Blog

This documents how I configured Nextcloud to use Single Sign-on leveraging Keycloak as the identity provider. There is official documentation for a Nextcloud-Keycloak integration, but it is behind Nextcloud's paywall.... I found several other guides, some directly conflicting with each other, but piecing them together has produced a working solution.

On to getting things working:

Nextcloud configuration

Global Settings

First, ensure that you do not lock yourself out of your Nextcloud instance while configuring SSO! Set the "Global Settings" to allow multiple back-ends.

Service Provider Data

Provide a certificate for request signing. This is not publicly seen; it is only …

After adding some new SSD storage to my home server I had purged a lot of the older VMs that I didn't use frequently in my previous 'Spring Cleaning' effort to make space. One of the VMs that I had purged but now wanted to get back online and running was a Security Onion VM. I won't go into much detail here about SecOnion, there is a lot of good documentation and tutorials already out there on how to set it up. Security Onion requires at least two network interfaces; one for administrative control, and at least one more that …

I recently ran accross the situation where I wanted to push changes to a repo that was stored on my personal Gitlab server. The issue was that I had recently restructured my homelab and the only way to get to the gitlab server via SSH was through a jumpbox. These were the steps I took to be able to use the normal git workflow while still keeping my network design / security choices intact.

On dev machine

First we will create a new SSH key for the hop from dev machine --> jumpbox.

ssh-keygen -t ed25519 -C "gitlab multihop" -f ~/.ssh/multihop …

Start off with a freshly updated system and install the requirements:

apt update
apt upgrade
apt install -y xrdp xfce4 xfce4-terminal gnome-icon-theme-full tango-icon-theme

Make xfce4 our default xsession:

echo xfce4-session >~/.xsession

Make xfce4 the default for by editting the following file: :::bash nano /etc/xrdp/startwm.sh

Replace what is in there with this:

#!/bin/sh

if [ -r /etc/default/locale ]; then
  . /etc/default/locale
  export LANG LANGUAGE
fi

startxfce4

Restart xrdp for changes to be made effective.

service xrdp restart

This is was the workaround that I had to do to get gpg keys to be generated on a kvm debian machine. After doing it several times and having to hunt to figure out how I got it working the first time I decided I should write it down.....

sudo apt-get install rng-tools
sudo rngd -r /dev/urandom