HA Thread Matter setup: Installed in venv at /srv/matter data directory is /home/homeassistant/.matter ln -s /home/homeassistant/.matter/data /data chown homeassistant:homeassistant /data (for some reason, CHIP insits on using that directory) systemd unit (/etc/systemd/system/matter.service) python3 -m matter_server.server –log-level debug –storage-path /home/homeassistant/.matter –paa-root-cert-dir /home/homeassistant/.matter/credentials [Unit] Description=Home Assistant Matter Server After=network-online.target [Service] ExecStart=/srv/matter/.venv/bin/matter-server --storage-path /home/homeassistant/.matter --paa-root-cert-dir /home/homeassistant/.matter/credentials WorkingDirectory=/srv/matter Environment="PATH=/srv/matter/.venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/homeassistant/.local/bin" User=homeassistant Group=homeassistant Restart=always [Install] WantedBy=multi-user.target We also need a syctl file: #Matter needs to accept RA route advertisements for Thread to work properly net.

Today I’m diving in to the world of network access control! Being able to authenticate network devies plugged in to your switches is a great way to improve network security without resorting to unplugging or disabling every unused port on yout equipment. Now every switch port is universal, and will enable on demand based on what is plugged in. While I couldn’t go through the complete authorization part of the setup (mapping devices to VLANs), I’m planning on making a future video for that step.

Today I’m setting up a simple nginx proxy, so I can store updates used by my many Linux systems. Most of them run a derivative of Debian, so this guide focuses mostly on caching apt repositories (Debian, Ubuntu, Proxmox, and more), but the same approach should work with any distro. Install nginx I’m using a Debian 12 (Bookworm) unprivilaged LXC container, but this is basic nginx which should be in every distro ever.

Today I’m diving into Mutual TLS to securely expose my homelab services! TLS is already ubiquitous in the modern era, providing strong symmetric encryption, perfect forward secrecy, and a public chain of trust to authenticate the server. But, it also has a lesser known ability to authenticate the client. By creating our own certificate authority to issue certs to clients, we can securely authenticate them to the server, preventing other users from even hitting our web app and probing it for vulnerabilities.

In this episode, I’m playing with Single Root I/O Virtualization (SR-IOV) in Proxmox Virtual Environment (PVE). I’ve heard ruomors that it will be anything from a minor to major improvement in IO performance for my VMs, so I wanted to do some testing on my own system to be sure. Please don’t take my results as final, I’m not comfortable saying that I’ve removed all of the background tasks and load from the measurements.

In this post (and video) I’m going to setup Netconsole, so you can capture kernel panics and logs on headless systems. I know some of you are doing wild things with graphics drivers and passthrough, so hopefully this helps you debug them. Enable Now This option enables the module immediately, so you can use it before you do dangerous things. You Simply rebooting clears the setting, so you won’t continue to spam your kernel messages on the local network.