Shami's Blog

Sysadmin, Because Even Developers Need Heroes

Forgejo Rootless Install with Podman and Ubuntu 24.04

2025-10-25

I have recently switched from Docker to Podman , mostly because Podman’s integration with SystemD feels better to me than Docker Compose, especially with podman-quadlet . Setting up rootless Forgejo with Podman took some time figuring out so I decided to document it here.

Read More - Forgejo Rootless Install with Podman and Ubuntu 24.04

Fix external display turning off when closing laptop lid with KDE and Wayland

2025-03-26

I’ve been using NixOS with KDE Plasma 6.2 and Wayland lately, one weird issue I was running into was not being able to close the laptop lid when I connected to my thunderbolt dock.

Read More - Fix external display turning off when closing laptop lid with KDE and Wayland

Templating SSH Client Configuration

2024-08-17

Note: When I first got the idea for this I used gomplate , then I realized my dotfile manager of choice, chezmoi is better suited for my usecase. I have dumped the files I created in this gist just in case someone finds them useful.

Read More - Templating SSH Client Configuration

Using SSH ProxyJump only when necessary

2024-08-15

Edit: Used grep -F instead of fgrep

One thing I’ve wanted to do for the longest time was to be able to use SSH with an alias and have ssh choose the bastion host automatically.

This trick was ok at first, but I wanted something more flexible and I came up with the following:

Read More - Using SSH ProxyJump only when necessary

Update system time with HTTP

2023-08-21

The other day I needed to update the time on a server that didn’t have access to any NTP servers. It was a server located in a locked down network with only HTTP/HTTPS access to the internet. I found the following command that allowed me to update the time/date through HTTP

date -s "$(curl -s --head http://google.com | grep ^Date: | sed 's/Date: //g')"

Expand a Zpool

2021-09-01

Block storage volumes are very useful, they give me an easy way of getting ZFS on Ubuntu virtual servers or getting extra storage on FreeBSD. Just attach a volume and create a zpool.

Today one of my volumes ran out of space. So I logged in to my cloud provider and expanded it. Then to expand the zpool I ran the following command

# zpool online -e ZPOOL_NAME DEVICE
zpool online -e tank da1

Maintenance Pages With HAProxy

2021-07-26

Edit: 31/7/2021: Add content for maintenance pages.

I currently work with a group of very smart individuals and I learn a lot from them on almost daily basis. One thing they have done which I found cool was using Terraform to configure the AWS Application Load Balancer to display the notice during maintenance windows.

Read More - Maintenance Pages With HAProxy

HOWTO - Build a Keycloak/Ubuntu/MariaDB Cluster Without Multicast UDP

2021-07-25

I’ve been trying to learn more about Keycloak lately but two things kept frustrating me; a lot of the information available online doesn’t work and cloud providers blocking multicast UDP . I lost my notes once too many and decided to document the whole process here for future reference. I used jboss-cli.sh to edit standalone-ha.xml to make it easier to automate with configuration managers. So lets begin.

Read More - HOWTO - Build a Keycloak/Ubuntu/MariaDB Cluster Without Multicast UDP

Letsencrypt Pre-renew Hooks

2021-07-17

Acmetool used to be my go-to tool for LetsEncrypt. It was quick and simple to set up. As a user, my favorite part of the Golang ecosystem is that binary files are statically linked. You don’t have to fiddle with any dependencies. But even though Acmetool is still getting occasional updates the last release is from 2018 and I prefer to stick to releases. There were times when Acmetool would not work behind Cloudflare and I would have to temporarily disable Cloudflare proxying to be able to generate certificates.

Read More - Letsencrypt Pre-renew Hooks

HOWTO - Letsencrypt Certificates for pfSense

2021-07-17

I recently helped a friend set up pfSense as a VPN server/firewall for his colocated rack. We wanted SSH and the web configurator to be accessible from a set of static IPs.

Read More - HOWTO - Letsencrypt Certificates for pfSense

About Me

Dev gone Ops gone DevOps. Any views expressed on this blog are mine alone and do not necessarily reflect the views of my employer.

twitter linkedin