not(pre)>code[class*=language-],pre[class*=language-]{background:#f9f5d7}:not(pre)>code[class*=language-]{padding:.1em;border-radius:.3em}.token.comment,.token.prolog,.token.cdata{color:#7c6f64}.token.delimiter,.token.boolean,.token.keyword,.token.selector,.token.important,.token.atrule{color:#9d0006}.token.operator,.token.punctuation,.token.attr-name{color:#7c6f64}.token.tag,.token.tag .punctuation,.token.doctype,.token.builtin{color:#b57614}.token.entity,.token.number,.token.symbol{color:#8f3f71}.token.property,.token.constant,.token.variable{color:#9d0006}.token.string,.token.char{color:#797403}.token.attr-value,.token.attr-value .punctuation{color:#7c6f64}.token.url{color:#797403;text-decoration:underline}.token.function{color:#b57614}.token.regex{background:#797403}.token.bold{font-weight:700}.token.italic{font-style:italic}.token.inserted{background:#7c6f64}.token.deleted{background:#9d0006} \ No newline at end of file diff --git a/richard-hendricks.webp b/richard-hendricks.webp new file mode 100644 index 00000000..570ed0c3 Binary files /dev/null and b/richard-hendricks.webp differ diff --git a/robots.txt b/robots.txt index eb053628..8f86b6dc 100644 --- a/robots.txt +++ b/robots.txt @@ -1,2 +1,3 @@ User-agent: * -Disallow: +Allow: / +Sitemap: /sitemap.xml \ No newline at end of file diff --git a/safari-pinned-tab.svg b/safari-pinned-tab.svg new file mode 100644 index 00000000..927bb59c --- /dev/null +++ b/safari-pinned-tab.svg @@ -0,0 +1,37 @@ + + + + +Created by potrace 1.14, written by Peter Selinger 2001-2017 + + + + + diff --git a/site.webmanifest b/site.webmanifest new file mode 100644 index 00000000..26228d21 --- /dev/null +++ b/site.webmanifest @@ -0,0 +1,19 @@ +{ + "name": "hugo-theme-gruvbox", + "short_name": "hugo-theme-gruvbox", + "icons": [ + { + "src": "/android-chrome-192x192.png", + "sizes": "192x192", + "type": "image/png" + }, + { + "src": "/android-chrome-512x512.png", + "sizes": "512x512", + "type": "image/png" + } + ], + "theme_color": "#282828", + "background_color": "#282828", + "display": "standalone" +} diff --git a/sitemap.xml b/sitemap.xml index cce97f3f..ea7e9dc6 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -1 +1 @@ -/about//2022-12-10T21:46:55-05:00/tags/degoogle/2022-12-10T21:46:55-05:00/tags/invidious/2022-12-10T21:46:55-05:00/post/2022-12-10T21:46:55-05:00/tags/privacy/2022-12-10T21:46:55-05:00/tags/2022-12-10T21:46:55-05:00/tags/tailscale/2022-12-10T21:46:55-05:00/blog/2022/12/10/watching-youtube-in-private/2022-12-10T21:46:55-05:00/tags/yewtu.be/2022-12-10T21:46:55-05:00/tags/youtube/2022-12-10T21:46:55-05:00/tags/openwrt/2022-04-02T18:50:09-04:00/tags/pfsense/2022-04-02T18:50:09-04:00/tags/proxmox/2022-04-02T18:50:09-04:00/tags/router/2022-04-02T18:50:09-04:00/tags/router-on-a-stick/2022-04-02T18:50:09-04:00/blog/2022/04/02/virtualizing-my-router-with-pfsense/2022-04-02T18:50:09-04:00/tags/vlan/2022-04-02T18:50:09-04:00/blog/2022/03/13/backing-up-gmail-with-synology/2022-03-13T18:49:10-04:00/tags/backup/2022-03-13T18:49:10-04:00/tags/gmail/2022-03-13T18:49:10-04:00/tags/ransomware/2022-03-13T18:49:10-04:00/tags/synology/2022-03-13T18:49:10-04:00/tags/k3s/2021-11-14T10:07:03-05:00/tags/lxc/2021-11-14T10:07:03-05:00/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/2021-11-14T10:07:03-05:00/tags/containers/2021-10-11T10:43:35-04:00/tags/docker/2021-10-11T10:43:35-04:00/tags/podman/2021-10-11T10:43:35-04:00/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/2021-10-11T10:43:35-04:00/blog/2021/09/17/automatically-rotating-aws-access-keys/2021-09-17T12:48:33-04:00/tags/aws/2021-09-17T12:48:33-04:00/tags/aws-vault/2021-09-17T12:48:33-04:00/tags/python/2021-09-17T12:48:33-04:00/tags/security/2021-09-17T12:48:33-04:00/tags/dotfiles/2021-09-08T00:42:33-04:00/tags/home-manager/2021-09-08T00:42:33-04:00/tags/nix/2021-09-08T00:42:33-04:00/blog/2021/09/08/why-i-threw-out-my-dotfiles/2021-09-08T00:42:33-04:00/tags/adguard/2021-09-06T01:12:54-04:00/tags/grafana/2021-09-06T01:12:54-04:00/tags/homelab/2021-09-06T01:12:54-04:00/tags/jellyfin/2021-09-06T01:12:54-04:00/tags/netdata/2021-09-06T01:12:54-04:00/tags/pihole/2021-09-06T01:12:54-04:00/tags/plex/2021-09-06T01:12:54-04:00/tags/virtualization/2021-09-06T01:12:54-04:00/blog/2021/09/06/what-to-do-with-a-homelab/2021-09-06T01:12:54-04:00/blog/2020/03/16/appgate-sdp-on-arch-linux/2020-03-16T22:00:15-04:00/tags/linux/2020-03-16T22:00:15-04:00/tags/vpn/2020-03-16T22:00:15-04:00/page/search//authors//page/ \ No newline at end of file +/about/2024-01-02T09:33:25-05:00/2024-01-02T09:33:25-05:00/tags/gitea/2024-01-01T23:33:36-05:00/tags/gitea-actions/2024-01-01T23:33:36-05:00/tags/github-actions/2024-01-01T23:33:36-05:00/post/2024-01-02T09:33:25-05:00/tags/self-hosted/2024-01-01T23:33:36-05:00/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/2024-01-01T23:33:36-05:00/tags/2024-01-02T09:33:25-05:00/tags/tailscale/2024-01-01T23:33:36-05:00/tags/aks/2024-01-01T23:33:36-05:00/tags/aws/2024-01-01T23:33:36-05:00/tags/azure/2024-01-01T23:33:36-05:00/tags/bastion/2024-01-01T23:33:36-05:00/tags/cloud-sql-proxy/2024-01-01T23:33:36-05:00/tags/database/2024-01-01T23:33:36-05:00/tags/eks/2024-01-01T23:33:36-05:00/tags/k8s/2024-01-01T23:33:36-05:00/tags/kubectl-plugin-socks5-proxy/2024-01-01T23:33:36-05:00/tags/proxy/2024-01-01T23:33:36-05:00/tags/socat/2024-01-01T23:33:36-05:00/tags/socks/2024-01-01T23:33:36-05:00/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/2024-01-01T23:33:36-05:00/tags/degoogle/2024-01-01T23:33:36-05:00/tags/invidious/2024-01-01T23:33:36-05:00/tags/privacy/2024-01-01T23:33:36-05:00/blog/2022/12/10/watching-youtube-in-private/2024-01-01T23:33:36-05:00/tags/yewtu.be/2024-01-01T23:33:36-05:00/tags/youtube/2024-01-01T23:33:36-05:00/tags/openwrt/2024-01-01T23:33:36-05:00/tags/pfsense/2024-01-01T23:33:36-05:00/tags/proxmox/2024-01-01T23:33:36-05:00/tags/router/2024-01-01T23:33:36-05:00/tags/router-on-a-stick/2024-01-01T23:33:36-05:00/blog/2022/04/02/virtualizing-my-router-with-pfsense/2024-01-01T23:33:36-05:00/tags/vlan/2024-01-01T23:33:36-05:00/blog/2022/03/13/backing-up-gmail-with-synology/2024-01-01T23:33:36-05:00/tags/backup/2024-01-01T23:33:36-05:00/tags/gmail/2024-01-01T23:33:36-05:00/tags/ransomware/2024-01-01T23:33:36-05:00/tags/synology/2024-01-01T23:33:36-05:00/tags/k3s/2024-01-01T23:33:36-05:00/tags/lxc/2024-01-01T23:33:36-05:00/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/2024-01-01T23:33:36-05:00/tags/containers/2024-01-02T09:33:25-05:00/tags/docker/2024-01-02T09:33:25-05:00/tags/podman/2024-01-02T09:33:25-05:00/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/2024-01-02T09:33:25-05:00/blog/2021/09/17/automatically-rotating-aws-access-keys/2024-01-01T23:33:36-05:00/tags/aws-vault/2024-01-01T23:33:36-05:00/tags/python/2024-01-01T23:33:36-05:00/tags/security/2024-01-01T23:33:36-05:00/tags/dotfiles/2024-01-01T23:33:36-05:00/tags/home-manager/2024-01-01T23:33:36-05:00/tags/nix/2024-01-01T23:33:36-05:00/blog/2021/09/08/why-i-threw-out-my-dotfiles/2024-01-01T23:33:36-05:00/blog/2021/09/06/what-to-do-with-a-homelab/2024-01-01T23:33:36-05:00/blog/2020/03/16/appgate-sdp-on-arch-linux/2024-01-01T23:33:36-05:00/tags/linux/2024-01-01T23:33:36-05:00/tags/vpn/2024-01-01T23:33:36-05:00/categories/ \ No newline at end of file diff --git a/tags/adguard/index.html b/tags/adguard/index.html deleted file mode 100644 index a3067faa..00000000 --- a/tags/adguard/index.html +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - - - - - -Tag: adguard • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: adguard

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/tags/adguard/index.xml b/tags/adguard/index.xml deleted file mode 100644 index 3c4b5ebf..00000000 --- a/tags/adguard/index.xml +++ /dev/null @@ -1 +0,0 @@ -adguard on davegallant/tags/adguard/Recent content in adguard on davegallantHugo -- gohugo.ioen-usMon, 06 Sep 2021 01:12:54 -0400What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p> \ No newline at end of file diff --git a/tags/adguard/page/1/index.html b/tags/adguard/page/1/index.html deleted file mode 100644 index b31af7c4..00000000 --- a/tags/adguard/page/1/index.html +++ /dev/null @@ -1 +0,0 @@ -/tags/adguard/ \ No newline at end of file diff --git a/tags/aks/index.html b/tags/aks/index.html new file mode 100644 index 00000000..aa7f0890 --- /dev/null +++ b/tags/aks/index.html @@ -0,0 +1,9 @@ +aks
    +

    aks

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/aks/index.xml b/tags/aks/index.xml new file mode 100644 index 00000000..edbea291 --- /dev/null +++ b/tags/aks/index.xml @@ -0,0 +1 @@ +aks on/tags/aks/Recent content in aks onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/aks/page/1/index.html b/tags/aks/page/1/index.html new file mode 100644 index 00000000..093f897c --- /dev/null +++ b/tags/aks/page/1/index.html @@ -0,0 +1 @@ +/tags/aks/ \ No newline at end of file diff --git a/tags/aws-vault/index.html b/tags/aws-vault/index.html index 1e6615c1..c28ec0fd 100644 --- a/tags/aws-vault/index.html +++ b/tags/aws-vault/index.html @@ -1,210 +1,10 @@ - - - - - - - - - - - -Tag: aws-vault • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: aws-vault

