dunkirk.sh
the home site for me: also iteration 3 or 4 of my site
chore: move cdns
+74
-74
+17
-17
content/blog/2023-07-10_install-truenas-core-proxmox.md
+17
-17
content/blog/2023-07-10_install-truenas-core-proxmox.md
···
12
12
13
13
<!-- more -->
14
14
15
-
{caption="my active vault storing 1.8TB of old projects"}
15
+
{caption="my active vault storing 1.8TB of old projects"}
16
16
17
17
## Introduction
18
18
···
28
28
29
29
Sign-in to Proxmox and upload your ISO to the local storage or, download the file directly from the link using the built-in ISO fetcher.
30
30
31
-
31
+
32
32
33
33
Next to create the VM, the only thing that needs to be changed from the defaults is the memory, which I set to `8192 MB` (8 GB).
34
34
35
-
35
+
36
36
37
37
Now finish creating the VM and click on the VM after it is created. Go to options and enable start at boot.
38
38
39
-
39
+
40
40
41
41
Next, we need to pass through the physical drives to the VM. Open a terminal on the Proxmox server (use the built-in terminal or ssh in) and run the following command. Only run the part after the #.
42
42
···
119
119
120
120
Now find your VM_ID, mine is 102.
121
121
122
-
122
+
123
123
124
124
Run the following command, replacing the VM_ID and DISK_ID with yours.
125
125
···
135
135
136
136
Here is how it appears in Proxmox:
137
137
138
-
138
+
139
139
140
140
If everything went well, then you can start your VM now. After it finishes booting up, you will get the screen below. Make sure Install/Upgrade is selected and hit enter.
141
141
142
-
142
+
143
143
144
144
You will then get this screen, use space to select the first drive and hit enter.
145
145
146
-
146
+
147
147
148
148
Hit enter one last time and enter your password.
149
149
150
-
151
-
150
+
151
+
152
152
153
153
Select BIOS, as this is the default mode for Proxmox VMs.
154
154
155
-
155
+
156
156
157
157
After about five to ten minutes, the installation process will finish and the VM will ask you to remove installation media and reboot.
158
158
159
-
160
-
159
+
160
+
161
161
162
162
Select the installation media and remove it with the top button, go back to the console and hit enter, which will take you back to the main menu. On the main menu, select reboot with the arrow keys and hit enter.
163
163
164
-
164
+
165
165
166
166
Once the machine restarts, it will display an IP address in the console.
167
167
168
-
168
+
169
169
170
170
Upon connecting to the IP address, you will get this screen. Use the root username and the password, previously configured, to login.
171
171
172
-
172
+
173
173
174
174
Once logged in, I updated the system using the button on the home screen.
175
175
176
-
176
+
177
177
178
178
I chose not to save the configuration file when prompted, proceeded to install the updates, and rebooted.
179
179
+9
-9
content/blog/2023-08-04_garmin-vivoactive-homeassistant.md
+9
-9
content/blog/2023-08-04_garmin-vivoactive-homeassistant.md
···
12
12
13
13
<!-- more -->
14
14
15
-
{caption="I can control spotify from my watch via api hooks how bout you?"}
15
+
{caption="I can control spotify from my watch via api hooks how bout you?"}
16
16
17
17
This widget interested me because it allowed me to call any webhook I wanted utilizing the onboard Wi-Fi as well as through the Connect IQ app. This was a very important feature for me because I can’t get the app to run on LineageOS as it keeps asking for the location permission even though it was already granted.
18
18
···
22
22
23
23
Now for the Google Assistant SDK / APICall / Home Assistant tutorial. The first thing you want to do is follow this guide, [Google Assistant SDK - Home Assistant](https://www.home-assistant.io/integrations/google_assistant_sdk#configuration), to install the Assistant SDK. Once you have completed that, go to Settings / Automations & Services.
