Blogs

After setting up Intel NUC with Debian 12 on top of it, I have decided to configure Nextcloud as my first application on this new setup. In order to have a successful setup for my needs, I have decided on the following: DNS name for accessing the installation (static DNS entry on the network + valid TLS certificate) HAProxy for terminating TLS and forwarding traffic to the Nextcloud installation Nextcloud and required services in the container Above noted requirements came from the experimentation, but I somewhat knew what I want to do with the setup, and how to make it more clean for the new services....

For the past few weeks, and over the next few weeks, I have been playing with my local network setup and am hoping to migrate most of the self-hosted services I use and have scattered throughout the various server providers to my local network. Except of those that should be on the web obviously (Mastodon instance, Email server, and similar). This is a slow effort that I do in-between job and personal duties so some days I might do a lot, and others not so much....

These days there are plenty of password managers out there, all providing the same base promise; making you more secure by using random password for each of the accounts you have. Obviously this has one caveat, where you have “all eggs in one basket”. If this account gets compromised, attacker would have access to all of your credentials. Debating pros and cons and what is best for general population though is beyond the scope of this article....

Since I’m using MacOS again for the work, and obviously, I still use Emacs, I wanted to have a functionality which would detect which system theme is being used and load the correct one during Emacs startup. Previously, I have hacked together just a simple script which depended on GTK theme. Basically, If command returns string Adwaita, load light theme, if it returns Adwaita-dark, load dark theme. Later I learned that this might not be the good approach at all, even more so since GNOME developed concept of having Dark and Light theme....

My GPG setup consists of two Yubikey keys, each holding same set of keys in its internal storage. Reason behind this is that keys can’t be exported from the Yubikey (at least you shouldn’t be able to do that). There’s also the PIN protecting the usage of those keys. There are also additional security mechanisms making this setup quite more secure than keeping GPG key directly on the machine, but that’s beyond the scope of this article....

Background I use GPG for encrypting various things locally on my machines. Things like .authinfo.gpg which gets sourced by Emacs and things like that. In past I’ve used it even more when I was actively using Password Store as my password manager. But not to go too much into off-topic, let’s talk about the issue that’s been plaguing me ever since Fedora 33 and how I, finally, solved it. My GPG keys are saved on Yubikey (2 copies) which acts as a smart card....

Few months back, I’ve had around 30 thousand email messages in my mailbox. Things were hectic to say at least… Every time I’ve opened up my email client, I wasn’t sure about importance of each particular item. There was also the fact that when setting up a new email client and letting it fetch all the headers (IMAP) or God fobid; whole messages, it would take hours to sync everything....

These days there are plenty of Password managers out there, all providing the same base promise; making you more secure by using random password for each of the accounts you have. Obviously this has one caveat, where you have “keys to the kingdom” scenario where you only have to watch that one account, and if it gets compromised, attacker would have access to all of your accounts. Going into that debate though is beyond the scope of this article....

So today I’ve been looking at the disk space usage and observed rather peculiar thing; my ~/.var/app/ folder was around 30GB in size. Upon further examination I’ve observed that the disk space usage is generated by the Lbry flatpak application which stored its cache of downloaded videos there. What’s rather weird is that this app was removed from my system like month ago. It turns out that, by default, when you uninstall the app, its configuraiton and cache will stay behind unless you specify --delete-data flag....

Background Few months ago (less than 3), I’ve switched my website from Wordpress to Hugo. There I described the process of setting up Cloudfront distribution to serve as a CDN and a simple web-server for the content backed by S3 bucket. One of the challenges was how to serve nested paths (eg. /about-me/) as Cloudfront doesn’t know for “directory index” concept. You can only set index for / uri. To tackle that issue, I’ve used Lambda@Edge function called standard-redirects-for-cloudfront I’ve found on the internet....