Blogs

In my experience there hasn’t been a month with a lot of changes, this experience can get more intense as you grow in your role and at some point become overwhelming. Well, it can be, it doesn’t have to be, to deal with this myself I try to make -well weighted- choices to be good at a specific skill set, which involves specific tools. I do this because I think no one can be a “know it all”, there are however some sets of combined skills that go together like fine wine and cheese. For example, in my case, Linux, Networking, Automation and Virtualization. I don’t mention Security, as I think that the meaning of Security has changed, it isn’t just a list of rules to go by anymore, which -of course- is still very important and are rules to live by when you’re a “builder”, however Security as a skill nowadays is something that goes on 24/7, hackers never sleep. ...

A small list of projects I worked on the past year, these are the most interesting ones. Migrated ancient nameservers based on PowerDNS with a sturdy base of the latest DNSDist and PowerDNS; Migrated a stack of VM’s and their relevant IP space from one provider to another, between Openstack and Proxmox; Guided the migration of a older Fortigate cluster to a new one with minimal downtime; Started working with OSPF; Built a good backup solution on top of Proxmox Backup Server; Created an automated and standardized deployment with Cloud-init, Ansible, Gitlab and AWX. Updated lots of Proxmox and Ceph clusters.

Sometimes cloud providers or maybe in your own infrastructure you might find the need to have your default gateway outside of your subnet, for example this is sometimes done by Hetzner and Myloc. The problem with cloud-init is that it doesn’t like it when your gateway is outside your subnet, well, it works with for example 1.1.1.100/32 and 1.1.1.1 but when you try 1.1.1.100/32 and 9.9.9.9 as gateway you will find out that cloud-init happily provisions your VM with the address, but that there are no routes. ...

I use a NAS to host my own files, using a RAID and snapshots, productivity is somewhat ensured, however, immutable backups is also one of my needs, what if ransomware happens or my house burns down? For that I use Backblaze B2, directly from my QNAP with HBS3, but also trough rclone inside a VM, as HBS3 doesn’t support hiding files and thus the data would be ever growing.

For some time I was looking for a solution to make my boiler “smart” without modifying the thermostat to support OpenTherm. While browsing the interwebz on a lazy Sunday I stumbled upon the EMS-ESP32 project, which fit my needs perfectly, as it hooks into the EMS bus and talks with the thermostat in the propietary Nefit signal, without modifying anything.