Paul's page

Hacker, tech-entrepreneur

rsync backups for NixOS

There are several nice options in NixOS for specifying scheduled backup jobs, including borgbackup, borgmatic and restic. But I’ve often used rsync in the past, and there is no such module for scheduled rsync jobs (or rsnapshot either). So I wrote my own simple module.

NixOS Mailer

There has been a lot of talk in recent years how running your own email server is too hard. But it’s quite healthy for the email ecosystem to not have everyone use Gmail and Outlook. In my experience it isn’t too hard, just takes some work.

Caddy plugins on NixOS

Caddy is a very handy HTTP server with lots of built-in features. But every once in a while you need something more. Fortunately Caddy has a plugin API. But Caddy being written in Go, the plugins need to be added at compile-time. On NixOS, there are no plugins added by default, and there are a couple of things to note when adding them.

Generic "must" helper for Go

Go error handling can be a bit verbose. There are a lot of places where errors are unlikely or where they are so critical that a panic is preferred. Because of this there are lots of Must* -helpers in various packages. E.g. regexp.MustCompile.

Docker Multiarch Builds

Like many other developers, I have to work with computers with different processor architectures. For me it’s amd64 (x86_64) on the laptop and arm64 (aarch64) on the server. For some it may be the other way around. Fortunately I mostly write Go, which makes cross-compilation quite easy. Docker adds some extra steps, but is very nice for deploying software.

Deploy Hugo to NixOS on Push to Gitea

There are several ways to automate blog publishing from git push. This one is mine. Mostly notes for future self. I use Gitea, Hugo, Caddy and NixOS.

WebAuthn & Base64 encoding

I recently ran into a problem that seems to be present in a wide range of WebAuthn tutorials, but I don’t know where it originated.

SSH PKI on top of Web PKI

Reading Future Internet PKI schemes need to be bootstrapped through web PKI I was reminded by all the problems I’ve had with SSH (Secure SHell) PKI (Public Key Infrastructure). SSH host verification is trust-on-first-use (TOFU). So SSH is protected from man-in-the-middle (MITM) attacks unless the first connection falls prey to the attack.

Molly Guard for Ansible

The Jargon File defines Molly Guard as: A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands. Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer’s toddler daughter (named Molly) frobbed it twice in one day. Later generalized to covers over stop/reset switches on disk drives and networking equipment. In hardware catalogues, you’ll see the much less interesting description “guarded button”.

Menu-driven Matrix Bot Interaction

I’m a huge fan of Matrix. A lot of the user value of modern chat platforms like Slack, Matrix and Discord (even IRC) comes from integrations to other services via bots. I had high hopes for MSC3006: Bot Interactions, but unfortunately it isn’t currently being pushed further. However, there exists an implementation of MSC3381: Polls.