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +aws-vault
    +

    aws-vault

    Automatically rotating AWS access keys

    2021-09-17 (updated: 2024-01-01)
    awspythonsecurityaws‑vault
    Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/aws-vault/index.xml b/tags/aws-vault/index.xml index fb7a95bb..cf182ee7 100644 --- a/tags/aws-vault/index.xml +++ b/tags/aws-vault/index.xml @@ -1 +1,2 @@ -aws-vault on davegallant/tags/aws-vault/Recent content in aws-vault on davegallantHugo -- gohugo.ioen-usFri, 17 Sep 2021 12:48:33 -0400Automatically Rotating AWS Access Keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/ \ No newline at end of file +aws-vault on/tags/aws-vault/Recent content in aws-vault onHugo -- gohugo.ioDave GallantFri, 17 Sep 2021 12:48:33 -0400Automatically rotating AWS access keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution. \ No newline at end of file diff --git a/tags/aws-vault/page/1/index.html b/tags/aws-vault/page/1/index.html index 4d365e5a..28f9f5f8 100644 --- a/tags/aws-vault/page/1/index.html +++ b/tags/aws-vault/page/1/index.html @@ -1 +1 @@ -/tags/aws-vault/ \ No newline at end of file +/tags/aws-vault/ \ No newline at end of file diff --git a/tags/aws/index.html b/tags/aws/index.html index 4b6cfaa1..a380caea 100644 --- a/tags/aws/index.html +++ b/tags/aws/index.html @@ -1,210 +1,10 @@ - - - - - - - - - - - -Tag: aws • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: aws

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +aws
    +

    aws

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >

    Automatically rotating AWS access keys

    2021-09-17 (updated: 2024-01-01)
    awspythonsecurityaws‑vault
    Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/aws/index.xml b/tags/aws/index.xml index b61b123c..592e0cc4 100644 --- a/tags/aws/index.xml +++ b/tags/aws/index.xml @@ -1 +1,2 @@ -aws on davegallant/tags/aws/Recent content in aws on davegallantHugo -- gohugo.ioen-usFri, 17 Sep 2021 12:48:33 -0400Automatically Rotating AWS Access Keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/ \ No newline at end of file +aws on/tags/aws/Recent content in aws onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p>Automatically rotating AWS access keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution. \ No newline at end of file diff --git a/tags/aws/page/1/index.html b/tags/aws/page/1/index.html index 788587c1..2c863cbe 100644 --- a/tags/aws/page/1/index.html +++ b/tags/aws/page/1/index.html @@ -1 +1 @@ -/tags/aws/ \ No newline at end of file +/tags/aws/ \ No newline at end of file diff --git a/tags/azure/index.html b/tags/azure/index.html new file mode 100644 index 00000000..e90094e0 --- /dev/null +++ b/tags/azure/index.html @@ -0,0 +1,9 @@ +azure
    +

    azure

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/azure/index.xml b/tags/azure/index.xml new file mode 100644 index 00000000..817fcfa7 --- /dev/null +++ b/tags/azure/index.xml @@ -0,0 +1 @@ +azure on/tags/azure/Recent content in azure onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/azure/page/1/index.html b/tags/azure/page/1/index.html new file mode 100644 index 00000000..41efed15 --- /dev/null +++ b/tags/azure/page/1/index.html @@ -0,0 +1 @@ +/tags/azure/ \ No newline at end of file diff --git a/tags/backup/index.html b/tags/backup/index.html index 816b94f8..0c14ec57 100644 --- a/tags/backup/index.html +++ b/tags/backup/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: backup • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: backup

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +backup
    +

    backup

    Backing up gmail with Synology

    2022-03-13 (updated: 2024-01-01)
    degooglesynologygmailbackupransomware

    I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/backup/index.xml b/tags/backup/index.xml index d4f4b2fb..553937df 100644 --- a/tags/backup/index.xml +++ b/tags/backup/index.xml @@ -1 +1 @@ -backup on davegallant/tags/backup/Recent content in backup on davegallantHugo -- gohugo.ioen-usSun, 13 Mar 2022 18:49:10 -0400Backing Up Gmail With Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/ \ No newline at end of file +backup on/tags/backup/Recent content in backup onHugo -- gohugo.ioDave GallantSun, 13 Mar 2022 18:49:10 -0400Backing up gmail with Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/<p>I&rsquo;ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.</p> \ No newline at end of file diff --git a/tags/backup/page/1/index.html b/tags/backup/page/1/index.html index d088a179..e52fb218 100644 --- a/tags/backup/page/1/index.html +++ b/tags/backup/page/1/index.html @@ -1 +1 @@ -/tags/backup/ \ No newline at end of file +/tags/backup/ \ No newline at end of file diff --git a/tags/bastion/index.html b/tags/bastion/index.html new file mode 100644 index 00000000..bdfe294b --- /dev/null +++ b/tags/bastion/index.html @@ -0,0 +1,9 @@ +bastion
    +

    bastion

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/bastion/index.xml b/tags/bastion/index.xml new file mode 100644 index 00000000..ad50ef22 --- /dev/null +++ b/tags/bastion/index.xml @@ -0,0 +1 @@ +bastion on/tags/bastion/Recent content in bastion onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/bastion/page/1/index.html b/tags/bastion/page/1/index.html new file mode 100644 index 00000000..7e46dbfe --- /dev/null +++ b/tags/bastion/page/1/index.html @@ -0,0 +1 @@ +/tags/bastion/ \ No newline at end of file diff --git a/tags/cloud-sql-proxy/index.html b/tags/cloud-sql-proxy/index.html new file mode 100644 index 00000000..cfb8379c --- /dev/null +++ b/tags/cloud-sql-proxy/index.html @@ -0,0 +1,9 @@ +cloud-sql-proxy
    +

    cloud-sql-proxy

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/cloud-sql-proxy/index.xml b/tags/cloud-sql-proxy/index.xml new file mode 100644 index 00000000..812cafcd --- /dev/null +++ b/tags/cloud-sql-proxy/index.xml @@ -0,0 +1 @@ +cloud-sql-proxy on/tags/cloud-sql-proxy/Recent content in cloud-sql-proxy onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/cloud-sql-proxy/page/1/index.html b/tags/cloud-sql-proxy/page/1/index.html new file mode 100644 index 00000000..15607d78 --- /dev/null +++ b/tags/cloud-sql-proxy/page/1/index.html @@ -0,0 +1 @@ +/tags/cloud-sql-proxy/ \ No newline at end of file diff --git a/tags/containers/index.html b/tags/containers/index.html index aa89b4e7..9fd9c77d 100644 --- a/tags/containers/index.html +++ b/tags/containers/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: containers • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: containers

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +containers
    +

    containers

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/containers/index.xml b/tags/containers/index.xml index ef61f359..0daf9df2 100644 --- a/tags/containers/index.xml +++ b/tags/containers/index.xml @@ -1 +1 @@ -containers on davegallant/tags/containers/Recent content in containers on davegallantHugo -- gohugo.ioen-usMon, 11 Oct 2021 10:43:35 -0400Replacing docker with podman on macOS (and Linux)/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Mon, 11 Oct 2021 10:43:35 -0400/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/ \ No newline at end of file +containers on/tags/containers/Recent content in containers onHugo -- gohugo.ioDave GallantMon, 11 Oct 2021 10:43:35 -0400Replacing docker with podman on macOS (and Linux)/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Mon, 11 Oct 2021 10:43:35 -0400/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/<p>There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:</p> \ No newline at end of file diff --git a/tags/containers/page/1/index.html b/tags/containers/page/1/index.html index 708c04b8..c317498b 100644 --- a/tags/containers/page/1/index.html +++ b/tags/containers/page/1/index.html @@ -1 +1 @@ -/tags/containers/ \ No newline at end of file +/tags/containers/ \ No newline at end of file diff --git a/tags/database/index.html b/tags/database/index.html new file mode 100644 index 00000000..06512749 --- /dev/null +++ b/tags/database/index.html @@ -0,0 +1,9 @@ +database
    +

    database

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/database/index.xml b/tags/database/index.xml new file mode 100644 index 00000000..e0ec99a2 --- /dev/null +++ b/tags/database/index.xml @@ -0,0 +1 @@ +database on/tags/database/Recent content in database onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/database/page/1/index.html b/tags/database/page/1/index.html new file mode 100644 index 00000000..fe8cb73f --- /dev/null +++ b/tags/database/page/1/index.html @@ -0,0 +1 @@ +/tags/database/ \ No newline at end of file diff --git a/tags/degoogle/index.html b/tags/degoogle/index.html index ce7ae3b6..e0c59fa8 100644 --- a/tags/degoogle/index.html +++ b/tags/degoogle/index.html @@ -1,223 +1,9 @@ - - - - - - - - - - - -Tag: degoogle • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: degoogle

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +degoogle
    +

    degoogle

    Backing up gmail with Synology

    2022-03-13 (updated: 2024-01-01)
    degooglesynologygmailbackupransomware

    I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/degoogle/index.xml b/tags/degoogle/index.xml index 527b8ca8..9e117fd4 100644 --- a/tags/degoogle/index.xml +++ b/tags/degoogle/index.xml @@ -1 +1,7 @@ -degoogle on davegallant/tags/degoogle/Recent content in degoogle on davegallantHugo -- gohugo.ioen-usSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in Private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/Backing Up Gmail With Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/ \ No newline at end of file +degoogle on/tags/degoogle/Recent content in degoogle onHugo -- gohugo.ioDave GallantSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/<p>I recently stumbled upon <a +href="https://yewtu.be" +class="link--external" target="_blank" rel="noreferrer" +>yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a +href="https://invidious.io/" +class="link--external" target="_blank" rel="noreferrer" +>invidious</a>.</p>Backing up gmail with Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/<p>I&rsquo;ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.</p> \ No newline at end of file diff --git a/tags/degoogle/page/1/index.html b/tags/degoogle/page/1/index.html index 52c1738b..3fc52048 100644 --- a/tags/degoogle/page/1/index.html +++ b/tags/degoogle/page/1/index.html @@ -1 +1 @@ -/tags/degoogle/ \ No newline at end of file +/tags/degoogle/ \ No newline at end of file diff --git a/tags/docker/index.html b/tags/docker/index.html index 0b587765..5a28d187 100644 --- a/tags/docker/index.html +++ b/tags/docker/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: docker • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: docker

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +docker
    +

    docker

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/docker/index.xml b/tags/docker/index.xml index 598ce8c8..56187f83 100644 --- a/tags/docker/index.xml +++ b/tags/docker/index.xml @@ -1 +1 @@ -docker on davegallant/tags/docker/Recent content in docker on davegallantHugo -- gohugo.ioen-usMon, 11 Oct 2021 10:43:35 -0400Replacing docker with podman on macOS (and Linux)/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Mon, 11 Oct 2021 10:43:35 -0400/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/ \ No newline at end of file +docker on/tags/docker/Recent content in docker onHugo -- gohugo.ioDave GallantMon, 11 Oct 2021 10:43:35 -0400Replacing docker with podman on macOS (and Linux)/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Mon, 11 Oct 2021 10:43:35 -0400/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/<p>There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:</p> \ No newline at end of file diff --git a/tags/docker/page/1/index.html b/tags/docker/page/1/index.html index e7bba7a3..d412c316 100644 --- a/tags/docker/page/1/index.html +++ b/tags/docker/page/1/index.html @@ -1 +1 @@ -/tags/docker/ \ No newline at end of file +/tags/docker/ \ No newline at end of file diff --git a/tags/dotfiles/index.html b/tags/dotfiles/index.html index 97f22fc2..a3fa6eaf 100644 --- a/tags/dotfiles/index.html +++ b/tags/dotfiles/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: dotfiles • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: dotfiles

