February 10, 2026

Freshrss With Tailscale Auth

FreshRSS has been my RSS feed aggregator of choice for a couple of years now. I still frequently long for the optimistic heady days when we all loved Google Reader. I used Feedbin for many years and highly recommend it if self-hosting your feed aggregator isn’t for you. Lovely service for sure.

Background

Ever since I set up FreshRSS I’ve been grumbling about how I want SSO. I use Authentik for most of my SSO needs, but these days even that feels overkill. You can use Authentik with FreshRSS but only if you use the FreshRSS Docker container (which has Apache inside of it to do the authentication). This feels extra-heavy for me when FreshRSS is “just” a PHP app.

January 30, 2025

What Is Nix on MacOS

Nix is a tool that creates immutable derivations of configurations written in a functional language. This means we don’t depend on our system’s environment at run or build time to create a package, instead we declare all of the dependencies and build in an isolated environment to avoid pollution (a pure environment in nix terms). Because we have declared all of our dependencies, it also means that we can re-build the same exact package again and again (and again!) without worrying about whether we remembered to install libssl-dev before starting to compile or if the new version of a library will break our software because the maintainer make a breaking change in a patch dependency. Plus we can try software out and quickly discard it without worrying about all the extra packages it required.

December 30, 2024

MPD With PulseAudio

Background

I used PlexAmp for a few years. Plex’s constant upselling me on services when I already have a lifetime membership really soured me on their service. I don’t have a hole poked in my network for external Plex streaming, but having the option always made me nervous for those that do. Excellent UI but privacy/ownership compromises and constant barrage of “buy this video” or “stream our “free” tv station” really rubbed me wrong. Why am I hosting my own media to still be barraged with ads/requests to buy things?

December 17, 2024

Hugo MinIO Transition Fun

Background

It’s not a dev blog if you don’t change everything about it every time you remember to publish a blog, and this post is no different. My blog has long been on Jekyll, but I also lose it (literally sometimes I can’t find the source) and forget about it.

Recently I’ve set up a MinIO cluster on my personal infrastructure for hosting some internal state and content (Forgejo assets, Matrix Synapse images, Outline assets, etc) and I’ve been looking for other ways to utilize this service I’m hosting. For the past couple of years my blog has been hosted in Azure in an Azure Blob fronted by Azure Front Door (for https). This is ok, but it’s a real pain to remember how to set it up and the terraform never fully encompassed all the options as some of them weren’t exposed to the API (at least when I first terraformed it).

June 25, 2023

Blending in Packages from Nix's Unstable Repo

Background

I recently updated the todoist-electron package in the NixOS repository, and wanted to be able to use it, but my laptop is set on the 23.05 channel. I knew I should be able to blend stable and unstable channels but I had to research and test out how to do this on my setup.

Process

First you’ll need to add the unstable channel to your system with the nix-channel command:

June 23, 2023

Pairing Apple AirPods in NixOS

Background

I had a problem that when trying to pair my AirPods to my X13 Yoga running NixOS 23.05, it would show up in Gnome’s bluetooth settings panel when I put them in discovery mode, but when I clicked the AirPods in the UI, the stack would crash and restart. I noticed tim-hilt/nixos had a note about setting the ControllerMode to bredr and this didn’t work for me at first but I think maybe restarting the bluetooth stack resolved my issue. askubuntu also suggested bredr.

September 10, 2019

Rundeck Email using AWS SES

Overview

At Pindrop we use Rundeck to manage a lot of our operational toil. Rundeck has the option to send email when jobs are complete. We have Amazon’s Simple Email Service configured to send email as a trusted authority from Pindrop email accounts. Getting this configured in Rundeck was non-obvious, so I wanted to write a small article about what it takes to get this working.

Requirements

First you must configure AWS SES properly. That’s outside of the scope of this post, but generally you’ll need to set up some DNS records that prove you own the domain, and request a service limit increase from AWS Support to be able to actually send out email.

September 10, 2019

Rundeck with the Okta LDAP Interface

Overview

At Pindrop I’ve brought in the awesome tool Rundeck to manage a lot of the day-to-day operational toil I’ve experienced managing servers in things like the large ElasticSearch logging cluster, logstash nodes, ECS nodes and more. Rolling out Rundeck into our PCI Environments lead us to consider security requirements around authentication, which needed to be more than a flat file with user hashes.

Requirements

We discussed the security requirements for a Rundeck server in a PCI Zone, and it had the following needs:

August 9, 2018

Lambda and Using OAuth Refresh Tokens

Problem

Recently I have been working on a project for Online Great Books stitching together Slack Events and Infusionsoft. The Infusionsoft API uses OAuth and the token expires after 24 hours, and then you follow the “standard” flow to refresh it. The API token has a refresh token in it, you use this to generate a new API token, which is again valid for 24h (and includes a new refresh token).

Solution Description

As “serverless” is the new thing, I thought I’d do this entire project with lambdas, but storage and refreshing of the OAuth presented a problem I didn’t know how to solve. I’m not exactly sure where I got the idea, but someone suggested storing the token in Parameter Store and then using a CloudWatch Trigger to schedule a lambda which refreshes the lambda and updates ParamStore.

August 8, 2018

Moving away from Twitter

After a lot of thought over the past couple of months, I’d like to try to move away from twitter. It seems unlikely that it’ll happen, but I won’t know until I try. Going to be using a mixture of https://micro.blog (I’m available as @tebriel) and Jekyll on Github.