elendal's blog

Writing about systems, tools, and the occasional rabbit hole.

Articles

• Private DNS and a TLS gateway for .homelab domains — Unbound recursive resolver with a .homelab zone, Caddy's internal CA for TLS, a virtual IP to dodge Tailscale's port 443, and auto-registration via Quadlet lifecycle hooks.
• Killing a 1892-line god function in GSD-2 — four-PR sequence dismantling the autoLoop god function: code smells, mechanical cleanup, behavioral tests, pipeline extraction, and module split.
• Automated PR reviews with Claude Code in a self-hosted Forgejo — runners as rootless Podman pods with Tailscale sidecar, composite action injecting OAuth credentials, and five things that don't work.
• Migrating services from Caddy subpaths to Tailscale sidecars — five non-obvious problems migrating openvscode-server, Gatus, and copyparty from Caddy reverse proxy subpaths to Tailscale sidecar pods.
• Passkey SSO for tailnet services: Pocket ID, caddy-security, Podman quadlet — six non-obvious problems wiring Pocket ID as an OIDC provider with caddy-security for passkey-gated access to internal services.
• Running Windows apps and Linux tools on Android — Winlator runs Windows x86_64 software via Wine + Box64 JIT translation; Termux gives you a native Linux environment with 25k packages, no root required.
• AdGuard Home as its own Tailscale node, rootless Podman — six non-obvious problems getting AdGuard Home and Tailscale running as a Podman pod under systemd quadlet.
• opusplan: Opus for thinking, Sonnet for typing — Claude Code model alias that uses Opus in plan mode and Sonnet in execution mode.
• Caddy named matchers are block-scoped — moving @tailnet to the site block eliminates eight duplicate matcher declarations.
• Dictating to Claude Code on a phone — mobile wrapper page with arrow-key toolbar and Web Speech API voice dictation for a ttyd terminal.
• Claude Code in a browser terminal, tailnet-only, no port — ttyd + tmux + Caddy header gating for tailnet-only access at port 443 alongside a public blog.
• Portainer at a subpath behind Caddy — three non-obvious problems getting portainer behind a reverse proxy at a subpath.
• Socket-activated Guacamole with Tailscale identity — zero-cost idle browser SSH/RDP/VNC behind Tailscale.
• 500 ideas — 500 autogenerated ideas.
• Tools to try — Various ideas for tools to try.
• The Blog System — how this site works