Skip to main content

Homelab

Guides/manuals for administrative tasks

DevOps

Bitwarden Secrets Manager on macOS

Run this command: curl https://bws.bitwarden.com/install > bws.sh Review the downloaded script ...

NixOS

New Host Checklist

Provisioning Add terraform entry for VM, then run terraform plan, verify, and then terraform a...

Sops-Nix Env Files

Create the plaintext env file to be used Do not commit any plaintext env files into version co...

Sops-Nix Setup

To set up the system to run sops-nix, I usually use the host SSH key like so: nix run 'nixpkgs#s...

PiKVM

/boot/config.txt

[pi4] Used to fix kvmd-otg and kvmd-tc358743 not starting at boot dtoverlay=tc358743 dtoverlay...

Tailscale Auto Cert Update Service

These systemd services allow me to update the Tailscale certificates for PiKVM every 80 days with...

Procedures

Service Decommissioning Checlist

Purpose This checklist is to ensure that all aspects of an active service are decommissioned pro...

Service Provisioning Checlist

Purpose This checklist is to ensure that all aspects of a new service are provisioned properly, ...

Proxmox

Fix Intel Ethernet NIC Hang

Problem If ethernet hangs and you get this journal log: Mar 29 05:14:04 pve-01 kernel: e1000e 0...

Import a qcow2 file

qm importdisk <vm_id> file.qcow2 <storage-backend>  

Rename a node

#!/usr/bin/bash mkdir -p /tmp/qemu ## make temp dir for moving VM config files cp /etc/pve/no...

User Provisioning

Perform these following steps: pveum useradd etorres@pam pveum group add wheel -comment 'System...

Terraform Setup

Creating the Terraform role in PVE # pveum user add terraform@pve # pveum role add Terraform -pr...

SELinux

Guides and reference for my SELinux configurations

Policy - systemd-resolved

Services

Guides and documentation for miscellaneous services that don't categorize under system.

Authentik

CUPS

Firewall rules: 

Docker Healthchecks

Rationale Use these to verify the health of database containers. This allows me to only run web ...

docker-socket-proxy

Use this service to expose the docker socket and protect it from unauthorized operations Prevent...

How to upgrade MariaDB inside Docker

docker compose exec -it db bash -c "mariadb-upgrade -u root -p" Then enter password

Samba/SMB

Configuration My user is set up in unix groups that correspond to the groups outlined in the fol...

searx-ng

HTTP method: use GET to be able to use the back button on websites  

Syncthing

Troubleshooting

Django CSRF verification failed: null does not match any trusted origins If a django-backed ser...

System

How to administer core system services such as networking, storage, monitoring, etc.

audit

Kernel Parameters: audit=1 audit_backlog_limit=8192 This prevents the message kauditd: hold qu...

crypttab

This configuration allows us to automatically unlock but not mount external drives. For example: ...

Docker Firewall Configuration

Source: Firewalld Strict Docker Filtering Preparation Required parts: Install firewalld and ac...

FiOS Router

Set Router to Bridge Mode Login to router administration interface Select "My Network" on the top...

Grafana Alloy

How to get WAL stats for alloy: alloy tools prometheus.remote_write wal-stats /var/lib/private/a...

Intel NIC Configuration

Wireless Configuration # iwlwifi.conf # Enable antenna aggregation options iwlwifi 11n_disable...

lm-sensors

Label Value CPUTIN Motherboard's CPU temp sensor SYSTIN Motherboard temp senso...

LUKS

https://wiki.archlinux.org/title/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state...

traefik

Docker Label Configuration Base Labels This is the minimum set of labels you need to expose a c...

Users/Groups

krypton User Group Type (login/system) Purpose restic backup system Run the res...
Back to top