Easy shares with rclone
·4 mins
When you need to mount a folder from a remote machine (like a NAS), NFS and SMB aren’t always ideal. rclone over SFTP is a vastly better option.
Writings
Here are a collection of things I’ve written over the years. While occasionally useful to others, the primary purpose of writing these is for me to document/remember how I set things up.
2025
Host a Tor Onion Service
·9 mins
Ever wanted to host a website that can’t easily be traced back to you? Tor supports onion services — websites only accessible from within the Tor network.
2024
DIY Tunnel
·16 mins
How to set up your own Cloudflare-style tunnels using WireGuard and a cheap VPS — for services that aren’t HTTP-based.
Private Git Server with Tailscale
·4 mins
Setting up a full-featured private Git server running Forgejo on your Tailscale Tailnet — accessible from anywhere, exposed to no one.
Microserver Build
·14 mins
This post walks through some interesting parts of my home-lab server build using a repurposed Dell OptiPlex micro-pc using the XCP-ng virtualization platform.
Self-hosted Git Server
·11 mins
There are many reasons to host your own Git server — costs, AI policies, privacy — but the biggest reason for me is that it’s fun!
Marketplace Scam
·13 mins
We tried to sell a baritone sax case on Facebook Marketplace and got caught up in a remarkably well-crafted phishing scam.
Ghost/Cloudflare Setup
·16 mins
Run Ghost on your home infrastructure using Cloudflare Tunnels — no firewall holes, no exposed IP, and trivially portable.
Multi tenancy Example for Phoenix
This post describes my efforts and approach to multi tenancy for a couple of Elixir/Phoenix/Ecto B2B applications I’m working on. Hopefully, it will provide a fairly complete example for those looking to implement something similar, and help avoid a bunch of digging that I found myself doing.
Welcome to My Blog
Welcome to my new blog! This post demonstrates the various features available.
2023
Publishing Documents to Snowflake
Exploring Snowflake as a mechanism for sharing near-realtime B2B data with customers via Private Shares.
2022
Tunneling and Self-hosted Seafile
This post details a couple of methods for hosting Seafile at home using tunnels to protect your home IP: Cloudflare Tunnels or a VPS with Tailscale.
Tailscale Pi-hole Setup
·3 mins
I’ve recently started using the overlay network Tailscale to provide connectivity between my various machines, regardless of where I am. It’s extremely easy to configure and “just works”. Tailscale also includes a feature called MagicDNS that provides name resolution for machines on my tailnet (i.e. so that ping server123 magically just works). MagicDNS also allows you to override local DNS settings and force a custom DNS server for name resolution machines on your tailnet. This post documents the setup of Pi-hole (accessible only to machines on my tailnet) to provide some level of DNS privacy and Ad Blocking for machines on my tailnet.
Analytics via. Ackee
·3 mins
Setting up Ackee for privacy-friendly, self-hosted website analytics behind Traefik.
Moving my files in-house
·5 mins
Every six months or so, when the position of the moon is just right, I flip-flop on the privacy/self-hosted vs. just-let-Google-handle-it issue. Today, I’ve flopped toward privacy and self-hosting.
2021
My Traefik Setup
Configuring Traefik as a reverse proxy for Docker containers with automatic Let’s Encrypt certificates and security headers.
FastAPI, React and Docker
Project structure and Docker deployment for a FastAPI backend with a Create-React-App frontend, including automated DockerHub builds.
Monica on Docker
·3 mins
Self-hosting Monica CRM with Docker and NGINX to track personal relationships and stay in touch with friends.
2020
Golang, WebSockets & React
As part of my COVID friendly game project, werdz.ca, I’ve been working with GoLang, Create-React-App, WebSockets and NGINX (for production). Some of it has been “an adventure”.
This post is a set of quick notes about the problems I’ve encountered and how I worked by them.
2019
Wireguard Access Server
Setting up a WireGuard VPN server on Ubuntu to replace SSH port forwarding, with client configurations for mobile devices.
Blog with Hugo, Gitlab CD, and Caddy
·11 mins
Automating Hugo blog deployments to a Caddy server using GitLab CI/CD pipelines, plus adding client-side search with Lunr.js.
Ubuntu 18.04 - Encrypted Disks with USB Boot
I’m setting up a new Ubuntu 18.04 server and wanted the drives to be encrypted. Since the machine is headless in my basement, however, entering a password on boot is annoying.
2018
NGINX Semi-private Site
We used to run a development blog for work. We wanted:
- To use NGINX to host this content. It was all static pages.
- To limit access to people within our network, or to employees while outside the network (phones, laptops, etc.).
- We didn’t want to deal with user accounts, active directory, etc.
- We wanted super low friction for users.
GPG/SSH with the YubiKey 5
Updated guide for generating GPG keys on an air-gapped machine and loading them onto a YubiKey 5 for secure signing, encryption, and SSH authentication.
2017
QubesOS Presentation
·1 min
I’m a huge fan of QubesOS. Here are some slides from an internal company presentation trying to inflict QubesOS on my coworkers.
2016
Kub Kar Timer
·3 mins
Building an Arduino-based timer for Boy Scouts Kub Kar races with conductive chain triggers and an LCD display.
2015
Using GPG with Smart Cards
Comprehensive guide to storing GPG and SSH keys on a YubiKey NEO smart card for secure, portable cryptographic operations across Linux, Windows, and macOS.
2014
OpenBSD Yubikey Authentication with PIN
A patch for OpenBSD’s login_yubikey that adds optional PIN support, combining something you have with something you know.
OpenBSD Yubikey Authentication
Configuring OpenBSD to use YubiKey for login and SSH authentication, replacing password-based logins with hardware tokens.