blip zip blog

IONOS

A quid a month is pretty hard to argue with. Other pros: I can customise inbound firewalls so I can restrict SSH to only operate over the WireGuard management. If the interface goes down for whatever reason, I can just allow SSH in from my current WAN IP address and fix things.

The whole setup for the VPS is script so if I need to burn/replace it should be trivial.

One thing to I always seem to forget is the name of the default NIC. IONOS' Ubuntu image uses ens6 which probably makes sense to someone somewhere. The first time I ran the build script, my iptables templates had the wrong name and I locked myself out. Nice to know how the reimagine process works, I guess.

Writefreely

Enjoying using this so far. Really really simple to set up.

Only weird behaviour (to me; might be obvious to others) that I've found is that the bind config parameter is only a single interface on the hosting machine. Had to bust out tcpdump and test out where it was falling over. The default value is localhost which is fine, but I need it to listen on the IP of the WireGuard interface. I've modified as below:

bind                 = 192.168.115.2

It's worked fine since I did this. Kind of annoying but not a big issue.

Had a look at OAuth setup using Entra, but the config items appear to assume that the userinfo endpoint is on the same domain as the auth/token ones. MS loves to do things their own way, so they've exposed it via Graph instead. I'll spend some more time reviewing later.

NUCs

Neither had a VPN connection prior to setting up this blog solution so firewalls felt unnecessary. I'll sort out the iptables rules later on. For now, I'm just enjoying having a public thing that I can see.