If you’d like to have a simple solution for managing all the secrets you’re using in your Ansible Playbooks, keep reading on. Bitwarden’s Secrets Manager provides an Ansible collection, which makes it very easy to use this particular Secrets Manager in Ansible Playbooks. I’ll show you how to set up a free Secrets Manager account in Bitwarden. Then I’ll walk you through the setup in an example Ansible Playbook.

YouTube Video version

I’ve also recorded a video version of this article. If you prefer a video, you can find it here.

Secrets Manager for Homelab

For a few years, I’ve been managing the configuration of a bunch of self-hosted services using Ansible Playbooks. Each playbook needed at least one secret — the sudo password. Many of them needed to manage more (e.g. SMTP credentials for email notifications). Because I’ve always been paranoid about security, I stored most of those secrets in Ansible Vault, the password for which is stored in only one location — my memory. Therefore, each time I ran any of those playbooks, I’d have to enter two passwords interactively: the sudo password and the Ansible Vault password.

syncoid to TrueNAS

In my homelab, I have 2 NAS systems:

• Linux (Debian)
• TrueNAS Core (based on FreeBSD)

On my Linux box, I use Jim Salter’s sanoid to periodically take snapshots of my ZFS pool. I also want to have a proper backup of the whole pool, so I use syncoid to transfer those snapshots to another machine. Sanoid itself is responsible only for taking new snapshots and pruning old ones you no longer care about. For example, you might set up a policy in sanoid to take a day’s worth of hourly snapshots and a year’s worth of monthly snapshots. That means, that sanoid will take a snapshot every hour, but – if executed with --prune-snapshots will delete all the hourlies (hourly snapshots in sanoid’s lingo) that are older than a day, monthlies that are older than a year and so on.

As a Debian Developer I have a discount on using Gandi and I’ve been using it for quite a long time and have been very happy with it. I’ve been using it for registering domains. For example this blog’s domain is managed by my Gandi account.

Using publicly registered domain in private-only setup

In addition to using this DNS registrar for public stuff, like a blog, one can also use it for a domain accessible only within a private network. For example companies, large and small, use this technique – they have a set of subdomains of the domain they normally use, but those are accessible only when an employee is in the office (connected directly to the company’s network) or connected through a corporate VPN.

Installing Debian/GNU Linux under bhyve on TrueNAS Core

I got myself a TrueNAS Mini X+ couple of months ago. I have it running TrueNAS Core based on FreeBSD. In that system you can run VMs under FreeBSD’s native hypervisor, bhyve. Since there are a couple of quirks around running Debian specifically, I decided to write up a quick article about setting up Debian-based VM there.

The quirks

The ones I’ve stumbled upon were: