2025-07-12 //
2 min read
//
#ansible
#devops
#tailscale
There’s an oft-quoted phrase in the cloud/DevOps space.
Treat infrastructure as cattle, not pets.
To me, the advice is broad and emblematic for a lot of modern practices. Prefer disposable containers over long-lived hosts. Build infrastructure that scales horizontally to accomodate demand. Design architectures where components can be swapped out on the fly.
I thought I’d recap some recent changes to how I provision and manage this blog - addressing a few places where hostnames were hardcoded for convenience.
Read more →
2025-05-18 //
2 min read
Following on from setting up my blogroll last week, I’ve realised it doesn’t render as a pretty webpage in most web browsers. Serves me right for only testing in Firefox!
Read more →
2025-05-10 //
3 min read
For a while, I’ve provided a list of suggested blog/feeds on my website in a blogroll.
This blogroll takes the form of an OPML file that RSS readers can import. It’s pretty neat, but making it browser-friendly has always been on my wishlist.
So it was pretty cool to stumble across XSLT - a means for transforming XML documents.
Read more →
2023-09-19 //
4 min read
//
#buildkite
#hashicorp-vault
Earlier this year, Buildkite announced support for OpenID Connect tokens. Briefly, a Buildkite agent can request a signed JWT (JSON Web Token) from Buildkite representing details (claims) about its current job. This JWT can then be used to authenticate with systems that accept it.
For Hashicorp Vault, services typically authenticate using the AppRole method with a senstive set of credentials. It’s fine to use this flow on a Buildkite agent to access Vault secrets, but the credentials for this are long-lived.
The new OIDC flow removes to need to manage these long-lived credentials, and also makes it possible to craft fine-grained policies for a Buildkite agent without requiring multiple sets of login credentials!
Read more →
2023-07-17 //
4 min read
//
#buildkite
For a while now, I’ve built and published my own Terraform provider for retrieving secrets from a pass store. One of the requirements to publish a Terraform provider is that every release must be signed with a GPG key.
I have a Buildkite pipeline to build and publish these releases to GitHub. A step in this pipeline has access to a private key for signing, but it’s a different key from the one I use on my own machine. I consider the latter too sensitive to expose freely to my Buildkite agents.
With that said, managing a second key just to publish my Terraform provider is quite irksome when it has no other use for me. However, it’s unfortunately necessary if I don’t want to expose my regular key to my CI environment.
But if the worry is around exposing a secret to Buildkite agents running outside my machine, why not introduce an agent that runs specifically on my machine?
Read more →
2023-07-16 //
7 min read
Since late September, I’ve been working to establish an exercise routine as I improve my fitness. One of my decisions in that journey has been to buy a smart watch, and having just ticked over six months since purchase I thought it would be an opportune time to reflect on some of my highlights.
Read more →
Discovering a tradeoff Tailscale makes for convenience
2022-09-25 //
4 min read
//
#tailscale
I’ve been trying out Tailscale recently to simplify networking between my devices. With the beta launch of Tailscale SSH offering the ability to connect to my DigitalOcean droplet without SSH keypairs, I was eager to incorporate it into my setup.
Said setup is a matter for another time, but with Tailscale SSH enabled for my droplet I was able to remote in with a plain ssh nicholas@gandra-dee!
However, there was a visible half-second delay when entering commands. While not a dealbreaker, it made each session a frustrating experience!
Read more →
2022-03-14 //
2 min read
//
#gaming
As I’ve just found learned, today is the anniversary of Journey’s release ten years ago. It’s a video game from thatgamecompany where you guide a mysterious wanderer in robes on a pilgrimage to climb a distant mountain.
Journey is one of the games that’s stuck with me a lot since I’ve played it.
Read more →
2021-10-01 //
3 min read
//
#music
Somehow, we’re now into the final quarter of the year. Here’s a few things that interest me, and may interest you!
Read more →
2021-09-23 //
2 min read
I received an email from Cloudflare today about an account that had been created with my email address. Going by the details and the headers, it certainly seemed to have originated from Cloudflare. It looked like someone else had signed up with my details.
Read more →
•
Older posts