December 29, 2025
After a few years of experimenting, I moved forward with a full electrical system rewiring in my house earlier this year, opting for a KNX-based design.
One of the aspects I really like about KNX is that it is a brand-agnostic protocol, which makes it very easy to find any kind of object compatible with it.
Another aspect that KNX has, different from many other options, is that it is it bus based.
Being bus-based is a huge pain when you have to install it, but once you have done it, the experience is way better, since there is no perceptible delay, no risk of interference, etc., making the day-to-day experience indistinguishable from a traditionally cabled system.
Read More 
September 18, 2025
For years, I hosted this blog and several other services on AWS.
AWS is powerful, but it is also expensive and deeply entropic.
It often feels like every problem on AWS has three different services as possible solutions.
Each service has its own setup, and keeping track of everything just gets harder over time.
For personal infrastructure, the financial and cognitive cost simply stopped being worth it.
That’s why I decided to close my AWS account and move everything somewhere else.
Read More 
April 30, 2025
If you’ve followed my posts over the years, you know I prefer clean solutions to less clean ones for my home lab (more to come on this!).
Over the past year, I settled on a pattern that gives me the isolation of Kubernetes Namespaces without any of its weight: one private Podman network per application, plus Traefik in a shared “DMZ” network that terminates TLS and forwards traffic where it needs to go.
Read More 
March 31, 2025
For a while now, I’ve been looking into optimizing and reorganizing some of the infrastructure that powers my self-hosting services.
After evaluating a few alternatives, Scaleway’s Dedibox lineup caught my attention: it is a European company with good hardware and decent pricing.
However, as with every good solution, it is not perfect.
Scaleway does not provide Fedora as an OS option for their Dedibox machines.
They offer a decent selection, including Rocky Linux, Debian, and Ubuntu — but no Fedora.
Now, if you know me, you know that Fedora is not just my distro of choice — it’s the one I trust for both personal and professional projects.
Read More 
October 31, 2024
We have had Nebula VPN within the Fedora repositories for a couple of years.
A couple of months ago, I changed the default systemd service unit.
More specifically, this is the change:
-ExecStart=/usr/bin/nebula -config /etc/nebula/config.yml
+ExecStart=/usr/bin/nebula -config /etc/nebula
Although the change is only a few characters, this change allows for a much more flexible use of Nebula.
Before this change, the configuration could only be placed in the config.yaml file.
After this change, all YAML files in the folders will be read, merged, and used as configuration.
Read More 
October 26, 2024 - Milano, IT
Read More 
April 30, 2024
VPNs can be used in different ways based on the desired objective.
If the goal is to reach some specific web pages served only within a network, using a proxy will probably do the trick.
Another common use for VPNs is to ensure the confidentiality of data transferred between a remote system and a safe site.
In this case, we might want to ensure that all traffic from the remote system reaches the safe site via the VPN.
Read More 
March 31, 2024
A while ago, I posted about using SSH to proxy traffic within a Nebula network context.
In the last few months, I changed my implementation because SSH required some steps and accesses that I was not fully happy with.
In the previous iteration, I was using SSH as a SOCKS proxy.
The problem, though, is that I need to set up the connection every time and use my SSH credentials, so it becomes difficult to have it always on.
A different SOCKS proxy software needs to be used to achieve the same result without SSH.
Read More 
March 29, 2024
For many years, VPN companies have advertised their VPNs as a necessary tool for all people who want to preserve their privacy.
For the same amount of time, I tried to explain to the people that this view made no sense if not for those company’s sales.
As an example, Onavo, a Meta subsidiary, used to advertise its services, highlighting that, among other advantages, using their product “protects your personal info”.
This claim would not be a problem by itself, but it becomes one when a court finds out that this is not actually true and that new courts documents seem to indicate that the behavior was worst than initially thought.
Read More 
October 19, 2023
Over the last few years, I’ve moved many of my systems to Immutable versions of Fedora.
One of the last systems still missing was my Hetzner Dedicated server.
The blocking part for me was that Hetzner is not offering any Fedora or Immutable options.
However, Hetzner provides the Rescue System, which is a Debian system, so it is possible to leverage it!
After rebooting in Rescue mode:
Go to Hetzner Robot.
Select the proper server.
Go to the “Rescue” tab.
Click “Activate rescue system” after properly selecting the Public Key and keyboard layout.
You can now reboot the machine, and after it boots back up, you can log in to the Rescue System.
Read More 
(Fabio Alessandro Locati|Fale)'s blog