Cricalix.Net

Tag: linux

  • Doubling up on 2FA

    Doubling up on 2FA

    I haven’t used passwords to log in to my server for years; I’ve been using key-based authentication. This works pretty well, and I can even use 1Password’s integration as an SSH agent to hold the keys so that wherever I go, the keys are available to me. As a “learn how to do it”, I’ve […]

  • LXD, dnsmasq, IPv6 reverse lookups

    My residential ISP doesn’t offer reverse lookups for their IPv6 blocks that they delegate out with the PD flag to consumer routers. This causes some annoying slow-downs when talking to the various services I’m running in LXD containers, since a lot of them do reverse DNS lookups. Under the hood, LXD relies on dnsmasq to […]

  • Running emoncms in a Linux container

    Running emoncms in a Linux container

    When I was renovating the house I currently live in, I picked up an EmonTx v3 and some clip-on current sensors from OpenEnergyMonitor.org so that I could monitor the house power consumption more accurately than just getting a bill every 2 months from my energy supplier (even with a smart meter installed, they only provide […]

  • Rebuilding Cricalix.Net – Part 4

    While on holiday, I read a forum post that mentioned a “new” web server called Caddy. I took a look at it, and was intrigued by the integrated TLS certificate renewal using Let’s Encrypt. With NGINX or Apache, I have to run Certbot or similar to maintain the certificates, and I have to deal with […]

  • Rebuilding Cricalix.Net – Part 3

    Rebuilding Cricalix.Net – Part 3

    Stumbling blocks and annoyances NGINX and certbot’s default permissions EFF’s certbot writes certificates to /etc/letsencrypt/live/<certificate hostname>/<files>.pem, and sets the permissions to only allow root to read the files. This makes sense from the perspective of a system where processes that need certificates will probably spawn as root, read the certificates to memory, and then spawn […]

  • Rebuilding Cricalix.Net – Part 2

    Rebuilding Cricalix.Net – Part 2

    LXD’s Documentation It’s mostly decent. It’s got a lot of detail on what all of the configuration sections are and generally provides examples. What I find missing is a set of practical documentation that guides someone through getting started with LXD – weaving together all of the configuration for devices, proxies, storage volumes, profiles and […]