Secrets management in Docker Compose: .env, SOPS, Bitwarden, and the “good enough” threat model
A pragmatic ladder from “.env and permissions” to SOPS and a vault, plus a threat model that’s realistic for self-hosters...
self-hosting
Fail2ban for self-hosters: stop brute-force without turning your server into a security project
A practical setup for SSH + web apps, modern nftables/systemd defaults, and a debugging checklist to prove bans actually work...
Self-hosting without panic (5/12): Stop losing data. A practical guide to Linux permissions
Make persistence explicit: where data lives, why permissions break, and how to fix it cleanly...
Why your homelab is “slow”: IO Wait, DNS, MTU, and the fastest way to prove it
A step-by-step diagnosis playbook: measure IO wait, validate DNS latency, test MTU/path MTU, and confirm the real culprit...
Immich storage planning: How not to lose your photos (and not to go broke on disks)
A sizing and layout guide for self-hosters: where your photos actually live, how fast storage grows, and what to back up (and what not to)...
Vaultwarden on Docker: Backups, admin access model, and restore test (a real setup)
A self-hosted Bitwarden-compatible password manager, set up with safety rails...