It’s a little tricky to connect android to Tailscale, but here’s how I do it using the Google Workspace authentication.
[Read More]Headscale Authentication with Google Workspace
OIDC Logins to your Tailnet via Google
Headscale “users” can be authenticated using Google Workspace logins. This only applies to nodes that do not have tags. Nodes with tags do not get logged in/out via OIDC.
[Read More]Using PGLoader to Copy Data from MS-SQL to PostgreSQL
PGLoader can painlessly copy data from a SQLServer into PostgreSQL, including setting up the schemas and copying the data. A very slick tool that I’d never used before.
[Read More]Fixing a SQLite Schema
Adventures in the Dangerous Pragma
I created a schema and accidentally put “test” instead of “text” in a column type. To fix it, I tried copying it to a new column, since you can’t alter a column in sqlite, then copying it back, but that lost the NOT NULL constraint.
[Read More]Ender 3 Pro, SKR Mini v2.0, and BLTouch upgrade
Upgrading a 2020 Ender 3 Pro with the SKR Mini E3 v2.0 and a BLTouch
I had wanted a BLTouch 3D printer, I felt like the bed leveling would reduce the amount of fiddling per print. I chose to upgrade the motherboard to get something with a native BLTouch port, as the way to achieve it.
[Read More]Addendum to Wilkerson's Garden Beds
Notes from building April Wilkerson's raised garden beds
Over the last few weeks, I built April Wilkerson’s Raised Garden Beds with self-watering system. They are really good looking, and were fun builds, but I do have some notes on the build that may help others.
[Read More]Encrypting ZFS on Ubuntu 20.04
Installing Ubuntu 20.04 with ZFS Native Encryption Enabled
Ubuntu 20.04 includes the ability to install with ZFS for the root and boot partitions. However, it does not include an option for encrypting the root volume. Fortunately, it is easy to enable it.
[Read More]Generating Letsencrypt Personal Certs on Route53
Using AMI roles to restrict certificate generation
We have a bunch of machines behind haproxy load balancers. The haproxy is publicly accessible and can use the ACME HTTP method for certificate renewal. The machines behind it are using self-signed certs from our own CA, but there are cases where we might like to have certs on both systems that are “legit”. For example, a gitlab instance that is accessible internally and externally, or our web servers for internal or testing access.
For the internal machines, I came up with the idea of using DNS to verify the registration, while the haproxy continues to do HTTP.
I wanted to restrict the AWS access keys so the compromise of one machine didn’t expose our entire DNS, so I created a recipe that allows for the access key to be limited to a specific name.
[Read More]