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +dotfiles
    +

    dotfiles

    Why I threw out my dotfiles

    2021-09-08 (updated: 2024-01-01)
    nixdotfileshome‑manager

    Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/dotfiles/index.xml b/tags/dotfiles/index.xml index 48d69516..67bb81ec 100644 --- a/tags/dotfiles/index.xml +++ b/tags/dotfiles/index.xml @@ -1 +1,10 @@ -dotfiles on davegallant/tags/dotfiles/Recent content in dotfiles on davegallantHugo -- gohugo.ioen-usWed, 08 Sep 2021 00:42:33 -0400Why I Threw Out My Dotfiles/blog/2021/09/08/why-i-threw-out-my-dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/blog/2021/09/08/why-i-threw-out-my-dotfiles/ \ No newline at end of file +dotfiles on/tags/dotfiles/Recent content in dotfiles onHugo -- gohugo.ioDave GallantWed, 08 Sep 2021 00:42:33 -0400Why I threw out my dotfiles/blog/2021/09/08/why-i-threw-out-my-dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/blog/2021/09/08/why-i-threw-out-my-dotfiles/<p>Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (<code>~/.zshrc</code>, <code>~/.config/git/config</code>, <code>~/.config/tmux/tmux.conf</code>, etc). I have tried several different ways to manage them, including <a +href="https://www.atlassian.com/git/tutorials/dotfiles" +class="link--external" target="_blank" rel="noreferrer" +>bare git repos</a> and utilities such as <a +href="https://www.gnu.org/software/stow/" +class="link--external" target="_blank" rel="noreferrer" +>GNU Stow</a>. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: <a +href="https://github.com/nix-community/home-manager" +class="link--external" target="_blank" rel="noreferrer" +>home-manager</a>.</p> \ No newline at end of file diff --git a/tags/dotfiles/page/1/index.html b/tags/dotfiles/page/1/index.html index ca876acb..02d9ab25 100644 --- a/tags/dotfiles/page/1/index.html +++ b/tags/dotfiles/page/1/index.html @@ -1 +1 @@ -/tags/dotfiles/ \ No newline at end of file +/tags/dotfiles/ \ No newline at end of file diff --git a/tags/eks/index.html b/tags/eks/index.html new file mode 100644 index 00000000..1d7dd938 --- /dev/null +++ b/tags/eks/index.html @@ -0,0 +1,9 @@ +eks
    +

    eks

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/eks/index.xml b/tags/eks/index.xml new file mode 100644 index 00000000..431b40fa --- /dev/null +++ b/tags/eks/index.xml @@ -0,0 +1 @@ +eks on/tags/eks/Recent content in eks onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/eks/page/1/index.html b/tags/eks/page/1/index.html new file mode 100644 index 00000000..98e93b75 --- /dev/null +++ b/tags/eks/page/1/index.html @@ -0,0 +1 @@ +/tags/eks/ \ No newline at end of file diff --git a/tags/gitea-actions/index.html b/tags/gitea-actions/index.html new file mode 100644 index 00000000..18ecfae5 --- /dev/null +++ b/tags/gitea-actions/index.html @@ -0,0 +1,9 @@ +gitea actions
    +

    gitea actions

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/gitea-actions/index.xml b/tags/gitea-actions/index.xml new file mode 100644 index 00000000..df364e5a --- /dev/null +++ b/tags/gitea-actions/index.xml @@ -0,0 +1,4 @@ +gitea actions on/tags/gitea-actions/Recent content in gitea actions onHugo -- gohugo.ioDave GallantSun, 10 Dec 2023 17:22:11 -0500Setting up Gitea Actions with Tailscale/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/Sun, 10 Dec 2023 17:22:11 -0500/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/<p>In this post I&rsquo;ll go through the process of setting up Gitea Actions and <a +href="https://tailscale.com/" +class="link--external" target="_blank" rel="noreferrer" +>Tailscale</a>, unlocking a simple and secure way to automate workflows.</p> \ No newline at end of file diff --git a/tags/gitea-actions/page/1/index.html b/tags/gitea-actions/page/1/index.html new file mode 100644 index 00000000..62af827f --- /dev/null +++ b/tags/gitea-actions/page/1/index.html @@ -0,0 +1 @@ +/tags/gitea-actions/ \ No newline at end of file diff --git a/tags/gitea/index.html b/tags/gitea/index.html new file mode 100644 index 00000000..b1e670c1 --- /dev/null +++ b/tags/gitea/index.html @@ -0,0 +1,9 @@ +gitea
    +

    gitea

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/gitea/index.xml b/tags/gitea/index.xml new file mode 100644 index 00000000..3e4b6359 --- /dev/null +++ b/tags/gitea/index.xml @@ -0,0 +1,4 @@ +gitea on/tags/gitea/Recent content in gitea onHugo -- gohugo.ioDave GallantSun, 10 Dec 2023 17:22:11 -0500Setting up Gitea Actions with Tailscale/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/Sun, 10 Dec 2023 17:22:11 -0500/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/<p>In this post I&rsquo;ll go through the process of setting up Gitea Actions and <a +href="https://tailscale.com/" +class="link--external" target="_blank" rel="noreferrer" +>Tailscale</a>, unlocking a simple and secure way to automate workflows.</p> \ No newline at end of file diff --git a/tags/gitea/page/1/index.html b/tags/gitea/page/1/index.html new file mode 100644 index 00000000..5967f88f --- /dev/null +++ b/tags/gitea/page/1/index.html @@ -0,0 +1 @@ +/tags/gitea/ \ No newline at end of file diff --git a/tags/github-actions/index.html b/tags/github-actions/index.html new file mode 100644 index 00000000..2748d514 --- /dev/null +++ b/tags/github-actions/index.html @@ -0,0 +1,9 @@ +github actions
    +

    github actions

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/github-actions/index.xml b/tags/github-actions/index.xml new file mode 100644 index 00000000..65a12086 --- /dev/null +++ b/tags/github-actions/index.xml @@ -0,0 +1,4 @@ +github actions on/tags/github-actions/Recent content in github actions onHugo -- gohugo.ioDave GallantSun, 10 Dec 2023 17:22:11 -0500Setting up Gitea Actions with Tailscale/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/Sun, 10 Dec 2023 17:22:11 -0500/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/<p>In this post I&rsquo;ll go through the process of setting up Gitea Actions and <a +href="https://tailscale.com/" +class="link--external" target="_blank" rel="noreferrer" +>Tailscale</a>, unlocking a simple and secure way to automate workflows.</p> \ No newline at end of file diff --git a/tags/github-actions/page/1/index.html b/tags/github-actions/page/1/index.html new file mode 100644 index 00000000..c7c70037 --- /dev/null +++ b/tags/github-actions/page/1/index.html @@ -0,0 +1 @@ +/tags/github-actions/ \ No newline at end of file diff --git a/tags/gmail/index.html b/tags/gmail/index.html index 217dd51f..4ac2abcc 100644 --- a/tags/gmail/index.html +++ b/tags/gmail/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: gmail • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: gmail

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +gmail
    +

    gmail

    Backing up gmail with Synology

    2022-03-13 (updated: 2024-01-01)
    degooglesynologygmailbackupransomware

    I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/gmail/index.xml b/tags/gmail/index.xml index 8778b40c..e118a7ec 100644 --- a/tags/gmail/index.xml +++ b/tags/gmail/index.xml @@ -1 +1 @@ -gmail on davegallant/tags/gmail/Recent content in gmail on davegallantHugo -- gohugo.ioen-usSun, 13 Mar 2022 18:49:10 -0400Backing Up Gmail With Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/ \ No newline at end of file +gmail on/tags/gmail/Recent content in gmail onHugo -- gohugo.ioDave GallantSun, 13 Mar 2022 18:49:10 -0400Backing up gmail with Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/<p>I&rsquo;ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.</p> \ No newline at end of file diff --git a/tags/gmail/page/1/index.html b/tags/gmail/page/1/index.html index 5ed19f54..862ac997 100644 --- a/tags/gmail/page/1/index.html +++ b/tags/gmail/page/1/index.html @@ -1 +1 @@ -/tags/gmail/ \ No newline at end of file +/tags/gmail/ \ No newline at end of file diff --git a/tags/grafana/index.html b/tags/grafana/index.html deleted file mode 100644 index 1b4f11b3..00000000 --- a/tags/grafana/index.html +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - - - - - -Tag: grafana • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: grafana

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/tags/grafana/index.xml b/tags/grafana/index.xml deleted file mode 100644 index e25ba94a..00000000 --- a/tags/grafana/index.xml +++ /dev/null @@ -1 +0,0 @@ -grafana on davegallant/tags/grafana/Recent content in grafana on davegallantHugo -- gohugo.ioen-usMon, 06 Sep 2021 01:12:54 -0400What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p> \ No newline at end of file diff --git a/tags/grafana/page/1/index.html b/tags/grafana/page/1/index.html deleted file mode 100644 index b87a51a8..00000000 --- a/tags/grafana/page/1/index.html +++ /dev/null @@ -1 +0,0 @@ -/tags/grafana/ \ No newline at end of file diff --git a/tags/home-manager/index.html b/tags/home-manager/index.html index 5399ebdd..83be000a 100644 --- a/tags/home-manager/index.html +++ b/tags/home-manager/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: home-manager • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: home-manager

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +home-manager
    +

    home-manager

    Why I threw out my dotfiles

    2021-09-08 (updated: 2024-01-01)
    nixdotfileshome‑manager

    Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/home-manager/index.xml b/tags/home-manager/index.xml index 5ba8da5c..f5b6a67d 100644 --- a/tags/home-manager/index.xml +++ b/tags/home-manager/index.xml @@ -1 +1,10 @@ -home-manager on davegallant/tags/home-manager/Recent content in home-manager on davegallantHugo -- gohugo.ioen-usWed, 08 Sep 2021 00:42:33 -0400Why I Threw Out My Dotfiles/blog/2021/09/08/why-i-threw-out-my-dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/blog/2021/09/08/why-i-threw-out-my-dotfiles/ \ No newline at end of file +home-manager on/tags/home-manager/Recent content in home-manager onHugo -- gohugo.ioDave GallantWed, 08 Sep 2021 00:42:33 -0400Why I threw out my dotfiles/blog/2021/09/08/why-i-threw-out-my-dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/blog/2021/09/08/why-i-threw-out-my-dotfiles/<p>Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (<code>~/.zshrc</code>, <code>~/.config/git/config</code>, <code>~/.config/tmux/tmux.conf</code>, etc). I have tried several different ways to manage them, including <a +href="https://www.atlassian.com/git/tutorials/dotfiles" +class="link--external" target="_blank" rel="noreferrer" +>bare git repos</a> and utilities such as <a +href="https://www.gnu.org/software/stow/" +class="link--external" target="_blank" rel="noreferrer" +>GNU Stow</a>. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: <a +href="https://github.com/nix-community/home-manager" +class="link--external" target="_blank" rel="noreferrer" +>home-manager</a>.</p> \ No newline at end of file diff --git a/tags/home-manager/page/1/index.html b/tags/home-manager/page/1/index.html index b5a9db71..dc0ba177 100644 --- a/tags/home-manager/page/1/index.html +++ b/tags/home-manager/page/1/index.html @@ -1 +1 @@ -/tags/home-manager/ \ No newline at end of file +/tags/home-manager/ \ No newline at end of file diff --git a/tags/homelab/index.html b/tags/homelab/index.html deleted file mode 100644 index 28a27e63..00000000 --- a/tags/homelab/index.html +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - - - - - -Tag: homelab • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: homelab

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/tags/homelab/index.xml b/tags/homelab/index.xml deleted file mode 100644 index fb342f73..00000000 --- a/tags/homelab/index.xml +++ /dev/null @@ -1 +0,0 @@ -homelab on davegallant/tags/homelab/Recent content in homelab on davegallantHugo -- gohugo.ioen-usMon, 06 Sep 2021 01:12:54 -0400What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p> \ No newline at end of file diff --git a/tags/homelab/page/1/index.html b/tags/homelab/page/1/index.html deleted file mode 100644 index bfc5881a..00000000 --- a/tags/homelab/page/1/index.html +++ /dev/null @@ -1 +0,0 @@ -/tags/homelab/ \ No newline at end of file diff --git a/tags/index.html b/tags/index.html index cdf4c6cb..7bc82493 100644 --- a/tags/index.html +++ b/tags/index.html @@ -1,272 +1,9 @@ - - - - - - - - - - - -Tags • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tags

