Simple OPNsense Firewall Rules for a Secure Smart Home This article presents a simple, balanced OPNsense firewall configuration for a secure smart home. The config provides good security while still allowing the freedom a family not entirely comprised of geeks needs. Read more
Home Assistant Installation as VM on Proxmox This article explains how to set up Home Assistant in a virtual machine on Proxmox with automatic HTTPS via dockerized Caddy. Read more
OPNsense HowTo: IPv4 & IPv6 Internet Connectivity With FTTH Modem This article explains how to configure OPNsense as your (only) internet router in a fiber to the home (FTTH) setup. Read more
Samba File Server: Web Access Through Filebrowser With SSO & HTTPS This article explains how to set up Filebrowser in a Docker container as a web interface for browser-based access to a Samba file server. Read more
Samba File Server With Windows ACLs in a Docker Container This article explains how to set up a Samba file server with Windows ACLs as a domain member in a Docker container. Read more
Samba Active Directory as Authelia’s SSO Authentication Backend This article explains how to configure Samba Active Directory as Authelia's authentication backend via LDAP. Read more
Samba Active Directory in a Docker Container: Installation Guide This article explains how to install a Samba v4 Active Directory domain controller in a Docker container. It's part of a mini-series about running Samba Active Directory and file server service on a home server. Read more
Unbound: Conditionally Include Only Existing (Docker) Interfaces This article presents a simple and reliable solution to flexibly configure Unbound with interfaces that may not exist when Unbound starts. Read more
No Bluetooth Audio In Zoom Android App: Solution and Explanation Getting Bluetooth headphones or headsets to work with the Zoom Android app can be a frustrating experience. This quick post documents the issue I ran into along with its solution. Read more
Upgrading PostgreSQL in a Docker Container This article describes the steps necessary to upgrade PostgreSQL to a new major version in a Docker environment. There are many articles on the subject, but I couldn't find any that were complete, correct, and concise. So I wrote my own. Read more
LogQL: A Primer on Querying Loki from Grafana This article introduces newbies to writing search queries in LogQL. It should help you get started with building Grafana dashboards based on log data in Loki. Read more
resticprofile Backup Monitoring Grafana Dashboard This article explains how to set up a Grafana dashboard to monitor restic/resticprofile backup operations. Read more
Dockerized Ubiquiti UniFi Network Server Setup With Automatic HTTPS This article explains how to set up Ubiquiti UniFi Network Server, a management software for UniFi devices such as access points. Read more
Guide: WordPress on Dockerized Apache on Hetzner Cloud How to set up a modern, fast, and inexpensive web server for WordPress. Design goal: low maintenance coupled with high flexibility. Read more
Vaultwarden Setup Guide With Automatic HTTPS This article explains how to set up Vaultwarden with automatic HTTPS certificates (via Caddy). Read more
Docker Monitoring With Prometheus, Automatic HTTPS & SSO Authentication This article explains how to set up Prometheus, Node Exporter, and cAdvisor with automatic HTTPS certificates (via Caddy) and OAuth single sign-on (via Authelia). Read more
Regex Cheat Sheet: Regular Expressions For Cleaning Up HTML This article presents a collection of regular expressions I frequently use to clean up HTML that was generated from some tools' export routines. Read more
Grafana Setup Guide With Automatic HTTPS & OAuth SSO via Authelia This article explains how to set up Grafana, Loki, and Promtail with automatic HTTPS certificates (via Caddy) and OAuth single sign-on (via Authelia). Read more
Firezone: WireGuard VPN With User Self-Service Portal & SSO This article explains how to set up Firezone with automatic HTTPS certificates (via Caddy) and OpenID Connect single sign-on (via Authelia). Read more
Unbound DNS Server Configuration & Static IPv6 Address on Proxmox This article explains how to set up the Unbound DNS server as the resolver for your home network. It also shows how to generate and assign a static IPv6 address to your Proxmox server. Read more
Portainer Setup Guide With Automatic HTTPS & OAuth SSO via Authelia This article explains how to set up Portainer with automatic HTTPS certificates (via Caddy) and OAuth single sign-on (via Authelia). Read more
Tips for DevOps Pipeline Automation & Bash Scripting DevOps CI/CD pipelines on platforms such as GitHub or Azure DevOps are basically shell scripts that run in the cloud and are triggered by events, e.g., a Git push. This article explains common mistakes with pipeline scripts and how to avoid them. Read more
restic: Encrypted Offsite Backup With Ransomware Protection for Your Homeserver This article explains how to set up restic (with the resticprofile wrapper) for automated scheduled backups of your home server. Read more
Upgrading Ubuntu 20.04 to 22.04 & PHP 7.4 to 8.1 for WordPress This post describes how I upgraded our webserver running WordPress on Apache from Ubuntu 20.04.5 LTS to 22.04.1 LTS and PHP from 7.4 to 8.1. Read more
ownCloud Infinite Scale With OpenID Connect Authentication for Home Networks This article explains how to set up ownCloud Infinity Scale with OpenID Connect authentication to Authelia or authentik. Read more
authentik: Authentication, SSO, User Management & Password Reset for Home Networks This is my second article on how to set up a modern user management and authentication system for services on your internal home network. In the previous article, I used Authelia as IdP; this article presents an alternative configuration based on authentik. Read more
Authelia & lldap: Authentication, SSO, User Management & Password Reset for Home Networks This article explains how to set up a simple but modern user management and authentication system for services on your internal home network. The solution supports important security features like two-factor authentication and single sign-on, and only requires minimal maintenance due to self-service password reset. Read more
Automatic HTTPS Certificates for Services on Internal Home Network This article explains how to set up automatic HTTPS certificates via Let’s Encrypt for services on your internal home network without opening a port on your firewall. It’s part of my series on home automation that shows how to install, configure, and run a home server with (dockerized or virtualized) services such as Home Assistant and OwnCloud. Read more
Installing Proxmox as Docker Host on Intel NUC Home Server This is my first article in what is poised to become a series on installing, configuring, and running a home server with (dockerized or virtualized) services such as Home Assistant and OwnCloud. Read more
DNS Exfiltration & Tunneling: How it Works & DNSteal Demo Setup DNS is a protocol that lends itself to abuse because it's largely unmonitored and unrestricted. This article explains how data exfiltration from a corporate network via DNS works and shows how to set up a working exfiltration demo with DNSteal. Read more