Reading things you enjoy doesn't mean not trying new things, it just means not forcing yourself to read things you aren't enjoying. If you try a new book and don't like it, you don't have to finish it. If you are constantly forcing yourself to read shit you don't like, you *will* burn out and suddenly you won't read at all anymore. By all means try new things, but don't force yourself to do things you don't enjoy for some weird self-improvement FOMO

Honestly, "you should read books you enjoy, and not force yourself" is such a cynical piece of reading advice. Like yea no, you'll be stagnant and never find the books which could have shaped you

rePebble

WE ARE SO FUCKING BACK BABY

SSL Cert Automation

SSL/TLS certificates are absolutely vital to the web. Yes, even your homelab, even if everything is local-only. I wholeheartedly recommend buying a domain for your homelab, as they can be had for ~$5/yr or less depending on the TLD (top-level domain) you choose. Obviously a .com domain is going to be more expensive, but others like .xyz are super affordable, and it makes a lot of things a whole lot easier. I recommend Cloudflare or Porkbun as your registrar; I've also used Namecheap and they're good but lack API access for small accounts. And please, PLEASE for the love of god DO NOT USE GODADDY. EVER.

First of all, why is cert automation even important? Most certificates you will purchase are issued for a one year period, so you only need to worry about renewal once a year, that's not too bad right? Well, that's all changing very soon. With issuers like Letsencrypt ending expiry emails, and the push to further shorten cert lifetime, automation is all the more needed. Not to mention Letsencrypt is free so there is very little reason not to use them (or a similar issuer).

"Okay, you've convinced me. But how???" Well, I'm glad you asked. By far the absolute easiest way is to use a reverse proxy that does all the work for you. Simply set up Caddy, Traefik, Nginx Proxy Manager, etc. and the appropriate provider plugin (if you're using DNS challenge, more on that later), and you're good to go. Everything you host will go through the proxy, which handles SSL certificate provisioning, renewal, and termination for you without needing to lift a finger. This is how a lot of people do it, and there's nothing wrong with doing it this way. However, it may not be the best solution depending on the complexity of your lab.

If you know a thing or two about managing SSL certificates you might be thinking about just running your own certificate authority. That does make it easier, you can make the certs expire whenever you want! Woo, 100 year certificates! Except not really, because many browsers/devices will balk at certificates with unrealistic lifetimes. Then you also have to install the cert authority on any and all client devices, docker containers, etc. It gets to be more of a pain than it's worth, especially when getting certs from an actual trusted CA is so easy. Indeed I used to do this, but when the certs did need to be renewed it was a right pain in the ass.

My lab consists of 6 physical computers, 3 are clustered with each other and all of them talk to the others for various things. Especially for the proxmox cluster, having a good certificate strategy is important because they need to be secure and trust each other. It's not really something I can reasonably slap a proxy in front of and expect it to be reliable. But unfortunately, there's not really any good out of the box solutions for exactly what I needed, which is automatic renewal and deployment to physical machines depending on the applications on each that need the certs.

So I made one myself. It's pretty simple really, I have a modified certbot docker container which uses a DNS challenge to provision or renew a wildcard certificate for my domain. Then an Ansible playbook runs on all the physical hosts (or particularly important VMs) to update the new cert and restart the application(s) as needed. And since it's running on a schedule, it helps eliminate the chance of accidental misconfiguration if I'm messing with something else in the lab. This way I apply the same cert to everything, and the reverse proxy will also use this same certificate for anything it serves.

The DNS challenge is important, because it's required to get a wildcard cert. You could provision certs individually without it, but the server has to be exposed to the internet which is not ideal for many backend management type stuff like Proxmox. You need to have API access to your registrar/DNS provider in order to accomplish this, otherwise you need to add the DNS challenge manually which just defeats the whole purpose. Basically certbot request a certificate, and the issuer says, "Oh yeah? If you really own this domain, then put this random secret in there for me to see." So it does, using API access, and the issuer trusts that you own the domain and gives you the requested certificate. This type of challenge is ideal for getting certs for things that aren't on the public internet.

