Monica on Docker

I recently came across a post on Mastodon about someone adopting a personal CRM (Monica CRM) as a way of keeping track of their personal relationships. This idea resonated with me. I have a really hard time remembering details of past conversations, and getting in the habit of reaching out to friends (life just plows ahead). It’s not that I don’t care… it just doesn’t stick. Monica CRM captured my interest for several reasons: [Read More]

Tor Relay

I’m a huge fan of both privacy and cool technology, so it goes without saying that I’m also a huge fan of the Tor Project. Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name “The Onion Router”. Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. [Read More]

Blog with Hugo, Gitlab CD, and Caddy

This post is an overview on how I setup this site (built using Hugo) to be automatically deployed to my Caddy server using Gitlab’s continuous deployment. I routinely swap between fancy blogging tools like Ghost and Wordpress as well as static site generation tools like Jekyll and Hugo far more often than I should. I keep coming back to static site generation for several reasons: Server footprint - It’s easy to host static files. [Read More]

Wireguard Access Server

For years, I’ve relied on SSH as the gateway into my LAN from the outside world. I figure that, as far as services I could place on “the front-line” go, it’s pretty solid. It sure beats publicly exposed RDP right?! My usual setup is to configure Linux and OpenSSH Server on a Separate VM or RaspberryPi, and forward inbound SSH requests to that machine. I prohibit password-based logins in /etc/ssh/sshd_config and also install and configure DuoSecurity’s PAM module as an additional layer when logging in from the outside world over SSH. [Read More]

NGINX Semi-private Site

We used to run a development blog for work. We wanted:

  1. To use NGINX to host this content. It was all static pages.
  2. To limit access to people within our network, or to employees while outside the network (phones, laptops, etc.).
  3. We didn’t want to deal with user accounts, active directory, etc.
  4. We wanted super low friction for users.
[Read More]

GPG/SSH with the YubiKey 5

Yubico just announced the new YubiKey 5 and of course I needed to buy one! This gave me a great opportunity to update my somewhat popular GPG/SSH with YubiKey guide. The YubiKey 5 includes support for: Universal Second Factor (U2F) - FIDO & FIDO 2! (nothing uses FIDO 2 but I had to have it ;) CCID Smart Card: RSA (and now ECC) / OpenPGP NFC (starting to be supported by some iOS apps) This guide walks through: [Read More]

Deploying Ghost with Docker & NGINX

It seemed like a good idea to try something new with this website. I settled on running the fancy blogging software Ghost because it looked pretty, has a wonderful editing experience (with markdown support), and (most importantly) I’d never used it before.

[Read More]