Homelab

18 min read

Automating TLS Certificates in a Homelab: Smallstep PKI, Caddy, and Drone CI/CD — A Static Website Case Study

Abstract Running services in a homelab behind an internal reverse proxy creates a certificate management problem that is easy to underestimate. This article walks through a real deployment: a Hugo static website built and deployed by Drone CI/CD, with UAT served by an nginx container behind Caddy, and production hosted on Firebase. The core challenge is not just issuing certificates — it is ensuring that Docker containers running as part of the CI/CD pipeline actually trust the internal CA. We examine how Smallstep step-ca acts as the homelab root of trust, how Caddy automates certificate provisioning via ACME, and how an Ansible role bootstraps CA trust on the Docker host so that the Drone Server container can communicate with Gitea over HTTPS. The infrastructure provisioning side (via OpenTofu and Ansible) is also described, with an honest account of what IaC actually created versus what was pre-existing.

homelab pki smallstep caddy drone ci-cd tls certificates infrastructure-as-code opentofu ansible hugo static-sites
4 min read

EBKAC.ORG Goes Live (Almost): A Firebase Custom Domain Story

The domain arrived this morning. ebkac.org. After days of running this site on a Firebase default URL that nobody would ever bookmark intentionally, there it was in the Netcup dashboard: registered, paid, mine. EBKAC, for the uninitiated, stands for Error Between Keyboard And Chair. It is an old IT industry shorthand for the most common category of technical fault: the human operator. Usually deployed to describe someone else’s mistake. I chose it as the name for this blog because I am a firm believer that the most instructive errors are your own. A name like that has a certain obligation attached to it.

firebase dns homelab ai