davegallant.ca

Using a Realtek NIC with OPNsense

Mon, 21 Apr 2025 17:17:46 -0400

For the past few years, I’ve been running pfSense (and more recently OPNsense) in a virtual machine within Proxmox. This has been running fine with a single onboard Intel NIC. A few months ago, I upgraded to a machine that has a CPU that supports hardware-accelerated transcoding, has more SATA ports, and has more PCI slots for future expansion. With the goal of having a dedicated NIC for WAN, I bought an inexpensive 1Gbps PCIe NIC (TG-3468) despite reading about some of the concerns around Realtek NICs (sluggish performance, driver instability, and in some cases system crashes).

I’ve been running a Realtek NICs reliably on Linux and Windows desktops, so I figured I could make it work without too much effort, but it turns out Realtek NICs really can be problematic when it comes to FreeBSD-based routers, and commonly documented workarounds did not solve my problems.

Replicating TrueNAS datasets to sftpgo over Tailscale

Thu, 17 Apr 2025 22:03:33 -0400

I’ve recently spun up an instance of TrueNAS SCALE after salvaging a couple hard drives from a past computer build and decided I could use additional network storage for various backups such as Proxmox VMs and home directory backups.

Opting out of haveibeenpwned

Sun, 16 Feb 2025 21:15:07 -0500

Data breaches are a concern for anyone trying to live a life of relative privacy. Last month, PowerSchool informed its customers that hackers stole data of 62 million students. This may not have impacted you, but unless you have been practicing Extreme Privacy techniques for decades, you likely have been impacted by a data breach in the past.

Amazon EBS CSI driver with terraform

Sun, 07 Apr 2024 15:20:23 -0400

I recently configured the Amazon EBS CSI driver and found the setup with terraform to be more effort than expected. I wanted to avoid third-party modules and keep it as simple as possible, while remaining least privilege.

UPDATE: This approach can also be used for the aws-efs-csi-driver

Setting up Gitea Actions with Tailscale

Sun, 10 Dec 2023 17:22:11 -0500

In this post I’ll go through the process of setting up Gitea Actions and Tailscale, unlocking a simple and secure way to automate workflows.

Using AKS and SOCKS to connect to a private Azure DB

Mon, 22 May 2023 16:31:29 -0400

I ran into a roadblock recently where I wanted to conveniently connect to a managed postgres database within Azure that was not running on public subnets. And by conveniently, I mean that I’d rather not have to spin up an ephemeral virtual machine running in the same network and proxy the connection, and I’d like to use a local client (preferably with a GUI). After several web searches, it became evident that Azure does not readily provide much tooling to support this.

Watching YouTube in private

Sat, 10 Dec 2022 21:46:55 -0500

I recently stumbled upon yewtu.be and found it intriguing. It not only allows you to watch YouTube without being on YouTube, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it’s a hosted instance of invidious.

Virtualizing my router with pfSense

Sat, 02 Apr 2022 18:50:09 -0400

My aging router has been running OpenWrt for years and for the most part has been quite reliable. OpenWrt is an open-source project used on embedded devices to route network traffic. It supports many different configurations and there exists a large index of packages. Ever since I’ve connected some standalone wireless access points, I’ve had less of a need for an off-the-shelf all-in-one wireless router combo. I’ve also recently been experiencing instability with my router (likely the result of a combination of configuration tweaking and firmware updating). OpenWrt has served me well, but it is time to move on!

Backing up gmail with Synology

Sun, 13 Mar 2022 18:49:10 -0400

I’ve used gmail since the beta launched touting a whopping 1GB of storage. I thought this was a massive leap in email technology at the time. I was lucky enough to get an invite fairly quickly. Not suprisingly, I have many years of emails, attachments, and photos. I certainly do not want to lose the content of many of these emails. Despite the redundancy of the data that Google secures, I still feel better retaining a copy of this data on my own physical machines.

Running K3s in LXC on Proxmox

Sun, 14 Nov 2021 10:07:03 -0500

It has been a while since I’ve actively used Kubernetes and wanted to explore the evolution of tools such as Helm and Tekton. I decided to deploy K3s, since I’ve had success with deploying it on resource-contrained Raspberry Pis in the past. I thought that this time it’d be convenient to have K3s running in a LXC container on Proxmox. This would allow for easy snapshotting of the entire Kubernetes deployment.

Replacing docker with podman on macOS (and Linux)

Mon, 11 Oct 2021 10:43:35 -0400

There are a number of reasons why you might want to replace docker, especially on macOS. The following feature bundled in Docker Desktop might have motivated you enough to consider replacing docker:

Automatically rotating AWS access keys

Fri, 17 Sep 2021 12:48:33 -0400

Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a script since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background. In the longer term, migrating my local workflows to aws-vault seems like a more secure solution.

Why I threw out my dotfiles

Wed, 08 Sep 2021 00:42:33 -0400

Over the years I have collected a number of dotfiles that I have shared across both Linux and macOS machines (~/.zshrc, ~/.config/git/config, ~/.config/tmux/tmux.conf, etc). I have tried several different ways to manage them, including bare git repos and utilities such as GNU Stow. These solutions work well enough, but I have since found what I would consider a much better solution for organizing user configuration: home-manager.

What to do with a homelab

Mon, 06 Sep 2021 01:12:54 -0400

A homelab can be an inexpensive way to host a multitude of internal/external services and learn a lot in the process.

AppGate SDP on Arch Linux

Mon, 16 Mar 2020 22:00:15 -0400

AppGate SDP provides a Zero Trust network. This post describes how to get AppGate SDP 4.3.2 working on Arch Linux.