Tag: computers

Like many, I get annoyed by subscription pricing that doesn't accurately reflect my needs. I don't want to spend $5 a month for a color picker app. I don't really want to spend $4/month on ControlD for ad-blocking and custom internal DNS hosting, and NextDNS is worth $20/month until I hit the five or six times a month it's completely unresponsive and kills all my internet connectivity.

(I recognize I departed from the mainstream on the specifics there, but my point is still valid.)

I've self-hosted this blog and several other websites for more than a decade now; not only is it a way to keep up my Linux/sysadmin chops, it's also freeing on a personal level to know I have control and important to me on a philosophical level to not be dependent on corporations where possible, as I've grown increasingly wary of any company's motivations the older I get.

So I started looking at options that might take care of it, and over the last few months I've really started to replace things that would have previously been a couple bucks a month with a VPS running four such services for $40 a year.

Quick aside: I use RackNerd for all my hosting now, and they have been rock-solid and steady in the time I've been with them (coming up on a year now). Their New Year's Deals are still valid, so you can pay $37.88 for a VPS with 4GB of RAM for a year. Neither of those links are affiliate links, by the way - they're just a good company with good deals, and I have no problem promoting them.

AdGuard Home - Ad-blocking, custom DNS. I run a bunch of stuff on my homelab that I don't want exposed to the internet, but I still want HTTPS certificates for. I have a script that grabs a wildcard SSL certificate for the domain that I automatically push to my non-public servers. I use Tailscale to keep all my devices (servers, phones, tablets, computers) on the same VPN. Tailscale's DNS is set to my AdGuard IP, and AdGuard manages my custom DNS with DNS rewrites.

This has the advantages of a) not requiring to me to set the DNS manually for every wireless network on iOS (which is absolutely a bonkers way to set DNS, Apple), b) keeping all my machines accessible as long as I have internet, and c) allowing me to use the internal Tailscale IP addresses as the AdGuard DNS whitelist so I can keep out all the random inquiries from Chinese and Russian IPs.

The one downside is it requires Tailscale for infrastructure, but Tailscale has been consistently good and generous with its free tier, and if it ever changes, there are free (open-source, self-hosted) alternatives.

MachForm - Not free, not open-source, but the most reliable form self-hosting I've found that doesn't require an absurd number of hoops. I tried both HeyForm and FormBricks before going back to the classic goodness. If I ever care enough, I'll write a modern-looking frontend theme for it, but as of now it does everything I ask of it. (If I ever get FU money, I'll rewrite it completely, but I don't see that happening.)

Soketi - A drop-in Pusher replacement. Holy hell was it annoying to get set up with multiple apps in the same instance, but now I have a much more scalable WebSockets server without arbitrary message/concurrent user limits.

Nitter - I don't like Twitter, I don't use Twitter, but some people do and I get links that I probably need to see (usually related to work/dev, but sometimes politics and news). Instead of giving a dime to Elon, Nitter acts as a proxy to display it (especially useful with threads, of which you only see one tweet at a time on Twitter without logging in). You do need to create a Twitter account to use it, but I'm not giving him any pageviews/advertising and I'm only using it when I have to. When Nitter stops working, I'll probably just block Twitter altogether.

Freescout - My wife and I used Helpscout to run our consulting business for years until they decided to up their subscription pricing by nearly double what we used to pay. Helpscout was useful, but not that useful. We tried to going to regular Gmail and some third-party plugins, but eventually just went with a shared email account until we found Freescout. It works wonderfully, and we paid for some of the extensions mostly just to support them. My only annoyance is the mobile app is just this side of unusable, but hard to complain about free (and we do most of our support work on desktop, anyway).

Sendy - Also not free, but does exactly what's described on the box and was a breeze to set up. Its UI is a little dated, and you're best served by creating your templates somewhere else and pasting the HTML in to the editor, but it's a nice little workhorse for a perfectly reasonable price.

