overview for starkzarn

What was your last “impulse buy” and was it worth it? in c/asklemmy@lemmy.world

[–] starkzarn 4 points 1 week ago (1 children)

Oh buddy, let me tell you about amateur radio... If you're having a good time on gmrs, consider exploring the ham hobby. So much fun. There's a lot more landscape to explore than just gmrs gives you. And welcome to the world of RF!

Linkwarden v2.12 - open-source collaborative bookmark manager to collect, read, annotate, and fully preserve what matters (tons of new features!) 🚀 in c/selfhosted@lemmy.world

[–] starkzarn 1 points 2 weeks ago

Fair enough! I toyed with the idea of doing it that way because the systemd component would just reference a single yaml file for each service, which feels portable. That said though, my quadlets as they are are pretty portable too. Thanks for sharing!

Linkwarden v2.12 - open-source collaborative bookmark manager to collect, read, annotate, and fully preserve what matters (tons of new features!) 🚀 in c/selfhosted@lemmy.world

[–] starkzarn 1 points 2 weeks ago (2 children)

Just curious why you chose a kube quadlet instead of the typical podman container quadlets?

#FGLAE in c/science_memes@mander.xyz

[–] starkzarn 5 points 3 weeks ago

Slime mold is so god damn cool man

Why are anime catgirls blocking my access to the Linux kernel? in c/selfhosted@lemmy.world

[–] starkzarn 16 points 3 weeks ago (1 children)

That's because they just terminate TLS at their end. Your DNS record is "poisoned" by the orange cloud and their infrastructure answers for you. They happen to have a trusted root CA so they just present one of their own certificates with a SAN that matches your domain and your browser trusts it. Bingo, TLS termination at CF servers. They have it in cleartext then and just re-encrypt it with your origin server if you enforce TLS, but at that point it's meaningless.

SystemD Service Hardening in c/lobsters@lemmy.bestiver.se

[–] starkzarn 1 points 1 month ago

Hey neat, I wrote this.

Happy to answer any questions. Feel free to also comment on the post itself if you see any issues or have strong opinions on the content.

Systemd Service Hardening in c/linux@lemmy.world

[–] starkzarn 2 points 1 month ago

Good callout! You're absolutely right, and here I was primarily focused on publicly accessible services. Thanks for the addition.

Systemd Service Hardening in c/selfhosted@lemmy.world

[–] starkzarn 1 points 1 month ago

That's a super valid question, as it seems sometimes that some of these things are configured in a way that begs the question "why?" As far as contributing to documentation, that's a moot point. This is already in the man pages, and that's exactly what I referenced in writing this post, in addition to some empirical testing of course. As far as implementation goes, I think that probably lies at a per distribution level, where not one size fits all. Although I don't know of it off the top of my head, I'm sure there's a security centric distro out there that implements more of these sandboxing options by default.

Systemd Service Hardening in c/selfhosted@lemmy.world

[–] starkzarn 3 points 1 month ago

Excellent! There's certainly a lot to unpack, but being able to twist all these little knobs is part of the beauty of Linux.

Systemd Service Hardening in c/linux@lemmy.world

[–] starkzarn 2 points 1 month ago

Very glad to gear it! Learning new stuff with Linux is the fun part of the journey.

30

Systemd Service Hardening (roguesecurity.dev)

submitted 1 month ago by starkzarn to c/linux@lemmy.world

4 comments fedilink

cross-posted from: https://infosec.pub/post/32937284

This one is a little self-hosting specific, and more casual Linux best practices, but I've got a new blog post down for general security! Harden your systemd units (especially custom ones) for better peace of mind on the internet!

Systemd Service Hardening in c/selfhosted@lemmy.world

[–] starkzarn 15 points 1 month ago

Hey, much appreciated!