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +Tags
    +

    Tags

    gitea

    2023-12-10 (updated: 2024-01-01)

    aks

    2023-05-22 (updated: 2024-01-01)

    aws

    2023-05-22 (updated: 2024-01-01)

    azure

    2023-05-22 (updated: 2024-01-01)

    bastion

    2023-05-22 (updated: 2024-01-01)
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/index.xml b/tags/index.xml index 8d53bcd2..cf0d8864 100644 --- a/tags/index.xml +++ b/tags/index.xml @@ -1 +1 @@ -Tags on davegallant/tags/Recent content in Tags on davegallantHugo -- gohugo.ioen-usSat, 10 Dec 2022 21:46:55 -0500degoogle/tags/degoogle/Sat, 10 Dec 2022 21:46:55 -0500/tags/degoogle/invidious/tags/invidious/Sat, 10 Dec 2022 21:46:55 -0500/tags/invidious/privacy/tags/privacy/Sat, 10 Dec 2022 21:46:55 -0500/tags/privacy/tailscale/tags/tailscale/Sat, 10 Dec 2022 21:46:55 -0500/tags/tailscale/yewtu.be/tags/yewtu.be/Sat, 10 Dec 2022 21:46:55 -0500/tags/yewtu.be/youtube/tags/youtube/Sat, 10 Dec 2022 21:46:55 -0500/tags/youtube/openwrt/tags/openwrt/Sat, 02 Apr 2022 18:50:09 -0400/tags/openwrt/pfsense/tags/pfsense/Sat, 02 Apr 2022 18:50:09 -0400/tags/pfsense/proxmox/tags/proxmox/Sat, 02 Apr 2022 18:50:09 -0400/tags/proxmox/router/tags/router/Sat, 02 Apr 2022 18:50:09 -0400/tags/router/router-on-a-stick/tags/router-on-a-stick/Sat, 02 Apr 2022 18:50:09 -0400/tags/router-on-a-stick/vlan/tags/vlan/Sat, 02 Apr 2022 18:50:09 -0400/tags/vlan/backup/tags/backup/Sun, 13 Mar 2022 18:49:10 -0400/tags/backup/gmail/tags/gmail/Sun, 13 Mar 2022 18:49:10 -0400/tags/gmail/ransomware/tags/ransomware/Sun, 13 Mar 2022 18:49:10 -0400/tags/ransomware/synology/tags/synology/Sun, 13 Mar 2022 18:49:10 -0400/tags/synology/k3s/tags/k3s/Sun, 14 Nov 2021 10:07:03 -0500/tags/k3s/lxc/tags/lxc/Sun, 14 Nov 2021 10:07:03 -0500/tags/lxc/containers/tags/containers/Mon, 11 Oct 2021 10:43:35 -0400/tags/containers/docker/tags/docker/Mon, 11 Oct 2021 10:43:35 -0400/tags/docker/podman/tags/podman/Mon, 11 Oct 2021 10:43:35 -0400/tags/podman/aws/tags/aws/Fri, 17 Sep 2021 12:48:33 -0400/tags/aws/aws-vault/tags/aws-vault/Fri, 17 Sep 2021 12:48:33 -0400/tags/aws-vault/python/tags/python/Fri, 17 Sep 2021 12:48:33 -0400/tags/python/security/tags/security/Fri, 17 Sep 2021 12:48:33 -0400/tags/security/dotfiles/tags/dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/tags/dotfiles/home-manager/tags/home-manager/Wed, 08 Sep 2021 00:42:33 -0400/tags/home-manager/nix/tags/nix/Wed, 08 Sep 2021 00:42:33 -0400/tags/nix/adguard/tags/adguard/Mon, 06 Sep 2021 01:12:54 -0400/tags/adguard/grafana/tags/grafana/Mon, 06 Sep 2021 01:12:54 -0400/tags/grafana/homelab/tags/homelab/Mon, 06 Sep 2021 01:12:54 -0400/tags/homelab/jellyfin/tags/jellyfin/Mon, 06 Sep 2021 01:12:54 -0400/tags/jellyfin/netdata/tags/netdata/Mon, 06 Sep 2021 01:12:54 -0400/tags/netdata/pihole/tags/pihole/Mon, 06 Sep 2021 01:12:54 -0400/tags/pihole/plex/tags/plex/Mon, 06 Sep 2021 01:12:54 -0400/tags/plex/virtualization/tags/virtualization/Mon, 06 Sep 2021 01:12:54 -0400/tags/virtualization/linux/tags/linux/Mon, 16 Mar 2020 22:00:15 -0400/tags/linux/vpn/tags/vpn/Mon, 16 Mar 2020 22:00:15 -0400/tags/vpn/ \ No newline at end of file +Tags on/tags/Recent content in Tags onHugo -- gohugo.ioDave GallantSun, 10 Dec 2023 17:22:11 -0500gitea/tags/gitea/Sun, 10 Dec 2023 17:22:11 -0500/tags/gitea/gitea actions/tags/gitea-actions/Sun, 10 Dec 2023 17:22:11 -0500/tags/gitea-actions/github actions/tags/github-actions/Sun, 10 Dec 2023 17:22:11 -0500/tags/github-actions/self-hosted/tags/self-hosted/Sun, 10 Dec 2023 17:22:11 -0500/tags/self-hosted/tailscale/tags/tailscale/Sun, 10 Dec 2023 17:22:11 -0500/tags/tailscale/aks/tags/aks/Mon, 22 May 2023 16:31:29 -0400/tags/aks/aws/tags/aws/Mon, 22 May 2023 16:31:29 -0400/tags/aws/azure/tags/azure/Mon, 22 May 2023 16:31:29 -0400/tags/azure/bastion/tags/bastion/Mon, 22 May 2023 16:31:29 -0400/tags/bastion/cloud-sql-proxy/tags/cloud-sql-proxy/Mon, 22 May 2023 16:31:29 -0400/tags/cloud-sql-proxy/database/tags/database/Mon, 22 May 2023 16:31:29 -0400/tags/database/eks/tags/eks/Mon, 22 May 2023 16:31:29 -0400/tags/eks/k8s/tags/k8s/Mon, 22 May 2023 16:31:29 -0400/tags/k8s/kubectl-plugin-socks5-proxy/tags/kubectl-plugin-socks5-proxy/Mon, 22 May 2023 16:31:29 -0400/tags/kubectl-plugin-socks5-proxy/proxy/tags/proxy/Mon, 22 May 2023 16:31:29 -0400/tags/proxy/socat/tags/socat/Mon, 22 May 2023 16:31:29 -0400/tags/socat/socks/tags/socks/Mon, 22 May 2023 16:31:29 -0400/tags/socks/degoogle/tags/degoogle/Sat, 10 Dec 2022 21:46:55 -0500/tags/degoogle/invidious/tags/invidious/Sat, 10 Dec 2022 21:46:55 -0500/tags/invidious/privacy/tags/privacy/Sat, 10 Dec 2022 21:46:55 -0500/tags/privacy/yewtu.be/tags/yewtu.be/Sat, 10 Dec 2022 21:46:55 -0500/tags/yewtu.be/youtube/tags/youtube/Sat, 10 Dec 2022 21:46:55 -0500/tags/youtube/openwrt/tags/openwrt/Sat, 02 Apr 2022 18:50:09 -0400/tags/openwrt/pfsense/tags/pfsense/Sat, 02 Apr 2022 18:50:09 -0400/tags/pfsense/proxmox/tags/proxmox/Sat, 02 Apr 2022 18:50:09 -0400/tags/proxmox/router/tags/router/Sat, 02 Apr 2022 18:50:09 -0400/tags/router/router-on-a-stick/tags/router-on-a-stick/Sat, 02 Apr 2022 18:50:09 -0400/tags/router-on-a-stick/vlan/tags/vlan/Sat, 02 Apr 2022 18:50:09 -0400/tags/vlan/backup/tags/backup/Sun, 13 Mar 2022 18:49:10 -0400/tags/backup/gmail/tags/gmail/Sun, 13 Mar 2022 18:49:10 -0400/tags/gmail/ransomware/tags/ransomware/Sun, 13 Mar 2022 18:49:10 -0400/tags/ransomware/synology/tags/synology/Sun, 13 Mar 2022 18:49:10 -0400/tags/synology/k3s/tags/k3s/Sun, 14 Nov 2021 10:07:03 -0500/tags/k3s/lxc/tags/lxc/Sun, 14 Nov 2021 10:07:03 -0500/tags/lxc/containers/tags/containers/Mon, 11 Oct 2021 10:43:35 -0400/tags/containers/docker/tags/docker/Mon, 11 Oct 2021 10:43:35 -0400/tags/docker/podman/tags/podman/Mon, 11 Oct 2021 10:43:35 -0400/tags/podman/aws-vault/tags/aws-vault/Fri, 17 Sep 2021 12:48:33 -0400/tags/aws-vault/python/tags/python/Fri, 17 Sep 2021 12:48:33 -0400/tags/python/security/tags/security/Fri, 17 Sep 2021 12:48:33 -0400/tags/security/dotfiles/tags/dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/tags/dotfiles/home-manager/tags/home-manager/Wed, 08 Sep 2021 00:42:33 -0400/tags/home-manager/nix/tags/nix/Wed, 08 Sep 2021 00:42:33 -0400/tags/nix/linux/tags/linux/Mon, 16 Mar 2020 22:00:15 -0400/tags/linux/vpn/tags/vpn/Mon, 16 Mar 2020 22:00:15 -0400/tags/vpn/ \ No newline at end of file diff --git a/tags/invidious/index.html b/tags/invidious/index.html index 2b40efef..d770cc99 100644 --- a/tags/invidious/index.html +++ b/tags/invidious/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: invidious • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: invidious

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +invidious
    +

    invidious

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/invidious/index.xml b/tags/invidious/index.xml index b93d791b..5ce97653 100644 --- a/tags/invidious/index.xml +++ b/tags/invidious/index.xml @@ -1 +1,7 @@ -invidious on davegallant/tags/invidious/Recent content in invidious on davegallantHugo -- gohugo.ioen-usSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in Private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/ \ No newline at end of file +invidious on/tags/invidious/Recent content in invidious onHugo -- gohugo.ioDave GallantSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/<p>I recently stumbled upon <a +href="https://yewtu.be" +class="link--external" target="_blank" rel="noreferrer" +>yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a +href="https://invidious.io/" +class="link--external" target="_blank" rel="noreferrer" +>invidious</a>.</p> \ No newline at end of file diff --git a/tags/invidious/page/1/index.html b/tags/invidious/page/1/index.html index 6c096229..a6635751 100644 --- a/tags/invidious/page/1/index.html +++ b/tags/invidious/page/1/index.html @@ -1 +1 @@ -/tags/invidious/ \ No newline at end of file +/tags/invidious/ \ No newline at end of file diff --git a/tags/jellyfin/index.html b/tags/jellyfin/index.html deleted file mode 100644 index f3609170..00000000 --- a/tags/jellyfin/index.html +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - - - - - -Tag: jellyfin • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: jellyfin

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/tags/jellyfin/index.xml b/tags/jellyfin/index.xml deleted file mode 100644 index 8c2000a6..00000000 --- a/tags/jellyfin/index.xml +++ /dev/null @@ -1 +0,0 @@ -jellyfin on davegallant/tags/jellyfin/Recent content in jellyfin on davegallantHugo -- gohugo.ioen-usMon, 06 Sep 2021 01:12:54 -0400What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p> \ No newline at end of file diff --git a/tags/jellyfin/page/1/index.html b/tags/jellyfin/page/1/index.html deleted file mode 100644 index cb0ccfdb..00000000 --- a/tags/jellyfin/page/1/index.html +++ /dev/null @@ -1 +0,0 @@ -/tags/jellyfin/ \ No newline at end of file diff --git a/tags/k3s/index.html b/tags/k3s/index.html index 01e5d2f5..29ddcfac 100644 --- a/tags/k3s/index.html +++ b/tags/k3s/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: k3s • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: k3s