Calibre-web - I used to use the desktop version of Calibre, but it was a huge pain to keep running all the time on my main computer and too much of a hassle to manage when it was running on desktop on one of the homelab machines. Calibre web puts all of the stuff I care about from Calibre available in the browser. I actually run 3-4 instances, sorted by genre.

Tube Archivist - I pay for YouTube premium, but I don't trust that everything will always be available. I selectively add videos to a certain playlist, then have Tube Archivist download them if I ever want to check them out later.

Plex - I have an extensive downloaded music archive that I listen to using PlexAmp, both on mobile devices and various computers. I don't love Plex's overall model, but I've yet to find an alternative that allows for good management of mobile downloads (I don't want to stream everything all the time, Roon).

Permalink

I have been playing around with Soketi as a self-hosted Pusher alternative and, while the software is great, boy is its documentation and error messaging lacking. If you're trying to run it and get the error

There was an error while parsing the JSON in your config file. It has not been loaded. 

This is, as near as I can tell, the minimum required set of keys to get an app working:

{
    "debug": true,
    "port": 6001,
    "appManager.array.apps": [
        {
            "id": "id",
            "key": "key",
            "secret": "secret",
            "webhooks" : []
        }
    ]
}

Without the empty webhooks array, it kept failing on me.

I still have not gotten a pm2 instance to accept a config file 😭️. I gave up on the Docker instance because it doesn't allow more than one app per instance and I want something more flexible.

I'm sure it's great and super easy if you're just spinning up a single app, though!

Permalink

Because I use this like three times a year and always have to look it up: When you want to merge folders of the same name on a Mac (e.g., two identically named folders where you want the contents of Folder 1 and Folder 2 to be in Folder 2), hold down the option key and drag Folder 1 into the container directory of Folder 2. You should see the option to merge.

Note that this is a copy merge, not a move merge, so you'll need to delete the source files when you're done. It also appears to handle recursion properly (so if you have nested folders named the same, it'll give you the same option).

Did I almost look up a whole app to do this? Yes, I did. Is it stupid this isn't one of the default options when you click and drag? Yes, it is.

Permalink

Dislcaimer: I am not receiving any affiliate marketing for this post, either because the services don't offer it or they do and I'm too lazy to sign up. This is just stuff I use daily that I make sure all my new computers get set up with.

My current list of must-have Mac apps, which are free unless otherwise noted. There are other apps I use for various purposes, but these are the ones that absolutely get installed on every machine.

• 1Password
  Password manager, OTP authenticator, Passkey holder and confidential storage. My preferred pick, though there are plenty of other options. ($36/year)

• Bear
  Markdown editor. I write all my notes in Bear, and sync 'em across all my devices. It's a pleasant editor with tagging. I am not a zettelkasten person and never will be, but tagging gets me what I need. ($30/year)

• Contrast
  Simple color picker that also does contrast calculations to make sure you're meeting accessibility minimums (you can pick both foreground and background). My only complaint is it doesn't automatically copy the color to the clipboard when you pick it (or at least the option to toggle same).

• Dato
  Calendar app that lives in your menubar, using your regular system accounts. Menubar calendar is a big thing for me (RIP Fantastical after their ridiculous price increase), but the low-key star of the show is the "full-screen notification." Basically, I have it set up so that 1 minute before every virtual meeting I get a full-screen takeover that tells me the meeting is Happening. No more "notification 5 minutes before, try to do something else real quick then look up and realize 9 minutes have passed." ESSENTIAL. ($10)

• iTerm2
  I've always been fond of Quake-style terminals, so much so that unless I'm in an IDE it's all I'll use. iTerm lets a) remove it from the Dock and App Switcher, b) force it to load only via a global hotkey, and c) animate up from whatever side of the screen you choose to show the terminal. A+. I tried WarpAI for a while, and while I liked the autosuggestions, the convenience of an always-available terminal without cluttering the Dock or App Switcher is, apparently, a deal-breaker for me.

