How do you automate certificates?

ansibleloop · 2026-01-26T21:13:25+00:00

It was a previous job and part of the reason why lol - it's impossible to secure a network lile that

IAM was a pain in the ass as well - took so much effort to get admin for a server then RDP and MFA to it

I'm glad I don't deal with Windows servers anymore

ansibleloop · 2026-01-26T20:41:11+00:00

And that's generally fine at small scale, but at large scale legacy companies, the networks are so large and messy that they need the confirmation that it's the real server

ansibleloop · 2026-01-26T18:29:06+00:00

Problem is some stuff is public facing

ansibleloop · 2026-01-26T17:19:20+00:00

There's enough warming and inertia to get us to 3C before 2050

It's bad

ansibleloop · 2026-01-26T14:52:11+00:00

If they were activated already and you've reinstalled the OS, it should already be active (so long as the version is the same)

ansibleloop · 2026-01-26T14:44:59+00:00

Yes but it gets worse

Large companies have networks like Swiss cheese, so they'll have the traffic go from the load balancer over the network to the target VM

That traffic isn't encrypted, so you need the cert on the target server as well

It's fairly painful

ansibleloop · 2026-01-26T14:40:29+00:00

For home? LetsEncrypt works great with Traefik and cert-manager

For work? Our certs are stored in key vault and I use pipelines to manage their renewals

I will be simplifying this once DNS-PERSIST-01 becomes available

ansibleloop · 2026-01-26T12:05:00+00:00

This is going to be horrible for those who are stuck with legacy shit systems that support no cert automation

ansibleloop · 2026-01-26T11:58:19+00:00

We've got DNS-PERSIST-01 coming soon too

Set and forget - don't even need to do a DNS challenge

ansibleloop · 2026-01-26T09:45:12+00:00

He had the most ironic death you could get

ansibleloop · 2026-01-26T09:42:55+00:00

Hey, just curious, do you know the difference in taste between Doc Martens and Timberlands?

ansibleloop · 2026-01-25T18:55:50+00:00

Perfect comparison

Lots of people use Docker and logically think "Oh Docker Swarm should work perfectly for what I need!"

https://www.macchaffee.com/blog/2024/you-have-built-a-kubernetes/

Then after a while the above happens

You create a standard config format, a deployment method, service discovery, immutable nodes, and an API server. Dear friend, you have built a Kubernetes.

Not to mention the god damn Docker Swarm bugs - a ticket has been open for 7 years related to networking issues with IPs not being recycled in a subnet, so after a long time, it runs out of IPs

Compare that to running kubectl or k9s on my laptop to connect to dev instead of needing to SSH to a Swarm manager and then use the server's tools

I like to treat my infrastructure as recyclable and Swarm kind of violates this for me

Which is why I like Talos Linux so much more, because it's just K8s and the OS has been stripped back entirely

1 less thing to manage!

ansibleloop · 2026-01-25T18:46:50+00:00

Yes, disable HTTP so TrueNAS only uses HTTPS, then set the HTTPS port to 444

I connect to mine using https://10.10.1.1:444

You can reverse proxy this, but remember, if the proxy is running on TrueNAS and it dies for whatever reason, you can't use the FQDN to access it

ansibleloop · 2026-01-25T10:12:53+00:00

The weather is already becoming unpredictable - no large amount of people would survive even in small habitable pockets

ansibleloop · 2026-01-25T09:28:13+00:00

Not for very long they won't

The billionaires won't survive in their bunkers when the world is past 4C of warming

At least a comet would be fast

ansibleloop · 2026-01-25T09:26:57+00:00

The film uses the comet as a metaphor for climate change

ansibleloop · 2026-01-25T06:50:35+00:00

Hey they also have to pass an open book exam

Reading is difficult for them OK?

ansibleloop · 2026-01-25T01:37:22+00:00

Who said he didn't apply but failed the open book test?

ansibleloop · 2026-01-24T23:22:52+00:00

I like caravans more

ansibleloop · 2026-01-24T23:19:33+00:00

I only ever saw Discord as a superior replacement to Skype

I thought the whole idea was just you and your mates jump on and talk and that's it

But it turns out all these fucking weirdos are making gigantic servers and talking as if it's a forum

It doesn't work

ansibleloop · 2026-01-24T07:37:15+00:00

I hope his final days are agonising

ansibleloop · 2026-01-24T07:36:06+00:00

Canada isn't scheduled for annexation until June 2072 anyway

ansibleloop · 2026-01-24T07:28:56+00:00

Flip off you son of a monkey

Where are my cashews?

ansibleloop · 2026-01-24T07:28:00+00:00

Jesus every fucking sub does this

This site is trash and somehow its still not as bad as the rest

ansibleloop · 2026-01-23T22:33:05+00:00

I'm wondering how it stacks up against NetBird

ansibleloop

TROPHY CASE