OPNSENSE MONITORING WITH ZABBIX

One thing that is a key asset in any environment is reliable, thorough monitoring. Once as you add more redundant layers to your infrastructure, automated monitoring is frequently the only way to tell if something has failed, short of manual checking. When setting up monitoring for my OPNSense routers, though, I wasn’t super thrilled with the default options. There’s an SNMP template available in Zabbix, but SNMP set up on OPNSense didn’t seem straightforward, and I especially didn’t want to risk exposing this data to untrusted networks my router may sit on.

Read more

USING UNIFI PROTECT ACROSS VLANS AND VPNS

After Ubiquiti’s recent security faux pas, I started to question the best way to access my Unifi Protect cameras. By default, the Unifi Protect uses your Ubiquti account to log in, and disabling remote access breaks this. This can be bypassed with a little work, and if you’re using OPNSense, it’s pretty easy. Motivation I won’t comment on the recent security issues Ubiquiti had with their Unifi services, which includes the protect line of gear.

Read more

CLEANING UP FIREWALL RULES

One project I recently invented for myself is cleaning up my jumbled mess of firewall rules. The issue is that as time has gone on, I’ve created more VLANS, which has led to more rules that I’ve never really formally organized. It finally reached a tipping point, and after some experimentation, I found a new system that improves my security and makes things much more simple. My Problem The main issue here is that I have a lot of VLANs in my network.

Read more

PREPARING FOR YOU HOMELAB'S DEMISE

Trigger Warning: This post talks generally about human mortality and loss of your home. One ting I’ve recently started considering is how my Homelab can survive if I’m not around. At first, everything in the lab was pretty low value so losing things wasn’t a huge deal. Recently though, I’ve started archiving family photos and other important things that need to survive after me. I’ll outline the considerations and situations I took into account, then I’ll share some of the tools I used to plan.

Read more

USING HTTPS IN YOUR HOMELAB, AND WHY IT'S IMPORTANT

When you have a homelab, you’re going to start having a number of internal websites and services you use. You’ll learn to live with HTTPS warnings when navigating to these sites, but these warnings can still be a problem. What if we wanted to have valid HTTPS everywhere? HTTPS Primer HTTPS encrypts your traffic so things that intercept it (routers, attackers, etc) can’t decode it, and it does this even with an invalid or self-signed certificate.

Read more

PLEASE DON'T SELL SPACE IN YOUR HOMELAB

Hanging out in subreddits like /r/homelab, /r/servers, and /r/datahoarder, I see this question asked too many times: I have extra space in my home server, how can I sell this for other people to use? My answer (and a lot of other people’s answer): don’t. We’re Really Not Trying To Ruin Your Dreams If you come across this post, or if this was sent to you, know that we aren’t doing this for the sole purpose of ruining your day.

Read more

MY THOUGHTS ON LASTPASS AND THEIR RECENT BREACHES

If you’ve poked your head outside in the last few weeks, you’ve noticed that LastPass had a security breach where customer vaults were exposed and downloaded. I’ve been hanging around in /r/lastpass and seeing the mixed reactions has been interesting. Why I’m Leaving I’m leaving LastPass, and had been looking at solutions for the last few months. While the security problems are the last nail in the coffin, I’ll share why I’m leaving besides the breach.

Read more

THE COST OF HOMELAB BACKUPS

If you ave a homelab, you’ve probably collected a few TB of data that needs backed up. Recently in /r/datahoarder and /r/homelab I’ve seen a lot of posts that ask about backups. I’ve talked about my strategy in the past , but I figured I dive a bit more into offsite backups. If you’re not familiar with why you should be keeping backups or some general rules of thumb, I have some information over here.

Read more

SETTING UP A BACKUP 4G INTERNET CONNECTION WITH OPNSENSE

One thing that quickly becomes annoying is disruptions to my main home internet. This is annoying for the obvious reasons: I can’t use remote services, home automation that needs the cloud breaks, etc, but is also frustrating because it’s something I largely can’t control. I’m at the mercy of my ISP to detect outages and resolve them, and sitting around and waiting is one of the worst feelings. After an outage that lasted over a day, I took matters into my own hands and created a backup 4G connection for my home internet.

Read more

THIS SITE'S STACK

This site isn’t anything too special, but I figured I’d share how I host things for others who may be interested in owning their words. Motivation For Self Hosting I’ve run this website (in some form or another) for the last 6+ years. The idea was to share some stuff I do that I think is cool with others and maybe remind myself of projects past. I’ve always just shared written content (for now), and there’s a million different ways to get your words out there.

Read more