My random ramblings

Notes on IPv6

devblog@yvn.no — Tue, 02 Jun 2026 13:00:00 +0200

So due to a few reasons IPv6 ended up on my radar again recently and I decided to take a new look into it. Last time I asked my ISP (NextGenTel) they said that they could enable it if I plugged in their box. I did not want to plug in their box and left it at that.

This time however I wanted to at least try!

Enabling IPv6

First step was to enable IPv6 in my router/gateway. My very modest network is Ubiquity hardware in the Unifi lineup as I have had decent experience with exposing power user features of networking to someone that is not a network engineer. They are not without their critics out there, including for less than stellar support for IPv6 but they have not been terrible enough for me to consider replacing my hardware.

Disable systemd stub resolver on Ubuntu

devblog@yvn.no — Fri, 29 May 2026 14:00:00 +0200

Ever had trouble listening to port 53 on an Ubuntu installation? It is due to systemd having it’s own internal resolver doing some caching Fine, but here is how I disable it.¹

sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf && \
sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf' && \
sudo systemctl restart systemd-resolved

Now feel free to claim port 53 for Pihole, Technitium or whatever other DNS server you want listening to port 53.

Logitech MX Mini on Mac OS

devblog@yvn.no — Fri, 29 May 2026 13:00:00 +0200

I use a (few) Logitech MX keys mini and my work laptop is a Macbook.

Twice now I’ve had the situation where the keyboard is configured to be in Mac OS mode but on my Norwegian keyboard (physically and logically) the < and ' keys have been inverted.

So for future reference the recipe to fix that is:

1. Hold fn+O for three seconds to ensure Mac OS layout
2. Hold fn+U for three seconds to toggle "hybrid layout" (requires step 1!)

Bonus points

Self Hosted DNS with a twist

devblog@yvn.no — Sun, 08 Mar 2026 21:00:00 +0100

I decided to take a crack at self hosting authoritative DNS servers for my domains.

Why self hosting DNS

In short:

Controll and compentency
Cutting a dependency

Controlling the DNS part of my setup is a part of being in charge and knowing how things fit together. For the last few years I had been using Cloudflare for my authoritative nameservers as they provide an API for updating entries - something I needed due to hosting services behind a dynamic IP address. Being re-assigned an IP I would need to update the records for my services automatically to avoid much downtime (spoiler, this is still the case), and Cloudflare made this pretty easy, in addition to actually providing a solid service for free.

Meshtastic Norway

devblog@yvn.no — Sat, 31 Jan 2026 13:15:00 +0100

If you are using Meshtastic in Norway these are the settings you should set your node to:

Going to Settings -> LoRa

Un-toggle "Use Preset"
Bandwidth: 62 (kHz)
Spread Factor: 8
Coding Rate: 5
Frequency Override: 869.618

Why?

It looks like the default EU Meshtastic preset overlaps with the Norwegian network of smart power meters (AMS) so there is a lot of noise. The community has moved to these settings and hopefully there will be a push to provide them as a preset in the applications.

A Mesh Sized Hole

devblog@yvn.no — Fri, 30 Jan 2026 08:00:08 +0100

This is a very short post as I really don’t have much to say about this yet.

Just before Christmas I stumbled upon LoRa which brought me to reading about Meshtastic. I ended up buying a T1000-E as well as a Lilygo V2.1_1.6.1. Turns out the Lilygo was a bad idea as it’s pretty old and I’ve managed to seemingly buy one of the very few incompatible device combos out there.

For now the mesh in Oslo is somewhat sparse but a few people have set up nodes to improve coverage. I’m considering how helpful it would be to have a node on Ekeberg.

Publishing PGP Keys With WKD

devblog@yvn.no — Thu, 06 Nov 2025 08:00:00 +0100

Why?

While having a sort of rough reputation amongst security die-hards PGP is still a good way of increasing security around your presence on the web. At least without tieing yourself to a given platform. Signal is perhaps the gold standard for encrypted communications today, but it is still centralized and can therefore more easily be blocked or restricted.