24
24
25
-
26
-
25
+
26
+
27
27
28
28
This is where you can create the action that you want to trigger with your smartwatch. The first thing you need to do is to create a new automation. Save and name the automation you just created. Now add a trigger, scroll to the bottom of the list and select webhook. If done successfully, it will look like the image below.
29
29
30
-
30
+
31
31
32
32
33
33
Now add an action. I decided to use the media player to play a song on Spotify. Also go back to the webhook section and click the settings icon next to the webhook ID. Change the settings to reflect below screenshot.
34
34
35
-
36
-
35
+
36
+
37
37
38
38
Now for the fun part. Download [APICall](https://apps.garmin.com/en-US/apps/ac9a81ab-a52d-41b3-8c14-940a9de37544) onto your Garmin smartwatch and go to the configuration section for the app.
39
39
40
40
> Note: I’ll be using Garmin Express on my MacBook, but you can also use the Garmin Connect app on a phone.
41
41
42
-
42
+
43
43
44
44
If you are using Garmin Express, then you can access the app settings by selecting the 3 dots next to the app. You will have 36 possible API calls that you can enter.
45
45
46
-
{caption="Yes that formatting is atrocious but it works at least!"}
46
+
{caption="Yes that formatting is atrocious but it works at least!"}
47
47
48
48
> webhooks
49
49
```ts
···
58
58
59
59
These are the actions that I configured for my watch so far. To customize for your API calls you need to change the `deviceName`, `actionName`, and `url` fields. The `method` and `headers` need to stay the same across all actions. If you want to add an icon to that action, then you can configure that with the `actionIcon` field. A table with the possible icons is included below, sourced from APICall’s [documentation](https://apicall.dumesnil.net/documentation_en.html).
60
60
61
-
61
+
62
62
63
63
In conclusion, you can use APICall to trigger actions in home assistant from your Garmin smartwatch. I hope this tutorial proved to be useful, and have a great rest of your day (or night).
64
64
+1
-1
content/blog/2023-11-01_censorship-or-protection.md
+1
-1
content/blog/2023-11-01_censorship-or-protection.md
···
10
10
11
11
<!-- more -->
12
12
13
-
{caption="Law makers keeping producing new “online safety bills” but do they really help?"}
13
+
{caption="Law makers keeping producing new “online safety bills” but do they really help?"}
14
14
15
15
In the last few years, we have seen a wave of “online safety bills” created by lawmakers that will ostensibly help protect children online. The US has the Protecting Kids on Social Media Act (PKSMA, S.1291) and the Kids Online Safety Act (KOSA, S.1409) while in the UK they have the Online Safety Bill (OSB). The main feature that all of these bills have in common is the censorship of online content for minors. The Electronic Frontier Foundation (EFF) has raised concerns over KOSA, saying, “The bill requires all websites, apps, and online platforms to filter and block legal speech” (Mullin). These bills raise an important question–should the government regulate the online activities of children, or should that responsibility lie solely with parents?
16
16
+2
-2
content/blog/2023-11-10_monaspace-vs-code-install.md
+2
-2
content/blog/2023-11-10_monaspace-vs-code-install.md
···
12
12
13
13
<!-- more -->
14
14
15
-
{caption="This font is so pretty and has so many features its amazing. It's main downside is to work it takes to set it up."}
15
+
{caption="This font is so pretty and has so many features its amazing. It's main downside is to work it takes to set it up."}
16
16
17
17
18
18
## 1. Download and install the Monaspace font:
···
30
30
31
31
- You will find this option under _Editor: Font Family_ in the user preferences
32
32
33
-
33
+
34
34
35
35
36
36
Next enable font ligatures in the settings.json with following snippet:
+8
-8
content/blog/2024-08-03_ssd-removal-mbp-2017.md
+8
-8
content/blog/2024-08-03_ssd-removal-mbp-2017.md
···
12
12
13
13
<!-- more -->
14
14
15
-
{caption="it really was a rather sleek design; shame that apple got rid of it in favor of soldered on storage"}
15
+
{caption="it really was a rather sleek design; shame that apple got rid of it in favor of soldered on storage"}
16
16
17
17
I eventually decided to just try and remove the SSD from the MacBook and see if there was a way to recover any files from it (spoiler: there kinda is, but it's annoying) but I couldn't find any guide online and iFixit had nothing. So I decided to just try and yolo it and see if I could figure it out on my own, and surprisingly I actually managed to do it! Turns out, the process isn't that hard! I'll take you through the steps I took so that if you want to do this, it's much less of a hassle.
