Hi, I’m Andrew!

I’m a Linux Admin and Software Developer in Kansas.

I write about various projects, things I find interesting, and try to pass along some knowledge.

My Personal Backup Strategy

I’m pretty protective of my data. I like to make sure all my important file are backed up, and I employ a 3-2-1 backup strategy for basically everything. What are 3-2-1 Backups This is a term that is floated around frequently when talking about backups. It basically boils down to these rules: You have 3 independent copies of your data. Of those 3 copies, 2 of them are on different systems (Different servers, different SANs, etc)....

October 7, 2021

Promxox/Rclone Offsite Backup

One of the most important parts of keeping data safe is offsite backups. One excellent tool for this is Rclone, a tool that copies data to local and remote locations with ease. I don’t use Rclone for all my backups, which I’ll get into, but I use it for some cases and it’s a great tool. Why I Use Rclone I operate a dedicated server where the hardware is managed by a third-party....

September 27, 2021

Custom Debian ISO

If you’re installing Debian on a regular basis, or want to automate the installation a bit more, building a custom Debian installation ISO can be quite handy. You can automate some of the more tedious parts of the installation, install extra packages and run additional setup, or even completely automate the installation! Why? In my case, I’m working with some automated provisioning using Puppet and Packer. Most of the time, you can start with a pre-installed operating system and work from there....

September 7, 2021

Firewalld in Debian 10

In the past, I showed how to add a firewall rule in Debian 9. For Debian 10, these instructions still work but installing the firewalld package is a bit more involved. Why There is a bug in iptables (which is how firewalld applies rules) that causes it to crash on start up. Thanks to this GitHub Issue, I was able to track this down to the specific version of iptables that ships with Debian 10 (1....

August 24, 2021

Puppet Without a Puppet Server

One tool that is pretty neat for anyone who manages more than one machine is Puppet. In it’s simplest form, Puppet is designed to codify actions you may take on your server and run them automatically. The typical deployment for Puppet relies on a central Puppet server (the “Puppetmaster”), and clients distributed around your network. What if, say, we wanted to run Puppet without this central server? Why Puppet is great, and a centralized Puppet server is equally great....

August 4, 2021

TryHackMe: Vulnversity

Meta Information: This is a room I recently completed on TryHackMe. I figured I’d do a write up of what I found, how I got in, and things that a potential sysadmin would want to do to fix their server. I’m writing this from the point-of-view of a independent security consultant. Description of Server The machine in question appears to be an Ubuntu Linux machine, with a number of open ports and protocols:...

July 6, 2021

Fix Virtualmin Proxy with Let's Encrypt

This is a minor inconvenience that I’ve dealt with for far too long. When using Virtualmin as a reverse proxy, it doesn’t handle Let’s Encrypt verification records correctly and forwards them to the upstream service. In my case, this would cause certificates to issue correctly initially, but then fail to renew after three months is up. Since every request that hits the server was getting sent to the upstream server (including any requests to ....

June 14, 2021

Backup Google Photos (Part 2)

In Part One we looked at how to download our photos from Google Photos to a local drive. But now we’ll look at how to archive them into human readable folders that can be included in daily snapshot backups. Our Problem Now we have all our photos downloaded, but I really wanted things to live on my NAS with the rest of my important files. This would also let me potentially delete photos from Google Photos but keep things locally....

April 15, 2021