So yes, encrypting email with PGP is perhaps not the best you can do for secure communcations, but it is a heck of a lot better than sending plain text. And if you sign the message with an established key as well, the recipient can be pretty confident that the message was written by you and not someone else.

Fairphone 6 with e/OS (or state of de-googling part 3 I guess)

devblog@yvn.no — Sun, 02 Nov 2025 16:15:00 +0100

Reasoning

It was finally time to put my Samsung S20 to rest. I didn’t want to as it ran just fine - perhaps with the exeption of the battery. But no more security updates, together with one last meeting with the bathroom tiles one morning was the final nail in the coffin. I briefly ran LineageOS on it but that’s a story for another time.

I landed on The Fairphone gen 6 or just Fairphone 6 as it should have been called as my replacement. Why? Well in short form these would be my pros:

Sending Mail From Servers

devblog@yvn.no — Wed, 20 Aug 2025 16:15:00 +0200

Email is old, tried and tested. But one thing I never actually sat down and did properly was to configure email sending (smtp) on my server(s).

Turns out it’s not too bad albeit with a few quirks. My example uses Migadu and assumes you’ve created an email address to send from (in my case `alerts@domain.com).

Setup

Start by installing mailutils and ssmtp. On Ubuntu 24.04 that means:

sudo apt install mailutils ssmtp

Syncing Kobo and Calibre Web

devblog@yvn.no — Wed, 18 Jun 2025 23:00:00 +0200

Boy oh boy was this one a pain to get exactly right …

I’ll try to keep it brief for anyone stumbling upon this, but I might add more details later if I feel like it.

Premise

My wife has a Kobo that we’d (I’d?) like to keep synced to Calibre-web so we can have a common family library. Calibre-web supports this but ever since settings this up some months ago it has been – ahem – unstable.

Rebooting my reading with a Kindle Jailbreak

devblog@yvn.no — Sun, 08 Jun 2025 14:00:00 +0200

Many years ago (11 in fact) I bought an Amazon Kindle Paperwhite. It completely changed my approach to reading and within a few years I’m pretty sure I’d read more books on my Kindle than I had before. The simple, small, light, single-purpose device with fantastic battery life quickly became what I dubbed “my most un-regretable tech-purchase” – meaning that while all other tech in my life had pros and cons this was just “without downsides” for mye use.

Replacing Maps Timeline With Owntracks

devblog@yvn.no — Sun, 06 Apr 2025 13:30:00 +0200

Timeline is (sort of) shutting down

Does this look familiar?

Maps has been nagging me about Timeline going device-only for quite a few months now. That means that it will no longer be accesible in a browser, only on the local device Google Maps app. And while I’ve been phasing out Google services for a while now it’s finally the push I needed to seriously look into alternatives for this particular use case.

State of De-Googling Part 2

devblog@yvn.no — Thu, 20 Mar 2025 22:00:00 +0100

Continuing on part 1 I want to run through some more Google services I’ve gotten rid of the last couple of years. For more about why you should probably head to part 1. I’ll also remind you that this mostly isn’t going to be a list of alternative cloud services as a big motivation is taking back control of my own data by selfhosting what I can.

De-Google take 2

Gmail to Protonmail To Migadu

Let’s start off with the exception to the selfhosting goal. Email has a notorious reputation in the selfhosting community due to how quickly you can end up on spam listings. While email is inherintly distributed as a technology, in practice a very big percentage of poeple you will be trying to deliver your mail to is going to be with a very select few providers. The big two are Gmail and some flavour of Outlook. That means that if either of these two decide to not deliver email from you properly you’re going to have a very bad time.

State of De-Googling

devblog@yvn.no — Fri, 07 Mar 2025 11:30:00 +0100

It’s march 2025 and I thought it was time to do a quick check in on my progress in “de-googling”. It’s funny how a company and service that became so ubiquitous its name replaced “searching” in everyday speach, now is far enough on the path to enshitification that degoogling has become its own verb.

