Why curl can't reach example.com anymore
Debugging TLS failures in a NixOS microvm that turned out to be a system-wide Cloudflare certificate chain issue.
tlsnixoscurlcloudflarecertificates
Blog
Yak shaving, documented.
Topics
nixos (8) homelab (6) networking (4) wireguard (3) prometheus (3) cloudflare (2) opnsense (2) tls (1) curl (1) certificates (1) qbittorrent (1) bgp (1) loki (1) monitoring (1) tailscale (1) peering (1) rant (1) go (1) esphome (1) homeassistant (1) automation (1) sfp (1) fiber (1) telekom (1) network (1) zyxel (1) firefox (1) extensions (1) recommendations (1) freebsd (1) zfs (1) disk-cloning (1) virtualization (1) grub2 (1) resilience (1) failover (1) rauc (1) linux (1) caddy (1) oauth (1) security (1)
Latest Posts
Tuning qBittorrent and WireGuard Throughput on NixOS
Squeezing more throughput out of qBittorrent in a WireGuard VPN namespace with BBR congestion control, TCP buffer tuning, and systemd tweaks.
nixosqbittorrenthomelabwireguard
Running iBGP Over WireGuard for DN42 and Beyond
Using iBGP over a WireGuard tunnel to automatically propagate DN42 routes from a VPS to the home network, replacing fragile static routes.
networkingbgpwireguardhomelabnixos
Monitoring the *arr Stack on NixOS
Setting up Prometheus and Loki monitoring for Radarr, Sonarr, and Prowlarr with Exportarr metrics and log-based alerting on NixOS.
homelabnixosprometheuslokimonitoring
Bypassing Telekom's Cloudflare Congestion with Tailscale
Routing Cloudflare traffic through a VPS via Tailscale subnet routing to work around Telekom's peering bottleneck. Connection times dropped from 11s to under 400ms.
networkingtailscalenixoscloudflare
Netzbremse: How Telekom Throttles the Internet
Deutsche Telekom's refusal to peer properly with Cloudflare degrades a fifth of the internet for German fiber customers. A rant about monopoly rent-seeking.
networkingpeeringrant
Building a Live Stats Page for My Homelab
Connecting a Cloudflare Workers blog to a homelab Prometheus instance to display live uptime, storage, network, and DNS stats.
homelabprometheusgonixos
Traffic Shaping with CAKE on NixOS
Setting up CAKE SQM on a 1 Gbit fiber connection to eliminate bufferbloat and keep latency low under heavy load.
nixosnetworkinghomelab
Automatic WireGuard Failover with NixOS and Prometheus
Building automatic failover for multiple WireGuard VPN endpoints using systemd services and Prometheus-based health monitoring.
nixoswireguardprometheushomelab
Auto-updating ESPHome Devices with Home Assistant
Automating ESPHome firmware updates across multiple devices using Home Assistant automations.
esphomehomeassistantautomation