Blog with Hugo, Gitlab CD, and Caddy

This post is an overview on how I setup this site (built using Hugo) to be automatically deployed to my Caddy server using Gitlab's continuous deployment. I routinely swap between fancy blogging tools like Ghost and Wordpress as well as static site generation tools like Jekyll and Hugo far more often than I should. I keep coming back to static site generation for several reasons: Server footprint - It's easy to host static files. [Read More]

Wireguard Access Server

For years, I’ve relied on SSH as the gateway into my LAN from the outside world. I figure that, as far as services I could place on “the front-line” go, it’s pretty solid. It sure beats publicly exposed RDP right?! My usual setup is to configure Linux and OpenSSH Server on a Separate VM or RaspberryPi, and forward inbound SSH requests to that machine. I prohibit password-based logins in /etc/ssh/sshd_config and also install and configure DuoSecurity’s PAM module as an additional layer when logging in from the outside world over SSH. [Read More]

NGINX Semi-private Site

We used to run a development blog for work. We wanted:

  1. To use NGINX to host this content. It was all static pages.
  2. To limit access to people within our network, or to employees while outside the network (phones, laptops, etc.).
  3. We didn't want to deal with user accounts, active directory, etc.
  4. We wanted super low friction for users.
[Read More]

GPG/SSH with the YubiKey 5

Yubico just announced the new YubiKey 5 and of course I needed to buy one! This gave me a great opportunity to update my somewhat popular GPG/SSH with YubiKey guide. The YubiKey 5 includes support for: Universal Second Factor (U2F) - FIDO & FIDO 2! (nothing uses FIDO 2 but I had to have it ;) CCID Smart Card: RSA (and now ECC) / OpenPGP NFC (starting to be supported by some iOS apps) This guide walks through: [Read More]

Deploying Ghost with Docker & NGINX

It seemed like a good idea to try something new with this website. I settled on running the fancy blogging software Ghost because it looked pretty, has a wonderful editing experience (with markdown support), and (most importantly) I'd never used it before.

[Read More]

Kub Kar Timer

My boys are in Boy Scouts and the annual Kub Kar races are a fun part of the program. Our group has a couple older wooden tracks and I wanted to add a timer mechanism to them that would time and rank each car for each race. I decided to build this based on the Arduino platform because I'm at least somewhat familiar with it. Update 2016-02-21 - We had our first rally using this contraption and it worked flawlessly. [Read More]

Using GPG with Smart Cards

I use SSH daily (with SSH keys) and would like to use GPG routinely (if only people I conversed with would use it) but key management is always a problem. I don't like leaving secret keys on my work computer, work laptop, various home computers, etc. To mitigate this problem I used a strong password on each of these keys which makes actually using them annoying. Enter smart cards… Smart cards let you store the private key on a tamper resistant piece of hardware instead of scattered across various computers (where it can be accessed by other users of the machine, malicious software, etc). [Read More]

OpenBSD Yubikey Authentication

OpenBSD includes out-of-the-box support for login via. YubiKey. Yay! OpenBSD doesn't authenticate against a central server (such as the service offered by Yubico) to verify a YubiKey. This is good because I don't have to trust a 3rd party with my credentials. Unfortunately, this also means that OpenBSD is tracking the “last-use” token (not centralized) which means that without somehow synchronizing the “last-use” value I can only safely use a YubiKey token on a single machine. [Read More]