Like it or not, Google has created some fantastic products for more than two decades. It has also filled the graveyard of time with dozens of more or less memorable products. While always being an advertising-giant first and foremost it has become more and more obvious how “paying with your data” has fueled this ad-empire. And, in my opinion, over the last few years Google has gradually shifted away from making excellent products towards maximizing profits.

Baikal CalDAV Hosting

devblog@yvn.no — Wed, 12 Feb 2025 21:30:00 +0100

Oh boy, this one was quite the journey. If you want to skip straight to how to install Baïkal and work around all the quirks missing in the documentation you can click here.

Why

I’m slowly but steadily moving away from as much Google (or rather big tech in general) services as I can. Where sensible I want to take back control all the way back “in house”. Quite literally. As a matter of fact everything I mention here, and the very blog you’re reading this on is hosted on my home server safely living in my living room media console.

Disaster Recovery

devblog@yvn.no — Thu, 16 Jan 2025 19:30:00 +0100

I made a plan for disaster recovery and so can you.

I have covered things like account access and loosing everything except the clothes on my back (them too actually), even - I guess - my memory.

Hopefully this was a complete waste of time!

I should mention that my wife is also a developer so she would be better placed than most to follow the minimal set of instructions to get up and running. For a complete novice more hand-holding would probably be required. At the very least bundling some gpg binaries and ensuring that the scripts run on Windows.

OpenPGP With Yubikey

devblog@yvn.no — Thu, 09 Jan 2025 20:00:00 +0100

OpenPGP with Yubikey

I’ve recently been wanting to use my Yubikey(s) a bit more actively. Or rather, I’ve considered them a potential solution to storing encrypted data publically. Requiring a physical key to unencrypt would balance the fact that the potentially sensitive data could be available online - albeit in an encrypted state.

I could of course create a super-long password, write it down, put it it my drawer and call it a day but as I already had two Yubikeys in somewhat active use as my 2fa for my password manager login I figured it was time to explore an unused part of the Yubikeys.

Sertifikater Forklart

devblog@yvn.no — Fri, 03 Jan 2025 15:15:00 +0100

This was written for internal documentation at work and I figured it might as well be posted here as well. An english translation might exist at a later point.

Generelt om sertifikater

Om du jobber med utviklere eller er en selv er sjansen stor for at du før eller siden hører snakk om sertifikater. Denne siden forsøker å forklare hva et Sertifikat er og litt om hvordan de fungerer.

Hvem trenger å vite dette?

Sertifikater er først og fremst noe som brukes i infrastruktur, til integrasjoner og blant utviklere. Likevel har disse en tendens til å treffe andre roller på teamet og også sluttbrukere - spesielt når noe går galt. Det kan derfor være litt interessant å vite hva det prates om.

Migrating From Protonmail With Docker and Imapsync

devblog@yvn.no — Fri, 20 Sep 2024 23:30:00 +0200

I’ve written about my rationale from moving away from Proton Mail. Here is how to do that using Proton Bridge, Docker and Imapsync.

Proton bridge

Protonmail does not expose standard imap interfaces for their accounts so you need to set up the Proton mail bridge to use common migration tools like Imapsync.

As Proton bridge is going to be a temporary installation I just wanted to have it in Docker for easy purging when done. Turns out someone has already dockerized it and a quick look through the project seems to show that it is a pretty bare bones wrapper for building the bridge from source. This should let us access our Proton mail account through standard Imap ports

From Protonmail to Migadu

devblog@yvn.no — Fri, 20 Sep 2024 21:00:00 +0200

The How

If you just want to know the how of migrating away from Proton Mail using the Proton Bridge here is your link.

Story time

A loong time ago I was a part of a student association. We used email extensively for communication using mailing lists and it was awesome. I think I’ll write a short post about proper email etiquete at some point but suffice to say it’s almost impossible to do email well in the age of Outlook, and partly Gmail. Nevertheless I as most other tech-inclined people at the time ended up with Gmail as my email client because of a few creature comforts. Server side filtering rules that worked across devices being the main one.

