Updating passwords with Ansible

Written by captainark

I've recently migrated from KeePassXC to Bitwarden_RS (which I highly recommend, by the way) to manage my passwords.

I figured it was an opportunity to update passwords I hadn't changed in... years. My Linux users' passwords were among those.

Instead of updating them manually on each machine, I thought there might be a way to do so with Ansible, and since it turns out there is, I thought I might as well share it here! …more

Debian repos over HTTPS

Written by captainark

I've been using deb.debian.org as the main debian repo on my servers pretty much since it's become available.

I've recently realized that the service is available over HTTPS, and since I'm all about encrypting all of the things, I figured I'd configure it on my servers.

This is going to be a very short post on how to do the same. …more

Self-hosted report-uri

Written by captainark

I've been playing with the security headers for this website for the past few days, most notably with the Content-Security-Policy as well as the Expect-CT headers.

After having spent a few hours on this, I'm pretty happy with the results! …more

DNS zone versioning

Written by captainark

I've been using PowerDNS with a SQL backend as a hidden master DNS server for a few years now.

I've been wanting to write a quick shell script to version my DNS zones for a while, and since I've finally taken the time to do so today, I figured I'd share it here.

The script uses PowerDNS API to list the configured zones. It then exports them to a file in an AXFR-like format, commits and finally pushes them on a git repository. …more

Installing Ghost

Written by captainark

I haven't published an article on here for over a year and a half... While this was mostly due to a lack of motivation, another reason was that I didn't enjoy the blogging system I was using.

As lightweight as Pelican is, I found it cumbersome to use on a regular basis. Every time I wanted to publish or update an article, I had to :

  • edit local markdown files ;
  • regenerate the website files ;
  • start a webserver locally to proofread the article ;
  • commit and push the files to my git repo ;
  • pull the files on the webserver.

I hadn't had a look at the CMS landscape for a while, and I started searching for one with a web editor that supports markdown. I also wanted to avoid anything that runs on PHP if possible. …more