Matt Horan's Blog


It's Always DNS

dns monitoring gke coredns kubernetes grafana

There’s a joke among sysadmins: it’s always DNS. DNS is an integral part of the modern internet. It often works and therefore nobody ever thinks about it. But when it doesn’t work, weird things happen — and nobody ever thinks about DNS. Even when they know it’s always DNS. Recently I had my own “it’s always DNS” moment, and I figured I’d share my experience here so that maybe you’ll remember: it’s always DNS.


Autocomplete Google contacts in Vim with Goobook

goobook vim mutt vimscript

For many years I’ve been using mutt to read and send email. I stumbled across a post about how to hook up Vim and Goobook to autocomplete Google Contacts when composing email. The original Vim plugin called out to additional programs to transform Goobook output to the format appropriate for Vim autocompletion. Wanting to learn more about Vimscript I decided to port as much as possible over to native Vimscript. Read on to learn more about how to get this set up for yourself!


Coffee Bean Counter

home-assistant shelly automation coffee

As I wrote in my last post about setting up a remote door buzzer, Shelly’s WiFi-enabled relays caused me to catch the home automation bug. In addition to the relay used for that project, I picked up a Shelly 1PM relay (and bought four more since then!) A fellow espresso enthusiast told me about their Home Assistant setup to estimate how many espresso shots they could pull before needing to restock on beans. Having limited space at my coffee station, I wanted something compact. I’ve been using TPLink Kasa devices with power metering elsewhere in my home, but the Shelly 1PM was the prefect choice for this project since it could be tucked away in the junction box.


Remote Door Buzzer with Home Assistant

home-assistant shelly automation

Over a year ago I bought a Shelly 1 relay with grand plans: set up a remote door buzzer for my apartment. I live in an apartment building with an intercom system (see below.) The front door can be unlocked from a central control panel in my apartment. However, I’m not always in the living room where the control panel is located when someone calls my apartment. Also, sometimes I’m at the front door and my keys are inaccessible. Since I don’t have a fancy remote controlled door opener, I wanted to come up with my own solution.


Blackbox Monitoring with Prometheus

blackbox-monitoring monitoring prometheus google-cloud grafana gke

Prior to migrating from Cacti to Prometheus for infrastructure monitoring, I’d already been using Prometheus for blackbox monitoring. A couple of years ago I was looking for a way to monitor the health of various services I had deployed across virtual machines and containers running on my home network. I had used Pingdom for this in the past, but they killed their free plan in 2019. I had quite a few services to monitor, including multiple Web servers, a mail server, IRC server, and more. I surveyed the hosted service landscape but the available free options didn’t support the variety of services I needed to monitor; and the paid services cost as much as a single VPS at ARP Networks.


Migrating from Cacti to (Google Managed) Prometheus

cacti prometheus google-cloud monitoring grafana gke

I’ve been using Cacti to monitor infrastructure for nearly 20 years. Cacti is a great tool for polling devices via SNMP and renders pretty graphs via RRDtool. However, I’ve been trying to consolidate infrastructure and have settled on Kubernetes (specifically, Google Kubernetes Engine) for running as much of my infrastructure as possible. While it’d be possible to run Cacti on Kubernetes, I wanted to find another option that was more “Kubernetes native”.


Automatic TLS certificate rotation with lego on FreeBSD

lets-encrypt lego certificates tls ssl automation freebsd

I’ve been using Let’s Encrypt to manage certificates on my systems for some time now. I started off using the excellent acme-client, which has  since been integrated into OpenBSD. Previously, there was a portable version which had been ported to FreeBSD, but this is no longer maintained. I continued running it for some time without realizing this. Fortunately the FreeBSD port has since been removed.


Budget GKE deployment

kubernetes gke google-cloud

In an effort to better understand Kubernetes, the need to stand up monitoring infrastructure, and the desire to reduce the burden of maintaining a MySQL instance, I decided to check out Google’s GKE offering. As I’d be using this for hosting personal projects, I wanted to keep the cost as low as possible. This, plus latency to my ARP Networks VPSes, is why I chose GKE over other cloud providers.


Encrypted root disk migration for FreeBSD

arpnetworks dump/restore encryption freebsd

I’ve had a VPS with ARP Networks for a long time now. Things were a bit different back then. The default FreeBSD installer suggested setting up multiple partitions (slices) on a disk by default. This is no longer the case. Encryption wasn’t a thing that people generally worried about. I’ve had it on my todo list for a while now to figure out how to converge to a single encrypted partition on my VPS — saving me from running out of space in /var/, and also to protect the data on the underlying “disk”. I finally worked it out a few weeks ago.


Setting up two-factor authentication on FreeBSD

authentication freebsd hotp howto oath otp pam ssh totp

I typically utilize public key authentication when connecting via SSH to However, there are times when I’m away from a device which has my private key and need access to my server. I reluctantly enabled password authentication for those occasions, but after enabling two-factor authentication for most of the services that I use regularly, I wanted to do the same for my own server.


1 of 2 Next Page