Skip to main content

This is a new website theme. Help me improve it and give your feedback (opens in a new tab).

Openbsd

Hetzner Dedicated Server Reverse DNS + Ansible

Continuing on the path towards all my stuff being managed by Ansible, I’ve figured out a method of managing the reverse DNS entries for subnets on the Hetzner Dedicated Server.

There’s a bunch of Ansible modules for handling Hetzner Cloud, but these servers are managed in Robot which the Cloud API doesn’t cover. Instead, you need to use the Robot Webservice.

Ansible does have a module for doing pretty arbitrary things with web APIs though, so using that I’ve got the following playbook figured out to keep the reverse DNS entries in sync:

Consolidation and simplification

I’ve been doing a lot of consolidation and simplification in an effort to reduce the amount of brain I have to expend on various tasks and responsibilities. I think it’s working.

Last week I wrote about Ansible for Tor Metrics. I’ve also been working on Ansible for my own stuff. Some of the things I’ve been working on include:

  • consistent user account setup and synchronised SSH public keys
  • consistent privilege escalation (doas on OpenBSD, sudo on Debian)
  • all hosts are backed up via BackupPC
  • all hosts are monitored in Nagios

If you want to check out this stuff as it evolves, I’ve pushed it to git.sr.ht (this link might break, I make no promises).

From socket(2) to .onion with pf(4)

I’ve been rebuilding my IRC bouncer setup and as part of this process I’ve decided to connect to IRC via onion services where possible. This setup isn’t intended to provide anonymity as once I’m connected I’m going to identify to NickServ anyway. I guess it provides a little protection in that my IP address shouldn’t be visible in that gap between connection and a cloak activating, but there’s so many other ways that my identity could leak.