FreeBSD: Home NAS, Part 13: Planning Data Storage and Backups

When I was just starting to build my NAS and thinking about backups, everything seemed pretty simple: there’s a work laptop with data, there’s a FreeBSD server for the NAS – just take and copy the data. So the initial idea was to have backup script(s) on Linux hosts that would push data to the…

https://rtfm.co.ua/en/freebsd-home-nas-part-13-planning-data-storage-and-backups/

#Backup #FreeBSD #Google #Linux #NAS

FreeBSD: Home NAS, Part 15: Automating Backups – scripts, rsync, rclone

This is essentially the last major task – setting up automated backup creation. In the post FreeBSD: Home NAS, Part 13: Planning Data Storage and Backups I described the general idea in more detail – what gets backed up, where, what gets stored and how – and today is the purely technical part about the…

https://rtfm.co.ua/en/freebsd-home-nas-part-15-automating-backups-scripts-rsync-rclone/

#Backup #bash #FreeBSD #NAS #rclone

AWS: Basic Infrastructure Setup for WordPress

It’s time for a major server upgrade for RTFM, which I usually do by migrating to a new server – because I also do various other upgrades along the way, like upgrading the PHP version or even migrating to a different cloud. This time I’m planning to move from DigitalOcean, where RTFM has been hosted…

https://rtfm.co.ua/en/aws-basic-infrastructure-setup-for-wordpress/

#AWS #AWS_RDS #AWS_VPC #MySQL_MariaDB #Networking #NGINX #PHP #php_fpm

AWS: Self-Managed EC2 NAT Gateway vs AWS Managed NAT

I looked at the costs for the infrastructure described in the previous post AWS: basic infrastructure setup for WordPress, and let out a heavy sigh: One NAT Gateway is a quarter of my AWS spend, and even with AWS Credits I can’t help feeling a bit stingy about it. There’s an option to remove the…

https://rtfm.co.ua/en/aws-self-managed-ec2-nat-gateway-vs-aws-managed-nat/

#AWS #AWS_VPC #Linux #Networking

AWS: ALB and Cloudflare – Configuring mTLS and AWS Security Rules

While preparing the infrastructure for migrating RTFM from the DigitalOcean server to AWS (see AWS: basic infrastructure setup for WordPress) I decided to also try AWS ALB mutual authentication (for some reason I thought this feature launched at the last re:Invent, at the end of 2024, but it’s actually been around since late 2023 –…

https://rtfm.co.ua/en/aws-alb-and-cloudflare-configuring-mtls-and-aws-security-rules/

#AWS #Cloudflare #Networking #security #SSL_TLS

AWS: Amazon Linux – Sending Email with Postfix via Gmail

Continuing the setup of the new RTFM server. The next step is configuring the ability to send mail from EC2, since both important messages for the root user and RTFM itself need to send emails. I was thinking of using AWS Simple Email Service – purely to refresh my memory on how to work with…

https://rtfm.co.ua/en/aws-amazon-linux-sending-email-with-postfix-via-gmail/

#Amazon_Linux #AWS #Email #Linux #Postfix #SMTP

VictoriaMetrics: using vmalert and query() in alerts for different $value values

Just a quick note, because I’ve needed to do something like this fairly often – and only today discovered how elegantly it’s done with vmalert. So, sometimes in an alert you want to display multiple $value entries, for example: - alert: OpenAI Budget Usage expr: | openai_budget_used_usd / openai_budget_total_usd * 100 > 80 ... annotations:…

https://rtfm.co.ua/en/victoriametrics-using-vmalert-and-query-in-alerts-for-different-value-values/

#monitoring #VictoriaMetrics #vmalert

Okta: Configuring Grafana SSO with OIDC and Role Mapping

We finally “grew up” to using Okta on the current project, so there’s a short series of posts coming up on it. I wrote about Okta before, but that was 5-6 years ago, and there have been some interesting changes since then (see the #okta tag). Today we’ll be configuring SSO login via Okta for…

https://rtfm.co.ua/en/okta-configuring-grafana-sso-with-oidc-and-role-mapping/

#Grafana #Okta #security #SSO

VictoriaMetrics: Basic Monitoring for AWS, Linux, NGINX, and PHP

The RTFM migration from DigitalOcean to AWS went smoothly, and I’m gradually settling in. New infrastructure, everything new – so for the first while I want to keep a close eye on the server and blog state, which means setting up basic monitoring for WordPress: NGINX, PHP-FPM, the database, and the infrastructure running it all.…

https://rtfm.co.ua/en/victoriametrics-basic-monitoring-for-aws-linux-nginx-and-php/

#Amazon_Linux #AWS #AWS_CloudWatch #FreeBSD #Grafana #NGINX #Telegram #VictoriaLogs #VictoriaMetrics

