This is my home page

Thank you for venturing into my corner of The Internet, to read my stories of engineering and technology, and explore the projects I’ve created and am in the process of creating. I primarily focus on home automation, homelab, and virtualization, but also enjoy building and making things. Feel free to browse the blog for regular updates, project pages for long term project descriptions, and my Youtube and Twitch channels for video content and casual relaxation. I hope you enjoy your journey along the way!

Physical Network Access Control with 802.1X

Today I’m diving in to the world of network access control! Being able to authenticate network devies plugged in to your switches is a great way to improve network security without resorting to unplugging or disabling every unused port on yout equipment. Now every switch port is universal, and will enable on demand based on what is plugged in. While I couldn’t go through the complete authorization part of the setup (mapping devices to VLANs), I’m planning on making a future video for that step.
read more →

Caching Linux Package Repositories

Today I’m setting up a simple nginx proxy, so I can store updates used by my many Linux systems. Most of them run a derivative of Debian, so this guide focuses mostly on caching apt repositories (Debian, Ubuntu, Proxmox, and more), but the same approach should work with any distro. Install nginx I’m using a Debian 12 (Bookworm) unprivilaged LXC container, but this is basic nginx which should be in every distro ever.
read more →

Securely Expose your Homelab Services with Mutual TLS

Today I’m diving into Mutual TLS to securely expose my homelab services! TLS is already ubiquitous in the modern era, providing strong symmetric encryption, perfect forward secrecy, and a public chain of trust to authenticate the server. But, it also has a lesser known ability to authenticate the client. By creating our own certificate authority to issue certs to clients, we can securely authenticate them to the server, preventing other users from even hitting our web app and probing it for vulnerabilities.
read more →

Single Root IO Virtualization in Proxmox (for NICs)

In this episode, I’m playing with Single Root I/O Virtualization (SR-IOV) in Proxmox Virtual Environment (PVE). I’ve heard ruomors that it will be anything from a minor to major improvement in IO performance for my VMs, so I wanted to do some testing on my own system to be sure. Please don’t take my results as final, I’m not comfortable saying that I’ve removed all of the background tasks and load from the measurements.
read more →

Using NETCONSOLE to debug Linux (and Proxmox) Kernel Panics

In this post (and video) I’m going to setup Netconsole, so you can capture kernel panics and logs on headless systems. I know some of you are doing wild things with graphics drivers and passthrough, so hopefully this helps you debug them. Enable Now This option enables the module immediately, so you can use it before you do dangerous things. You Simply rebooting clears the setting, so you won’t continue to spam your kernel messages on the local network.
read more →

Imaging a bare-metal system using Proxmox Backup Client

Since I like to image systems I’m testing, here’s the process I use to capture the boot drive of a bare metal system in Proxmox Backup Server. I start by booting into a Debian Live image (the small one without a GUI). Next, I install Proxmox Backup Client from apt packages: #Run as root sudo bash #Add repo wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg echo "deb http://download.proxmox.com/debian/pbs-client bookworm main" > /etc/apt/sources.list.d/pbs-client.list #Install PBS apt update apt install proxmox-backup-client -y After that, I set the environment variables for the backup client (I have a doc I can copy/paste from into my USB KVM):
read more →

Rebuilding Proxmox Backup Server from Backups

So, while I was on vacation, my Proxmox Backup Server boot drive failed! No problem, I take backups of the server itself …. onto the backup server. So in this video, I’m going to start from a clean PBS install, mount my intact backup pool, and then restore the PBS configs out of the backup. Video Restoring the Datastore First, we need to mount the data disks. In my case, they are a zfs pool named backup, so we use zpool import -f backup to import the pool.
read more →

Simple Self-Hosted Security with Authelia

In this video, I’m setting up Authelia. It’s a very lightweight authentication service, which can be used to provide authentication to services which don’t natively support any form of authentication. I think this is a great choice for small scale homelab environments, as it’s simple to run and administer. Contents Video Authelia Configuration User File TLS Certificate Protected Service Example with Caddy Video Authelia I installed Authelia on an LXC container (Debian 12), and set it up with a dns name / AAAA record in public dns, and all the jazz required for normal HTTPS access.
read more →

Relaying Traffic to Self-Host with CGNAT

This video started as the answer to a simple question - how can I self-host a service for my friends and family, behind cgnat, without requiring them to install any apps (like tunnels)? This video turned into a bunch of different ways to proxy IPv4 to IPv6, so you can receive IPv6 traffic natively and bring in legacy traffic from a VPS which does have public IPv4. While I’m giving you a lot of different examples and methods here, you can mix and match a lot of them to fit your needs.
read more →

Kwumsy H3 Stream Dock USB Protocol

So today I’m taking a look at the Kwumsy H3 ‘Stream Dock’ No, not THAT Stream Deck, not a dock for the Steam Deck, there’s already enough name confusion. Basically, it tries to be a lower cost touchscreen alternative to the real Stream Deck, making use of the same addon format for wide addon support, and also somehow a USB-C laptop dock with Ethernet, USB 3, HDMI, and USB-PD passthrough.
read more →