18
18
19
19
## Guide
20
20
21
21
1. the first thing you need to do is to remove the screws from the back of your MacBook. This will use a P5 Pentalobe driver, which I believe you can buy from iFixit as well as several other companies on Amazon.
22
-
22
+
23
23
24
24
1. next you need to crack open the shell of the MacBook by prying under the front (on the side where the MacBook opens). It's pretty helpful to have a suction cup or something to lift it up a bit so you can get your prying tool underneath (I used a flat plastic prying tool I got from the battery repair kit for this MacBook, but a guitar pick or credit card would probably also work)
25
-
25
+
26
26
27
27
1. now once you've got the back slightly opened up just run around the edge of the shell prying up on it until the front and two sides are free then just pull forward at a slight (15ish degree?) angle, and it should slide right out.
28
-
28
+
29
29
30
30
1. once it's open, locate the silver metal block looking thing; this is your SSD
31
-
31
+
32
32
33
33
1. now using a T5 Torx driver (why couldn't you just use one type of screws apple 😭; be more like framework) you need to unscrew the two screws on either side of the front of the SSD
34
-
34
+
35
35
36
36
1. now comes the slightly scary part (for me at least) you need to lift the black tape that's covering the top of the SSD (don't worry the SSD will be fine)
37
-
37
+
38
38
39
39
1. now just slightly pull on the SSD (again at a slight angle) and it should pop right out!
40
-
40
+
41
41
42
42
## Postlog and notes
43
43
+3
-3
content/blog/2024-10-11_example_post.md
+3
-3
content/blog/2024-10-11_example_post.md
···
126
126
127
127
```
128
128
129
-
129
+
130
130
131
131
When there are multiple paragraphs of text in a row (usually 3-4), and nothing else to break
132
132
them up, images can be interspersed to help prevent text-wall fatique.
···
137
137
{{/* img(id="https://url.com/image.png" alt="alt text" caption="this can be ommited if you want or added! It's optional :)") */}}
138
138
```
139
139
140
-
{caption="it really was a rather sleek design; shame that apple got rid of it in favor of soldered on storage"}
140
+
{caption="it really was a rather sleek design; shame that apple got rid of it in favor of soldered on storage"}
141
141
142
142
You can also display multiple images side-by-side using the `imgs` shortcode with comma-separated URLs:
143
143
···
145
145
{{/* imgs(id="https://url.com/image1.png, https://url.com/image2.png" alt="alt text 1, alt text 2" caption="optional caption for both images") */}}
146
146
```
147
147
148
-
![the ssh section](https://hc-cdn.hel1.your-objectstorage.com/s/v3/ed400c26ddfa37ab4a9ef4fd5a506f2dcc1bcfbb_img_8879.jpeg){caption="side by side images from the remarkable tutorial"}
148
+
![the ssh section](https://l4.dunkirk.sh/i/FCjVs9QyX8jd.webp){caption="side by side images from the remarkable tutorial"}
149
149
150
150
### Videos
151
151
+3
-3
content/blog/2024-10-13_hilton_tomfoolery.md
+3
-3
content/blog/2024-10-13_hilton_tomfoolery.md
···
16
16
17
17
I'm connecting over WireGuard, so I fired up mitmproxy with `mitmweb --mode wireguard` on my laptop. Connecting via WireGuard theoretically is pretty simple; all I need to do is to scan a qr code and connect. Unfortunately, the hotel Wi-Fi seems to be oddly segmented, and I can't access the WireGuard server or ping my laptop from my phone. I'm going to try firing up a hot spot on my dad's phone and see if that allows me to talk to my phone.
