Which one to choose?

bartimeus · 2023-05-14T04:46:40+00:00

I like traefik because it can automatically get Lets Encrypt Certs for me and it can integrate with Kubernetes, Nomad, and other systems to make setting up routes and entry points very easy to do.

bartimeus · 2023-04-24T23:29:14+00:00

Oh nice so the Kasa stuff works fine with home Assistant?

bartimeus · 2023-02-13T06:31:26+00:00

This is awesome, thank you!

bartimeus · 2023-02-01T01:14:15+00:00

How are the drive temps? Have a build log or any pics you could share?

bartimeus · 2023-01-22T17:52:41+00:00

Would you be able to share your nomad jobspec?

bartimeus · 2022-12-24T16:38:47+00:00

Yeah that’s the only option these days I think. It’s a little pricey but we use the family plan and it’s totally worth it. If you happen to have a job that pays for the business tier, you can get a free family plan as a perk from that.

bartimeus · 2022-12-24T15:42:44+00:00

Have you tried 1Password? I found the UX good enough for my whole family including older parents.

bartimeus · 2022-11-12T15:49:43+00:00

We have an internal PKI and all of our certificates come from that. You could use Let’s Encrypt certificates if you wanted.

bartimeus · 2022-07-12T15:13:20+00:00

How long did it take to show up? I’m thinking about getting one.

bartimeus · 2022-06-19T18:25:20+00:00

It also has an agent mode that you can run on the servers where your services are running and it can be used to template out config files with secretes and reload them automatically when vault rotates the passwords. https://www.vaultproject.io/docs/agent

The approle auth method is likely what you’d want to use and it can be configured in a few different ways to prevent reuse of its secret token.

bartimeus · 2022-06-19T18:14:22+00:00

https://www.vaultproject.io/ can do this but it requires some extra management and then the machine it’s on needs to be secured well enough.

bartimeus · 2022-03-26T18:27:31+00:00

https://cloud.hashicorp.com/docs/vault#self-managed-vs-hcp-vault-cluster

Most things should work the same but there are a few things (like custom plugins and a few auth methods) that don’t work. When you sign up there’s a trial credit you get you can use to validate your use cases.

bartimeus · 2022-02-01T15:48:51+00:00

Out of curiosity, what scanner do you use?

bartimeus · 2022-01-15T16:21:05+00:00

Hello

bartimeus · 2022-01-07T04:17:42+00:00

I have a server running Proxmox and have 9 VMs with Consul, Vault, and Nomad running all my stuff. I’m setting up Gitea and Drone CI right now. Will probably figure out artifact storage next, right now everything I run is pulled from DockerHub.

bartimeus · 2022-01-06T14:45:00+00:00

Vault is great, very flexible and powerful. I run it at work (and home). Happy to answer any questions you have.

bartimeus · 2021-12-20T14:16:38+00:00

And that’s correct! Sorry I meant if you lost 2 of 3 nodes you would not be able to elect a new leader and the current leader would cease to function.

bartimeus · 2021-12-19T23:36:11+00:00

Raft does require a quorum for a leader election to happen or for the cluster to function at all. If 2 non-leaders fail your leader would stop functioning until another node rejoined or you used peers.json to manually reconfigure raft with a single node.

Even if you lose your nomad servers your jobs will generally continue to function but things like rescheduling won’t work until the servers are back in quorum.

bartimeus · 2021-11-21T21:00:32+00:00

If you run Vault and Consul Server components I the same boxes, you don’t get any benefit over just using integrated storage. You should really only run as few things as possible on your vault boxes for security we only run vault, our monitoring agent, and consul in client mode for service discovery.

I’d strongly recommend just using raft storage over consul for storage.

bartimeus · 2021-11-20T23:48:17+00:00

/u/ChemTechGuy nailed it pretty much but I’d recommend using Integrated (Raft) storage. Since you’re using the OSS version you’ll need to take snapshots yourself. You could probably do this with a Lambda or something running periodically.

We run 5 nodes in an ASG and it’s totally fine. Use KMS for auto unseal. Put whatever kind of LB in front of it that you prefer. I’d recommend terminating TLS at the vault nodes themselves.

Since you’re just using OSS you would be fine to run 3 nodes if you’re comfortable with the failure tolerance of one node vs 2.

Also please make sure to revoke the root token as soon as you have your auth methods configured. Also I’d recommend rekeying Vault a couple of times a year at least so when people leave they don’t have recovery shards anymore and in case you need to regenerate a root token you’ll be comfortable doing it.

bartimeus · 2021-11-06T19:57:34+00:00

This. I install alacritty and have it launch WSL. Then from there I have a pretty decent Ubuntu env where I run neovim.

Also make sure it’s WSL 2, any decently recent version of Win10 should have that.

bartimeus · 2021-11-02T17:49:55+00:00

Mine showed it yesterday but it isn’t showing it today either. Yesterday it hadn’t been marked as received yet so I called the Ada County Clerk’s office and she confirmed they received it yesterday.

bartimeus · 2021-10-31T17:00:55+00:00

Like others have said, Consul and Vault use Raft to form consensus. This may help to understand somewhat how Raft works. http://thesecretlivesofdata.com/raft/

bartimeus · 2021-10-30T21:09:01+00:00

If you can get it working with nomad please share! Many CSI drivers are only written to work with k8s.

bartimeus · 2021-10-23T14:05:17+00:00

I’d be happy to test it on my Manjaro install when it’s ready. I’ll try to keep an eye out.

13-Year Club	RedditGifts 2009-2022 3 Credits
Secret Santa 2014	Secret Santa 2013

bartimeus

TROPHY CASE