Self-Hosted

Cloud-init is an open source initialisation tool to get your systems configured and operational during the provisioning stage of the systems life cycle. Cloud-init can handle a range of tasks including configuring the hostname, network interfaces, creating user accounts, installing packages and running scripts. Cloud-init can also hand-off to external configuration management platforms such as Chef, Ansible and SaltStack to enrol the system into the through-life configuration management platform. Cloud-Init has become the defacto standard for system initialisation and is used by most if not all commercial cloud providers. The explanation below will refer to commercial cloud providers for ease of understanding however cloud-init is also used by platforms including VMWare, OpenStack, Proxmox, KVM and others. ...

I run various services that require TLS and use Lets Encrypt to obtain certificates. The web host that registers my domains provides DNS services but there is no API meaning that all of my Lets Encrypt certificate requests and renewals require that I manually create the _acme-challenge DNS TXT record. Looking for opportunity to reduce maintenance and improve my homelab, DNS resolution and TLS are so fundamental that it makes sense to invest the time to implement a robust solution. The solution I ended up implementing is BIND9 hosting multiple zones with an internal view for zones that I only want resolvable by internal hosts and an external view for the zones that are required to be resolvable by the Internet. ...

I was listening to the Late Night Linux podcast and a question was asked of the viewers, how do you keep your Linux systems secure. As someone who works in information security what stuck out me was that a most people took a very passive approach to security, they either trusted the distribution to provide packages with secure defaults or they isolated the system assuming it is not secure. There were some great answers like using the Center for Internet Security (CIS) Benchmarks but benchmarks alone may provide a false sense of security in that they may not mitigate the risks that are most important for the specific system and it’s use case. ...