Systems administrator walking the DevOps path. I write about Kubernetes, homelab infrastructure, Linux, and security. Everything I build and break ends up here.
GitOps for Homelab: Stop kubectl apply, Start Pushing to Git
After migrating to Talos Linux, I had an immutable operating system—but I was still managing Kubernetes applications the old way. kubectl apply -f everywhere. Configuration files scattered across my laptop. “Did I deploy this? What version am I running? How did I configure that?” Six months from now, I’d have no idea how to reproduce my setup. GitOps solved this. My entire homelab infrastructure lives in a Git repository. Every change is a commit, every deployment automatic, every configuration versioned. I can destroy the cluster and rebuild it exactly from one repository. ...
Migrating from K3s to Talos Linux
I ran K3s on Ubuntu for over a year. The main problem was configuration drift—SSH into a node to fix something, install a debug package, edit a config file directly. Six months later, the cluster works but I can’t reproduce the setup. Talos Linux is different. It’s an operating system designed specifically for Kubernetes with no interactive shell and no SSH support. This greatly reduces the attack surface and eliminates the possibility of manual configuration changes. Every modification goes through a versioned configuration file applied via API. ...
SSH Guide: From Basics to Secure Setup
What is SSH? SSH (Secure Shell) creates an encrypted connection between your computer and a remote server. Everything you type and all output is encrypted. Components: SSH client - On your computer (you type ssh) SSH server - On the remote machine (sshd daemon) Encryption - Your traffic is unreadable to anyone in between How SSH Works You run ssh user@server Client connects to server port 22 They negotiate encryption (key exchange) You authenticate (password or key) Encrypted channel established Your commands run on the server Password vs Key Authentication Password authentication: ...
How to Install Arch Linux with Full Disk Encryption and LVM Using systemd-boot
This guide describes how to install Arch Linux with full disk encryption, Logical Volume Management (LVM), and the minimalist systemd-boot bootloader. The setup uses two NVMe drives, as this reflects my specific hardware configuration. If you’re using only one drive, the process remains mostly the same—just adapt the LUKS and LVM steps accordingly. Let’s get started. Hardware for this Guide CPU: AMD Ryzen 9 5900X GPU: AMD Radeon RX 6900 XT Memory: 32GB Two NVMe drives, each 1TB UEFI-enabled system (BIOS must support UEFI) Preparing the Terrain Before embarking on the installation, you’ll need a bootable USB drive with Arch Linux. ...