Finished a short article this weekend about the Zalando postgres-operator and how to deploy it along side with monitoring metrics.

shivering-isles.com/postgres-o

Looked for a comprehensive guide there for a few days and couldn't find one, so I wrote it myself :)

Me in the middle of the night: "How complicated is it to get vulnerability scanning for everything that is deployed in my cluster?"
Me 2 hours later: "It works! But there is this minor issue that currently all images for scanning are downloaded from upstream instead of my local mirrors. Maybe there is a setting for that."
Suddenly: github.com/aquasecurity/starbo
Today: It's merged!

Version 21.04 of my infrastructure is released:

git.shivering-isles.com/shiver

The amount of automation is definitely something I enjoy. It's a minimal amount of work to keep everything up-to-date. And once a month, there is a release to review the progress. 👍

The DNS zone of my personal domain (shivering-isles.com) has 127 records. The entire setup runs distributed across 4 servers, everything has SSO, there is centralized logging, the setup is mostly automated (especially software updates) and I actually spend most of my screen time interacting with the outside world through my federated services.

:blobfoxlaughsweat: I can't stop thinking that it's a bit overdone. But I swear, it was an accident!

When browsing SI-Gitlab I noticed that suddenly my tracking protection in Firefox was triggered. :si_blobfox:

What should I say… It's was a third-party cookie that was blocked. A few seconds later: shield.io runs behind cloudflare and therefore has a "__cfduid" cookie.

This was a few hours ago…

shields.shivering-isles.com is now a thing. Working on removal of Google fonts upstream, blocked them for now via CSP.

Want to organize your household? Time for spring cleaning?

Well, get your fridge digitalized (without weird "smartfridge" components):

grocy.info/

A simple web application, that can also run it's own embedded version as desktop application, to inform you, when food expires, what's the current stock and to organize a shopping list.

Of course it's self-hosted and provides a containerized setup for easy installation.

I might look even more detailed into it later next week.

If one has questions about running self-hosted, federated enterprise-ready setups in small or large scale, which allow easy collaboration without licensing cost, feel free to ask.

I may happy to run something like that for myself :X

And created some Ansible roles to deploy it within a day or two on CentOS 7 servers.

git.shivering-isles.com/shiver

[Repost due to dead URL]

There was recently a lot of news about DNS over HTTPS. Some people say it's bad for privacy because it centralizes the DNS requests on Google, Cloudflare and Quad9.

Time to change that and run your own DNS over HTTPS server. I spend some time today in writing, documenting and arranging a small container setup to allow you to do this:

git.shivering-isles.com/contai

And I'm back online :)

Steps to get back: Restore config directory from backup, fix permissions and SELinux labels (due to restore to other location), start all services, back!

I highly recommend to have a document that explains how to do a partial as well as disaster recovery for each of your devices, servers and services.

Show thread

My Nextcloud :nextcloud: stops working :blobfoxowonotice: :

Well, I deleted some folders around there…

Pro Tip: Don't delete your Nextcloud's config folder!

Pro tip 2: Have backups!

Currently checking for a self-hosted alternative for automated dependency management like greenkeeper or dependabot.

I'm done with first experiments with renovate, but it doesn't fully convince me. Any suggestions?

As I just saw some people talking about "With self-hosting this wouldn't have happened", I have to say, looking at the self-hosting scene and their usage of vendor images for server installs, this would have happened the same way with most self-hosted setups.

Most people, don't use their own OS images when setting up new servers. You should do this to mitigate vendor accounts.

Show thread

Since people are going on and on, that is not just running a script, let me clarify this:

Self-hosting is like gardening. Yes, it needs time and love. But mostly for making new stuff or big changes happen. When you do it properly it can boil down to a few minutes a week, as you maybe just need to water your plants in the garden.

It's a hobby, not everyone needs to do it. There are professional services as alternative, but it's nice to share with friends.

"Don't do ", they said.
"It's a lot of work", they said.

Upgrading :

sed -i s/mastodon_version: 3.0.0/mastodon_version: 3.0.1/ roles/mastodon/defaults/main.yml
git add roles/mastodon
git commit
git push

You are right… So hard, so complicated, so much time I spend on that… less than 1 minute to change it, 10 minutes later I get the info that things are done.

🤷 when you do /#CD properly, keeping your infrastructure in shape is taking less than 10 minutes per week.

Ouch… There are good reasons why you want to keep data within your infrastructure.

Every thirdparty can leak your data and then you have to clean the mess with your customers:

twitter.com/troyhunt/status/11

Example: Hosted was breached… Hello fancy companies who have to tell me my data were exposed?

I wonder how many companies now bother to inform their customers.

Oh that's a nice piece about the myth of CDNs based resources:

csswizardry.com/2019/05/self-h

Host the assets yourself and you'll be off better in most cases.

And I figured out a nice way to allow everyone to join and work with me, without the need to worry about abuse of the instance: You can sign-up now but you'll be an external user.

This means you can't create own projects, but you can request access on all the public ones and help moving things forward :)

git.shivering-isles.com/users/

By the way, I also don't mind to host some people's content, I just want to keep things in control as I pay for each CI run ;)

Show thread

After a little hasty move of my repositories yesterday, away from octo.sh to an own GitLab instance, I'm going to slowly republish my repositories within the next few days.

Currently signups are closed and I'll stay with an invite-only concept. If you are interested in contributing, feel free to reach out to me :)

git.shivering-isles.com

There was recently a lot of news about DNS over HTTPS. Some people say it's bad for privacy because it centralizes the DNS requests on Google, Cloudflare and Quad9.

Time to change that and run your own DNS over HTTPS server. I spend some time today in writing, documenting and arranging a small container setup to allow you to do this:

octo.sh/container-library/dns-

Show older