📰 Dev.to · david
22 articles · Updated every 3 hours · View all reads
All
Articles 95,800Blog Posts 112,571Tech Tutorials 24,145Research Papers 20,260News 15,364
⚡ AI Lessons
Dev.to · david
2d ago
Hardening Unattended Raspberry Pi Edge Nodes: Watchdog, fail2ban, nftables, and the Mistakes That Take Down DNS
Two Raspberry Pis run DNS for an entire network with no one watching them most of the time. A hardware watchdog, fail2ban, an additive nftables host firewall th
Dev.to · david
3d ago
My Firewall Had 77 Rules. Terraform Knew About 22 of Them.
Multiple rounds of 'reconstruct the firewall' work each added a fresh generation of rules without removing the old one. Because RouterOS evaluates rules in orde
Dev.to · david
3d ago
Kyverno: Supply Chain Security as Admission Control on Kubernetes
Most Kubernetes clusters accept any container image, any privilege level, and any resource configuration by default. Kyverno lets you enforce policies at admiss
Dev.to · david
3d ago
I Ran Gitleaks Against My Own Repo and Found 12 Real Secrets
A full-history gitleaks scan of a homelab repo that had been running for months turned up 12 distinct plaintext secrets — including an OIDC signing key. Here's
Dev.to · david
3d ago
ArgoCD Gotchas: Cache Staleness and the SharedResourceWarning Nobody Explains
kubectl apply succeeds, the field reverts within seconds, and there's no error anywhere. Two ArgoCD debugging patterns that hit the same homelab three times in
Dev.to · david
1w ago
Full Observability on k3s: kube-prometheus-stack + Loki + Grafana OIDC
Deploy a production-grade monitoring stack on bare-metal k3s: Prometheus, Loki with Garage S3 storage, Promtail on edge nodes via Ansible, SNMP monitoring for M
Dev.to · david
1w ago
k3s Backup Without the Complexity: Velero + Garage S3 on Longhorn
Replace MinIO with Garage — a single 50MB binary — as the Velero backup target. Full daily cluster backups with Longhorn volume snapshots, deployed via ArgoCD.
Dev.to · david
1w ago
Enterprise Homelab: K3s, Authelia & Longhorn on Proxmox with Terraform
How to build a production-grade Kubernetes homelab with K3s, Authelia SSO, Longhorn storage, and ArgoCD — and the five painful mistakes that will cost you hours
Dev.to · david
1w ago
Self-Hosted Tailscale Control Plane: Headscale on k3s with Authelia OIDC
Deploy Headscale on a bare-metal k3s cluster with Longhorn persistence, Traefik ingress, and Authelia OIDC authentication — fully GitOps-managed via ArgoCD.
Dev.to · david
1w ago
Bare-Metal LoadBalancer on K3s: MetalLB + Traefik with ArgoCD
How to get a real external IP on a bare-metal Kubernetes cluster using MetalLB L2 mode, and wire it up with Traefik for automatic HTTPS — fully GitOps-managed w
Dev.to · david
1w ago
GitOps on K3s: Managing a Complete Homelab with ArgoCD
How to manage an entire Kubernetes homelab — MetalLB, Traefik, Longhorn, Authelia, and more — as a Git repository using ArgoCD's App-of-Apps pattern.
Dev.to · david
1w ago
Implementing a Zero-Trust MikroTik Firewall with Terraform
Learn how to enforce strict VLAN isolation, fast-track traffic, and build a default-deny firewall for MikroTik RouterOS using Infrastructure as Code.
Dev.to · david
1w ago
Hardening Azure Acmebot for ISO 27001 & NIS2 Compliance
A deep dive into architecting a Zero-Trust Let's Encrypt automation using Terraform, Azure Private Link, and VNet Integration.
Dev.to · david
1w ago
NIS2 Article 21 in Azure: Implementing Network Security Controls with Terraform
A technical deep-dive into the network security requirements of NIS2 Article 21 and how to implement them in Azure using Terraform — with concrete code, not leg
Dev.to · david
1w ago
Wildcard TLS Certificates on K3s with cert-manager and Cloudflare DNS
How to automate wildcard Let's Encrypt certificates on a bare-metal K3s cluster using cert-manager's DNS-01 challenge with Cloudflare — and why HTTP-01 won't wo
Dev.to · david
1w ago
Surviving Azure Policies: Zero-Trust Hub & Spoke with Terraform
How to build an enterprise-grade Azure network architecture that blocks internet traffic by default and survives aggressive DeployIfNotExists (DINE) policies —
Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
1mo ago
NIS2 Article 21 in Azure: Implementing Network Security Controls with Terraform
NIS2 Article 21 in Azure: Implementing Network Security Controls with Terraform Tags: terraform,...
Dev.to · david
🔍 RAG & Vector Search
⚡ AI Lesson
1mo ago
Zero-Trust RAG: Defeating the Shared Private Link Deadlock in Azure Terraform
Your Terraform pipeline is green. The deployment completes without errors. You grab a coffee. Ten...
Dev.to · david
1mo ago
Surviving Azure Policies: Zero-Trust Hub & Spoke with Terraform
Your Terraform pipeline is green. The deployment completes. You grab a coffee. Ten minutes later,...
Dev.to · david
1mo ago
Hardening Azure Acmebot for ISO 27001 & NIS2 Compliance with Terraform
Automating SSL/TLS certificates with Let's Encrypt and Azure Key Vault is a solved problem. Tools...
Dev.to · david
1mo ago
Breaking the Loop: Solving Circular Dependencies in Azure Firewall Routing with Terraform
You add a Route Table to force all internet-bound traffic (0.0.0.0/0) from your Spoke VNets into an...
Dev.to · david
3mo ago
How I Added AI Image Search to a Marketplace Bot (And Why It Changed Everything)
A real build story: how I implemented visual product search in a Telegram marketplace bot using SigLIP, Qdrant, and ONNX quantization — and why it changed user
DeepCamp AI