It’s been a while, let’s go! Any major fuckups lately or smooth sailing?
I had to change the local DNS setup yesterday. I finally installed my wife Linux Mint and wanted to set her up for Vaultwarden real quick which became an hour long debug session since apparently CNAME entries for hostnames don’t work as I thought. Never came up the recent year as all my machines took it, but resolved refused to and so I eventually deleted the entries in the Pihole and created them as A records pointing to the VM with the reverse proxy, hoping I won’t need to change the IP anytime soon. It’s always DNS!
In other news I think I moved all my local dockered services to forgejo+komodo now and applying updates by merging renovate MRs still feels super smooth. I just updated my calibre web automated with a single click. Only exception is home assistant where I have yet to find a good split in what to throw in a docker volume and what to check in git and bindmount.
Some of the things in my house were set up so long ago, and running so smoothly, i havent looked at them in years (other than auto updates) now i’m afraid i’ve accidentally left some security hole without realizing it
For example, i set up cerbot 10 years ago and back then there was no DNS challenge, so i had to open my webserver to port 80 to renew… well since everything was running from https/443, i decided to block port 80
so i edited the systemctl unit for certbot to temporarily open port 80 for the renewal, and close it right after…
It was only 5 years later i realized i made a mistake and port 80 had been open for 5 years to the open internet
Probably no harm since its a public server anyway… defense in depth is the key