Setting up client certs for secure remote access to home lab services

October 13, 2016
- 3 min read

Because I have some masochistic tendencies at times, I decided that it was a totally good idea™ to set up client certificate authentication to secure remote access to my lab services such as Grafana or Guacamole. Unsurprisingly, since it's a rather uncommonly used finicky authentication method, there were problems. There were quite a few. I'm writing this post mostly just for myself if I ever do this again, because it felt like it took too long to accomplish. First, the list of requirements: Should allow access without certs on the local network Should use nginx The latter was pretty easy, since I'm most familiar with nginx, however the former was rather interesting. I realized that, to implement this, I need to set verification as optional, then enforce it manually. This meant modifying the back ends (meaning maintaining patches, nope!) or doing it within nginx. One issue is that nginx has if statements that are rather strange, presumably due to simplistic grammar while parsing the…

NUT not finding my UPS + fix

July 9, 2016
- 1 min read

I use a CyberPower CP1500AVRLCD as a UPS in my lab. I'm just now getting more stuff running on it to the point that I want automatic shutdown (because it won't run for long with the higher power usage of more equipment). So, I plugged it into the pi that was running as a cups-cloud-print server and sitting on a shelf with my network equipment. The problem was that the driver for it in NUT didn't want to load. As is frighteningly common, it's a permissions problem: Here's the log showing the issue: Here's the udev rule that fixes it: What this does is, when udev gets an event of the device with USB product id 0501 and vendor id 0764 being added to the system, it changes the permissions on the device files (think /dev/bus/usb/001/004 and /devices/platform/soc/20980000.usb/usb1/1-1/1-1.3) to allow group to read and write to it, allowing comms between the NUT driver and the device.

nftables: redirect not working + fix

March 7, 2016
- 2 min read

Recently, I made the somewhat-rash decision to switch to nftables from ufw-managed iptables on this VPS. It's been a fun ride. The man page doesn't even document the redirect feature. It doesn't even acknowledge its existence, nor what it really does. That's irrelevant however, because it does the same thing as the target in iptables, documented in the man page. This allows the functionality of redirect in nftables to be inferred as "change destination address to localhost, and change the destination port to the one specified after ". I, however, was a bit too dense to go looking through there and didn't read the wiki too well about redirection. I figured "hey, just need to put redirect at the start of the chain hooked into nat prerouting to enable it, then add a rule specifically redirecting the port". Later, I wondered why it wasn't working. After some tcpdump, copious quantities of counters everywhere, and netcat instances, I figured that out. Note that you need to allow the…

Introducing my new theme

March 6, 2016
- 1 min read

Recently, I had enough of the Arabica theme for Ghost. Put simply, it was ancient, didn't look that great anyway, and was missing a bunch of newer Ghost features. Its replacement is a fork of lanyon-ghost, itself a fork of lanyon (a theme for Jekyll). Currently, all I've changed is the fonts, and I switched the homepage to display full posts, as it's quite irritating to have to click on each one to read it (while I'm at it, it would be great if Ghost allowed to put a mark where the fold in the page is, so that longer posts don't eat up all the space on the page). The fonts in use are the beautiful Charter (main content), Fira Sans (headings, other text), and Source Code Pro (monospace/code). There's also an author page that shows the author's description, image and such along with their posts. Here's the code:

Swapping Back and Menu/Overview buttons on Android

March 4, 2016
- 1 min read

I use a OnePlus One as my daily driver. Unfortunately, like nearly every phone on the market with capacitive buttons, they're backwards! I could enable software keys, but that's admitting defeat. CyanogenMod doesn't allow swapping the keys in the settings, because it would result in some pretty horrible user experience. None of this is relevant however, because this is Android, and I have root: In , you can see the key mapping for all keys on the system. Simply swap the stuff in the rightmost column: and . MENU is at and BACK is at . I use this on the latest Cyanogen OS based on Lollipop. It works perfectly. If you want to revert this, simply do the reverse of what's written. A little note: my blog is just stuff I need to write down for easy reference later. It's on completely random themes, although centered around technology. I should probably make a wiki for this stuff.

Vundle, y u do dis

January 18, 2015
- 2 min read

Now to start off with, I apparently can't read and feel quite stupid for wasting 30 mins of my life messing with this problem. Recently, I decided that vim was a good idea. So I commited to not avoiding it in favor of Sublime Text (I still need to fix the html stuff so that using Sublime isn't so damn tempting) and the editor-switching stuff has been going well. When I decided to stop stealing someone else's vimrc, I also switched to using Vundle instead of Pathogen. This ended up throwing a slew of strange errors not even mentioning a shell such as . Googling this gave me a seemingly completely unrelated issue from 2010 (typical as of late sadly). After trying a few things like deleting .vim/bundle, nothing was seeming to work. So I went off to read the docs. After messing with the GitHub wiki, I realised that I'm a derp and should read properly. There was a section clearly labeled to read about this. That being said, this isn't a totally useless I'm-an-idiot post, because gmarik…