18
18
19
-
{caption="You have to dig through several menus to trust it"}
19
+
{caption="You have to dig through several menus to trust it"}
20
20
21
21
I messed with getting my laptop to connect to my dad's phone, but it kept refusing for some reason. My next idea is to ngrok the WireGuard tunnel, which ended up failing because ngrok doesn't support UDP. Finally, after an embarrassingly long time, I realized that I could simply use `ngrok tcp 8080` and the HTTP proxy server built into mitmproxy instead. After installing the root certificate and trusting it in the iPhone settings, we were good to go!
22
22
···
758
758
759
759
## Locks
760
760
761
-
{caption="What it looks like in the app"}
761
+
{caption="What it looks like in the app"}
762
762
763
763
When using the unlock button, it made a request to this URL: `https://smetric.hilton.com/b/ss/hiltonglobalprod/10/IOSN030200030900/s65425920` with a payload of a URL encoded form.
764
764
···
943
943
944
944
Taking inspiration from the [LOW←TECH MAGAZINE](https://solar.lowtechmagazine.com/) I will be taking any questions / comments about this article via email and then posting them here to my site! If you have a question or comment, feel free to email me at [me@dunkirk.sh](mailto://me@dunkirk.sh). Now to go eat breakfast :)
945
945
946
-
{caption="A delicious waffle, mildy warm bacon, and under seasoned potatoes."}
946
+
{caption="A delicious waffle, mildy warm bacon, and under seasoned potatoes."}
+3
-3
content/blog/2025-01-31_my-life-story-with-tech.md
+3
-3
content/blog/2025-01-31_my-life-story-with-tech.md
···
16
16
17
17
Hi! My name is Kieran, and I've been interested in / involved with cybersecurity and programming since I first started using a laptop at 10! I started out with a raspberry pi 3b+ which taught me how to use debian as well as the basics of creating and maintaining databases and web services. I moved on to an ubuntu laptop about a year latter and started using my raspberry pi as a home server to run small websites on our local lan. Soon I wanted to share them with others and expose them to the internet, so I learned how to use dns and port forwarding and then how to secure the server to prevent attacks with tools like fail2ban!
18
18
19
-
{caption="I still have that same rpi today! It's joined with all the random tech bits in two enormously heavy bins in my closet"}
19
+
{caption="I still have that same rpi today! It's joined with all the random tech bits in two enormously heavy bins in my closet"}
20
20
21
21
Over the next 2 years, I systematically read every single book in the tech section of my local library and became interested in white-hat hacking. I taught myself how to use kali linux and metasploit with the help of many web searches and had quite a bit of fun rooting and then sideloading custom payloads onto our families set of kindle fires (I was eventually restricted to just playing with just one but I did make a home security system with all of them once). I figured out wireshark and started playing with wifi protocals but eventually reached the limit of what I could figure out on my own and took a quick detour of two years to learn blender and build my first computer.
22
22
···
26
26
27
27
After the move, I became quite interested in front end development and started making quite a few websites and various random coding projects. If you look on my GitHub contributions graph ([github.com/taciturnaxolotl](https://github.com/taciturnaxolotl), you can see it go from a lightly speckled grid in 2021 and 2022 to a much more solid commit streak in 2023. I only had one week when I didn't code anything and that was the second week of the year :) Toward the end of that year I started learning about hardware design and made my first PCB! I also joined a wonderful community called hackclub where I met a ton of amazing teenagers who were also interested in tech just like me! I joined an FRC robotics team in January of the next year and had a blast designing, building, and programming a custom meter square, 150 lb, industrial robot to compete in that year's game!
