starkzarn

🤘

Certainly! Feel free to comment on any hardships, if I notice a glaring omission or something I'm happy to fix it. This is also a pretty new setup for me, so I'm still tweaking and working through what will become part 2 here in Grafana, currently.

Hey, the journey is the destination sometimes. Glad you liked it!

There's no mobile app, but the web app front end is a PWA, so you can select "install" from the page in a WebKit browser and get what is effectively a mobile app.

Awesome! Thanks for the banter. It's easy to get stuck in your own echo chamber working IT every day, so it's nice to have these kinds of questions. Feel free to drop anything into comments too, maybe other readers will benefit too!

No worries, and I'll accept criticism too, that's how you improve.

Anyway, this is effectively giving you tailscale, a remote access mesh VPN solution, but with total control and ownership of the control plane server, instead of relying on the opaque tailscale owned and controlled infra. I touched on it briefly again the 'DERP Config' section of part 2: https://roguesecurity.dev/blog/headscale-quadlet-part2#DERP%20Config

Part 2: https://roguesecurity.dev/blog/headscale-quadlet-part2

Part 2 is live! https://roguesecurity.dev/blog/headscale-quadlet-part2

No, it's not you, the XML file isn't including post content yet. I wasn't sure how to do that, so figured I'd start with the simple thing of generating a list from the posts manifest for the time being. This would at least show you a link for when a new post is up, but you're right there's no content yet. When I have a bit more time I'll research how can I dynamically add the entire post content.

Realized I didn't answer the last question here on hardening. The answer is sure! I don't have much planned for the blog, as I was just thinking I'd take "public notes" for my tinkerings as they came. I've done linux administration for a long time though so I'd be happy to put together a post on baselines and hardening

Great question. I tried to very briefly touch on it in the post. The bottom line is that its benefits are there mostly for rootless podman, which I've chosen not to implement here (yet). You can also configure it so that the socket is always active and that will then trigger the service associated with it, so that you save on resources when the service isn't needed. However, I didn't want to do that as it would likely increase page load time for readers.

Okay, rudimentary RSS feed added! It's available in the navbar, and autodiscovery with your RSS aggregator should work from any page. Let me know if you have issues.