Enable FreeIPA 4.12 ACMEv2, issue 90-day RSA certs with certbot and acme.sh, auto-renew via systemd timer and cron.…
Verify, decode, and ship the 128-bit random serial that became default in FreeIPA 4.12. Five proof methods, the…
10 production-tested FreeIPA sudo rules: Defaults, NOPASSWD, RunAs, deny patterns, break-glass, auth-indicator gated, time-bound, AD-trusted, GSSAPI passwordless. Built…
A small FreeIPA lab on Rocky Linux 10 buys you the same identity stack Red Hat ships under…
Rocky Linux 10 dropped openldap-servers from BaseOS. The slapd daemon now lives in EPEL, which means a working…
Two laptops, three home-lab servers, and a VPS in Frankfurt. Old me wired that together with WireGuard, an…
FreeBSD ships without sudo or doas by default, which surprises Linux admins on day one. The base system…
MetalLB fills the one gap that bare-metal Kubernetes has no native answer for: Services of type LoadBalancer. On…
ArgoCD ships with a ClusterIP Service by default, which means after the install the UI is only reachable…
ArgoCD is the declarative, pull-based continuous delivery controller for Kubernetes. It watches a Git repository, reconciles the desired…
FreeBSD 15.0 ships with OpenSSH 10.0p2, which supports post-quantum key exchange algorithms out of the box. The defaults…
A quantum computer powerful enough to break classical SSH key exchange does not exist yet. The problem is…