1

Systemd Service Hardening (roguesecurity.dev)

submitted 1 month ago by starkzarn to c/linux@lemmy.ml

0 comments fedilink

cross-posted from: https://infosec.pub/post/32937284

This one is a little self-hosting specific, and more casual Linux best practices, but I've got a new blog post down for general security! Harden your systemd units (especially custom ones) for better peace of mind on the internet!

130

Systemd Service Hardening (roguesecurity.dev)

submitted 1 month ago by starkzarn to c/selfhosted@lemmy.world

6 comments fedilink

This one is a little self-hosting specific, and more casual Linux best practices, but I've got a new blog post down for general security! Harden your systemd units (especially custom ones) for better peace of mind on the internet!

Personally I'm grateful to not need 3rd party packages in c/linuxmemes@lemmy.world

[–] starkzarn 3 points 1 month ago (4 children)

What... This isn't true at all.

47

Self-host Meshtastic Metrics in Grafana (roguesecurity.dev)

submitted 1 month ago by starkzarn to c/selfhosted@lemmy.world

8 comments fedilink

cross-posted from: https://infosec.pub/post/32151664

This is a generic metrics post to leverage a spare ESP32 meshtastic node to ingest metrics into Grafana! We've had some congestion issues due to poor config in my area, and this has helped me pinpoint which nodes are causing the biggest problems, and block them at my repeater.

17

Self-host Meshtastic Metrics in Grafana (roguesecurity.dev)

submitted 1 month ago by starkzarn to c/meshtastic@mander.xyz

4 comments fedilink

This is a generic metrics post to leverage a spare ESP32 meshtastic node to ingest metrics into Grafana! We've had some congestion issues due to poor config in my area, and this has helped me pinpoint which nodes are causing the biggest problems, and block them at my repeater.

23

Monitor your AREDN Node with Prometheus and Grafana (roguesecurity.dev)

submitted 3 months ago by starkzarn to c/selfhosted@lemmy.world

7 comments fedilink

cross-posted from: https://infosec.pub/post/29612746

0

Monitor your AREDN Node with Prometheus and Grafana (roguesecurity.dev)

submitted 3 months ago by starkzarn to c/amateur_radio@lemmy.radio

0 comments fedilink

9

Intercept and Monitor TLS Traffic with mitmproxy Using Podman - Infosec.Pub (infosec.pub)

submitted 3 months ago by starkzarn to c/cybersecurity@sh.itjust.works

0 comments fedilink

59

Intercept and Monitor TLS Traffic with mitmproxy Using Podman (roguesecurity.dev)

submitted 3 months ago by starkzarn to c/selfhosted@lemmy.world

0 comments fedilink

This one is less focused on self-hosting a homelab service, but I thought might be interesting for the homelabbers here. I got into this hobby through my career in cybersecurity, and decided to write up a little post about a tool I frequently use, mitmproxy!

4

Leveraging Authelia for OIDC Single Sign-On (SSO) with Headscale (roguesecurity.dev)

submitted 4 months ago by starkzarn to c/tailscale@programming.dev

0 comments fedilink

cross-posted from: https://infosec.pub/post/28466166

If you've followed any of my self-hosted headscale with Podman series, I wrote up another "bonus" post talking about OIDC configuration with Authelia. Took some trial and error, so I figured I'd document it in the public notebook.

86

Leveraging Authelia for OIDC Single Sign-On (SSO) with Headscale (roguesecurity.dev)

submitted 4 months ago by starkzarn to c/selfhosted@lemmy.world

5 comments fedilink

If you've followed any of my self-hosted headscale with Podman series, I wrote up another "bonus" post talking about OIDC configuration with Authelia. Took some trial and error, so I figured I'd document it in the public notebook.

18

Monitor Your Network the GPL Way with LibreNMS (roguesecurity.dev)

submitted 4 months ago by starkzarn to c/networking@sh.itjust.works

2 comments fedilink

cross-posted from: https://infosec.pub/post/28196930

Another post in the records for the tech blog, this time all about opensource network monitoring with LibreNMS!