Whenever I think about the movie Children of Men, all I can think is that the answer to the Human Project’s question was microplastics.

Instead of asking why women couldn’t have children anymore, they should have been checking men for forever confetti in their balls.

podman ps shows the following:

CONTAINER ID  IMAGE                                 COMMAND               CREATED         STATUS         PORTS                                                         NAMES
daae60bdcc65  docker.io/library/caddy-caddy:latest  caddy run --confi...  47 minutes ago  Up 47 minutes  0.0.0.0:80->80/tcp, 0.0.0.0:5050->443/tcp, 2019/tcp, 443/udp  caddy

netstat -tunpl shows the following:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:5025            0.0.0.0:*               LISTEN      3270/sshd: /usr/sbi 
tcp        0      0 0.0.0.0:5050            0.0.0.0:*               LISTEN      7342/conmon         
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      7342/conmon         
tcp        0      0 10.89.0.1:53            0.0.0.0:*               LISTEN      7336/aardvark-dns   
tcp6       0      0 :::5025                 :::*                    LISTEN      3270/sshd: /usr/sbi 
udp        0      0 10.89.0.1:53            0.0.0.0:*                           7336/aardvark-dns 

The only difference for the netstat command between Docker and Podman is that Podman show’s entries for aardvark-dns and Docker does not which is something I expect.

Ideally I would have a wing suit and I would do a loop de loop into the side of a mountain. I’ve been fortunate enough to have had the time to reflect on good memories in my life and I want to go out living purely in the moment.

But as with all plans I’ve ever made it life, it most likely will not happen. I’ll go out in a completely unexpected and unplanned way. Probably in a ridiculous way too. Sadly it won’t be a story I’ll be able to share that time but that’s just how it goes.

I finally got Caddy’s TLS working with a custom module to handle DNS challenges. Turns out all I had to do was wait 10-15 minutes and everything would sort itself out.

Now on to the next puzzle. I started with Caddy in a Docker container and it’s working as intended. Now I want to replicate that in Rootful Podman Compose but I’m running into an issue. With the exact same setup (docker-compose.yml, Dockerfile and Caddyfile) I can get my TLS cert without issue but I can’t seem to connect to my website from any external browser. Not through my domain name or even through my home’s local network.

Once I figure out how I can access my website, I’ll be one step closer to where I want to be. Next will be to get Rootless Podman working, then I can finally set up the file server and kiwix instance instead of the test page I am currently using.

After that, I can finally spend time doing what I want to do and focus my time looking into the Gemeni Protocol.

Down the road I’ll look into hosting an IRC server and Snikket instant messenger but that’s super low priority. I like tinkering with my Raspberry Pi and my constant backup/restores wouldn’t be good for reliability for such services.

I don’t need anyone to take care of me when I’m older. I decided that my retirement plan will be extreme sports. Base jumping? Wing suit? Steel toeing cops in the nuts? So many thrilling choices! Whatever happens, happens.

I sat down and managed to get wildcard certs working.

I figured I would leave my Caddyfile here in case anyone in the future needs a working reference. This is based off the Caddyfile mentioned in the original post.

Caddy Reference

# GLOBAL ENCRYPTION - DESEC.IO
{
        acme_dns desec {
                token "DeSEC.io Token Number"
        }
}

*.samplesite.ca {
        # SITE WIDE ENCRYPTION
        tls {
                dns desec {
                        token "DeSEC.io Token Number"
                }
        }
        # SUB DOMAIN #1
        @files host files.samplesite.ca
        handle @files {
                root * /srv
                file_server {
                        hide misc
                        browse
                }
        }
        # FALLBACK FOR UNHANDLED DOMAINS
        handle {
                abort
        }
}

Thanks for sharing that.

It’s nice to get extra context, it helps me understand how I can protect my devices and myself a bit better as I learn more about self hosting.

Oh no, I was just about to move forward and then you gave me another rabbit hole.

I didn’t know Let’s Encrypt had a public database, that does sound like a good idea to use wildcard certs instead.

I assume this is what I can use as a reference for wildcard certs.

How do you keep track of probing? I’ve been curious about that but haven’t put much effort into that as I’ve been focused on getting things working.

I think my confusion came from starting with NPM. The process took less than 2 minutes and everything worked as intended as soon as it was successful. That set me up with high expectations.

With Caddy, it kept adding multiple entries to the TXT record and reporting that the records didn’t match.

I think NPM uses certbot under the hood and I wasn’t sure if Caddy used something different (certmagic maybe?) since I had to build Caddy with a custom module.

In any case, it works and I now know I just have to wait a little longer.

That worked. I can finally see the padlock that says Verified by Let’s Encrypt.

I can’t believe all I had to do was wait. Thanks so much for sharing your experience.

I was considering a single user instance but I noticed just how much data was being transferred throughout the day and decided against it.

