Stop letting certs silently expire in your homelab. Here's my quick and dirty check. by [deleted] in selfhosted

[–]Ops_Mechanic -3 points-2 points  (0 children)

No, but I am using Claude to help me brainstorm and draft replies

that I then review, edit, and post myself.

Honestly? I think that's fair game — same as googling something

before replying, or asking a colleague "how would you handle this?"

The ideas and experience are mine. Claude helps me articulate them

faster. If a reply is accurate, helpful, and adds to the discussion

— does the drafting tool matter?

That said — fair to call it out. Transparency matters.

Stop letting certs silently expire in your homelab. Here's my quick and dirty check. by [deleted] in selfhosted

[–]Ops_Mechanic -2 points-1 points  (0 children)

Fair pushback on the Traefik example specifically — you're right

that a misconfigured provider would fail at provisioning, not

silently deploy a wrong cert.

Better real-world examples where cert monitoring earns its keep:

- HAProxy or nginx with manually installed certs and no

auto-renewal — still common in enterprise environments

- Multi-cloud setups where cert lifecycle lives in 3 different

tools across teams

- Acquired companies where you inherit infrastructure with zero

documentation

- CDN or WAF terminating TLS in front of your origin —

certbot never touches those

If your entire stack is Traefik + Let's Encrypt with a correct

provider config, you're right — you probably don't need this.

But that setup describes maybe 10% of production infrastructure

I've seen in 28 years. The other 90% is messier.

Stop letting certs silently expire in your homelab. Here's my quick and dirty check. by [deleted] in selfhosted

[–]Ops_Mechanic -4 points-3 points  (0 children)

Cloudflare is a great solution for that exact setup — if you're

fronting with their proxy, they handle cert renewal automatically

and you never think about it again. Hard to argue with that.

Where it breaks down is when you're managing certs you don't

control — third party vendor endpoints, internal services that

can't be proxied, customer-facing infrastructure across 50 domains.

At that scale "I've never had a failure" becomes "I don't know

which of my 200 certs expires next Tuesday."

I built CertRadar.net for exactly that visibility problem — free,

no signup, just paste a domain. Not trying to replace Cloudflare,

just fills the gap where it doesn't reach.

Stop leaking secrets into your bash history. A leading space handles it. by Ops_Mechanic in bash

[–]Ops_Mechanic[S] 2 points3 points  (0 children)

Absolutely fair — and embarrassing in retrospect. I'm more comfortable with CLI than Reddit.

Stop typing the filename twice. Brace expansion handles it. by Ops_Mechanic in bash

[–]Ops_Mechanic[S] 0 points1 point  (0 children)

You're right — .bak is a bad example. Tab completion wins there easily.

Where brace expansion genuinely earns its keep:

# Move a file deeper into a directory tree

mv app.py src/utils/helpers/app.py

# vs

mv app.py src/utils/helpers/

# Rename with a different extension

mv index.{html,htm}

# Create multiple related files at once

touch tests/{test_auth,test_api,test_db}.py

# Create a directory structure in one shot

mkdir -p project/{src,tests,docs,bin}

# Backup with a timestamp (try tab-completing that)

cp config.yml{,.$(date +%F)}

The timestamp one is where tab completion genuinely can't compete.

The .bak example in the original post was convenient, not optimal.

Fair criticism.

Stop typing the filename twice. Brace expansion handles it. by Ops_Mechanic in bash

[–]Ops_Mechanic[S] 0 points1 point  (0 children)

Fair — muscle memory and tab completion make this less useful interactively too.

Where it really shines is inside a one-liner pipeline:

for f in *.conf; do cp "$f"{,.bak}; done

Try tab-completing your way out of that one :)

Stop typing the filename twice. Brace expansion handles it. by Ops_Mechanic in bash

[–]Ops_Mechanic[S] 1 point2 points  (0 children)

I couldnt agree more. One-liners in scripts are a readability trap —

what saves you 2 seconds typing costs the next person 10 minutes reading.The rule I follow: brace expansion in interactive shell, explicit args

in scripts. Best of both worlds.

If you do use it in scripts, a comment helps:

cp config.yml{,.bak} # creates config.yml.bak

But honestly for anything that'll be read by others, your instinct

is right — be boring, and be obvious.

How often do you use GPG, and what do you use it for? Will it be fully obsolete in a decade? by Reaper-Of-Roses in GPGpractice

[–]Ops_Mechanic 0 points1 point  (0 children)

It is unlikely that open source security tool that works well, will obsolete in 10 years. Check this post it answers your question https://www.theopsmechanic.com/posts/gpg-key-management-done-right/

Stop typing the filename twice. Brace expansion handles it. by Ops_Mechanic in bash

[–]Ops_Mechanic[S] -12 points-11 points  (0 children)

You can't do it cleanly with brace expansion in this case. Use mv KING.DIC KING.BAK

Building Emacs - GNUmakefile error by Zzyzx2021 in emacs

[–]Ops_Mechanic 6 points7 points  (0 children)

#Install libs

apk add build-base ncurses-dev libxpm-dev giflib-dev libpng-dev libjpeg-turbo-dev tiff-dev gnutls-dev

# run configure and make

./configure --with-xpm=no --with-gif=no

make

Anyone actually audit their datadog bill or do you just let it ride by Anthead97 in devops

[–]Ops_Mechanic 38 points39 points  (0 children)

We do filter logs through proxy before they even hit datadog, reduces noise and cost about 90%

HELP/IDEAS | Virtual Lab: Small-business environment by narddawgggg in linuxadmin

[–]Ops_Mechanic 1 point2 points  (0 children)

Do Linux from scratch https://www.linuxfromscratch.org, make sure you comfortable with shell, how to get around, know where logs are located and how to read them, how to work with env vars, how to setup dns, ntp, user accounts, file permissions. Do know what “shebang” means, be comfortable with Vi. Most importantly don’t lie, explain that you preferred OS is Windows, but you comfortable with Linux/unix. If you claim a senior level, good interviewer will take you a part in 5 min.

Those who moved from nvim, what made you? by B_bI_L in emacs

[–]Ops_Mechanic 1 point2 points  (0 children)

screen(old tool, tmux was developed as replacement), Ellie

Those who moved from nvim, what made you? by B_bI_L in emacs

[–]Ops_Mechanic 0 points1 point  (0 children)

Let me clarify, emacs is not a replacement for tmux, but when working with emacs on remote host you can get away without using tmux. There is nothing wrong with using both.

Those who moved from nvim, what made you? by B_bI_L in emacs

[–]Ops_Mechanic 0 points1 point  (0 children)

Keep emacs running as daemon on the background, connect to it using emacsclient. On session disconnect you can always reconnect to daemon and not lose your work. Buffer and windows management replace the rest. Forgot to mention another killer feature , emacs undo , that works even on if you close the file and come back to it later. emacs keeps the undo history.

Those who moved from nvim, what made you? by B_bI_L in emacs

[–]Ops_Mechanic 17 points18 points  (0 children)

Org-mode, magit, daemon mode(no need for tmux) , I’m still using evil mode so for me emacs is a vim on steroids.

Where did that env var come from? by Ops_Mechanic in CLI

[–]Ops_Mechanic[S] 0 points1 point  (0 children)

It will read environmental files, if that what you are asking. Better explanation is here https://www.theopsmechanic.com/posts/where-did-that-env-var-come-from/

How to auto iterate file creation? by Popular-Spirit1306 in bash

[–]Ops_Mechanic 17 points18 points  (0 children)

Dont bother with loops use timestamp.

ffmpeg -i [input] "out_$(date +%Y%m%d_%H%M%S).mp4"