28
28
29
-
{caption="I loved working on purple bubble 💖 i worked with some pretty incredible people and learned a ton. ik know yall are probably reading this when rss drops it so 🫶"}
29
+
{caption="I loved working on purple bubble 💖 i worked with some pretty incredible people and learned a ton. ik know yall are probably reading this when rss drops it so 🫶"}
30
30
31
31
During that same time I also started a 501(c)3 named Purple Bubble with friends that I had met through Hackclub focused on making a secure, cost-effective, and privacy preserving messaging protocol. We drafted a specification and poured many, many hours into planning and developing the protocol over the next year but eventual realized that the messaging protocol space is *incredibly* hard and that there were innate flaws in our protocol that would compromise the security of the app (We couldn't find a good way to anonymize connections to a network of server's while also providing zero metadata transfer of messages between servers; we had originally planned for the protocol to be zero trust federated, but this proved to be a challenge that, no matter how hard we kept thinking and talking about it, we couldn't find a solution too). I learned a huge amount about organizing a group of people and running an organization through that experience and made some wonderful friends, so it wasn't entirely in vain.
32
32
33
33
My latest project and biggest learning experience in both security and development has been building a time tracking server for coding called Hackatime. It is fully compatible with the popular wakatime.org, which allows it to leverage the hundreds of existing extensions for tracking time spent coding in almost every popular IDE and editor. I made this as a part of an event Hackclub ran called High Seas where they encouraged high school students to make cool projects by giving out awesome prizes for time spent coding (you had to "ship" your project where it would get voted on by the other four thousand teens participating and then via a custom ELO system convert your hours into "doubloons" that could be redeemed for prizes like framework laptops, soldering irons, McMaster Car credits, and many others. If you want to learn more about it, the website is [highseas.hackclub.com](https://highseas.hackclub.com)). In order to track the time of the thousands of teenagers participating, I created this server which was handling thousands of users an hour and hundreds of requests a second. I learned how to scale the server and database and learned an incredible amount that only comes at scale. At one point I got an email that the database bill had increased so much over the previous month that we were going to hit both the `$1k` hard limit and then a `$4k` limit that I had placed on the monthly bill, expecting never to hit it. The team hosting the database (Cockroach DB) graciously offered to reduce our bill down to only `$500` which was incredible. There were many more instances where things broke, or where I discovered security issues that made me grow an insane amount in my knowledge of how to fix things and really pushed me out of my comfort zone. (If you want to take a look at the github repo it is at [github.com/hackclub/hackatime](https://github.com/hackclub/hackatime) and the hosted version is at [waka.hackclub.com](https;//waka.hackclub.com) with a live hours counted tracker)
34
34
35
-
{caption="The price really sky rocketed as we started using it in prod 😂"}
35
+
{caption="The price really sky rocketed as we started using it in prod 😂"}
36
36
37
37
I'm still trying to figure out what exactly I want to major in, and I'm pretty solidly split between Comp Sci with a cybersecurity focus and Computer/Electrical Engineering. I'm hoping that this camp can help make that decision a bit more clear and give me a better understanding of what getting a major in Cyber Security would be like!
