Notes

I am one of those people who function better by writing things down. One day, I realized that most of my notes don’t have to be private, so here they are - my second brain. Be warned that, if you stumble upon something here that doesn’t make sense to you, it isn’t meant to!

ACME through Step CA on Proxmox

I recently setup Step CA in my homelab. Proxmox UI allows setting up ACME only through Let’s Encrypt, but apparently you can setup other providers through the command line. So, this is how I went about it. cp /root/root_CA.crt /usr/local/share/ca-certificates/homelab.crt update-ca-certificates pvenode acme account register self-hosted-ca foo@bar --directory https://web-server-1.lan.ketanvijayvargiya.com:12001/acme/acme/directory

Step CA: Generate root and intermediate CAs

Update: I (re)(re)setup Step CA in my homelab, hopefully for the last time! The following is from 2024-10-19 with updates from this week’s learnings. I recently (re)setup a Step CA instance in my homelab. By default, the root certificate generated by Step CA has a validity of 10 years, but I wanted that to be longer. So: docker run --rm -it \ -v ~/app-data/step-ca:/home/step smallstep/step-ca \ step certificate create "SelfHostedCA" root_ca.crt root_ca_key \ --profile root-ca \ --not-after 2100-01-01T00:00:00Z \ --no-password \ --insecure # Validate the actual expiration on the root certificate. openssl x509 -in stepca/certs/root_ca.crt -noout -text I then generated an intermediate {cert, key} pair: ...

Learnings from our Europe trip this month

Note: Previous version here. Some cities aren’t stroller friendly. For example, Rome (because of its cobbled streets) or Venice (because of narrow streets and staircased bridges). Still, it’s impractical to travel here without a stroller. Maybe get a light one. Some cities may not have enough train connections between them. (For e.g., Naples to Sorrento.) So, book trains early for those. If you expect warm weather, take shorts even if some random blogs cite culture reasons for not doing so.

Search

Ntfy notifications on Proxmox

Here’s how I configured Proxmox (and Proxmox Backup Server) to send notifications to Ntfy through their webhook method. POST URL: https://ntfy.sh/{{ secrets.channel }} Headers: X-Title: {{ title }} Markdown: Yes Priority: low Authorization: Bearer {{ secrets.token }} Body: {{ severity }} {{ message }} Secrets: channel token Here’s a screenshot:

Hung networking hardware in Proxmox

I one day woke up in the morning to the following error on my Proxmox server: Apr 20 00:06:20 pve kernel: e1000e 0000:00:1f.6 eno1: NIC Link is Down Apr 20 00:06:20 pve kernel: vmbr0: port 1(eno1) entered disabled state Apr 20 00:06:23 pve kernel: e1000e 0000:00:1f.6 eno1: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx Apr 20 00:06:23 pve kernel: vmbr0: port 1(eno1) entered blocking state Apr 20 00:06:23 pve kernel: vmbr0: port 1(eno1) entered forwarding state 2025-04-20T00:14:45.918353-07:00 pve kernel: [1789014.672581] e1000e 0000:00:1f.6 eno1: Detected Hardware Unit Hang: After some digging, I added the following to the /etc/network/interfaces file. Haven’t seen that error again in at least a few months: ...

Break down of Staff+ role

Different aspects of the job: Project delivery. Big picture thinking. Could be both vision or strategy. Mentorship. Different skills they need: Technical skills. Product management. Project management. People skills: how to organize people to work as a team, grow their careers etc. Different archetypes, i.e. style of work they do: Team lead: usually a starting point for a Staff engineer, something they transition into from a senior engineering role. Architect. Solvers: usually present in teams that place more emphasis on individual contributions than on teams. Right hands: borrow power from and act as proxies for senior leadership.

How to approach the interviews

Speak slowly. Pause before you respond to anything. Story telling tips (for behavioral rounds): STAR technique - very important. In most cases, the technical details (of the situation or actions) don’t matter too much, so no need to delve into those unless cross-questioned. As for actions, try to answer in numbered bullet points: I did 3 things: One, … When asked a question, pause a few seconds and think what the actual underlying question is or what exactly the interviewer is looking for. For example, a binary question doesn’t need to be answered by a yes/no. Some behavioral questions require you to show how you collaborate. So, talk about 2-3 stakeholders you worked with to answer those. (Escalation should be the last resort: don’t bring it up unless absolutely required.) Phrases to use: One of my teams. But … therefore. (Conflict and context.) Don’t use and then. Drove alignment. Calculated risk. Build relationships with people. Build trust. I > we. I learnt XYZ from this engagement/project. I collaborated vs I told junior SDE to do X. Bring in engineering perspective by saying something like, I analyzed how the requirement would fit into our current architecture. Project retrospective: ...

Reverse interviewing

Questions to ask if I am talking to a medium sized company: How do you handle difficult decisions? Can you talk about a situation where you changed your company/product direction because of such discussions? What’s the long term vision? Or are you thinking of one?

Automatic disk decryption on Fedora Workstation

Note: See this for how I played with disk encryption for an external drive on my Raspberry Pi. I recently setup a Fedora machine and (obviously) enabled disk encryption on that. However, that meant that I had to enter a long passphrase every time I rebooted my computer and, in my setup, this was different from my user account. So, I wanted to enable automatic decryption if a USB drive was present during reboot. Plus, the system should fall back to passphrase if the drive weren’t present. ...