Shameless self-plug here. I wrote a blog post to document my methodology after having some issues with publicly available examples of using Podman and traefik in a best-practices config. Hopefully this finds the one other person that was in my shoes and helps them out. Super happy for feedback if others care to share.
Your blog is awesome. I have always wanted someone to break down RF homelabbing for me and I think as your blog progresses I will find such content.
I’m also looking for blogs/material on OS hardening (Linux/*nix), do you plan to write on that (and any recommendations)?
Realized I didn’t answer the last question here on hardening. The answer is sure! I don’t have much planned for the blog, as I was just thinking I’d take “public notes” for my tinkerings as they came. I’ve done linux administration for a long time though so I’d be happy to put together a post on baselines and hardening
What nice feedback to read. I think you and I are aligned in what this will hopefully become. I really just wanted to start publicly sharing my hobby notes instead of holing them up in a local Joplin file or something, so that’s what I’m going to do. We may have similar hobbies though, which sounds like it’ll benefit you. Haha.
You got an RSS feed for me?
Okay, rudimentary RSS feed added! It’s available in the navbar, and autodiscovery with your RSS aggregator should work from any page. Let me know if you have issues.
Thanks. I don’t see the content of the blogs in the feed, just the title - but maybe that’s a problem with my reader (I use Capy on Android). I’ll try a couple of other readers to see if it works
No, it’s not you, the XML file isn’t including post content yet. I wasn’t sure how to do that, so figured I’d start with the simple thing of generating a list from the posts manifest for the time being. This would at least show you a link for when a new post is up, but you’re right there’s no content yet. When I have a bit more time I’ll research how can I dynamically add the entire post content.
Thanks, looking forward to it
Excuse the ignorance, what am I actually reading about here?
I read the first few paragraphs and an out of my league.
What are ‘we’ trying to achieve?
Just a guide on how OP selfhosts headscale using postman with a few nice features enabled
Thanks fella. What do they actually do? Elevator pitch stylie!
The other poster here is correct, this is just an account of my journey through self hosting traefik, and ultimately headscale, without the hurdles along the way. I tried to include a few links to unclear terms along the way in the narrative, maybe those would help you figure things out. Unfortunately I can’t write for an audience of everyone, but hopefully you can still gain some value or learn some new things! Thank you for the feedback.
Wasn’t being critical at all. Not expecting you to write for anyone.
I wondered what this actually provides. If you were explaining to someone with a good knowledge of the world, not grandma!!
No worries, and I’ll accept criticism too, that’s how you improve.
Anyway, this is effectively giving you tailscale, a remote access mesh VPN solution, but with total control and ownership of the control plane server, instead of relying on the opaque tailscale owned and controlled infra. I touched on it briefly again the ‘DERP Config’ section of part 2: https://roguesecurity.dev/blog/headscale-quadlet-part2#DERP Config