FreeBSD: Configuring FEMP – NGINX, PHP-FPM, MariaDB

Another installment in the FreeBSD Home NAS series, though this one isn’t really about the NAS – it’s purely about running web services. The full FreeBSD/NAS series starts here – FreeBSD: Home NAS, part 1 – ZFS mirror setup, which now has 15 parts, but FEMP gets its own post. My FreeBSD host already runs…

https://rtfm.co.ua/en/freebsd-configuring-femp-nginx-php-fpm-mariadb/

#FEMP #FreeBSD #MariaDB #NGINX #WordPress

AWS: Setting up Okta SSO with AWS IAM Identity Center

In the previous part of the Okta series we set up SSO for Grafana (see Okta: configuring Grafana SSO with OIDC and Role mapping) – now for a more interesting task: configuring SSO for AWS, with not just login but also user provisioning. Okta has a ready-made AWS IAM Identity Center App that lets you…

https://rtfm.co.ua/en/aws-setting-up-okta-sso-with-aws-iam-identity-center/

#AWS #AWS_IAM #Okta #security #SSO

SSL/TLS: Self-signed Certificate Authority for NGINX on FreeBSD

I run a bunch of web services on my home NAS – Grafana, VictoriaMetrics, my own WordPress blog, and half a dozen other small things. The whole series of posts on FreeBSD and NAS starts here – FreeBSD: Home NAS, part 1 – setting up ZFS mirror, there are 15 parts as of now. NGINX+PHP…

https://rtfm.co.ua/en/ssl-tls-self-signed-certificate-authority-for-nginx-on-freebsd/

#FreeBSD #Linux #NGINX #SSL_TLS

Okta: Integration with Google Workspaces, Part 1 – Provisioning

Continuing with Okta setup for our project. In previous parts we did SSO for Grafana (see Okta: setting up Grafana SSO with OIDC and Role mapping) and AWS (see AWS: setting up Okta SSO with AWS IAM Identity Center), and now the most interesting part: integrating Okta with Google Workspaces. What we’ll need to do:…

https://rtfm.co.ua/en/okta-integration-with-google-workspaces-part-1-provisioning/

#Google #Okta #security

Claude Code: creating Kubernetes debugging AI Agent for VictoriaMetrics

While I’m working on a series of posts about setting up and using Claude Code, here’s a quick example of building my own AI Agent for VictoriaMetrics and Kubernetes, “wrapping” it into a Claude Code Plugin, and creating my own Claude Code Marketplace where similar plugins for developers on my project will live. The general…

https://rtfm.co.ua/en/claude-code-creating-kubernetes-debugging-ai-agent-for-victoriametrics/

#AI #Kubernetes #VictoriaMetrics

Hermes Agent: Running an AI Agent in a FreeBSD Jail with Bastille

I’ll write about Hermes Agent itself and what it can do separately – today it’s about how to run it on FreeBSD. Yesterday I played around with it on my Arch Linux – now I want a more production setup. I’ll be running it on my NAS with FreeBSD, and obviously only inside a FreeBSD…

https://rtfm.co.ua/en/hermes-agent-running-an-ai-agent-in-a-freebsd-jail-with-bastille/

#AI #FreeBSD #FreeBSD_Jails #Hermes_Agent

FreeBSD: Jails Networking and Container Management with Bastille

Sometimes on FreeBSD you need to run services that aren’t officially supported by FreeBSD, and this post actually came about because I was installing Open WebUI on my NAS – and Open WebUI was easier to set up on Linux. So I spun it up in a FreeBSD Linux jail, and to create the container…

https://rtfm.co.ua/en/freebsd-jails-networking-and-container-management-with-bastille/

#FreeBSD #FreeBSD_Jails #Linux #Networking

Arch Linux: WireGuard Peer for Connecting to MikroTik

In the post MikroTik: setting up WireGuard and connecting Linux peers I described how to set up MikroTik as a VPN Hub and connect a peer running on Debian Linux. Setup on Arch Linux is mostly the same as on Debian – but every time I end up digging through this blog and my other…

https://rtfm.co.ua/en/arch-linux-wireguard-peer-for-connecting-to-mikrotik/

#Arch_Linux #DNS #MikroTik #VPN

OpenTelemetry: OTel Collectors in Kubernetes and VictoriaMetrics Stack integration

Today let’s talk about how to run OpenTelemetry in Kubernetes and integrate it with the VictoriaMetrics stack – VictoriaMetrics for metrics, VictoriaLogs for logs, and VictoriaTraces for traces. Actually, this post wasn’t planned at all, and once a draft did appear – it was supposed to be the third in the series, but in the…

https://rtfm.co.ua/en/opentelemetry-otel-collectors-in-kubernetes-and-victoriametrics-stack-integration/

#Kubernetes #monitoring #observability #OpenTelemetry #VictoriaLogs #VictoriaMetrics

VictoriaTraces: Tracing, Observability, and OpenTelemetry

On the project, we’ve gradually grown to the point where it’s time to have proper tracing – to build real observability, not just monitoring. A long time ago I did something similar with Jaeger – a monster, and it kind of stayed in my drafts from 2019 or 2020. Since right now our entire stack…

https://rtfm.co.ua/en/victoriatraces-tracing-observability-and-opentelemetry/

#Grafana #Kubernetes #observability #OpenTelemetry #VictoriaLogs #VictoriaMetrics