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +k3s
    +

    k3s

    Running K3s in LXC on Proxmox

    2021-11-14 (updated: 2024-01-01)
    k3sproxmoxlxcself‑hosted
    It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/k3s/index.xml b/tags/k3s/index.xml index 2551176e..107ae965 100644 --- a/tags/k3s/index.xml +++ b/tags/k3s/index.xml @@ -1 +1 @@ -k3s on davegallant/tags/k3s/Recent content in k3s on davegallantHugo -- gohugo.ioen-usSun, 14 Nov 2021 10:07:03 -0500Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/ \ No newline at end of file +k3s on/tags/k3s/Recent content in k3s onHugo -- gohugo.ioDave GallantSun, 14 Nov 2021 10:07:03 -0500Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. \ No newline at end of file diff --git a/tags/k3s/page/1/index.html b/tags/k3s/page/1/index.html index a620641c..8aa28e67 100644 --- a/tags/k3s/page/1/index.html +++ b/tags/k3s/page/1/index.html @@ -1 +1 @@ -/tags/k3s/ \ No newline at end of file +/tags/k3s/ \ No newline at end of file diff --git a/tags/k8s/index.html b/tags/k8s/index.html new file mode 100644 index 00000000..8ea92458 --- /dev/null +++ b/tags/k8s/index.html @@ -0,0 +1,9 @@ +k8s
    +

    k8s

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/k8s/index.xml b/tags/k8s/index.xml new file mode 100644 index 00000000..f6b9ad2e --- /dev/null +++ b/tags/k8s/index.xml @@ -0,0 +1 @@ +k8s on/tags/k8s/Recent content in k8s onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/k8s/page/1/index.html b/tags/k8s/page/1/index.html new file mode 100644 index 00000000..af330bbc --- /dev/null +++ b/tags/k8s/page/1/index.html @@ -0,0 +1 @@ +/tags/k8s/ \ No newline at end of file diff --git a/tags/kubectl-plugin-socks5-proxy/index.html b/tags/kubectl-plugin-socks5-proxy/index.html new file mode 100644 index 00000000..5d52b178 --- /dev/null +++ b/tags/kubectl-plugin-socks5-proxy/index.html @@ -0,0 +1,9 @@ +kubectl-plugin-socks5-proxy
    +

    kubectl-plugin-socks5-proxy

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/kubectl-plugin-socks5-proxy/index.xml b/tags/kubectl-plugin-socks5-proxy/index.xml new file mode 100644 index 00000000..8d684b93 --- /dev/null +++ b/tags/kubectl-plugin-socks5-proxy/index.xml @@ -0,0 +1 @@ +kubectl-plugin-socks5-proxy on/tags/kubectl-plugin-socks5-proxy/Recent content in kubectl-plugin-socks5-proxy onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/kubectl-plugin-socks5-proxy/page/1/index.html b/tags/kubectl-plugin-socks5-proxy/page/1/index.html new file mode 100644 index 00000000..247d53af --- /dev/null +++ b/tags/kubectl-plugin-socks5-proxy/page/1/index.html @@ -0,0 +1 @@ +/tags/kubectl-plugin-socks5-proxy/ \ No newline at end of file diff --git a/tags/linux/index.html b/tags/linux/index.html index 5cea0a96..1c6976ac 100644 --- a/tags/linux/index.html +++ b/tags/linux/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: linux • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: linux

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +linux
    +

    linux

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/linux/index.xml b/tags/linux/index.xml index c08a2233..99462e69 100644 --- a/tags/linux/index.xml +++ b/tags/linux/index.xml @@ -1 +1 @@ -linux on davegallant/tags/linux/Recent content in linux on davegallantHugo -- gohugo.ioen-usMon, 16 Mar 2020 22:00:15 -0400AppGate SDP on Arch Linux/blog/2020/03/16/appgate-sdp-on-arch-linux/Mon, 16 Mar 2020 22:00:15 -0400/blog/2020/03/16/appgate-sdp-on-arch-linux/<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p> \ No newline at end of file +linux on/tags/linux/Recent content in linux onHugo -- gohugo.ioDave GallantMon, 16 Mar 2020 22:00:15 -0400AppGate SDP on Arch Linux/blog/2020/03/16/appgate-sdp-on-arch-linux/Mon, 16 Mar 2020 22:00:15 -0400/blog/2020/03/16/appgate-sdp-on-arch-linux/<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p> \ No newline at end of file diff --git a/tags/linux/page/1/index.html b/tags/linux/page/1/index.html index caf1e88a..1a755463 100644 --- a/tags/linux/page/1/index.html +++ b/tags/linux/page/1/index.html @@ -1 +1 @@ -/tags/linux/ \ No newline at end of file +/tags/linux/ \ No newline at end of file diff --git a/tags/lxc/index.html b/tags/lxc/index.html index 48cf7f9f..65978e1e 100644 --- a/tags/lxc/index.html +++ b/tags/lxc/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: lxc • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: lxc

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +lxc
    +

    lxc

    Running K3s in LXC on Proxmox

    2021-11-14 (updated: 2024-01-01)
    k3sproxmoxlxcself‑hosted
    It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/lxc/index.xml b/tags/lxc/index.xml index d57cab89..43aa1fb6 100644 --- a/tags/lxc/index.xml +++ b/tags/lxc/index.xml @@ -1 +1 @@ -lxc on davegallant/tags/lxc/Recent content in lxc on davegallantHugo -- gohugo.ioen-usSun, 14 Nov 2021 10:07:03 -0500Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/ \ No newline at end of file +lxc on/tags/lxc/Recent content in lxc onHugo -- gohugo.ioDave GallantSun, 14 Nov 2021 10:07:03 -0500Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. \ No newline at end of file diff --git a/tags/lxc/page/1/index.html b/tags/lxc/page/1/index.html index 2f919c26..e478d250 100644 --- a/tags/lxc/page/1/index.html +++ b/tags/lxc/page/1/index.html @@ -1 +1 @@ -/tags/lxc/ \ No newline at end of file +/tags/lxc/ \ No newline at end of file diff --git a/tags/netdata/index.html b/tags/netdata/index.html deleted file mode 100644 index dc72dcf1..00000000 --- a/tags/netdata/index.html +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - - - - - -Tag: netdata • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: netdata

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/tags/netdata/index.xml b/tags/netdata/index.xml deleted file mode 100644 index 4f40867f..00000000 --- a/tags/netdata/index.xml +++ /dev/null @@ -1 +0,0 @@ -netdata on davegallant/tags/netdata/Recent content in netdata on davegallantHugo -- gohugo.ioen-usMon, 06 Sep 2021 01:12:54 -0400What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p> \ No newline at end of file diff --git a/tags/netdata/page/1/index.html b/tags/netdata/page/1/index.html deleted file mode 100644 index e3ea887f..00000000 --- a/tags/netdata/page/1/index.html +++ /dev/null @@ -1 +0,0 @@ -/tags/netdata/ \ No newline at end of file diff --git a/tags/nix/index.html b/tags/nix/index.html index 89867903..588c3c90 100644 --- a/tags/nix/index.html +++ b/tags/nix/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: nix • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: nix

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +nix
    +

    nix

    Why I threw out my dotfiles

    2021-09-08 (updated: 2024-01-01)
    nixdotfileshome‑manager

    Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/nix/index.xml b/tags/nix/index.xml index d71d86f5..49652bf1 100644 --- a/tags/nix/index.xml +++ b/tags/nix/index.xml @@ -1 +1,10 @@ -nix on davegallant/tags/nix/Recent content in nix on davegallantHugo -- gohugo.ioen-usWed, 08 Sep 2021 00:42:33 -0400Why I Threw Out My Dotfiles/blog/2021/09/08/why-i-threw-out-my-dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/blog/2021/09/08/why-i-threw-out-my-dotfiles/ \ No newline at end of file +nix on/tags/nix/Recent content in nix onHugo -- gohugo.ioDave GallantWed, 08 Sep 2021 00:42:33 -0400Why I threw out my dotfiles/blog/2021/09/08/why-i-threw-out-my-dotfiles/Wed, 08 Sep 2021 00:42:33 -0400/blog/2021/09/08/why-i-threw-out-my-dotfiles/<p>Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (<code>~/.zshrc</code>, <code>~/.config/git/config</code>, <code>~/.config/tmux/tmux.conf</code>, etc). I have tried several different ways to manage them, including <a +href="https://www.atlassian.com/git/tutorials/dotfiles" +class="link--external" target="_blank" rel="noreferrer" +>bare git repos</a> and utilities such as <a +href="https://www.gnu.org/software/stow/" +class="link--external" target="_blank" rel="noreferrer" +>GNU Stow</a>. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: <a +href="https://github.com/nix-community/home-manager" +class="link--external" target="_blank" rel="noreferrer" +>home-manager</a>.</p> \ No newline at end of file diff --git a/tags/nix/page/1/index.html b/tags/nix/page/1/index.html index ab2d4dab..c9a28d92 100644 --- a/tags/nix/page/1/index.html +++ b/tags/nix/page/1/index.html @@ -1 +1 @@ -/tags/nix/ \ No newline at end of file +/tags/nix/ \ No newline at end of file diff --git a/tags/openwrt/index.html b/tags/openwrt/index.html index 035d89a5..bf876f6f 100644 --- a/tags/openwrt/index.html +++ b/tags/openwrt/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: openwrt • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: openwrt

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +openwrt
    +

    openwrt

    Virtualizing my router with pfSense

    2022-04-02 (updated: 2024-01-01)
    pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/openwrt/index.xml b/tags/openwrt/index.xml index 8f4da1cf..53c1c0aa 100644 --- a/tags/openwrt/index.xml +++ b/tags/openwrt/index.xml @@ -1 +1,7 @@ -openwrt on davegallant/tags/openwrt/Recent content in openwrt on davegallantHugo -- gohugo.ioen-usSat, 02 Apr 2022 18:50:09 -0400Virtualizing My Router With pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/ \ No newline at end of file +openwrt on/tags/openwrt/Recent content in openwrt onHugo -- gohugo.ioDave GallantSat, 02 Apr 2022 18:50:09 -0400Virtualizing my router with pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/<p>My aging router has been running <a +href="https://en.wikipedia.org/wiki/OpenWrt" +class="link--external" target="_blank" rel="noreferrer" +>OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a +href="https://openwrt.org/packages/index/start" +class="link--external" target="_blank" rel="noreferrer" +>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p> \ No newline at end of file diff --git a/tags/openwrt/page/1/index.html b/tags/openwrt/page/1/index.html index af1e869e..f1473e32 100644 --- a/tags/openwrt/page/1/index.html +++ b/tags/openwrt/page/1/index.html @@ -1 +1 @@ -/tags/openwrt/ \ No newline at end of file +/tags/openwrt/ \ No newline at end of file diff --git a/tags/page/1/index.html b/tags/page/1/index.html new file mode 100644 index 00000000..4f275aad --- /dev/null +++ b/tags/page/1/index.html @@ -0,0 +1 @@ +/tags/ \ No newline at end of file diff --git a/tags/page/2/index.html b/tags/page/2/index.html new file mode 100644 index 00000000..06fbf250 --- /dev/null +++ b/tags/page/2/index.html @@ -0,0 +1,11 @@ +Tags
    +