• Karabiner Elements
  Specifically for my laptop when I'm running without my external keyboard. I map caps lock to escape (to mimic my regular keyboards), and then esc is mapped to hyper (for all my global shortcuts for Raycast, 1Password, etc.).

• NextDNS
  Secure private DNS resolution. I use it on all my devices to manage my homelab DNS, as well as set up DNS-based ad-blocking. The DNS can have issues sometimes, especially in conjunction with VPNs (though I suspect it's more an Apple problem, as all the options I've tried get flaky at points for no discernible reason), but overall it's rock-solid. ($20/year)

• NoTunes
  Prevents iTunes or Apple Music from launching. Like, when your AirPods switch to the wrong computer and you just thought the music stopped so you tapped them to start and all of a sudden Apple Music pops up? No more! You can also set a preferred default music app instead.

• OMZ (oh-my-zsh)
  It just makes the command line a little easier and more pleasing to use. Yes, you can absolutely script all this manually, but the point is I don't want to.

• Pearcleaner
  The Mac app uninstaller you never knew you needed. I used to swear by AppCleaner, but I'm not sure it's been updated in years.

• Raycast
  Launcher with some automation and scripting capabilities. Much better than spotlight, but not worth the pro features unless you're wayyyy into AI. Free version is perfectly cromulent. Alfred is a worthy competitor, but they haven't updated the UI in years and it just feels old/slower. Plus the extensions are harder to use.

• Vivaldi
  I've gone back to Safari as my daily driver, but Vivaldi is my browser of choice when I'm testing in Chromium (and doing web dev in general. I love Safari, but the inspector sucks out loud). I want to like Orion (it has side tabs!). It keeps almost pulling me back in but there are so many crashes and incompatible sites I always have to give up within a week. So Safari for browsing, Vivaldi for development.

Permalink

I've recently been beefing up my homelab game, and I was having issues getting a Gotify secure websocket to connect. I love the Caddy webserver for both prod and local installs because of how easy it easy to configure.

For local installs, it defaults to running its own CA and issuing a certificate. Now, if you're only running one instance of Caddy on the same machine you're accessing, getting the certs to work in browsers is easy as running caddy trust.

But in a proper homelab scenario, you're running multiple machines (and, often, virtualized machines within those boxes), and the prospect of grabbing the root cert for each just seemed like a lot of work. At first, I tried to set up a CA with Smallstep, but was having enough trouble just getting all the various pieces figured out that figured there had to be an easier way.

There was.

I registered a domain name (penginlab.com) for $10. I set it up with an A record pointing at my regular dev server, and then in the Caddyfile gave it instructions to serve up the primary domain, and a separate instance for a wildcard domain.

When LetsEncrypt issues a wildcard domain, it uses a DNS challenge, meaning it only needs a TXT record inserted into your DNS zone to prove it should issue you the server. Assuming your registrar is among those included in the Caddy DNS plugins, you can set your server to handle that automatically.

(If your registrar is not on that list, you can always use

certbot certonly --manual

and enter the TXT record yourself. You only need to do it once a quarter.)

Now we have a certificate to use to validly sign HTTPS connections for any subdomain for penginlab.com. You simply copy down the fullchain.pem and privkey.pem files to your various machines (I set up a bash script that scps the file down to one of my local machines and then scps it out to everywhere it needs to go on the local network.)

Once you have the cert, you can set up your caddy servers to use it using the tls directive:

tls /path/to/fullchain.pem /path/to/privkey.pem

You'll also need to update your local DNS (since your DNS provider won't let you point public URLs at private IP addresses), but I assume you were doing that anyway (I personally use NextDNS for a combination of cloud-based ad-blocking and lab DNS management).

Bam! Fully accepted HTTPS connections from any machine on your network. And all you have to do is run one bash script once a quarter (which you can even throw on a cron). Would that all projects have so satisfying and simple a solution.

Permalink