Ubuntu 24.04 Docker Watchtower Problems

devblog@yvn.no — Fri, 09 Aug 2024 15:00:00 +0200

If you’ve seen this kind of output from your Watchtower logs recently you might have ended up in the right place.

Error response from daemon: Cannot kill container: af791ab8aad584fa7488eba4cdad91ab7252d9f2cb04041c2a36ce80ae546145: 
Cannot kill container af791ab8aad584fa7488eba4cdad91ab7252d9f2cb04041c2a36ce80ae546145: 
unknown error after kill: runc did not terminate successfully: 
exit status 1: unable to signal init: permission denied

The problem

Watchtower is granted some access to the Docker socket which it uses to send signals that interact with running containers. Spesifically it needs to stop or kill running containers that use outdated images so that it can spin them up again fully updated. Apparmor is used to "confine programs to a limited set of resources." ¹ Somehow there are Apparmor restrictions set on a component of Docker or it’s accompanying tools (the culprit seems to be confinement of runc which is the default Docker container runtime) that seem to block the signals Watchtower are trying to send to running containers.

ZFS Encrypted Backups

devblog@yvn.no — Wed, 26 Jun 2024 22:00:00 +0200

This post assumes you use sanoid and/or syncoid in some way.

ZFS supports native encrypted datasets which is neat. Although I don’t really need or want to use them locally as I don’t consider the added risk of failure or complicated recovery process worth it to safeguard from potential family photo leakage in the event of a break in. There is a use case where the encryption comes in very handy though and that is off site backups to another ZFS target. See the brief discussion about it on the ZFS discourse that Jim Salter set up.

Moving From Philips Hue Hub to Home Assistant Zigbee

devblog@yvn.no — Mon, 27 May 2024 09:30:00 +0200

Background

Long story short: I needed some temperature readings in our apartment and wanted the measurements logged in Home Assistant (and thus available to act on with automations later on). Only hard requirements were HA integration and no Internet connection required. That means no cloud, no app no nothing. I ended up going with these from Aqara. They work over Zigbee, and even though I have some Philips Hue devices and a Hub/Bridge I would have to use a dedicated Zigbee controller to talk to them in Home Assistant.

Adjusting Thule Glide 2 Drift

devblog@yvn.no — Sun, 12 May 2024 11:00:00 +0200

This isn’t really “dev”-y at all but sometimes there’s just a missing piece of information on the internet that needs some elaborating.

We have a Thule Glide 2 running stroller / buggy that we are super happy with. Highly recommended if you are in the market for a running one. It handles even pretty rough terrain well as and long as you don’t mind slowing down for the really rough patches you’ll be surprised of where you can take this. Note: This is the Glide 2 - not the Urban Glide!

Using Stow and Git for Config Files

devblog@yvn.no — Tue, 09 Apr 2024 12:00:00 +0200

Want to skip my ramblings and go straight to the meat of using stow for configurations? Click here

A year or so ago my homelab was a rather over-powered Dell R720 I had gotten my hands on from my former employer when they decommisioned a data center. I ran Proxmox on it so services were on a mix of VMs and LXC containers. I downsized the server to a HP Microserver for mostly noise reasons. Turns out stuff built for the data center have other priorities than small-ish urban appartments. Who would have thought?

Deploy Your Applications With Watchtower

devblog@yvn.no — Thu, 04 Apr 2024 14:02:39 +0200

Automated deploys, continous integration and continous deployments are neat but can often be somewhat complex to set up just right. That overhead might be a bit much - especially in a homelab environment.

So why not simplify the process and KISS? Let’s explain some background, or jump straight down to the answer!

