This article explains how to set up a Grafana dashboard to monitor restic/resticprofile backup operations. This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server with (dockerized or virtualized) services such as Home Assistant and ownCloud.

This article explains how to set up Ubiquiti UniFi Network Server, a management software for UniFi devices such as access points. This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

If you’ve followed this blog for a while, you may have noticed that I’ve used a traditionally installed (i.e., not dockerized) LAMP stack for its server setup since 2014. Only recently did I switch to Docker containers. Why? Maintenance. Much facilitated maintenance. If you take a look at the articles I’ve written over the years describing how to upgrade to newer versions of Ubuntu or - god beware - PHP, you can’t help but realize what a godawful PITA it all is. Switching to Docker enforces (or at least strongly encourages) a strict separation of (public) code and (personal) configuration. With this new setup, upgrading from one PHP version to another involves nothing more than changing a version number in a text file.

This article explains how to set up Vaultwarden with automatic HTTPS certificates (via Caddy). This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

This article, effectively part 2 of my Grafana setup guide, explains how to set up Prometheus, Node Exporter, and cAdvisor with automatic HTTPS certificates (via Caddy) and OAuth single sign-on (via Authelia). This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

This article presents a collection of regular expressions I frequently use to clean up HTML generated from some tools’ export routines, e.g., Typora. A PowerShell script automates the clean-up task.

This article explains how to set up Grafana, Loki, and Promtail with automatic HTTPS certificates (via Caddy) and OAuth single sign-on (via Authelia). This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

This article explains how to set up Firezone with automatic HTTPS certificates (via Caddy) and OpenID Connect single sign-on (via Authelia). This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

This article explains how to set up the Unbound DNS server as the resolver for your home network. It also shows how to generate and assign a static IPv6 address to your Proxmox server. This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

This article explains how to set up Portainer with automatic HTTPS certificates (via Caddy) and OAuth single sign-on (via Authelia). This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

DevOps CI/CD pipelines on platforms such as GitHub or Azure DevOps are basically shell scripts that run in the cloud and are triggered by events, e.g., a Git push. This article explains common mistakes with pipeline scripts and how to avoid them.

This article explains how to set up restic (with the resticprofile wrapper) for automated scheduled backups of your home server. The backups are protected from ransonmware through temporary immutability, which makes it much harder for attackers to delete your data. This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server with (dockerized or virtualized) services such as Home Assistant and ownCloud.

This post describes how I upgraded our webserver running WordPress on Apache from Ubuntu 20.04.5 LTS to 22.04.1 LTS. Please see this article for more information on the server’s original installation and configuration.

This article explains how to set up ownCloud Infinity Scale with OpenID Connect authentication to Authelia or authentik. This post is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

This is my second article on how to set up a modern user management and authentication system for services on your internal home network. In the previous article, I used Authelia as IdP. I looked for an alternative and explored authentik because I had some trouble getting OpenID Connect to work with Authelia. I figured it out eventually, but in the meantime, I’d already completed the authentik configuration, so here is the documentation of an alternative SSO implementation.

This article explains how to set up a simple but modern user management and authentication system for services on your internal home network. The solution supports important security features like two-factor authentication and single sign-on, and only requires minimal maintenance due to self-service password reset. This article is part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server & network with dockerized or virtualized services.

This article explains how to set up automatic HTTPS certificates via Let’s Encrypt for services on your internal home network without opening a port on your firewall. It’s part of my series on home automation, networking & self-hosting that shows how to install, configure, and run a home server with (dockerized or virtualized) services such as Home Assistant and ownCloud.

This is my first article in what is poised to become a series on installing, configuring, and running a home server with (dockerized or virtualized) services such as Home Assistant and ownCloud.

DNS is a protocol that lends itself to abuse because it’s largely unmonitored and unrestricted. This article explains how data exfiltration from a corporate network via DNS works and shows how to set up a working exfiltration demo with DNSteal.

This is a quick post on how to troubleshoot situations where you get error 2503 (Called RunScript when not marked in progress) followed by error 2502 (Called InstallFinalize when no install in progress) when trying to install or uninstall software with Windows Installer.

Microsoft Teams is a web application that needs a browser as a runtime environment. In order to keep things simple - at the expense of disk space - the Teams installation package contains not only the actual web app but also all components that are needed to run it, including Chromium. When you launch Teams, you’re really launching the Chromium browser, which then executes the embedded Teams web app. Teams’ browser-based architecture presents challenges when you want to count the number of Teams instances that are running or when you need to find out how many instances of Teams have been started. This article presents multiple ways to determine accurate application usage data.

Feature-wise, Windows Terminal is a fantastic replacement for the dated console host. It presents entirely new problems, however, in a secure setup with a standard user for day-to-day operations and a separate admin account for tasks that require elevation.

This post explains how to configure DNS over HTTPS (DoH) for all WiFi networks in Windows 11 via the Settings app. Unfortunately, this is less intuitive than it should be; I need a reminder every time I connect to the German railway’s WiFiOnIce, which only seems to work with Deutsche Bahn’s (insecure) DNS server (you can switch to more secure DNS servers once you’ve accepted the terms on their captive portal).

I had a weird issue on my laptop: whenever I connected to our company’s VPN, I lost local internet connectivity. As it turned out, this was caused by incorrect network interface priority metric settings. To spare you and my future self many frustrating hours of troubleshooting, here’s what caused it.