    Tags

    database

    2023-05-22 (updated: 2024-01-01)

    eks

    2023-05-22 (updated: 2024-01-01)

    k8s

    2023-05-22 (updated: 2024-01-01)

    proxy

    2023-05-22 (updated: 2024-01-01)

    socat

    2023-05-22 (updated: 2024-01-01)

    socks

    2023-05-22 (updated: 2024-01-01)

    degoogle

    2022-12-10 (updated: 2024-01-01)

    privacy

    2022-12-10 (updated: 2024-01-01)
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/page/3/index.html b/tags/page/3/index.html new file mode 100644 index 00000000..efd4ae71 --- /dev/null +++ b/tags/page/3/index.html @@ -0,0 +1,11 @@ +Tags
    +

    Tags

    yewtu.be

    2022-12-10 (updated: 2024-01-01)

    youtube

    2022-12-10 (updated: 2024-01-01)

    openwrt

    2022-04-02 (updated: 2024-01-01)

    pfsense

    2022-04-02 (updated: 2024-01-01)

    proxmox

    2022-04-02 (updated: 2024-01-01)

    router

    2022-04-02 (updated: 2024-01-01)

    vlan

    2022-04-02 (updated: 2024-01-01)

    backup

    2022-03-13 (updated: 2024-01-01)

    gmail

    2022-03-13 (updated: 2024-01-01)
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/page/4/index.html b/tags/page/4/index.html new file mode 100644 index 00000000..b2a65ce7 --- /dev/null +++ b/tags/page/4/index.html @@ -0,0 +1,11 @@ +Tags
    +

    Tags

    synology

    2022-03-13 (updated: 2024-01-01)

    k3s

    2021-11-14 (updated: 2024-01-01)

    lxc

    2021-11-14 (updated: 2024-01-01)

    docker

    2021-10-11 (updated: 2024-01-02)

    podman

    2021-10-11 (updated: 2024-01-02)

    python

    2021-09-17 (updated: 2024-01-01)

    security

    2021-09-17 (updated: 2024-01-01)
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/page/5/index.html b/tags/page/5/index.html new file mode 100644 index 00000000..a9d3fcdc --- /dev/null +++ b/tags/page/5/index.html @@ -0,0 +1,10 @@ +Tags
    +

    Tags

    dotfiles

    2021-09-08 (updated: 2024-01-01)

    nix

    2021-09-08 (updated: 2024-01-01)

    linux

    2020-03-16 (updated: 2024-01-01)

    vpn

    2020-03-16 (updated: 2024-01-01)
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/pfsense/index.html b/tags/pfsense/index.html index ffcede11..2282a488 100644 --- a/tags/pfsense/index.html +++ b/tags/pfsense/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: pfsense • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: pfsense

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +pfsense
    +

    pfsense

    Virtualizing my router with pfSense

    2022-04-02 (updated: 2024-01-01)
    pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/pfsense/index.xml b/tags/pfsense/index.xml index 623ce2a0..0146fb8e 100644 --- a/tags/pfsense/index.xml +++ b/tags/pfsense/index.xml @@ -1 +1,7 @@ -pfsense on davegallant/tags/pfsense/Recent content in pfsense on davegallantHugo -- gohugo.ioen-usSat, 02 Apr 2022 18:50:09 -0400Virtualizing My Router With pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/ \ No newline at end of file +pfsense on/tags/pfsense/Recent content in pfsense onHugo -- gohugo.ioDave GallantSat, 02 Apr 2022 18:50:09 -0400Virtualizing my router with pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/<p>My aging router has been running <a +href="https://en.wikipedia.org/wiki/OpenWrt" +class="link--external" target="_blank" rel="noreferrer" +>OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a +href="https://openwrt.org/packages/index/start" +class="link--external" target="_blank" rel="noreferrer" +>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p> \ No newline at end of file diff --git a/tags/pfsense/page/1/index.html b/tags/pfsense/page/1/index.html index 4d6b2946..bdfe98d6 100644 --- a/tags/pfsense/page/1/index.html +++ b/tags/pfsense/page/1/index.html @@ -1 +1 @@ -/tags/pfsense/ \ No newline at end of file +/tags/pfsense/ \ No newline at end of file diff --git a/tags/pihole/index.html b/tags/pihole/index.html deleted file mode 100644 index 92cec797..00000000 --- a/tags/pihole/index.html +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - - - - - -Tag: pihole • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: pihole

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/tags/pihole/index.xml b/tags/pihole/index.xml deleted file mode 100644 index 62c47bf1..00000000 --- a/tags/pihole/index.xml +++ /dev/null @@ -1 +0,0 @@ -pihole on davegallant/tags/pihole/Recent content in pihole on davegallantHugo -- gohugo.ioen-usMon, 06 Sep 2021 01:12:54 -0400What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p> \ No newline at end of file diff --git a/tags/pihole/page/1/index.html b/tags/pihole/page/1/index.html deleted file mode 100644 index 525b1487..00000000 --- a/tags/pihole/page/1/index.html +++ /dev/null @@ -1 +0,0 @@ -/tags/pihole/ \ No newline at end of file diff --git a/tags/plex/index.html b/tags/plex/index.html deleted file mode 100644 index 9a3697de..00000000 --- a/tags/plex/index.html +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - - - - - -Tag: plex • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: plex

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/tags/plex/index.xml b/tags/plex/index.xml deleted file mode 100644 index 87a6e582..00000000 --- a/tags/plex/index.xml +++ /dev/null @@ -1 +0,0 @@ -plex on davegallant/tags/plex/Recent content in plex on davegallantHugo -- gohugo.ioen-usMon, 06 Sep 2021 01:12:54 -0400What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p> \ No newline at end of file diff --git a/tags/plex/page/1/index.html b/tags/plex/page/1/index.html deleted file mode 100644 index e336b449..00000000 --- a/tags/plex/page/1/index.html +++ /dev/null @@ -1 +0,0 @@ -/tags/plex/ \ No newline at end of file diff --git a/tags/podman/index.html b/tags/podman/index.html index 92f8e0ca..778f83af 100644 --- a/tags/podman/index.html +++ b/tags/podman/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: podman • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: podman

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +podman
    +

    podman

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/podman/index.xml b/tags/podman/index.xml index 1caabb15..db6c03bc 100644 --- a/tags/podman/index.xml +++ b/tags/podman/index.xml @@ -1 +1 @@ -podman on davegallant/tags/podman/Recent content in podman on davegallantHugo -- gohugo.ioen-usMon, 11 Oct 2021 10:43:35 -0400Replacing docker with podman on macOS (and Linux)/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Mon, 11 Oct 2021 10:43:35 -0400/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/ \ No newline at end of file +podman on/tags/podman/Recent content in podman onHugo -- gohugo.ioDave GallantMon, 11 Oct 2021 10:43:35 -0400Replacing docker with podman on macOS (and Linux)/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/Mon, 11 Oct 2021 10:43:35 -0400/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/<p>There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:</p> \ No newline at end of file diff --git a/tags/podman/page/1/index.html b/tags/podman/page/1/index.html index db35fb96..846412ae 100644 --- a/tags/podman/page/1/index.html +++ b/tags/podman/page/1/index.html @@ -1 +1 @@ -/tags/podman/ \ No newline at end of file +/tags/podman/ \ No newline at end of file diff --git a/tags/privacy/index.html b/tags/privacy/index.html index 0f017e0c..e4c5e762 100644 --- a/tags/privacy/index.html +++ b/tags/privacy/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: privacy • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: privacy

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +privacy
    +

    privacy

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/privacy/index.xml b/tags/privacy/index.xml index 9563ee38..e8d75e05 100644 --- a/tags/privacy/index.xml +++ b/tags/privacy/index.xml @@ -1 +1,7 @@ -privacy on davegallant/tags/privacy/Recent content in privacy on davegallantHugo -- gohugo.ioen-usSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in Private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/ \ No newline at end of file +privacy on/tags/privacy/Recent content in privacy onHugo -- gohugo.ioDave GallantSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/<p>I recently stumbled upon <a +href="https://yewtu.be" +class="link--external" target="_blank" rel="noreferrer" +>yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a +href="https://invidious.io/" +class="link--external" target="_blank" rel="noreferrer" +>invidious</a>.</p> \ No newline at end of file diff --git a/tags/privacy/page/1/index.html b/tags/privacy/page/1/index.html index 4c32a979..c8956c62 100644 --- a/tags/privacy/page/1/index.html +++ b/tags/privacy/page/1/index.html @@ -1 +1 @@ -/tags/privacy/ \ No newline at end of file +/tags/privacy/ \ No newline at end of file diff --git a/tags/proxmox/index.html b/tags/proxmox/index.html index a902992f..fb7f7c77 100644 --- a/tags/proxmox/index.html +++ b/tags/proxmox/index.html @@ -1,223 +1,9 @@ - - - - - - - - - - - -Tag: proxmox • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: proxmox

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +proxmox
    +

    proxmox

    Virtualizing my router with pfSense

    2022-04-02 (updated: 2024-01-01)
    pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    Read more >

    Running K3s in LXC on Proxmox

    2021-11-14 (updated: 2024-01-01)
    k3sproxmoxlxcself‑hosted
    It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/proxmox/index.xml b/tags/proxmox/index.xml index 483e2dce..c42e2c00 100644 --- a/tags/proxmox/index.xml +++ b/tags/proxmox/index.xml @@ -1 +1,7 @@ -proxmox on davegallant/tags/proxmox/Recent content in proxmox on davegallantHugo -- gohugo.ioen-usSat, 02 Apr 2022 18:50:09 -0400Virtualizing My Router With pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/ \ No newline at end of file +proxmox on/tags/proxmox/Recent content in proxmox onHugo -- gohugo.ioDave GallantSat, 02 Apr 2022 18:50:09 -0400Virtualizing my router with pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/<p>My aging router has been running <a +href="https://en.wikipedia.org/wiki/OpenWrt" +class="link--external" target="_blank" rel="noreferrer" +>OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a +href="https://openwrt.org/packages/index/start" +class="link--external" target="_blank" rel="noreferrer" +>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p>Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. \ No newline at end of file diff --git a/tags/proxmox/page/1/index.html b/tags/proxmox/page/1/index.html index 9722bf62..b3189e57 100644 --- a/tags/proxmox/page/1/index.html +++ b/tags/proxmox/page/1/index.html @@ -1 +1 @@ -/tags/proxmox/ \ No newline at end of file +/tags/proxmox/ \ No newline at end of file diff --git a/tags/proxy/index.html b/tags/proxy/index.html new file mode 100644 index 00000000..472b2ed5 --- /dev/null +++ b/tags/proxy/index.html @@ -0,0 +1,9 @@ +proxy
    +

    proxy

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/proxy/index.xml b/tags/proxy/index.xml new file mode 100644 index 00000000..329ff64e --- /dev/null +++ b/tags/proxy/index.xml @@ -0,0 +1 @@ +proxy on/tags/proxy/Recent content in proxy onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/proxy/page/1/index.html b/tags/proxy/page/1/index.html new file mode 100644 index 00000000..c1551421 --- /dev/null +++ b/tags/proxy/page/1/index.html @@ -0,0 +1 @@ +/tags/proxy/ \ No newline at end of file diff --git a/tags/python/index.html b/tags/python/index.html index 11815e07..6837148f 100644 --- a/tags/python/index.html +++ b/tags/python/index.html @@ -1,223 +1,10 @@ - - - - - - - - - - - -Tag: python • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: python

