Does anyone know if there's an equivalent to "GitLab Components" in Forgejo?

#forgejo #Gitlab #CICD #Devops #Devsecops

Now I get notified when my certificates are expiring before everything breaks.

#monitoring #observability #certificates #grafana #selfhosting #sysadmin

After quite some time, I finally have all the pieces in place. Over the last 30 minutes, I’ve set up one of my servers from scratch. Here are some key changes:
- Reverse Proxy: Nginx with Modsecurity (WAF)
- Container Isolation: Every container runs in a seperate linux user
- Podman Quadlet: I rewrote all my compose stacks into quadlet files - now all containers are starting probably after reboot 🥳
- Grafana: Grafana's configuration is no managed by Opentofu which provitions at the moment the datasources (Grafana Loki and Prometheus) as well as the dashboards.
- Server hardening: Improved ssh configuration, firewall, permissions in general on this host
- Ansible: Everything is powered by ansible
- Certbot: Use wildcard certificates for my domains / subdomains for easier renew process
- Backups: All those services have proper backups configured which are timed with systemd timer and are replicated into my local homelab.
- Services that are running at the moment
- Grafana
- Prometheus
- Grafana Loki
- Grafana Alloy
- GitLab Runner
- some other services that I wanna migrate to this server

#homelab #sysadmin #linux #ansible #automation #devsecops #selfhosting #declarative #gitops #monitoring

Decided to switch from VMware Workstation 17 to QEMU + Virtual Machine Manager today and spent two hours debugging networking. Turned out the VM couldn't reach the internet and my host couldn't ping the VM due to two conflicting routes for the same subnet. Removed the old VM network route and everything started working - finally 🥳 .

#networking #sysadmin #dumb #qemu #vmware

The most interesting supply chain attack I've ever seen: #trivy

The attack is really bizarre. I learned a lot about GitHub Actions and how the attack was performed.

- https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/
- https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation
- https://ramimac.me/trivy-teampcp/#timeline
- https://snyk.io/articles/trivy-github-actions-supply-chain-compromise/

#cybersecurity #supplychain #github #glassworm #githubactions #attack #TeamPCP #c2

Please give me a reason, why #ec2 on #aws has less than 5GB tmp and 0 SWAP space? Sooner or later, you'll run into problems😞 .

#sysadmin #linux #cloud

With this structure, the variables in “host_vars” and “group_vars” are not loaded. This is because the inventory file is not in the root directory. Is there a way to have the inventory file in an inventory folder?

#ansible #sysadmin #devops #gitops #automation