+3
-3
content/blog/2025-02-02_degraded-zpool-proxmox.md
+3
-3
content/blog/2025-02-02_degraded-zpool-proxmox.md
···
12
12
13
13
<!-- more -->
14
14
15
-
{caption="That really scared the pants off me when I first saw it 😂"}
15
+
{caption="That really scared the pants off me when I first saw it 😂"}
16
16
17
17
## Actually fixing it
18
18
···
89
89
ata-ST3750640NS_3QD0BN6V
90
90
```
91
91
92
-
{caption="My case situation is a bit of a mess and I'm using old 7200rpm server drives for pretty much everything; the dream is a 3 drive 2 TB each m.2 nvme ssd setup, maybe someday 🤷"}
92
+
{caption="My case situation is a bit of a mess and I'm using old 7200rpm server drives for pretty much everything; the dream is a 3 drive 2 TB each m.2 nvme ssd setup, maybe someday 🤷"}
93
93
94
94
We are going to go with the first id so no we move on to the zfs part. Running `zpool status vault-of-the-eldunari` we can get the status of the pool:
95
95
···
117
117
118
118
We can add our new disk with `zpool replace vault-of-the-eldunari 9201394420428878514 ata-ST3750640NS_3QD0BN6V` but first we wipe the disk from proxmox under the disks tab on our proxmox node to make sure its all clean before we restore the pool after we do that we also initalize a new gpt table. Now we are ready to replace the disk. Running this command can take quite a while and it doesn't output anything so sit tight. After waiting a few minutes proxmox reported that resilvering would take 1:49 minutes and it was 5% done already! I hope this helped at least one other person but I'm mainly writing this to remind myself how to do this when it inevitably happens again :)
119
119
120
-
{caption="It's slow but faster then I expected for HDDs"}
120
+
{caption="It's slow but faster then I expected for HDDs"}
+1
-1
content/blog/2025-02-15_remove-exif-git-hook.md
+1
-1
content/blog/2025-02-15_remove-exif-git-hook.md
···
14
14
15
15
I started with the naive method of just having a `.git/hooks/pre-commit` file that would run `exiftool` on the input but after realizing that hooks placed there wouldn't be synced to the repo decided that wasn't the best way. I moved to using a script that would symlink files from the `hooks` directory to `.git/hooks`. It worked moderately well but due to the fact that I used (yes I feel the shame admitting this [:uw_embarrassed:](https://cachet.dunkirk.sh/emojis/uw_embarrassed/r)) `#!/bin/bash` instead of `#!/usr/bin/env bash`. Not realizing my mistake and believing it to be related to the symlink I found [this stack overflow](https://stackoverflow.com/questions/4592838/symbolic-link-to-a-hook-in-git/#:~:text=While%20you%20can%20use%20symbolic%20links) answer which taught me that you can use `git config core.hooksPath hooks` to move the hooks directory to `./hooks` in the root of your repo! After doing that and it still not working (i feel very dense writing this lol) I finally realized that the shebang was wrong and then it worked!
16
16
17
-
{caption="phew"}
17
+
{caption="phew"}
18
18
19
19
Is there anything at all to learn from this? Well yes actually! You can use the script below and the `git config core.hooksPath hooks` setting to scrub your own images!
20
20
+16
-16
content/blog/2025-03-14_my-animations.md
+16
-16
content/blog/2025-03-14_my-animations.md
···
16
16
17
17
{{ youtube(id="O7SYcdUM8mI", caption="2021.01.27 first jelly jar") }}
18
18
19
-
{caption="2021.02.10 tesla showroom"}
19
+
{caption="2021.02.10 tesla showroom"}
20
20
21
21
{{ youtube(id="7Ozt7WcVwt0", caption="2021.09.27 Chalet a la Tagia minecraft animation") }}
22
22
23
-
{caption="2021.12.15 cube diorama"}
23
+
{caption="2021.12.15 cube diorama"}
24
24
25
25
{{ youtube(id="O5iHoFwKQuE", caption="2021.12.17 creature walk cycle test") }}
26
26
···
42
42
43
43
{{ youtube(id="Gy0K-Gi95Jg", caption="2022.01.22 lost music visualization") }}
44
44
45
-
{caption="2022.01.24 ice icosphere"}
45
+
{caption="2022.01.24 ice icosphere"}
46
46
47
-
{caption="2022.01.27 marble jar"}
47
+
