Homelab

cartoon cover for: Same Hostname, Two Traffic Paths: Local HTTPS Without a VPN

🔐 Same Hostname, Two Traffic Paths: Local HTTPS Without a VPN

No open ports. Real TLS at home. One IngressRoute per app. This is the networking setup I landed on after ruling out everything that required a compromise.

cartoon cover for: My Homelab Runs on GitOps. Here's What That Actually Means.

🏗️ My Homelab Runs on GitOps. Here's What That Actually Means.

I wanted to learn production-grade Kubernetes patterns without breaking production. One node, a full GitOps stack, and a hard rule: no manual kubectl after bootstrap.

cartoon cover for: Building a QR Code Login for a Homelab (And Accidentally Reverse-Engineering oauth2-proxy's Internals)

📱 Building a QR Code Login for a Homelab (And Learning oauth2-proxy's Session Format the Hard Way)

My homelab uses oauth2-proxy for GitLab SSO. I wanted a QR code login for the TV dashboard. Two days and four complete rewrites later, I knew more about oauth2-proxy’s session format than I ever planned to.