Quartz sync: Jan 11, 2026, 4:26 PM

2026-01-11 16:26:42 +01:00
parent c6896befa7
commit c11e3f4a7a
10 changed files with 214 additions and 3 deletions
--- a/content/GLiNet
+++ b/content/GLiNet
--- a/content/homelab/Proxmox
+++ b/content/homelab/Proxmox
@@ -6,6 +6,6 @@ title: My Physical Nodes
 # All my nodes
 My main cluster is composed of 3 Physical Nodes :
- [[hardware/littleboy|Littleboy]] which is a Firebat T8 Pro Plus
+- [[littleboy|Littleboy]] which is a Firebat T8 Pro Plus
- [[hardware/optiplex|Optiplex]] which is an Optiplex 7070 SFF with an i7-9700 and 64GB of RAM
+- [[optiplex|Optiplex]] which is an Optiplex 7070 SFF with an i7-9700 and 64GB of RAM
- [[hardware/fatman|Fatman]] which is a custom built gaming PC repurposed into a beefy GPU workhorse
+- [[fatman|Fatman]] which is a custom built gaming PC repurposed into a beefy GPU workhorse
--- a/content/homelab/hardware/end-devices/index.md
+++ b/content/homelab/hardware/end-devices/index.md
@@ -0,0 +1,32 @@
 ---
 title: My everyday devices
 publish: true
 tags:
  -
 ---
 # What are my daily drivers
 ## Why the hell am I running MacOS ?
 Here is something quite controversial : I find Mac better than most laptops out there.
 I know this is quite a controversial statement but, after having struggled for hours trying to make WSL work along with both mosh and my Yubikey, I basically gave up.
 Though I'm still and I will always be a Linux enjoyer, you can't deny that both Mac as a piece of hardware and MacOS as an OS get the job done. 
 Here are the key points:
 - It enables you to access the Office Suite (I know, OSS alternatives, have you ever managed to setup a Microsoft Exchange Email Client on any other app than Outlook ? I did not.)
 - It natively takes advantages of it's ARM CPU architecture, offering substantially better battery performance than any x86 machine while remaining light and thin.
 - MacOS as a BSD derivative is actually quite close to Linux in a daily usage. Though you might not have access to some of `ps` obscure flags, the ability to install GNU Core Utils and to use those, only by prefixing your command with `g` (`gls`, `gcat`,`gcp` and even `gchroot`) is actually pretty great.
 - Mac is the only option if you need substantial amounts of RAM for both GPU and CPU usage.
 - `brew` is really convenient, trust me.
 ## Ipad is great for maths
 ## You know what, 
--- a/content/homelab/hardware/proxmox-nodes/fatman.md
+++ b/content/homelab/hardware/proxmox-nodes/fatman.md
--- a/content/homelab/hardware/proxmox-nodes/gerboise.md
+++ b/content/homelab/hardware/proxmox-nodes/gerboise.md
@@ -0,0 +1,36 @@
 ---
 title: Gerboise - GmkTec K12
 publish: true
 tags:
  - homelab
  - hardware
  - proxmox
 ---
 # Littleboy
 **Model**: GmkTec K12
 ## Specifications
 - **CPU**: AMD 
 - **RAM**: $1\times 32 \text{Go} + 1\times 16 \text{Go} \, \, \text{DDR5 SO-DIMM}$
 - **Storage**: 1To NVME for Now
 - **Network**: 2\*2.5Gbe Ethernet + 1 Mediatek Wifi + Bluetooth card (It's currently plugged into my [[GLiNet Beryl AX | GLiNet Beryl AX travel router]] and [[Connecting a Travel Router to eduroam with 802.1X on OpenWrt | connected to eduroam]] )
 ## Role in Cluster
 This node has a peculiar role in my cluster as it is the only node away from my parent's place. 
 I carry it along with me at HEC, it serves as a local experimentation test bench and as a secondary source of daily computing power along with my [[Macbook Pro]].
 ## Services Running
 - List services/VMs/containers running on this node
 ## Notes
 Add any additional notes, configuration details, or special considerations for this node.
