I’m hosting a Vaultwarden intance and was looking into a way to harden the admin interface since my instance is public. I was already using a very strong admin token, hashed with ARGON2 but I wanted to take it a step further. Why leave the admin page exposed to the internet in the first place? Doesn’t matter if I have fail2ban and all other sorts of security measures. There are simply no reason to want the admin panel accessible to the World Wide Web.

What is a Yubikey and why would you want to use it with SSH? # I’m not gonna go into much details about what a Yubikey is because there’s already plenty of online resources on them. The Yubikey is a cryptographic device for multi-factor authentication. From this point forward I’ll just assume you already know what SSH and SSH key pairs are. There are multiple ways to use a Yubikey for SSH authentication.

I used to love RSS. I love it now as well, but I used to, too. # Back in the middle 00’s, almost everything I would read would be through an RSS reader. I don’t quite remember which reader I used. Probably Google Reader. Anyway. I thought it was awesome. Having all your favorite content source all conveniently in one place with the ability to track what you read to what you didn’t read yet was awesome.

Did you know that? I didn’t. I just started this blog and I’ve been using Neovim to type my markdown posts. The only thing I felt was missing was a spell checker, so I DDG it up. Turns out Vim and Neovim have had a spell checker since over 10 years. To be fair, I only started using Vim (then Neovim) just a year or 2 ago. To enable temporary spell check for English do: # :setlocal spell spelllang=en_us You will then notice a colored wavy line under misspelled words as you would expect from any spell checker.

First of all, what is wildcard DNS and why should you care? Well, you know when you go to the local DNS settings of your Pi-hole interface and you add an entry for a new domain? Let’s say you just spun up a Jellyfin instance so you add jellyfin.yourdomain. You would then need to create an entry in your reverse proxy, then another one in Pi-hole’s local DNS list. Well, imagine if instead we could create only one DNS entry so that every subdomain of a given domain point to the same IP.