Today I’m diving in to the world of network access control! Being able to authenticate network devies plugged in to your switches is a great way to improve network security without resorting to unplugging or disabling every unused port on yout equipment. Now every switch port is universal, and will enable on demand based on what is plugged in. While I couldn’t go through the complete authorization part of the setup (mapping devices to VLANs), I’m planning on making a future video for that step.

Today I’m setting up a simple nginx proxy, so I can store updates used by my many Linux systems. Most of them run a derivative of Debian, so this guide focuses mostly on caching apt repositories (Debian, Ubuntu, Proxmox, and more), but the same approach should work with any distro. Install nginx I’m using a Debian 12 (Bookworm) unprivilaged LXC container, but this is basic nginx which should be in every distro ever.

Today I’m diving into Mutual TLS to securely expose my homelab services! TLS is already ubiquitous in the modern era, providing strong symmetric encryption, perfect forward secrecy, and a public chain of trust to authenticate the server. But, it also has a lesser known ability to authenticate the client. By creating our own certificate authority to issue certs to clients, we can securely authenticate them to the server, preventing other users from even hitting our web app and probing it for vulnerabilities.

In this episode, I’m playing with Single Root I/O Virtualization (SR-IOV) in Proxmox Virtual Environment (PVE). I’ve heard ruomors that it will be anything from a minor to major improvement in IO performance for my VMs, so I wanted to do some testing on my own system to be sure. Please don’t take my results as final, I’m not comfortable saying that I’ve removed all of the background tasks and load from the measurements.

In this post (and video) I’m going to setup Netconsole, so you can capture kernel panics and logs on headless systems. I know some of you are doing wild things with graphics drivers and passthrough, so hopefully this helps you debug them. Enable Now This option enables the module immediately, so you can use it before you do dangerous things. You Simply rebooting clears the setting, so you won’t continue to spam your kernel messages on the local network.

Since I like to image systems I’m testing, here’s the process I use to capture the boot drive of a bare metal system in Proxmox Backup Server. I start by booting into a Debian Live image (the small one without a GUI). Next, I install Proxmox Backup Client from apt packages: #Run as root sudo bash #Add repo wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg echo "deb http://download.proxmox.com/debian/pbs-client bookworm main" > /etc/apt/sources.list.d/pbs-client.list #Install PBS apt update apt install proxmox-backup-client -y After that, I set the environment variables for the backup client (I have a doc I can copy/paste from into my USB KVM):

So, while I was on vacation, my Proxmox Backup Server boot drive failed! No problem, I take backups of the server itself …. onto the backup server. So in this video, I’m going to start from a clean PBS install, mount my intact backup pool, and then restore the PBS configs out of the backup. Video Restoring the Datastore First, we need to mount the data disks. In my case, they are a zfs pool named backup, so we use zpool import -f backup to import the pool.

In this video, I’m setting up Authelia. It’s a very lightweight authentication service, which can be used to provide authentication to services which don’t natively support any form of authentication. I think this is a great choice for small scale homelab environments, as it’s simple to run and administer. Contents Video Authelia Configuration User File TLS Certificate Protected Service Example with Caddy Video Authelia I installed Authelia on an LXC container (Debian 12), and set it up with a dns name / AAAA record in public dns, and all the jazz required for normal HTTPS access.

This video started as the answer to a simple question - how can I self-host a service for my friends and family, behind cgnat, without requiring them to install any apps (like tunnels)? This video turned into a bunch of different ways to proxy IPv4 to IPv6, so you can receive IPv6 traffic natively and bring in legacy traffic from a VPS which does have public IPv4. While I’m giving you a lot of different examples and methods here, you can mix and match a lot of them to fit your needs.

So today I’m taking a look at the Kwumsy H3 ‘Stream Dock’ No, not THAT Stream Deck, not a dock for the Steam Deck, there’s already enough name confusion. Basically, it tries to be a lower cost touchscreen alternative to the real Stream Deck, making use of the same addon format for wide addon support, and also somehow a USB-C laptop dock with Ethernet, USB 3, HDMI, and USB-PD passthrough.