Watchtower 101

Watchtower describes itself as:

A container-based solution for automating Docker container base image updates.

and is often already deployed in a homelab environment to help keep services up to date. Either automatically or by monitoring and notifying. A typical docker-compose config might look like this:

Block Paths With Traefik

devblog@yvn.no — Mon, 11 Mar 2024 09:20:00 +0100

Note: This post was updated 2024-09-24T13:00:00+02:00 to Traefik v3 syntax.

Limit access to certain paths with traefik routing rules

Jump straight to the solution

Traefik is a reverse proxy and load balancer - most often found in front of a container-based application infrastructure. Most often either straight Docker or using Kubernestes. I started using it as I was under the impression that it was a more modern alternative to using Nginx for the same purpose but after some time I’ve landed on them each having strength and weeknesses.

Digging Through Internet History

devblog@yvn.no — Fri, 16 Feb 2024 08:30:00 +0100

note: This post was originally written on an internal company Slack. Some tweaks have been made.

From time to time I wonder about weird things which requires me to dig a bit around to see if I can get to the bottom of something. Today’s shower-thought (actually from quite a while back but never bothered to track down an answer): Why is the host part of an URL (or URI) read from most to least specific? Especially when the path part just after is the opposite being read from least to most specific! Intuitively (or at least from a file system way of thinking) the path way of doing it by defining a root and drilling down to a leaf seems more reasonable. Being consistent would result in .no.yvn.devblog/posts/digging-through-internet-history/ ¹ Reading this out makes all the sense as we simply start at the root and drill down to no, then yvn and all the way down to whatever client is hosting devblog (which could be several more steps down) and continue drilling down a specific path on that host. This “least to most” specific way of writing is also used in a few programming languages to define packages or namespaces, in addition to all file systems (that I know of at least). So why is this not how we navigate the Internet all day every day? Looking at RFC3986 for URIs ² we see that they’re actually not that fuzzed about which way one chooses to look up a host (they even mention the yellow pages!) but they do admit that

RSS Feeds and Miniflux

devblog@yvn.no — Sun, 04 Feb 2024 10:19:48 +0100

It’s 2024 and I’ve rediscovered RSS-feeds.

I do remember using them actively in what has to have been the late 2000 - early 2010s. Yikes. In that period i jumped a bit between Opera which had a built in reader if I’m not mistaken and Firefox using the Sage rss extension which actually has a site up and running although it looks like it hasn’t been updated since 2017.

So what happened? I just - stopped - I guess. Probably my keeping up-to-date with the various information sources I followed got covered by the “new” platforms. Facebook, Twitter and even Google+.

Notes From Non Booting Ubuntu Server

devblog@yvn.no — Thu, 01 Feb 2024 08:00:00 +0100

Update 2024-03-21: This was probably due to this bug being triggered. Effectively rendering the bpool subvolume unusable by grub after snapshotting. The top response here might be a good starting point for working around this with ZFSBootMenu which is what I ended up doing as well.

Original post:

Yesterday my server did not come back up. After a scheduled downtime due to a power outage in the building the server was supposed to boot back up but never came online. When looking into it it turned out it was stuck on the grub rescue menu claiming it did not find the kernel listed. This was a 6.5 kernel that I did spot being installed some time ago as part of the server being enrolled in the HWE kernel lifecycle.

Samba and the Recycle Bin

devblog@yvn.no — Fri, 26 Jan 2024 16:00:00 +0100

ZFS snapshots might make the good old Recycle Bin a bit superfluous but sometimes knowing what was deleted is the first step in restoring it. Here is the config needed to enable the Samba recycle module that moves deleted files in seperate folder for you to manage later on.

vfs objects = recycle
recycle:repository = .recycle/%U
recycle:directory_mode = 0550
recycle:subdir_mode = 0550
recycle:keeptree = yes
recycle:touch = yes
recycle:versions = yes

The %U syntax means that deleted files are ordered by the user that deleted them
keeptree recreates the file path in the recycle folder so you know where it came from
touch updates the file access time with the deletion timestamp
versions will keep multiple versions if files with the same name (and path) are deleted again

There are also ways to set min and max file sizes that should be included in the bin as well as exclution patterns for file paths. See the docs for more info.

