Blog

This documents how I configured Nextcloud to use Single Sign-on leveraging Keycloak as the identity provider. There is official documentation for a Nextcloud-Keycloak integration, but it is behind Nextcloud's paywall.... I found several other guides, some directly conflicting with each other, but piecing them together has produced a working solution.

On to getting things working:

Nextcloud configuration

Global Settings

First, ensure that you do not lock yourself out of your Nextcloud instance while configuring SSO! Set the "Global Settings" to allow multiple back-ends.

Service Provider Data

Provide a certificate for request signing. This is not publicly seen; it is only …

After adding some new SSD storage to my home server I had purged a lot of the older VMs that I didn't use frequently in my previous 'Spring Cleaning' effort to make space. One of the VMs that I had purged but now wanted to get back online and running was a Security Onion VM. I won't go into much detail here about SecOnion, there is a lot of good documentation and tutorials already out there on how to set it up. Security Onion requires at least two network interfaces; one for administrative control, and at least one more that …

I recently ran accross the situation where I wanted to push changes to a repo that was stored on my personal Gitlab server. The issue was that I had recently restructured my homelab and the only way to get to the gitlab server via SSH was through a jumpbox. These were the steps I took to be able to use the normal git workflow while still keeping my network design / security choices intact.

On dev machine

First we will create a new SSH key for the hop from dev machine --> jumpbox.

ssh-keygen -t ed25519 -C "gitlab multihop" -f ~/.ssh/multihop …

Start off with a freshly updated system and install the requirements:

apt update
apt upgrade
apt install -y xrdp xfce4 xfce4-terminal gnome-icon-theme-full tango-icon-theme

Make xfce4 our default xsession:

echo xfce4-session >~/.xsession

Make xfce4 the default for by editting the following file: :::bash nano /etc/xrdp/startwm.sh

Replace what is in there with this:

#!/bin/sh

if [ -r /etc/default/locale ]; then
  . /etc/default/locale
  export LANG LANGUAGE
fi

startxfce4

Restart xrdp for changes to be made effective.

service xrdp restart

To start off this tutorial it is assumed that you have Weewx completely set up on another server with the weather station properly connected and reporting. This tutorial will be using a Master / Slave MYSQL database that is configured like my previous blog entry.

The purpose adding Mesowx into the mix was not to add another layer of complication into the mix, but to be able to dynamically display a dataset and to have the ability to focus in on a specific type of data or date. Mesowx allows for multiple ways to access the data and even a way …