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +python
    +

    python

    Automatically rotating AWS access keys

    2021-09-17 (updated: 2024-01-01)
    awspythonsecurityaws‑vault
    Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/python/index.xml b/tags/python/index.xml index ae97628b..baa5c640 100644 --- a/tags/python/index.xml +++ b/tags/python/index.xml @@ -1 +1,2 @@ -python on davegallant/tags/python/Recent content in python on davegallantHugo -- gohugo.ioen-usFri, 17 Sep 2021 12:48:33 -0400Automatically Rotating AWS Access Keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/AppGate SDP on Arch Linux/blog/2020/03/16/appgate-sdp-on-arch-linux/Mon, 16 Mar 2020 22:00:15 -0400/blog/2020/03/16/appgate-sdp-on-arch-linux/<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p> \ No newline at end of file +python on/tags/python/Recent content in python onHugo -- gohugo.ioDave GallantFri, 17 Sep 2021 12:48:33 -0400Automatically rotating AWS access keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.AppGate SDP on Arch Linux/blog/2020/03/16/appgate-sdp-on-arch-linux/Mon, 16 Mar 2020 22:00:15 -0400/blog/2020/03/16/appgate-sdp-on-arch-linux/<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p> \ No newline at end of file diff --git a/tags/python/page/1/index.html b/tags/python/page/1/index.html index 418187ca..1c1032f8 100644 --- a/tags/python/page/1/index.html +++ b/tags/python/page/1/index.html @@ -1 +1 @@ -/tags/python/ \ No newline at end of file +/tags/python/ \ No newline at end of file diff --git a/tags/ransomware/index.html b/tags/ransomware/index.html index e60c8500..c4be56ed 100644 --- a/tags/ransomware/index.html +++ b/tags/ransomware/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: ransomware • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: ransomware

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +ransomware
    +

    ransomware

    Backing up gmail with Synology

    2022-03-13 (updated: 2024-01-01)
    degooglesynologygmailbackupransomware

    I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/ransomware/index.xml b/tags/ransomware/index.xml index 9018935e..4b4c10e0 100644 --- a/tags/ransomware/index.xml +++ b/tags/ransomware/index.xml @@ -1 +1 @@ -ransomware on davegallant/tags/ransomware/Recent content in ransomware on davegallantHugo -- gohugo.ioen-usSun, 13 Mar 2022 18:49:10 -0400Backing Up Gmail With Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/ \ No newline at end of file +ransomware on/tags/ransomware/Recent content in ransomware onHugo -- gohugo.ioDave GallantSun, 13 Mar 2022 18:49:10 -0400Backing up gmail with Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/<p>I&rsquo;ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.</p> \ No newline at end of file diff --git a/tags/ransomware/page/1/index.html b/tags/ransomware/page/1/index.html index 9bcf3afe..a699c462 100644 --- a/tags/ransomware/page/1/index.html +++ b/tags/ransomware/page/1/index.html @@ -1 +1 @@ -/tags/ransomware/ \ No newline at end of file +/tags/ransomware/ \ No newline at end of file diff --git a/tags/router-on-a-stick/index.html b/tags/router-on-a-stick/index.html index 9140754a..1763f6b5 100644 --- a/tags/router-on-a-stick/index.html +++ b/tags/router-on-a-stick/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: router-on-a-stick • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: router-on-a-stick

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +router-on-a-stick
    +

    router-on-a-stick

    Virtualizing my router with pfSense

    2022-04-02 (updated: 2024-01-01)
    pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/router-on-a-stick/index.xml b/tags/router-on-a-stick/index.xml index 1a9a0569..6e0043b9 100644 --- a/tags/router-on-a-stick/index.xml +++ b/tags/router-on-a-stick/index.xml @@ -1 +1,7 @@ -router-on-a-stick on davegallant/tags/router-on-a-stick/Recent content in router-on-a-stick on davegallantHugo -- gohugo.ioen-usSat, 02 Apr 2022 18:50:09 -0400Virtualizing My Router With pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/ \ No newline at end of file +router-on-a-stick on/tags/router-on-a-stick/Recent content in router-on-a-stick onHugo -- gohugo.ioDave GallantSat, 02 Apr 2022 18:50:09 -0400Virtualizing my router with pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/<p>My aging router has been running <a +href="https://en.wikipedia.org/wiki/OpenWrt" +class="link--external" target="_blank" rel="noreferrer" +>OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a +href="https://openwrt.org/packages/index/start" +class="link--external" target="_blank" rel="noreferrer" +>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p> \ No newline at end of file diff --git a/tags/router-on-a-stick/page/1/index.html b/tags/router-on-a-stick/page/1/index.html index 0ade4d3d..9fd3fbee 100644 --- a/tags/router-on-a-stick/page/1/index.html +++ b/tags/router-on-a-stick/page/1/index.html @@ -1 +1 @@ -/tags/router-on-a-stick/ \ No newline at end of file +/tags/router-on-a-stick/ \ No newline at end of file diff --git a/tags/router/index.html b/tags/router/index.html index 76d25173..d1268d3b 100644 --- a/tags/router/index.html +++ b/tags/router/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: router • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: router

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +router
    +

    router

    Virtualizing my router with pfSense

    2022-04-02 (updated: 2024-01-01)
    pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/router/index.xml b/tags/router/index.xml index d9f645e5..a29f63ea 100644 --- a/tags/router/index.xml +++ b/tags/router/index.xml @@ -1 +1,7 @@ -router on davegallant/tags/router/Recent content in router on davegallantHugo -- gohugo.ioen-usSat, 02 Apr 2022 18:50:09 -0400Virtualizing My Router With pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/ \ No newline at end of file +router on/tags/router/Recent content in router onHugo -- gohugo.ioDave GallantSat, 02 Apr 2022 18:50:09 -0400Virtualizing my router with pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/<p>My aging router has been running <a +href="https://en.wikipedia.org/wiki/OpenWrt" +class="link--external" target="_blank" rel="noreferrer" +>OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a +href="https://openwrt.org/packages/index/start" +class="link--external" target="_blank" rel="noreferrer" +>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p> \ No newline at end of file diff --git a/tags/router/page/1/index.html b/tags/router/page/1/index.html index 1c1db78e..638b8931 100644 --- a/tags/router/page/1/index.html +++ b/tags/router/page/1/index.html @@ -1 +1 @@ -/tags/router/ \ No newline at end of file +/tags/router/ \ No newline at end of file diff --git a/tags/security/index.html b/tags/security/index.html index 266efdc9..fa15a01e 100644 --- a/tags/security/index.html +++ b/tags/security/index.html @@ -1,210 +1,10 @@ - - - - - - - - - - - -Tag: security • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: security

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +security
    +

    security

    Automatically rotating AWS access keys

    2021-09-17 (updated: 2024-01-01)
    awspythonsecurityaws‑vault
    Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.
    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/security/index.xml b/tags/security/index.xml index 7a229a4a..3de8446d 100644 --- a/tags/security/index.xml +++ b/tags/security/index.xml @@ -1 +1,2 @@ -security on davegallant/tags/security/Recent content in security on davegallantHugo -- gohugo.ioen-usFri, 17 Sep 2021 12:48:33 -0400Automatically Rotating AWS Access Keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/ \ No newline at end of file +security on/tags/security/Recent content in security onHugo -- gohugo.ioDave GallantFri, 17 Sep 2021 12:48:33 -0400Automatically rotating AWS access keys/blog/2021/09/17/automatically-rotating-aws-access-keys/Fri, 17 Sep 2021 12:48:33 -0400/blog/2021/09/17/automatically-rotating-aws-access-keys/Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. +In the longer term, migrating my local workflows to aws-vault seems like a more secure solution. \ No newline at end of file diff --git a/tags/security/page/1/index.html b/tags/security/page/1/index.html index cebfd942..2847dee2 100644 --- a/tags/security/page/1/index.html +++ b/tags/security/page/1/index.html @@ -1 +1 @@ -/tags/security/ \ No newline at end of file +/tags/security/ \ No newline at end of file diff --git a/tags/self-hosted/index.html b/tags/self-hosted/index.html new file mode 100644 index 00000000..11c79033 --- /dev/null +++ b/tags/self-hosted/index.html @@ -0,0 +1,9 @@ +self-hosted
    +

    self-hosted

    Virtualizing my router with pfSense

    2022-04-02 (updated: 2024-01-01)
    pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    Read more >

    Running K3s in LXC on Proxmox

    2021-11-14 (updated: 2024-01-01)
    k3sproxmoxlxcself‑hosted
    It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.
    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/self-hosted/index.xml b/tags/self-hosted/index.xml new file mode 100644 index 00000000..dc522f1c --- /dev/null +++ b/tags/self-hosted/index.xml @@ -0,0 +1,16 @@ +self-hosted on/tags/self-hosted/Recent content in self-hosted onHugo -- gohugo.ioDave GallantSun, 10 Dec 2023 17:22:11 -0500Setting up Gitea Actions with Tailscale/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/Sun, 10 Dec 2023 17:22:11 -0500/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/<p>In this post I&rsquo;ll go through the process of setting up Gitea Actions and <a +href="https://tailscale.com/" +class="link--external" target="_blank" rel="noreferrer" +>Tailscale</a>, unlocking a simple and secure way to automate workflows.</p>Watching YouTube in private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/<p>I recently stumbled upon <a +href="https://yewtu.be" +class="link--external" target="_blank" rel="noreferrer" +>yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a +href="https://invidious.io/" +class="link--external" target="_blank" rel="noreferrer" +>invidious</a>.</p>Virtualizing my router with pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/<p>My aging router has been running <a +href="https://en.wikipedia.org/wiki/OpenWrt" +class="link--external" target="_blank" rel="noreferrer" +>OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a +href="https://openwrt.org/packages/index/start" +class="link--external" target="_blank" rel="noreferrer" +>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p>Running K3s in LXC on Proxmox/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/Sun, 14 Nov 2021 10:07:03 -0500/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/It has been a while since I&rsquo;ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I&rsquo;ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it&rsquo;d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment. \ No newline at end of file diff --git a/tags/self-hosted/page/1/index.html b/tags/self-hosted/page/1/index.html new file mode 100644 index 00000000..dc7a1b6f --- /dev/null +++ b/tags/self-hosted/page/1/index.html @@ -0,0 +1 @@ +/tags/self-hosted/ \ No newline at end of file diff --git a/tags/socat/index.html b/tags/socat/index.html new file mode 100644 index 00000000..1237fd58 --- /dev/null +++ b/tags/socat/index.html @@ -0,0 +1,9 @@ +socat
    +

    socat

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/socat/index.xml b/tags/socat/index.xml new file mode 100644 index 00000000..96df237f --- /dev/null +++ b/tags/socat/index.xml @@ -0,0 +1 @@ +socat on/tags/socat/Recent content in socat onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/socat/page/1/index.html b/tags/socat/page/1/index.html new file mode 100644 index 00000000..8bbd1b44 --- /dev/null +++ b/tags/socat/page/1/index.html @@ -0,0 +1 @@ +/tags/socat/ \ No newline at end of file diff --git a/tags/socks/index.html b/tags/socks/index.html new file mode 100644 index 00000000..e0dc6acb --- /dev/null +++ b/tags/socks/index.html @@ -0,0 +1,9 @@ +socks
    +

    socks

    Using AKS and SOCKS to connect to a private Azure DB

    2023-05-22 (updated: 2024-01-01)
    aksawsazurebastioncloud‑sql‑proxydatabaseeksk8skubectl‑plugin‑socks5‑proxyproxysocatsocks

    I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/socks/index.xml b/tags/socks/index.xml new file mode 100644 index 00000000..d736dab5 --- /dev/null +++ b/tags/socks/index.xml @@ -0,0 +1 @@ +socks on/tags/socks/Recent content in socks onHugo -- gohugo.ioDave GallantMon, 22 May 2023 16:31:29 -0400Using AKS and SOCKS to connect to a private Azure DB/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/Mon, 22 May 2023 16:31:29 -0400/blog/2023/05/22/using-aks-and-socks-to-connect-to-a-private-azure-db/<p>I ran into a roadblock recently where I wanted to be able to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I&rsquo;d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I&rsquo;d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.</p> \ No newline at end of file diff --git a/tags/socks/page/1/index.html b/tags/socks/page/1/index.html new file mode 100644 index 00000000..ad6c23a7 --- /dev/null +++ b/tags/socks/page/1/index.html @@ -0,0 +1 @@ +/tags/socks/ \ No newline at end of file diff --git a/tags/synology/index.html b/tags/synology/index.html index c52a841c..2847f03f 100644 --- a/tags/synology/index.html +++ b/tags/synology/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: synology • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: synology

