New entertainment center
2023-04-28 | #3d-design #woodworking
In which I design and build a new entertainment center
In-Cluster Prometheus
2022-07-27 | #k8s #prometheus
Up until recently, I was running two separate Prometheus instances – one on a Raspberry Pi, and the other in my k3s cluster using kube-prometheus-stack. I wanted to unify them, ideally to simplify management and version control. The challenge here is in how to manage the scrape targets for out-of-cluster resources. Thanks to my friend Justin, I was able to use a much more elegant solution. Options The basic way When deploying kube-prometheus-stack, define additionalScrapeConfigs.
K3S, split-horizon DNS, DNSSEC, and PowerDNS
On my home K3S cluster, I was running into a string of weird DNS issues. Here’s how I ended up fixing it. Architecture Overview 6-node K3S cluster (3x worker, 3x control plane) In-cluster DNS using standard off-the-shelf CoreDNS Intranet DNS provided by PowerDNS 2 DNS servers Each runs PDNS Authoritative (for internal zone example.com and reverse) Each runs PDNS Recursor (for all other queries; forwards to auth for example.com) Internet DNS for example.
ALL the Zeldas (pt. 1)
2022-05-18 | #games #zelda
Last week, I completed a longtime personal goal. I can now say I’ve beaten all the mainline Zelda games! How do I define “mainline Zelda”? More or less, anything in the Hyrule Historia, plus BotW which wasn’t released when the book came out. This doesn’t include the CD-i games, nor any of the spinoff games such as Hyrule Warriors or Link’s Crossbow Training. It also doesn’t include the games that require you to have friends to play…
In Search of Organization
2020-11-17 | #blog #organization #rfc #taskmanagement
I’ve long struggled with finding an organizational, note taking, and task management system that works for me. I feel like I’ve tried dang near everything out there, but nothing really “sticks”. In this blog post, I focus mostly on technological solutions. While not a hard requirement in my mind, the convenience of not having to keep a physical thing on my person. Plus, my handwriting is atrocious! A further problem I have is the divide between work and personal.
Anatomy of a Phishing Email
2020-10-27 | #infosec #malware #reversing
Intro We all get spam. Most of it is devoured by our mail providers’ spam catcher, and we never see it. Every now and then, one slips through the cracks. In this case, I received an email earlier this week with a subject of “Re: Notification your test results COVID-19 [ note-7893 ]”. Classic, making me think it’s in reply to one of my email…that I sent about their test results?
Configuring multiple routers & services with Traefik
2020-06-28 | #docker #traefik
Quick note on configuring a single Docker container that needs to expose multiple ports using Traefik. For this example, I’m using Ubooquity as it uses a separate port for admin that I wanted to just route on the same domain. version: "3.7" services: ubooquity: image: linuxserver/ubooquity container_name: ubooquity environment: - PUID=1000 - PGID=1000 - TZ=America/Chicago - MAXMEM=1024 # MB labels: - traefik.http.routers.ubooquity.rule=Host(`ubooquity.example.com`) - traefik.http.routers.ubooquity.service=ubooquity - traefik.http.services.ubooquity.loadbalancer.server.port=2202 - traefik.http.services.ubooquity.loadbalancer.server.scheme=http - traefik.http.routers.ubooquity.tls=true - traefik.
Running certbot behind nginx
2020-04-27 | #letsencrypt #nginx
I’ve talked about my bizarre double-reverse-proxy approach before. Today I ran into an issue getting a real letsencrypt cert on a backend host. I just wanted to share the config – this goes on the frontend nginx host. Assuming you’re using the certbot-nginx plugin, no special config is needed on the backend. rewrite ^(/.well-known/acme-challenge/.*) $1 break; location ^~ /.well-known/acme-challenge { proxy_pass http://backend-host; } This will get around the sane default http -> https redirects you’ve probbaly set up.
Migrating from vSphere to KVM
2020-04-20 | #kvm #networking #vmware
I recently acquired a new server to upgrade my aging HP Gen6 boxes. Since I was consolidating down from 2 to 1 host (but going up to 32 logical threads and 384GB memory), I figured the “HA” portion of VMware/vSphere/vCenter (I’ve entirely forgotten to mind my spheres & centers!) was less necessary. I could have switch to Proxmox, but where’s the challenge in that!? Instead, I switched to plain Ubuntu 20.
Configuring LDAP auth for Traefik (and more!)
2020-02-17 | #ldap #nginx #traefik
As it stands now, my setup for web-accessible Docker-hosted sites is a bit convoluted. Traffic from the gateway flows into a bastion host in my DMZ. This is a tiny box running Nginx acting as a reverse proxy. There’s a hole in the firewall poked in from this bastion host to the Docker host running on my internal network. Traefik runs in Docker and provides SSL termination among other things.