I realized a critical detail about my setup: the standard vfs-cache strategy is a good starting point only if the cache’s performance is superior to the S3 backend. With this theory in mind, it was time to put it to the test.
Category: Incident Response
ZFS Disaster Recovery: Rebuilding and Mirroring a Pool After Top-Level Vdev Error
I recently learned a hard lesson about ZFS Vdev architecture after attempting to convert a single-disk pool into a mirror. By mistake, I added the new disk as a top-level Vdev, rather than attaching it as a mirror. As zpool remove and zpool detach both failed on the top-level Vdev, I was forced to destroy the pool and restore the data from a snapshot.
This process outlines how I recovered data and subsequently created a proper mirror configuration.
Continue reading ZFS Disaster Recovery: Rebuilding and Mirroring a Pool After Top-Level Vdev ErrorNextcloud S3 Workaround: Multi-User Rclone Mounts with Systemd Templates
I experienced trouble with Nextcloud’s built-in S3 connector, as it would corrupt photos during auto-upload from the Android client. Since dedicated S3FS or Goofys were also not ideal, I decided on a reliable alternative: using rclone to manage the mounts. This strategy allows me to decouple the unreliable Nextcloud S3 implementation from the underlying object storage.
Continue reading Nextcloud S3 Workaround: Multi-User Rclone Mounts with Systemd TemplatesStrongSwan VPN: Mastering IKEv2 EAP-TLS and ChromeOS Client Integration
StrongSwan is the complete IPsec solution used to secure communication between servers and clients via mutual certificate-based authentication and encryption. This guide documents the necessary implementation steps for the highly secure IKEv2 EAP-TLS protocol, focusing on critical workarounds for seamless ChromeOS integration.
Continue reading StrongSwan VPN: Mastering IKEv2 EAP-TLS and ChromeOS Client IntegrationSuricata Performance: Resolving eBPF Bypass Failure via Manual Kernel Filter Compilation
Enabling eBPF (Extended Berkeley Packet Filter) bypass is the ultimate step in Suricata performance tuning. It allows the kernel to filter known-safe traffic (e.g., TLS data) before the packets reach the resource-intensive Userspace engine. However, this functionality often fails to work out-of-the-box.
Continue reading Suricata Performance: Resolving eBPF Bypass Failure via Manual Kernel Filter CompilationSuricata IPS: Fixing Legitimate Traffic Drops by Disabling drop-invalid
I encountered a peculiar issue where my WordPress instance was unable to reach wordpress.org, and DokuWiki could not access its plugin repository. All standard network checks (wget, curl, DNS) worked fine, and no drops were registered by the standard firewall rules.
However, logging revealed a problem deep within the Intrusion Prevention System (IPS) layer.
Continue reading Suricata IPS: Fixing Legitimate Traffic Drops by Disabling drop-invalidSuricata AF-Packet: Resolving VirtIO Non-Functionality via Checksum Offload Disablement
This article documents a two-part process: successfully upgrading Suricata to version 7 on Debian Bookworm and solving a critical stability issue required to run the AF-Packet IPS mode with high-performance VirtIO NICs in a virtual machine. Without this specific configuration, the IPS failed to function.
Continue reading Suricata AF-Packet: Resolving VirtIO Non-Functionality via Checksum Offload DisablementAutomated Defense: Building a Central Log Hub for Fail2ban and External Firewall Integration
A very light-weight and efficient approach for consolidating logs centrally is by using rsyslog. My virtual machines all use rsyslog to forward their logs to a dedicated internal virtual machine, which acts as the central log hub. A fail2ban instance on this hub checks all incoming logs and sends a block command to an external firewall—a process helpful for automated security.
Continue reading Automated Defense: Building a Central Log Hub for Fail2ban and External Firewall IntegrationNextcloud Client on Chromebook (ARM/aarch64): Solving Two-Way Sync
Short explanation on how to get the Nextcloud Linux desktop client working reliably on a Chromebook. This solution is necessary because the official Android desktop client does not offer true two-way synchronization, which is a critical feature for managing files across systems.
Continue reading Nextcloud Client on Chromebook (ARM/aarch64): Solving Two-Way SyncNextcloud and MinIO Integration: Why Direct S3 Fails and the Filesystem Abstraction Workaround
MinIO is a fantastic Object Storage solution, and I intended to use my distributed MinIO system as the primary external storage for Nextcloud. This distributed setup, which uses Sidekick as a load balancer for seamless node access, proved functional but revealed a critical stability flaw, particularly with mobile uploads.
Continue reading Nextcloud and MinIO Integration: Why Direct S3 Fails and the Filesystem Abstraction Workaround