This sure was a lot of words for a simple solution, huh. Well, more explanation never hurt anyone, probably. The point of this post is to show that while SSL certificates can be very complicated, for hobby use it's actually really easy to set up automation even for more complex environments. It might take a bit of work up front, but the comfort and security you get knowing you can sit back and not worry about anything and your systems will keep on trucking is pretty valuable.

Self Hosting

I haven't posted here in quite a while, but the last year+ for me has been a journey of learning a lot of new things. This is a kind of 'state-of-things' post about what I've been up to for the last year.

I put together a small home lab with 3 HP EliteDesk SFF PCs, an old gaming desktop running an i7-6700k, and my new gaming desktop running an i7-11700k and an RTX-3080 Ti.

"Using your gaming desktop as a server?" Yep, sure am! It's running Unraid with ~7TB of storage, and I'm passing the GPU through to a Windows VM for gaming. I use Sunshine/Moonlight to stream from the VM to my laptop in order to play games, though I've definitely been playing games a lot less...

On to the good stuff: I have 3 Proxmox nodes in a cluster, running the majority of my services. Jellyfin, Audiobookshelf, Calibre Web Automated, etc. are all running on Unraid to have direct access to the media library on the array. All told there's 23 docker containers running on Unraid, most of which are media management and streaming services. Across my lab, I have a whopping 57 containers running. Some of them are for things like monitoring which I wouldn't really count, but hey I'm not going to bother taking an effort to count properly.

The Proxmox nodes each have a VM for docker which I'm managing with Portainer, though that may change at some point as Komodo has caught my eye as a potential replacement.

All the VMs and LXC containers on Proxmox get backed up daily and stored on the array, and physical hosts are backed up with Kopia and also stored on the array. I haven't quite figured out backups for the main storage array yet (redundancy != backups), because cloud solutions are kind of expensive.

You might be wondering what I'm doing with all this, and the answer is not a whole lot. I make some things available for my private discord server to take advantage of, the main thing being game servers for Minecraft, Valheim, and a few others. For all that stuff I have to try and do things mostly the right way, so I have users managed in Authentik and all my other stuff connects to that. I've also written some small things here and there to automate tasks around the lab, like SSL certs which I might make a separate post on, and custom dashboard to view and start the various game servers I host. Otherwise it's really just a few things here and there to make my life a bit nicer, like RSSHub to collect all my favorite art accounts in one place (fuck you Instagram, piece of shit).

It's hard to go into detail on a whim like this so I may break it down better in the future, but assuming I keep posting here everything will probably be related to my lab. As it's grown it's definitely forced me to be more organized, and I promise I'm thinking about considering maybe working on documentation for everything. Bookstack is nice for that, I'm just lazy. One day I might even make a network map...

Too bad Joe neglected to mention the genocide of the Uyghur people or any of the other horrendous shit China does to their own people.

["]He's a dictator in the sense that he's a guy who runs a country that is a communist country that's based on a form of government totally different than ours," Biden said.

China Different Therefore China Bad [16 Nov 23]

Ruby blocks and the pretzel colon

Doing more exercises on codewars, and stumbled across someone's solution which used the neat little trick 'gsub(/\w{5,}/, &:reverse)'

If you're familiar with ruby and regex at all, you'll recognize that this is calling the gsub method to replace any words of 5+ letters with whatever '&:reverse' means. But what does it mean?

The '&:' operator (or pretzel colon) essentially acts as shorthand for ruby blocks. So in this case, it is just shorthand for writing 'gsub(/\w{5,}/) {|x| x.reverse}'

I won't go into detail here, this article does a much better job of that, but it's yet another neat little trick to add to the arsenal.

Tumblr really needs actual proper markdown support

Y’ever read something and have understanding that has eluded you interminably suddenly stop, curl up, and snuggle neatly into a fold in your brain because a new way way opened to it?

Ruby stuff

Started doing some ruby exercises to help learn and practice, so here's some random stuff.

