Terraform provisions the infrastructure. Ansible configures what runs inside it. This post covers how I use Ansible for configuration management across all DC guests - from Wazuh agent deployment t...

Every VM and LXC in my homelab is defined in Terraform. If a resource isn’t in the Terraform state, it either doesn’t exist or it’s a documented exception. This post walks through how I use Terrafo...

Every infrastructure-as-code workflow needs a control plane - a single source of truth for code, state, and execution. This post covers why I chose self-hosted GitLab CE for that role, how it’s con...

Every infrastructure credential in my homelab lives in Passbolt. SMTP passwords, API tokens, encryption keys, tunnel secrets, cloud provider credentials - all of it. Passbolt is a self-hosted, open...

As the number of self-hosted services in my homelab grew, so did the number of login credentials I had to manage. Each service had its own user database, its own password policy, and its own sessio...

The single most impactful infrastructure decision I made was adopting Pangolin and Newt for public service access. Before Pangolin, every new service meant a new port forward, a new NAT rule, and a...

Every homelab eventually needs to host something publicly - a website, a blog, or an API endpoint. Rather than spinning up individual Nginx configs for each project, I run HestiaCP as a lightweight...

Self-hosting email is one of those things people tell you not to do. Deliverability is hard, reputation management is a grind, and one misconfigured SPF record can land you in spam folders globally...

A SIEM tells you what happened. Incident response tools help you investigate. But without threat intelligence, you are always reacting - never anticipating. MISP (Malware Information Sharing Platfo...

Running a SIEM generates alerts. Lots of alerts. The question is - what do you do with them? TheHive is my answer. It turns Wazuh alerts into structured investigations with cases, observables, task...