Shameless self-plug here. I wrote a blog post to document my methodology after having some issues with publicly available examples of using Podman and traefik in a best-practices config. Hopefully this finds the one other person that was in my shoes and helps them out. Super happy for feedback if others care to share.
Your blog is awesome. I have always wanted someone to break down RF homelabbing for me and I think as your blog progresses I will find such content.
I’m also looking for blogs/material on OS hardening (Linux/*nix), do you plan to write on that (and any recommendations)?
Realized I didn’t answer the last question here on hardening. The answer is sure! I don’t have much planned for the blog, as I was just thinking I’d take “public notes” for my tinkerings as they came. I’ve done linux administration for a long time though so I’d be happy to put together a post on baselines and hardening
Thanks man, that would be much appreciated
What nice feedback to read. I think you and I are aligned in what this will hopefully become. I really just wanted to start publicly sharing my hobby notes instead of holing them up in a local Joplin file or something, so that’s what I’m going to do. We may have similar hobbies though, which sounds like it’ll benefit you. Haha.
You got an RSS feed for me?
Okay, rudimentary RSS feed added! It’s available in the navbar, and autodiscovery with your RSS aggregator should work from any page. Let me know if you have issues.
Thanks. I don’t see the content of the blogs in the feed, just the title - but maybe that’s a problem with my reader (I use Capy on Android). I’ll try a couple of other readers to see if it works
No, it’s not you, the XML file isn’t including post content yet. I wasn’t sure how to do that, so figured I’d start with the simple thing of generating a list from the posts manifest for the time being. This would at least show you a link for when a new post is up, but you’re right there’s no content yet. When I have a bit more time I’ll research how can I dynamically add the entire post content.
Thanks, looking forward to it
No, and that’s a deficiency. Thank you for asking. I totally had this on the roadmap but let it slip. I’ll work on finalizing that right now. Much appreciated!
Very helpful. I was just looking at this the other day.
Ah yes, those examples were helpful and definitely helped inspire this. Glad you found some value in the ramblings. Post 2 will be up soon.
Excuse the ignorance, what am I actually reading about here?
I read the first few paragraphs and an out of my league.
What are ‘we’ trying to achieve?
The other poster here is correct, this is just an account of my journey through self hosting traefik, and ultimately headscale, without the hurdles along the way. I tried to include a few links to unclear terms along the way in the narrative, maybe those would help you figure things out. Unfortunately I can’t write for an audience of everyone, but hopefully you can still gain some value or learn some new things! Thank you for the feedback.
Just a guide on how OP selfhosts headscale using postman with a few nice features enabled
What’s the advantage of socket activation? Is it more secure than exposing a docker port?
Great question. I tried to very briefly touch on it in the post. The bottom line is that its benefits are there mostly for rootless podman, which I’ve chosen not to implement here (yet). You can also configure it so that the socket is always active and that will then trigger the service associated with it, so that you save on resources when the service isn’t needed. However, I didn’t want to do that as it would likely increase page load time for readers.
For anyone who reads this post and sees the mention of headscale – that was the overarching goal here but the blog post started getting long so I decided to chunk it up. As soon as I polish up the headscale writeup I’ve got drafted and get that posted, I’ll drop a link here just in case anyone is interested.
Thanks, I’d be interested in the next part of your Headscale write up!
Excited to compare this with my setup (also Quadlet and Traefik-based)!
Excellent! Leave a note somewhere on how it measures up, I can always use more ideas!
