I’ve a private mailserver with a web interface behind a proxy at home. It’s that proxy that obtains certs from LetsEncrypt every few months.

I’m using the same certs for the mail gateways (smtpd, ical and so on) behind the scenes and it’s annoying to keep the certs in sync so my Evolution (mail client) would greet me once every few months with an obsolete cert warning.

No more! Why repeat these steps manually again and again if I can just utilize the power of systemctl --host and scp?

#!/bin/bash
scp /etc/letsencrypt/live/mail.example.com/* 192.0.2.152:/etc/letsencrypt/live/mail.example.com/
for i in {postfix,mail-gateway,mail-ical}; do systemctl --host 192.0.2.152 restart ${i}; done

This may run as a hook script for the certbot or simply via cron once a week 🤷

(Yes yes, we can argue all day why this box can log in to another via ssh as root with just a key to this single virtual machine on my internal network. This is a homelab set-up and gaining access to the proxy would be a disaster already since this one terminates HTTPS already *and* has the cert keys.)

Radtour by DanielDaniel (danielehniss.de)
Mein Muli-Lastenrad vor einem Brunnen bei Tübingen Heute konnte ich mir einen kleinen Traum erfüllen. Seit einiger Zeit spielte ich mit dem Gedanken einen Besuch bei meinen Eltern mit einer Radtour zu verbinden. Da für heute keine dringenden Aufgaben für mich anstanden konnte ich mir den Tag fü...

I somehow never finished this little gem and since I feel somewhat nostalgic today decided to give it another spin. Interestingly this game was ported to various systems including Mac and Linux in 2013 premiering as part of the Humble Double Fine Bundle. This is probably also where I picked it up.

Anyway, uploading this will take some time but you can watch the partially muted recording elsewhere. Won’t upload it here thanks to ridiculous copyright claims.