Up until now I have been working locally (on my home network). While that is enough for most of the services I'm running I need to access some of them from the outside. For example, I want to expose this blog to the internet and access Miniflux to read my RSS feeds on the go.

There are a few ways to achieve this but I have some specific requirements that I want to meet:

1. Zero-trust approach: I don't want to expose the services directly to the internet.
2. Public services: Other clients apart from me should be able to access some of the services.
3. Home IP safety: Don't directly expose my home IP address. (This is on par with #1, but I want to make it explicit).
4. On-transit encryption: Full on transit encryption from the client to the cluster with no re-encryption in the middle.
5. No Cloudflare. (Breaks #4)
6. No Tailscale. (Breaks #2, also there are other users at home and I don't want to have the Tailscale client running all the time).

What does this leave me? A reverse proxy server.

Read more »

There a time to deploy new services to the cluster, and there is a time to backup the cluster. Before I start depending more and more of the services I want to self-host it's time to start thinking about backups and disaster recovery. My previous server have been running with a simple premise: if it breaks, I can rebuild it.

I'm going to try and keep that same simple approach here, theoretically if something bad happens I should be able to rebuild the cluster from scratch by backing up cluster snapshots and the data stored in the persistent volumes.

Read more »

I was in the process of migrating Shiori from my docker environment to the new k3s cluster I'm setting up. Shiori is a bookmarks manager that uses an SQLite database and a folder to store the data from the bookmarks. I didn't want to switch engines just yet since I want to improve SQLite's performance first, so I decided to move the data directly to a longhorn volume.

This probably is super simple and vastly known but it wasn't clear for me at first. Posting it here for future reference and for anyone that might find it useful.

Read more »

We have been doing a sort of experiment lately. My SO had eye surgery a few weeks ago and the first days se barely opened her eyes and even when she could open them blue light took a toll and make her eyes dry and tired really quickly. Since I still had to work and she had to rest, I suggested her to try out listening to an audiobook. She was a bit skeptical at first, but gave it a try.

I got her Yumi and the nightmare painter; she already read Tress of the emerald sea a few months ago and wanted to read something else from the same author an I got the feeling that this one was good for her too. I had a long plane trip ahead of me at that time too so I tried it out as well, though in my case the book wasn't new to me since I read it last year when it was released.

She loved it, both the book and the experience, and finished it in a couple of days. Even asked for more! Since Yumi and the nightmare painter is a short book and self-contained, talking to her we decied to try out a longer series together. A friend gave her Steelheart for her birthday last year, so we decided to start The Reckoners.

Read more »

I have my K3S cluster up and running, and I'm ready to deploy my first service. I'm going to start migrating one of the simplest services I have running in my current docker setup, the RSS reader Miniflux.

I'm going to use Helm charts through the process since k3s supports Helm out of the box, but for this first service there's also some preparation to do. I'm missing the storage backend, a way to ingress traffic from the internet, a way to manage the certificates and the database. Also, I need to migrate my current data from one database to another, but those are postgresql databases so I guess a simple pg_dump/pg_restore or psql commands will do the trick.

Read more »