@JessTheUnstill@infosec.exchange oh golly gosh we already have this system we might as well use it

@fasterthanlime@hachyderm.io I wonder if AI really helps the maintenance load of all the new features getting spun out, and if whole thing will not just collapse under it's own weight

@fasterthanlime@hachyderm.io honestly I wonder if we'll see more of this pattern as orgs chase the high of adding new features at an unsustainable rate while chasing the highs of AI-accelerated "progress"

@badnetmask@hachyderm.io Yup that is what I am doing so far. And I'm just having the playbooks import eachother as dependencies as needed rather than dealing with roles.

For some of these I wish I could include the inventory in the playbook, these are physical hosts so there isn't a great […]

@badnetmask@hachyderm.io @homelab@fedigroups.social Oh I'm not planning on having ansible interact with kubernetes directly at all, but to configure services on a handful of linux hosts (shipping logs, crowdsec for ssh) that connect to services running in the cluster.

The automation tools:
* […]

The script for setting up the local CA and certbot just got kinda unruly

I'll have to do the same for Crowdsec

... And eventually for my dev instance, but that is gonna be more of a mess

.... And the dnsmasq server ughggggfhf

but I am gonna be using single-file playbooks because I don't want to make even more sprawling (MAYBE I will use very simple role directories, but we're on thin ground here). IDK how I plan to do inventory , there really aren't that many devices managed this way

@badnetmask@hachyderm.io well the trick is I can hit the router's LAN IP from the other side of this link but not DNS

Holy heck now I have a system where `dig` resolves differently from `wget` and `curl` how in the heck?????

I went looking at the unifi device from the CLI to see if I could shed some light

The goal is to hit the unifi router's own DNS from the other side of the site-to-site VPN so I can set it as an upstream DNS server for that domain

There is something preventing it.

There are four(!!) dnsmasq […]

On the DNS server itself, I hadn't worried about reaching internal addresses for it, so I need to set it's local resolver to itself without breaking anything

Meanwhile with the other two devices, they're on the other side of wireguard VPN, and I can't hit the DNS server for that domain on the […]

Oh, the Crowdsec TLS config is a right mess

@badnetmask@hachyderm.io in particular, a section description root and intermediate certificate rotation strategies

@badnetmask@hachyderm.io this a good series of posts

My current fixation is setting up a local CA

I suspect I'll need to practically write half a blog post just to get my head around it... (Yeah yeah I know I have a backlog)

I wonder, can I use trust-manager to concsat the Talos and local CA […]

@merlin@toot.kif.rocks homeassistant down, I think so..... Zigbee controller down.... Not sure if have to check (but am visiting family rn)

@hazelnoot@enby.life oh yeesh what did they add now?