Skip to main content

Homelab

Guides/manuals for administrative tasks

CUPS

Firewall rules: 

NixOS

New Host Checklist

Provisioning Add terraform entry for VM, then run terraform plan, verify, and then terraform a...

Sops-Nix Setup

To set up the system to run sops-nix, I usually use the host SSH key like so: nix run 'nixpkgs#s...

Sops-Nix Env Files

Create the plaintext env file to be used Do not commit any plaintext env files into version co...

Proxmox

Fix Intel Ethernet NIC Hang

Problem If ethernet hangs and you get this journal log: Mar 29 05:14:04 pve-01 kernel: e1000e 0...

Import a qcow2 file

qm importdisk <vm_id> file.qcow2 <storage-backend>  

Rename a node

#!/usr/bin/bash mkdir -p /tmp/qemu ## make temp dir for moving VM config files cp /etc/pve/no...

SELinux

Guides and reference for my SELinux configurations

Policy - systemd-resolved

Services

Guides and documentation for miscellaneous services that don't categorize under system.

Authentik

Docker Healthchecks

Rationale Use these to verify the health of database containers. This allows me to only run web ...

docker-socket-proxy

Use this service to expose the docker socket and protect it from unauthorized operations Prevent...

How to upgrade MariaDB inside Docker

docker compose exec -it db bash -c "mariadb-upgrade -u root -p" Then enter password

Samba/SMB

Configuration My user is set up in unix groups that correspond to the groups outlined in the fol...

searx-ng

HTTP method: use GET to be able to use the back button on websites  

Syncthing

Troubleshooting

Django CSRF verification failed: null does not match any trusted origins If a django-backed ser...

System

How to administer core system services such as networking, storage, monitoring, etc.

audit

Kernel Parameters: audit=1 audit_backlog_limit=8192 This prevents the message kauditd: hold qu...

crypttab

This configuration allows us to automatically unlock but not mount external drives. For example: ...

Docker Firewall Configuration

Source: Firewalld Strict Docker Filtering Preparation Required parts: Install firewalld and ac...

FiOS Router

Set Router to Bridge Mode Login to router administration interface Select "My Network" on the t...

Grafana Alloy

How to get WAL stats for alloy: alloy tools prometheus.remote_write wal-stats /var/lib/private/a...

Intel NIC Configuration

Wireless Configuration # iwlwifi.conf # Enable antenna aggregation options iwlwifi 11n_disable...

lm-sensors

Label Value CPUTIN Motherboard's CPU temp sensor SYSTIN Motherboard temp senso...

LUKS

https://wiki.archlinux.org/title/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state...

Minecraft

Client Launcher for running the mods I use the Fabric launcher, get its installer from the AUR ...

PiKVM

Important Lines for /boot/config.txt Used to fix kvmd-otg and kvmd-tc358743 not starting at boot...

PiKVM Tailscale Certificate Update Service

These systemd services allow me to update the Tailscale certificates for PiKVM every 80 days with...

traefik

Docker Label Configuration Base Labels This is the minimum set of labels you need to expose a c...

Users/Groups

krypton User Group Type (login/system) Purpose restic backup system Run the res...

Bitwarden Secrets Manager on macOS

Run this command: curl https://bws.bitwarden.com/install > bws.sh Review the downloaded script ...
Back to top