The Oracle S03E04 -- Imbuement

https://puppet.zone/w/ekbEzk5X7gDNS7uwUNiWUw

Oh hey! I almost missed that it's #Puppet alumni Last Wednesday! If you're in #PDX, stop by the Bye & Bye this evening. I'll probably show up about 6pm, but some people will be there sooner!

No #puppet build #stream tomorrow as I'm on semi-vacation but there *will* be a new Oracle episode by Friday (or sooner)!

Have you been looking at #OpenVox and wondered what you could do to help out? What if I told you about an opportunity to help us, and also hundreds of other #OSS projects that you probably rely on? The #OSUOSL is our primary package host and helped us get off the ground right from the start. They are in critical need of funding and without your help, they may cease to exist. See this blog post for more information and go talk to your boss today! #OSS #Puppet @puppet https://osuosl.org/blog/osl-future/

Jouer Le Rôle

Having rebuilt and recommissioned my #HomeLab CA recently (which runs Smallstep's `step-ca`, as both a regular CA, and a CA for generating SSH certs for all my servers and clients). I decided to write a quick blog post on how I'd automated SSH cert issuance with #Puppet - something I glossed over in the post I wrote the first time I set this up - and what steps were needed on the various appliances I can't control with Puppet.

I dedicated a few hours on Sunday to writing it up, and at the end of that it was all ready to go slightly quicker than I expected...

...Then I decided as one last add-in for the post to try and make it work with my QNAP for completion. A machine I SSH to maaaaaaybe one a year.

Two days of swearing later, I have gotten it working (maybe. I'm still very unsure if it'll persist through a firmware update). This stupid plan to throw in one more minor service has cost me more time than the rest of the blog post combined, which feels very stupid, but I guess that's the way it goes sometimes.

Blog post will be up later this week, once I've proof read it with a clear head, and then I'm not touching certificates again for a while*.

*Or that was the plan, but I've just ordered a Raspberry Pi Pico 2, to play around with #PicoHSM, which might well end up as the key storage for another Intermediate CA somewhere in the lab.

A very pleasant #puppet parade tonight at #UVa in honor of the great #StanWinston . I say more puppets. https://www.arch.virginia.edu/events/stan-winston-steve-warner-festival-moving-creature-0

Second episode of my #puppet building tips, tricks & tutorials series is up! This time: designing and building simple ears. #peertube

https://puppet.zone/w/giPCZrCyex7zkWJr7XHrT4

Empty shelves in #Trump tainted #America is very reminiscent of #Soviet #Russia. 
#Putin is pleased with his #puppet in the White House! https://www.telegraph.co.uk/business/2025/04/25/trump-has-two-weeks-to-save-america-from-empty-shelves/
#Resist #TrumpRussiaCollusion to #SaveAmerica. #USpol

Didn’t have time to #stream last weekend but that changes soon. First the #puppet build stream tomorrow and then I’m off for a week and hope to do #gaming related streams most days! #peertube #owncast

Renowned Canadian puppeteer Noreen Young dies age 85
Tributes are pouring in for Young, the Ottawa-born puppeteer who created the CBC children's show Under the Umbrella Tree and who served as the first artistic director of the Puppets Up! festival in Almonte.
#arts #death #puppet #Ottawa #Almonte #News
https://www.cbc.ca/news/canada/ottawa/renowned-canadian-puppeteer-noreen-young-dies-age-85-1.7513889?cmp=rss

Had one of those days of problem chains today. I've rebuilt #homelab internal CA over the past two weeks, and today I wanted to do the simple task of making my #truenas scale server get it's web certificate from it over acme.

Well problem one, truenas doesn't do acme via anything other than dns challenges, which I haven't setup internal dns for yet. So (given my Truenas was still running 24.04) I decided to upgrade it to 24.10 to see if that added any functionality. The upgrade was smooth, but it once again broke my #clevis automatic unlock of my storage pool.

So then I decided to fix my unlock script to cleanly handle updates (and fixed it so that pool passwords could contain " while I was at it, because why not)

Then having fixed that, I decided I should update my blog post (https://i.am.eddmil.es/posts/clevis-tang-truenas-scale/) about it from last year with the new more robust script.

I then realised when I'd updated all my firewall rules last month, I'd broken ssh access from my #forgejo runner to my webserver used for auto deploy website updates, so I had to fix the #puppet that controls the firewall rules.

Finally that was all working, so I updated my truenas to 25.04, in the vain hope that would have better acme support (it doesn't, but at least it validated my clevis script updates, and was the only thing today that just worked as intended)!

Finally I hacked something hideous together using https://github.com/danb35/deploy-freenas/ and acme.sh to get a certificate from my acme server and deploy it (which I could have done at the start and skipped the whole day fixing other problems)

Taking 6 hours to deploy an SSL cert wasn't quite what I had planned for my Easter Sunday, but at least I achieved it in the end. Onwards to see what chaos I can cause tomorrow...

On tomorrow’s build #stream we’ll be doing ears for this charming goblin #puppet. Thursdays 10am ET, all links on https://www.operationpuppet.com/

Happy 20th @puppet , 20 years ago today was Puppets first guthub comit. #puppet

LUCKYBOY (2021) [10 min] by Domenic Romano | #USA

https://www.youtube.com/watch?v=aTG7sIThOlA

The Non-Alien Feces Game! More stuff at sifillis.com!

It’s a short week so only 1 #puppet build but it’s gonna be a nifty goblin with a curved mouth plate. #puppetbuilding

Finished my entry in time for #PizzaJam!
There are three hours left so let's see what final polish I can still manage.
Play A Touch of Gold on Itch.io:
https://ranarh.itch.io/a-touch-of-gold