heezy.blog

Getting Cloudflare on IaC

Thu, 14 May 2026 00:00:00 +0000

Everything in the lab is managed as code. FortiGate firewall rules, Proxmox VMs, Kubernetes manifests. Cloudflare was the last holdout. DNS records, tunnel config, and zone settings all lived in the dashboard, clicked into existence and never tracked anywhere. Time to fix that.

Docker 28, NVIDIA GPUs, and the cgroupns Trap

Sun, 19 Apr 2026 00:00:00 +0000

Plex was pegging the CPU on every transcode. The GTX 1070 sitting in the box was doing nothing. The GPU was passed through to the container correctly, the NVIDIA driver capabilities were set, the device requests were in the compose file. Everything looked right. It wasn’t.

Swapping a Drive in a 10-Year-Old FreeNAS Box

Sun, 19 Apr 2026 00:00:00 +0000

My Freenas box is one of those things that I don’t touch unless I need to add capacity or if I pop a drive. Over the years, this box was built from old Nutanix drives, and old web filter chassis, and even a set of four hand me down drives that had been spinning in someone else’s array for 8+ years before I used them. After popping a drive every 3 months for a year or two, I was running out of spares, and patience. So I started replacing them over the past six years, to expand capacity and finally make this thing a reliable piece of hardware that I could count on to hold my stuff.

Recently I purged about 4TB of media. And although I have about 6TB free of 42TB, I wish it was more. I figured with everything going on in the world with increasing costs for global electronic goods, I decided I would replace the last two ancient drives, before they become unavailable, or even more costly (hint: I was right, the price on the new drives just jumped $80 in a single month).

Today, this array consists of:

2x 4TB hand-me-down Nutanix (Seagate and HGST, free)
2x 4TB WD Red (bought new in January 2020, $100 each, 40GB per dollar)
2x 14TB Seagate Ironwolf ($247 each November 2022, 56GB per dollar)
2x 20TB WD Red ($270 each July 2023, 74GB per dollar)

The only affordably priced drives, with the capacity I needed were 16TB Seagate Ironwolf. I am not a big fan of Seagate, considering my anecdotal experience with them outside of my array, but the price point and availability were a big factor. WD Reds were outside my budget, and so these were the only drives I could find that I could get within a month.

And even more of a pain in the ass, the limit for both Amazon and NewEgg were one per address, but fortunately both had the same model in stock. So I bought them.

$379 each, 42GB per dollar. Looking back at my pricing and purchase history, I purchased larger drives every time, which gives you better value for your dollar, but the fact I just bought 32TB of disks for 42GB per dollar, that is like I was buying them back in 2020 in the smallest sizing possible.

Pi-hole on Kubernetes with MetalLB and a Ruckus SSID

Wed, 15 Apr 2026 00:00:00 +0000

🚧 UNDER CONSTRUCTION 🚧 Switch and Ruckus configuration pending. Screenshots to be added.

Pi-hole was already running on the cluster. It worked fine from inside the cluster and via NodePort on weird high ports. The problem was that no actual client device could use it as a DNS server, because DNS clients expect port 53 and NodePort gives you 30054.

What started as “just give Pi-hole a real IP” turned into a new VLAN, a new DHCP server, firewall policy changes, switch configuration, and a Ruckus SSID. The usual homelab scope creep.

Scope Creep and Its Cousins

Wed, 15 Apr 2026 00:00:00 +0000

🚧 UNDER CONSTRUCTION 🚧

TODO: Write blog post about scope creep, and the various forms it takes, and its related cousins: unclear requirements, bad information, or repeated work.

About This Site