SumGuy's Ramblings

AppArmor vs SELinux explained: what mandatory access control actually does, how to write AppArmor profiles with aa-genprof, navigate SELinux labels and audit2allow, and when to use each.

Appwrite self-hosted BaaS setup: auth, databases, storage, and serverless functions on your own hardware. Compare with Supabase and PocketBase.

ArgoCD vs Flux for Kubernetes GitOps: compare UI-focused ArgoCD with automation-first Flux CD. Sync workflows, install examples, and when to use each.

Master auditd for Linux audit logging: watch critical files, audit syscalls, use aureport and ausearch, and ship logs to Loki or Elasticsearch for compliance and security monitoring.

Authentik vs Authelia for self-hosted SSO — which one belongs in your home lab? We break down setup, features, and resource use so you can stop logging in like an animal.

Run BGP in your home lab with FRRouting. Covers iBGP vs eBGP, FRR installation, basic BGP config, peering with OPNsense, route filtering, and when BGP is actually worth the complexity.

BookStack vs Wiki.js: different philosophies, same goal. Compare features, Docker setup, editors, SSO, and which one fits your team or homelab.

Advanced Caddy server configuration: wildcard certs, Caddyfile matchers, Docker label integration, rate limiting, forward auth with Authelia, and the JSON API.

Certificate pinning and HPKP explained: what they are, why HPKP destroyed itself, and modern alternatives like CAA records and Certificate Transparency.

Learn chaos engineering with Pumba for Docker container chaos and Toxiproxy for network failure simulation. Discover failures in staging before your users find them in production.

Shell scripts hit a complexity wall. Go gives you a single binary, fast startup, great stdlib, and goreleaser for proper distribution. Here's how to build real CLI tools.

Advanced Cloudflare Tunnel setup: multiple services, Docker Compose, Access policies, security hardening, and whether trusting Cloudflare is worth it.