
April 30, 2025
If you’ve followed my posts over the years, you know I prefer clean solutions to less clean ones for my home lab (more to come on this!).
Over the past year, I settled on a pattern that gives me the isolation of Kubernetes Namespaces without any of its weight: one private Podman network per application, plus Traefik in a shared “DMZ” network that terminates TLS and forwards traffic where it needs to go.
Read More 
March 31, 2025
For a while now, I’ve been looking into optimizing and reorganizing some of the infrastructure that powers my self-hosting services.
After evaluating a few alternatives, Scaleway’s Dedibox lineup caught my attention: it is a European company with good hardware and decent pricing.
However, as with every good solution, it is not perfect.
Scaleway does not provide Fedora as an OS option for their Dedibox machines.
They offer a decent selection, including Rocky Linux, Debian, and Ubuntu — but no Fedora.
Now, if you know me, you know that Fedora is not just my distro of choice — it’s the one I trust for both personal and professional projects.
Read More 
October 31, 2024
We have had Nebula VPN within the Fedora repositories for a couple of years.
A couple of months ago, I changed the default systemd service unit.
More specifically, this is the change:
-ExecStart=/usr/bin/nebula -config /etc/nebula/config.yml
+ExecStart=/usr/bin/nebula -config /etc/nebula
Although the change is only a few characters, this change allows for a much more flexible use of Nebula.
Before this change, the configuration could only be placed in the config.yaml
file.
After this change, all YAML files in the folders will be read, merged, and used as configuration.
Read More 
October 26, 2024 - Milano, IT
Read More 
April 30, 2024
VPNs can be used in different ways based on the desired objective.
If the goal is to reach some specific web pages served only within a network, using a proxy will probably do the trick.
Another common use for VPNs is to ensure the confidentiality of data transferred between a remote system and a safe site.
In this case, we might want to ensure that all traffic from the remote system reaches the safe site via the VPN.
Read More 
March 31, 2024
A while ago, I posted about using SSH to proxy traffic within a Nebula network context.
In the last few months, I changed my implementation because SSH required some steps and accesses that I was not fully happy with.
In the previous iteration, I was using SSH as a SOCKS proxy.
The problem, though, is that I need to set up the connection every time and use my SSH credentials, so it becomes difficult to have it always on.
A different SOCKS proxy software needs to be used to achieve the same result without SSH.
Read More 
March 29, 2024
For many years, VPN companies have advertised their VPNs as a necessary tool for all people who want to preserve their privacy.
For the same amount of time, I tried to explain to the people that this view made no sense if not for those company’s sales.
As an example, Onavo, a Meta subsidiary, used to advertise its services, highlighting that, among other advantages, using their product “protects your personal info”.
This claim would not be a problem by itself, but it becomes one when a court finds out that this is not actually true and that new courts documents seem to indicate that the behavior was worst than initially thought.
Read More 
October 19, 2023
Over the last few years, I’ve moved many of my systems to Immutable versions of Fedora.
One of the last systems still missing was my Hetzner Dedicated server.
The blocking part for me was that Hetzner is not offering any Fedora or Immutable options.
However, Hetzner provides the Rescue System, which is a Debian system, so it is possible to leverage it!
After rebooting in Rescue mode:
Go to Hetzner Robot.
Select the proper server.
Go to the “Rescue” tab.
Click “Activate rescue system” after properly selecting the Public Key and keyboard layout.
You can now reboot the machine, and after it boots back up, you can log in to the Rescue System.
Read More 
July 24, 2023
This website is hosted on AWS S3 and uses AWS CloudFront as CDN.
I use a couple of AWS Lambda@Edge functions to make AWS CloudFront a little brighter.
When I decided to self-host a Fediverse instance, it became immediately evident that I would have to set up WebFinger on my domain to be able to use my root domain as the account domain.
There is documentation on the web on how to set up WebFinger, but it is aimed at different setups, so I had to configure it myself.
Read More 
May 29, 2023
Recently, I was looking for a couple of Single Board Computers (SBCs) for a project I’m working on.
Given the characteristics I was looking for, there were not many options; in the end, I opted for the ROCKPro64 by Pine64.
Once I received the SBC, I immediately tried to put Fedora on it.
The process proved slightly more complex than I was expecting since I assumed that U-Boot (or some other boot loader) was already present on the board.
Turns out, it is not!
So, the first step became installing U-Boot.
An aspect I really like about the ROCKPro64 is that it has 128Mb of Serial Peripheral Interface (SPI) Flash memory.
I appreciate this fact because it allows me to install U-Boot there and then a standard OS on another storage device.
Speaking of other storage devices, the ROCKPro64 features both an optional eMMC and the mSD Card slot.
The process turned out more complex than I initially thought since my goal was to use Fedora on the eMMC, but I forgot to get the eMMC USB adapter, so I had to leverage the mSD Card as well.
Read More