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +synology
    +

    synology

    Backing up gmail with Synology

    2022-03-13 (updated: 2024-01-01)
    degooglesynologygmailbackupransomware

    I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/synology/index.xml b/tags/synology/index.xml index d9f352d7..c8c0d80c 100644 --- a/tags/synology/index.xml +++ b/tags/synology/index.xml @@ -1 +1 @@ -synology on davegallant/tags/synology/Recent content in synology on davegallantHugo -- gohugo.ioen-usSun, 13 Mar 2022 18:49:10 -0400Backing Up Gmail With Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/ \ No newline at end of file +synology on/tags/synology/Recent content in synology onHugo -- gohugo.ioDave GallantSun, 13 Mar 2022 18:49:10 -0400Backing up gmail with Synology/blog/2022/03/13/backing-up-gmail-with-synology/Sun, 13 Mar 2022 18:49:10 -0400/blog/2022/03/13/backing-up-gmail-with-synology/<p>I&rsquo;ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.</p> \ No newline at end of file diff --git a/tags/synology/page/1/index.html b/tags/synology/page/1/index.html index 2afc1789..eba8b0b4 100644 --- a/tags/synology/page/1/index.html +++ b/tags/synology/page/1/index.html @@ -1 +1 @@ -/tags/synology/ \ No newline at end of file +/tags/synology/ \ No newline at end of file diff --git a/tags/tailscale/index.html b/tags/tailscale/index.html index 6133b28d..66449f3a 100644 --- a/tags/tailscale/index.html +++ b/tags/tailscale/index.html @@ -1,223 +1,9 @@ - - - - - - - - - - - -Tag: tailscale • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: tailscale

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +tailscale
    +

    tailscale

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/tailscale/index.xml b/tags/tailscale/index.xml index 8bd9f664..1c933d31 100644 --- a/tags/tailscale/index.xml +++ b/tags/tailscale/index.xml @@ -1 +1,10 @@ -tailscale on davegallant/tags/tailscale/Recent content in tailscale on davegallantHugo -- gohugo.ioen-usSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in Private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p> \ No newline at end of file +tailscale on/tags/tailscale/Recent content in tailscale onHugo -- gohugo.ioDave GallantSun, 10 Dec 2023 17:22:11 -0500Setting up Gitea Actions with Tailscale/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/Sun, 10 Dec 2023 17:22:11 -0500/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/<p>In this post I&rsquo;ll go through the process of setting up Gitea Actions and <a +href="https://tailscale.com/" +class="link--external" target="_blank" rel="noreferrer" +>Tailscale</a>, unlocking a simple and secure way to automate workflows.</p>Watching YouTube in private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/<p>I recently stumbled upon <a +href="https://yewtu.be" +class="link--external" target="_blank" rel="noreferrer" +>yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a +href="https://invidious.io/" +class="link--external" target="_blank" rel="noreferrer" +>invidious</a>.</p> \ No newline at end of file diff --git a/tags/tailscale/page/1/index.html b/tags/tailscale/page/1/index.html index 84913c1e..72ab39f2 100644 --- a/tags/tailscale/page/1/index.html +++ b/tags/tailscale/page/1/index.html @@ -1 +1 @@ -/tags/tailscale/ \ No newline at end of file +/tags/tailscale/ \ No newline at end of file diff --git a/tags/virtualization/index.html b/tags/virtualization/index.html deleted file mode 100644 index f8cc327f..00000000 --- a/tags/virtualization/index.html +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - - - - - -Tag: virtualization • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: virtualization

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file diff --git a/tags/virtualization/index.xml b/tags/virtualization/index.xml deleted file mode 100644 index 442d324c..00000000 --- a/tags/virtualization/index.xml +++ /dev/null @@ -1 +0,0 @@ -virtualization on davegallant/tags/virtualization/Recent content in virtualization on davegallantHugo -- gohugo.ioen-usMon, 06 Sep 2021 01:12:54 -0400What To Do With A Homelab/blog/2021/09/06/what-to-do-with-a-homelab/Mon, 06 Sep 2021 01:12:54 -0400/blog/2021/09/06/what-to-do-with-a-homelab/<p>A homelab can be an inexpensive way to host a multitude of internal/external services and learn <em>a lot</em> in the process.</p> \ No newline at end of file diff --git a/tags/virtualization/page/1/index.html b/tags/virtualization/page/1/index.html deleted file mode 100644 index 3419e220..00000000 --- a/tags/virtualization/page/1/index.html +++ /dev/null @@ -1 +0,0 @@ -/tags/virtualization/ \ No newline at end of file diff --git a/tags/vlan/index.html b/tags/vlan/index.html index d11eb064..5ae10124 100644 --- a/tags/vlan/index.html +++ b/tags/vlan/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: vlan • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: vlan

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +vlan
    +

    vlan

    Virtualizing my router with pfSense

    2022-04-02 (updated: 2024-01-01)
    pfsenserouteropenwrtrouter‑on‑a‑stickproxmoxvlanself‑hosted

    My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

    Read more >
    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/vlan/index.xml b/tags/vlan/index.xml index d225a4cc..d6347716 100644 --- a/tags/vlan/index.xml +++ b/tags/vlan/index.xml @@ -1 +1,7 @@ -vlan on davegallant/tags/vlan/Recent content in vlan on davegallantHugo -- gohugo.ioen-usSat, 02 Apr 2022 18:50:09 -0400Virtualizing My Router With pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/ \ No newline at end of file +vlan on/tags/vlan/Recent content in vlan onHugo -- gohugo.ioDave GallantSat, 02 Apr 2022 18:50:09 -0400Virtualizing my router with pfSense/blog/2022/04/02/virtualizing-my-router-with-pfsense/Sat, 02 Apr 2022 18:50:09 -0400/blog/2022/04/02/virtualizing-my-router-with-pfsense/<p>My aging router has been running <a +href="https://en.wikipedia.org/wiki/OpenWrt" +class="link--external" target="_blank" rel="noreferrer" +>OpenWrt</a> for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a <a +href="https://openwrt.org/packages/index/start" +class="link--external" target="_blank" rel="noreferrer" +>large index of packages</a>. Ever since I&rsquo;ve connected some standalone wireless access points, I&rsquo;ve had less of a need for an off-the-shelf all-in-one wireless router combo. I&rsquo;ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!</p> \ No newline at end of file diff --git a/tags/vlan/page/1/index.html b/tags/vlan/page/1/index.html index 04e3b1f4..26155bc5 100644 --- a/tags/vlan/page/1/index.html +++ b/tags/vlan/page/1/index.html @@ -1 +1 @@ -/tags/vlan/ \ No newline at end of file +/tags/vlan/ \ No newline at end of file diff --git a/tags/vpn/index.html b/tags/vpn/index.html index d12e47f0..fdf40e52 100644 --- a/tags/vpn/index.html +++ b/tags/vpn/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: vpn • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: vpn

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +vpn
    +

    vpn

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/vpn/index.xml b/tags/vpn/index.xml index f067dbca..0a743de5 100644 --- a/tags/vpn/index.xml +++ b/tags/vpn/index.xml @@ -1 +1 @@ -vpn on davegallant/tags/vpn/Recent content in vpn on davegallantHugo -- gohugo.ioen-usMon, 16 Mar 2020 22:00:15 -0400AppGate SDP on Arch Linux/blog/2020/03/16/appgate-sdp-on-arch-linux/Mon, 16 Mar 2020 22:00:15 -0400/blog/2020/03/16/appgate-sdp-on-arch-linux/<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p> \ No newline at end of file +vpn on/tags/vpn/Recent content in vpn onHugo -- gohugo.ioDave GallantMon, 16 Mar 2020 22:00:15 -0400AppGate SDP on Arch Linux/blog/2020/03/16/appgate-sdp-on-arch-linux/Mon, 16 Mar 2020 22:00:15 -0400/blog/2020/03/16/appgate-sdp-on-arch-linux/<p>AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP <code>4.3.2</code> working on Arch Linux.</p> \ No newline at end of file diff --git a/tags/vpn/page/1/index.html b/tags/vpn/page/1/index.html index 8406a096..78c2a9e8 100644 --- a/tags/vpn/page/1/index.html +++ b/tags/vpn/page/1/index.html @@ -1 +1 @@ -/tags/vpn/ \ No newline at end of file +/tags/vpn/ \ No newline at end of file diff --git a/tags/yewtu.be/index.html b/tags/yewtu.be/index.html index 893c1ae8..2ab90ef0 100644 --- a/tags/yewtu.be/index.html +++ b/tags/yewtu.be/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: yewtu.be • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: yewtu.be

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +yewtu.be
    +

    yewtu.be

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/yewtu.be/index.xml b/tags/yewtu.be/index.xml index 4e358325..98e6b726 100644 --- a/tags/yewtu.be/index.xml +++ b/tags/yewtu.be/index.xml @@ -1 +1,7 @@ -yewtu.be on davegallant/tags/yewtu.be/Recent content in yewtu.be on davegallantHugo -- gohugo.ioen-usSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in Private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/ \ No newline at end of file +yewtu.be on/tags/yewtu.be/Recent content in yewtu.be onHugo -- gohugo.ioDave GallantSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/<p>I recently stumbled upon <a +href="https://yewtu.be" +class="link--external" target="_blank" rel="noreferrer" +>yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a +href="https://invidious.io/" +class="link--external" target="_blank" rel="noreferrer" +>invidious</a>.</p> \ No newline at end of file diff --git a/tags/yewtu.be/page/1/index.html b/tags/yewtu.be/page/1/index.html index dfa05a1c..77edcf4f 100644 --- a/tags/yewtu.be/page/1/index.html +++ b/tags/yewtu.be/page/1/index.html @@ -1 +1 @@ -/tags/yewtu.be/ \ No newline at end of file +/tags/yewtu.be/ \ No newline at end of file diff --git a/tags/youtube/index.html b/tags/youtube/index.html index b8024416..241872c5 100644 --- a/tags/youtube/index.html +++ b/tags/youtube/index.html @@ -1,210 +1,9 @@ - - - - - - - - - - - -Tag: youtube • davegallant - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    -

    Tag: youtube

    -
    -
    -
    -
    - -
    -
    -
    -
    -

    © 2020-2022 Dave Gallant

    -
    -
    -
    -
    -
    - - - \ No newline at end of file +youtube
    +

    youtube

    Dave Gallant
    +
    \ No newline at end of file diff --git a/tags/youtube/index.xml b/tags/youtube/index.xml index 28ca96ff..0b32d220 100644 --- a/tags/youtube/index.xml +++ b/tags/youtube/index.xml @@ -1 +1,7 @@ -youtube on davegallant/tags/youtube/Recent content in youtube on davegallantHugo -- gohugo.ioen-usSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in Private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/ \ No newline at end of file +youtube on/tags/youtube/Recent content in youtube onHugo -- gohugo.ioDave GallantSat, 10 Dec 2022 21:46:55 -0500Watching YouTube in private/blog/2022/12/10/watching-youtube-in-private/Sat, 10 Dec 2022 21:46:55 -0500/blog/2022/12/10/watching-youtube-in-private/<p>I recently stumbled upon <a +href="https://yewtu.be" +class="link--external" target="_blank" rel="noreferrer" +>yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a +href="https://invidious.io/" +class="link--external" target="_blank" rel="noreferrer" +>invidious</a>.</p> \ No newline at end of file diff --git a/tags/youtube/page/1/index.html b/tags/youtube/page/1/index.html index 1c8ad413..db90b42b 100644 --- a/tags/youtube/page/1/index.html +++ b/tags/youtube/page/1/index.html @@ -1 +1 @@ -/tags/youtube/ \ No newline at end of file +/tags/youtube/ \ No newline at end of file