{caption="2022.01.27 marble jar"}
48
48
49
49
{{ youtube(id="ue-hy7w1-JE", caption="2022.02.08 firefly particle sim") }}
50
50
···
54
54
55
55
{{ youtube(id="BGJbmXqCD5M", caption="2022.03.16 molecular plexus") }}
56
56
57
-
{caption="2022.03.16 twisted torus"}
57
+
{caption="2022.03.16 twisted torus"}
58
58
59
59
{{ youtube(id="yT37oZmd4hc", caption="2022.03.17 hex tunnel") }}
60
60
61
61
{{ youtube(id="3SQN0L0wbhU", caption="2022.03.23 wavy strips motion effects") }}
62
62
63
-
{caption="2022.03.31 airship"}
63
+
{caption="2022.03.31 airship"}
64
64
65
-
65
+
66
66
67
-
67
+
68
68
69
-
69
+
70
70
71
-
71
+
72
72
73
-
{caption="2022.04.06 viking village"}
73
+
{caption="2022.04.06 viking village"}
74
74
75
-
{caption="2022.04.06 mountain lake village"}
75
+
{caption="2022.04.06 mountain lake village"}
76
76
77
77
{{ youtube(id="gPRrt_0NMKE", caption="2022.04.07 rolling balls motion effects") }}
78
78
···
80
80
81
81
{{ youtube(id="zqyv7GBTLGA", caption="2022.05.30 fire handwriting") }}
82
82
83
-
{caption="2022.06.24 the cylinder"}
83
+
{caption="2022.06.24 the cylinder"}
84
84
85
85
{{ youtube(id="XVyMUROofZ8", caption="2022.07.21 the iconic donut") }}
86
86
···
88
88
89
89
{{ youtube(id="zRlgWbW1Qcw", caption="2022.08.01 mirror physics") }}
90
90
91
-
{caption="2022.08.30 the earth"}
91
+
{caption="2022.08.30 the earth"}
92
92
93
-
{caption="2022.08.31 glowing pendulums"}
93
+
{caption="2022.08.31 glowing pendulums"}
94
94
95
-
{caption="2022.10.22 orange flower"}
95
+
{caption="2022.10.22 orange flower"}
96
96
97
97
## 2023
98
98
+8
-8
content/blog/2025-12-18_homelab-tour.md
+8
-8
content/blog/2025-12-18_homelab-tour.md
···
12
12
13
13
<!-- more -->
14
14
15
-
{caption="This is my server ember, say hi!"}
15
+
{caption="This is my server ember, say hi!"}
16
16
17
17
I have a few main machines. In order of when I first got them they are:
18
18
···
30
30
31
31
### Ember
32
32
33
-
33
+
34
34
35
35
This used to run all of my services up till a month ago when I setup my oracle cloud instance and switched all of my main hosted services over. It currently runs my jellyfin / arr stack and any random workloads I want to throw somewhere without setting up a nix config for it. It in the very near future is probably going to become a quick deploy server in lieu of railway and similar services. The plan is to have a simple cli that will just throw everything on the server from a local repo and just run it with a domain.
36
36
···
38
38
39
39
### Terebithia
40
40
41
-
41
+
42
42
43
43
This has really been a rock solid machine for me. I have it setup with my nix config and it auto deploys with `deploy-rs` from github actions over tailscale. It is running my [tangled.org](https://tangled.org/@dunkirk.sh) knot so it hosts all of my git repos and I have a fancy little automation that sets up git hooks in the repos as they are created to auto mirror to github. It is also running [cachet](https://cachet.dunkirk.sh) which is a slack profile picture and emoji proxy (thats where all the emojis in this blog are pulled from) that I built to work at extremely high scale. It was running on `ember` for a while but I swapped it over to here to be a bit more reliable since so many people in Hackclub rely on it now. I'm also running a few slack bots and [battleship-arena](https://battle.dunkirk.sh) again through their own nix services.
44
44
45
-
{caption="bore in all it's glory"}
45
+
{caption="bore in all it's glory"}
46
46
47
47
My most exciting services hosted on here though are [bore](https://bore.dunkirk.sh) and [indiko](https://indiko.dunkirk.sh/docs). Bore is a little wrapper I made around [frp](https://github.com/fatedier/frp) which allows me to easily deploy and view my tunnels. It is essentially an ngrok replacement and super slick to use. I made a custom cli for it with `gum` and nix which you can find along with setup instructions on the [tangled repo](https://tangled.org/dunkirk.sh/dots/tree/main/modules/nixos/services/bore).