 ---
 Back to [[Proxmox hosts|Physical Nodes]]
--- a/content/homelab/hardware/proxmox-nodes/littleboy.md
+++ b/content/homelab/hardware/proxmox-nodes/littleboy.md
--- a/content/homelab/hardware/proxmox-nodes/optiplex.md
+++ b/content/homelab/hardware/proxmox-nodes/optiplex.md
--- a/content/homelab/memos/Gitea
+++ b/content/homelab/memos/Gitea
@@ -0,0 +1,27 @@
 ---
 title: Gitea Webhook and CI CD using Komodo
 publish: true
 tags:
  -
 ---
 # Gitea Webhook and CI CD using Komodo
 You need to whitelist the url you're sending a webhook to in the `config/app.ini` file.
 The `[webhook]` section might look something like that 
 ```ini
 [webhook]
 ALLOWED_HOST_LIST = loopback,private,*.vorpax.dev
 ```
 To my own dismay Gitea doesn't offer granular configuration for webhook dispatch (for instance, to trigger your webhook only when some actions are completed).
 Neither does Komodo enables you to easily verify some basic parameters inside of the webhook's json body.
 In the future, I'll probably setup all of that in CI/CD runners like Gitea Actions, though I would likely trade convenience for a much larger potential to extend CI/CD usage in my Homelab.
 I'm actually contemplating an eventual deployment of GitLab on Gerboise, I don't really know if it is worth the ressource overhead...
--- a/content/homelab/memos/index.md
+++ b/content/homelab/memos/index.md
--- a/content/homelab/services/Trust
+++ b/content/homelab/services/Trust
@@ -0,0 +1,116 @@
 ---
 title: Trust a certificate from a private local certificate authority
 publish: true
 date: 2026-01-11
 tags:
  - guide
  - step-ca
  - runbook
 description:
 ---
 # Trust a certificate from a private local certificate authority
 ## Overview
 Make your device trust your private CA for TLS encryption.
 ## Prerequisites
 - A local CA running (in our case step-ca) and reachable at `CA_URL`, for instance `https://local-ca.homelab.internal:443`
 - An end device with access to a normal shell (*eww, Powershell*).
 - very basic understanding of what a PKI is and how certificate trust works.
 ### Initial problem
 When doing 
 ```bash
 curl $CA_URL
 ```
 you get :  
 ```
 curl: (60) SSL certificate problem: unable to get local issuer certificate
 More details here: https://curl.se/docs/sslcerts.html
 curl failed to verify the legitimacy of the server and therefore could not
 establish a secure connection to it. To learn more about this situation and
 how to fix it, please visit the webpage mentioned above.
 ```
 Which is normal as your root Certificate authority uses a self-signed certificate.
 ## Steps
 ### Step 1: Setup
 If not already done, install step cli on your end-device : 
 ```bash
 brew install step
 ```
 refer to official documentation https://smallstep.com/docs/step-ca/installation/ for additional installation details for your OS.
 ### Step 2 : get CA fingerprint
 `CA_FINGERPRINT` is the fingerprint of your root certificate.
 If you don't have any other device than Step CA with the CA configured, run 
 Inside of your host/container running step CA (or any client with step ca already configured)
 ```bash
 step certificate fingerprint <(step ca root)
 ```
 ### Step 3: Bootstrap cert
 You'll need to run :
 ```bash
 step ca bootstrap --ca-url $CA_URL --fingerprint $CA_FINGERPRINT
 ```
 where `CA_URL` is the address of the CA with protocol
 ### Step 3 : Install certificate
 ```bash
 step certificate install <(step ca root)
 ```
 ### Step 4: Verification
 In most modern distributions and *UNIX* derivatives, curl (particularly when installed by default) is configured to run with the system trust store
 Now after running
 ```bash
 curl $CA_URL
 ```
 you get 
 `404 page not found`
 Which is completely fine.
 ### You successfuly installed a certificate.
 ## References
 - https://smallstep.com/docs/step-ca/installation/
 - Related resources
 ---
 *Created: 2026-01-11*