Coredns: Enable dnssec

I recently got around to finally enable dnssec on the fly signing in my CoreDNS setup. Since the process to set this up isn’t very good documented I thought I’d write a short blog post about it. Steps 0. Only for docker Make sure you have a directory for the dnssec keys mounted in your container. 1. Generate the dnssec key To generate the dnssec key you need to have bind9utils installed....

December 15, 2019 · 2 min · Me

Ansible: Remove Saltstack

I recently migrated my infrastructure from Saltstack to Ansible. To reason for this switch was relatively simple: I really liked that Ansible was agentless compared to Saltstack where you need a master and agents. Another reason was that I find Ansible playbooks a lot easier to write and maintain than Saltstack states. To get my playbook skills going I decided to uninstall salt by using a playbook. The playbook I wrote is below available for anyone free to use....

November 30, 2019 · 1 min · Me

Re-enable single server mode in Drone CI

Drone CI comes since version 1.5.0 with multi-server mode (in which builds are processed by external CI runners) activated by default. This can be problematic if you’re used to drone running in single server mode. If single-server mode isn’t explicitly disabled and no runners are configured it just causes your builds to be stuck with a pending status. It took me quite a while to figure why drone suddenly stopped processing builds (to be fair I updated without reading the changelog)....

October 25, 2019 · 1 min · Me

How to handle CSP reports

Content Security Policy (CSP) is an added layer of security that helps mitigate certain types of attacks, like Cross Site Scripting and data injection attacks. CSP is a pretty powerful tool that defines what content on your Website is allowed to be parsed/executed. On top of that it is relatively easy and relatively low risk (compared to HSTS or HKPK) to deploy, since the browser doesn’t cache content security policies....

August 21, 2019 · 2 min · Me

Setting up a Lightning Node using docker and connecting to it with ZeusLN

Lightning is a layer 2 for bitcoin which allows unfairly cheap and incredibly fast bitcoin transactions. LND is a lightning network implementation written in go. This blog post shows how to set up a dockerized lightning node and how to use it with ZeusLN. ZeusLN is an app to interact with LND. Docker Setup To run LND and bitcoind (which we use as a backend for LND) dockerized we first need Dockerfiles....

June 13, 2019 · 6 min · Me