48
48
49
-
![users managment](https://hc-cdn.hel1.your-objectstorage.com/s/v3/b99ed9edc508619a_95016.png){caption="the indiko admin ui and oauth consent screen"}
49
+
![users managment](https://l4.dunkirk.sh/i/N8I51AOs-va7.webp){caption="the indiko admin ui and oauth consent screen"}
50
50
51
51
My newest project is [Indiko](https://tangled.org/dunkirk.sh/indiko/). It is a selfhosted IndieAuth / OAuth 2.0 compatible auth server somewhat like Authelia or Authentik but mine! I can defined custom clients and then use it to authorize with my own apps. I'm planning to add support to bore for using indiko as an authentication middleware on protected tunnels probably tomorrow. I'm currently using this to authenticate my shortlinks service [hop](https://hop.dunkirk.sh) ([repo](https://tangled.org/dunkirk.sh/hop)) which allows me to add new viewers and admins on the fly!
52
52
···
83
83
84
84
### Thespia
85
85
86
-
![harddrives in the front](https://hc-cdn.hel1.your-objectstorage.com/s/v3/9a4f28db04c7f170_img_8922.jpeg){caption="I have been blessed with ~5tb of HDD storage but I currently have no place to put it so this is only about 1.5 TB and it is truely attrocious"}
86
+
![harddrives in the front](https://l4.dunkirk.sh/i/tBkhMjYzfH-K.webp){caption="I have been blessed with ~5tb of HDD storage but I currently have no place to put it so this is only about 1.5 TB and it is truely attrocious"}
87
87
88
88
This is the most jank part of the whole lab. It is one of my oldest dedicated machines and it is kind of showing it's age. I really don't do much with it anymore but the harddrives are still somehow kicking. I inherited a large cardboard box of drives from my great uncle (I also got ember from him) and they all have about 10-15% of life left but are in 500 GB and 750 GB sizes which is a wee bit annoying. I'm most likely going to get a beelink or something else that is small and power efficent and just shove a ridiculous amount of m.2 SSDs in there.
89
89
···
105
105
106
106
### Network stack
107
107
108
-
![the access point](https://hc-cdn.hel1.your-objectstorage.com/s/v3/7b89b9c74e49ff08_img_8920.jpeg)[rpi](https://hc-cdn.hel1.your-objectstorage.com/s/v3/5522f23f39c5482c_img_8921.jpeg){caption="it is fairly basic but it does work"}
108
+
![the access point](https://l4.dunkirk.sh/i/PYMlcqfBHHnD.webp)[rpi](https://l4.dunkirk.sh/i/gygT3oV7R8LH.webp){caption="it is fairly basic but it does work"}
109
109
110
110
Everything is based on tplink stuff which I rather hate. Their access points are fine but the router and switch are despicable to work with. Their app is even worse if that is even possible. I really love my old setup of using an old workstation to run pfSense with two NICs. It was clean and reliable and the ui was okay to work with. I had to switch it over for my parents so that ostensibly it would be simpler and easier for them to use which as time has proven was very much not true. If money was no object I would love to get a founders edition [Gateway](https://mono.si/) router. You can really tell that it has had heart and soul poured into it and it looks soooooo good as a result.
111
111
···
113
113
114
114
### Nest
115
115
116
-
{caption="rendered from my github readme and served by caddy on nest"}
116
+
{caption="rendered from my github readme and served by caddy on nest"}
117
117
118
118
This is where I used to host most of my throwaway services and slackbots. I still do host a fair amount here but it has got increasingly slower as the user count just keeps going up. It definetly isn't the fault of the admins though. I'm friends with almost all of them and they have done a wonderful job trying to keep it online while it tries to explode itself constantly. It has quite litterally been upgraded at least 4 times now with more and more compute and storage and we keep running out.
119
119