ZFS Metrics in Prometheus

devblog@yvn.no — Wed, 24 Jan 2024 15:35:00 +0100

Now that we have set up Prometheus alerting via ntfy we want to monitor some actually useful metrics and be alerted when things look out of place. We start off by monitoring perhaps the most important part of a system - the filesystem. Thankfully both ZFS and Prometheus are pretty common out there and we can stand on shoulders to get this set up. See sources at the bottom of the article.

Prometheus Alertmanager and Ntfy

devblog@yvn.no — Tue, 23 Jan 2024 15:00:00 +0100

So this is a very minimal setup of the following services managed with docker-compose. It does not contain any actual monitoring or alerts outside a very basic polling of Traefik metrics. That will come later. Ntfy is hosted outside this setup and simply assumed available on an endpoint.

Some of the labels assume a Traefik setup for exposing containers. Adapt to your own needs.

Setup

Prometheus -> Alertmanager -> ntfy-alertmanager -> Ntfy

File structure

monitoring
├── alertmanager
│   └── alertmanager.yml
├── ntfy_alertmananger_config
│   └── config
├── prometheus
│   └── prometheus.yml
└── docker-compose.yml

The files

alertmanager/alertmanager.yml

Non Root ZFS Replication with Syncoid

devblog@yvn.no — Fri, 19 Jan 2024 13:30:00 +0100

One of the key strenghts of using ZFS as a file server is the extremely effecient replication that can be used for backup purposes. Sanoid and Syncoid are abstractions over the built in zfs snapshot and zfs send functionality that makes life a little simpler and should also help speed up transfers.

This guide is pretty bare bones and was written previously as a step by step reminder of how I set up my backup server pull data from my laptop.

Samba and Default Pam Restrictions

devblog@yvn.no — Thu, 18 Jan 2024 08:35:00 +0100

obey pam restrictions = yes

I don’t know exactly why this particular line in a Samba config messes up with file permissions but it sure does. It is set by default in a new Ubuntu (server) install as of 22.04 at least and cost me fair few hours to get to the bottom of.

The Samba docs are not exactly crystal clear on what this setting implies but it looks like it’s supposed to be set to no.

zfsutils-linux and HWE Kernels

devblog@yvn.no — Wed, 17 Jan 2024 17:00:00 +0100

June 2025 update: Ubuntu 23.10 Mantic Minotaur that this post refers to is out of support. If you somehow need a kernel newer than what is shipped in the latest LTS (24.04 as of writing), and run into these kinds of issues then you need to adapt the instructions to your current HWE-kernel and match that to the corresponding Ubuntu repos (24.10 or 25.04 as of writing). I would however suggest staying with the non-HWE kernel if that is at all an option. Good luck!

Samba Catia Mappings and Norwegian Characters

devblog@yvn.no — Tue, 16 Jan 2024 22:36:28 +0100

From the Catia docs:

The Catia CAD package commonly creates filenames that use characters that are illegal in CIFS filenames. The vfs_catia VFS module implements a character mapping so that these files can be shared with CIFS clients.

Turns out there’s a big gotcha for some special characters - in this case for the Norwegian character “ø” which ends up failing more or less silently when trying to manipulate files with this character over Samba.

Exposing Sanoid ZFS snapshots as Windows Shadow Copies over Samba

devblog@yvn.no — Tue, 16 Jan 2024 18:00:00 +0100

ZFS snapshots are super convenient for keeping dataset histories and fascilitating backups. Sanoid and Syncoid are commonly used abstractions on top of the ZFS native snapshot and send tools for managing taking and pruning snapshot with a policy based config.

In addition to being a nice security for a sysadmin we can actually expose some of these conveniences to the users of a Samba file share. Spesifically Windows users - by exposing the snapshot as “Windows Shadow Copies”.