I’m drawn to IRC and Gemeni because it seems to use far less data. I’ve lately been into lowering my electrical power usage while still being able to use the internet. That also includes the type of programs my computer and devices use.

Practical or not, it’s been an interesting hobby for myself to learn.

It will only be for a select number of people I know and am comfortable with being there. This is going to be hosted on a Raspberry Pi so it’s not going to be set up for a large number of people.

I don’t want to moderate images or videos which is my main concern when it comes to moderation.

I read the experiences of moderators from the initial CSAM attack on Lemmy and that was already discouraging. I also spent time in PieFed’s matrix channel and hearing the additional tools being requested made me realize I just don’t want to deal with that at all.

I have plans to set up both an IRC server and a Gemeni site on my Raspberry Pi if I can figure out how to get security working on my preferred reverse proxy program.

The internet today is so overwhelming and all I want is the simplicity I felt when I first made my way online as a teen.

I tried hosting a lemmy/piefed instance but I soon learned that I’d have to be a moderator. After hearing stories from other moderators and seeing the types of tools required/requested by moderators, I decided that it’s just not worth the effort and loss of sanity.

I’ve been using Alpine Linux. I’ve always leaned towards minimalism in my personal life so Alpine seems like an appropriate fit for me.

Since what is installed is intentional, I am able to keep track of changes more accurately. I keep a document for complete setup by hand, then reduce that to an install script so I can get back to the same state in a minimal amount of time if needed.

Since I only have a Laptop and two Raspberry Pi’s with no intention of expanding or upgrading, this works for me as a personal hobby.

I’ve even gone as far as to use Alpine Sway as a desktop to keep everything similar as well.

I wouldn’t recommend it for anyone who doesn’t have the time to learn. It doesn’t use systemd and packages are often split meaning you will have to figure out what additional packages you may need beyond the core package.

I appreciate the approach Alpine takes because from a security point of view, less moving parts means less surface area to exploit. In today’s social climate, who knows how or when I’ll become a target.

I finished setting up my personal computer with Sway on Alpine so now I can’t procrastinate anymore on getting TLS working with Caddy for my RPi 5.

I decided to ditch Cloudflare since using that service makes me feel uncomfortable. TLS is a bit of a pain because I am using an uncommon port so I need to do a DNS challenge. I still haven’t been able to get it working with DeSec.io but I hope maybe sometime this week.

I might look into using a tunnel service in the future but if I can figure this out, I’ll at least be able to adapt to changes in the future if I need to deal with any changing situations.

When I figure that out, I’ll look into Gemeni protocol and host something there. I don’t want anything big, just a little space of my own in the corner of the internet. Maybe I’ll look into hosting an irc server for a small group of people too.

It wasn’t until my first job at a grocery store during Christmas time that I learned it was “Feliz Navidad” being sung.

Before that, I couldn’t figure out why the cheerful song that only appeared around Christmas time was saying “Police shot my dad”

Frogcomposband is my favourite Angband varient. There’s a huge amount of classes to pick from, towns with quests and once you get a hang of it, most of the interactions can be done by the number pad.

I met one of my now closest friends at the end of a Halloween party just as things were shutting down and everyone was leaving.

As she was walking by, she randomly announced that she was going to see a band next week. One that I had already bought tickets for. We talked briefly and exchanged numbers. We saw the band together and hung out a few more times but I think after the third time we hung out, we knew we were best friends.

We both weren’t even supposed to go to that Halloween party. Both of us had very different plans and somehow ended up at the party as something to do. The timing for us to meet was just so tiny and it doesn’t even feel real sometimes.

https://github.com/rothgar/awesome-tuis

It has a list of Text User Interfaces for terminals. Handy since I work in a terminal mostly with my network devices. A TUI for file management made life a lot easier for myself.

Sounds like what I’ve been doing manually for a while now as I learn more. For my desktop I have three scripts. One to install Alpine on full disk encryption. One for the initial setup up to the first required reboot and the last for the remaining setup plus transferring files.

I’ve been learning how to edit files with sed, cat, echo and tee commands to help automate everything from a fresh install.

Similar process for my Pi’s except I just copy-paste blocks of commands through a terminal instead of a script.

To transfer files to all their proper directories, I have a whole system for that using rsync. I basically keep a bare-bones directory tree with only the files I have worked on. Then I have an rsync command to send all those files onto the Pi’s file system in a way that retains all the files and folder’s attributes.

I wrote an rsync tool for myself to help me keep all these commands in files that I can neatly organize. I use that tool so much that it’s now my entire backup system. With a bunch of files organized with numbers, I can automate the backup of my phone, two pi’s and laptop to a partition on my laptop, then an additional copy to my external SSD in one command. And I have very high confidence in my restores since I do that frequently while testing new stuff. I also failed a lot before to get that much confidence.

I have issues with over organization if you couldn’t tell by now hahaha.