The first exercise is to create a phone number given an array. The technique I used uses string interpolation to join subsections of the array in the format:

I think this is a fine technique, however from others' submissions i came across this neat little trick:

I didn't know you could just pass an array to format a string like this, but it makes sense and it's cool.

The second exercise was simply to count the number of vowels in a string. Pretty easy.

I just use the scan() method to build an array of matches for the regex (vowels), and then get the size. I soon found a much better way to do this, using the str.count() method:

It simply counts the occurrences of all characters in the parameter string (individually, not in sequence). It's always nice to discover a builtin method to do something.

I fall asleep to Drawfee almost every night... I think I've pavlov'd myself (and my fiance lol) because when we watch a new episode, half the time we're falling asleep on the couch by the end

so i sometimes sleep to youtube videos, yknow as you do as an insomniac

tell me why i woke up right in time to hear jacob drawfee say "jon arbuckle makes me flaccid"

Framework Laptops

You know what, fuck it, I don't *want* some frivolous, artisanal, lighter-than-air computer with no customizability, no upgradeability, no reparability, no ports, and a lifetime of *maybe* 3 years if you're lucky. I want a fucking great BEAST of a computer that's designed to last a minimum of 50 years, with ports up the wazoo and optional drives for every kind of media! I want modular components that you can drop in a bog for a year, dry them off, and have them still work fine! I want them to make a noise like "ker-chunk!" when you slide them into place! I want a switch that you pull to turn it on! And I don't want software that constantly forces you to get a pointless, cosmetic "upgrade" every few months either! I want durability! I want longevity! I want satisfying haptics! I want Silicon Valley to go fuck itself!

Python is still my go-to because im most familiar with it, but ruby has been growing on me

Post #176: Opinion poll by Small Basic Programming on Tumblr, Question: Which object-oriented programming language do you prefer to program with?, 2023.

Don't be afraid to try other things. In college I was convinced I wanted to do security. I found myself becoming a devops engineer instead and I am quite happy doing it as a career.

As an aside, use everything your school provides to network and get internships etc. Getting your foot in the door is the hardest part when it comes to your career.

Sep 26, 2023

Today I did research on what exactly I want to do when I get out of college. I have always loved computer science and coding, but I never new exactly what it is I am going to do with it as a career.

I spent some time today looking up the differences and other important info about data engineers vs. software engineers. I realized every project I have ever done or things I've found interesting are related to software engineering. It was like a lightbulb went off in my mind and I was practically bouncing out of my seat. This is what I am meant to do.

I am so excited for my upcoming computing classes and my extracurriculars based around comp sci.

If anyone has any advice or info feel free to reach out in the comments! I'm also very excited to start journaling and tracking my progress here. I hope it helps motivate me as well as others.

Kicked him out of my camp almost immediately :)

astarion romancing guide <3

i originally just made it for myself and i've done like 4+ hours replaying shit already just bc i missed stuff BUT YOU DONT HAVE TO DO THAT BC U CAN USE THIS GUIDE

so i found early access guides to romancing astarion and have a google doc where i am verifying and updating as much as i can while i play through the full release! i thought it would be nice to share with everyone, so here is the link: https://docs.google.com/document/d/1nRBxc-DVRdX0Rp5oGB8y0yveinKdpUpiJ7lbVv52kD8

if you use it, you can repay me by helping me add and correct and update shit if you like <3 i left comments on so it'll be easy for anyone to make notes

plz note this guide will have spoilers bc it's literally impossible not to but i try to only include the essential stuff

HAPPY ROMANCING :DD

There is no such thing as perfect. There will ALWAYS be things to add or improve. You may not have the skills or knowledge right now to see what could be better or make it so, and thats ok. Do the best that you can, and when you revisit it in a couple months, a year, two... You will find something you want to change, and it will mean you have grown.

“don’t make it perfect to begin with, just make it exist”

there’s nothing better than trying out a new method/concept/syntax in C# and getting loads of errors the first time, and then 0 at the end of the study session.. like i really just did learn this thing, my silly little brain did understand the concept of it?? 🥹

not if you live somewhere with no seasons like Florida

BY FALL EVERYTHING WILL LOOK DIFFERENT