Note-to-Self

Last week, I did write about resetting my unifi cloud key.

The main reason I did gain a renewed interest in the cloud key was because I wanted to add some more fixed IPs to my home network. One of the nice things about the unifi controller software is that it provides a single dashboard interface to manage everything network-related.

On the downside, the interface is overall quite limited. While it does offer DHCP (the fixed IPs) in this fashion, it does not offer built-in DNS (e.g. for naming dedicated hosts on the home network).

After my last password issues post, I still had some places for which I didn’t have an easy approach to reset the login. For my local network, I still use a unifi cloud key gen 1, to keep an overview of the network.

Cloud key

The ubiquiti unifi cloud key is a small client device on the local network, specifically running the ubiquiti unifi controller software. The controller software is there to e.g. provision new (ubiquiti) hardware, to configure the network (switch ports, VLANs, firewalls, …) but also to allow remote management from a web interface or phone app.

Last Saturday, my new phone arrived in the mail. As a techie, I was naturally delighted to get my new treat up and running. Both my old and my new phone are Android phones and I was surprised to see how (shockingly) easy it was to migrate all my stuff. Not all settings were migrated directly though; mostly passwords would need to be set up again.

Since I did use gnu pass + GPG for my password management as described in my previous password management post earlier this year, I figured this would be quite easy to do!

I’ve recently bought myself a raspberry pi 400, a small form factor keyboard with a raspberry pi 4 4GB RAM built into it. In hindsight, there are probably very few scenarios in which such a computer makes actually makes sense to me, but it still looks quite nice. I first took it for a spin using the raspberry pi OS that was on the SD card that came along with the set, but while I can acknowledge that it works quite OK out of the box, it just looks so ugly. Henceforth, I did decide on installing arch for ARM on it. Since I did notice that I need to rethink every time again what are the best tools to install on a fresh install, this is a write-up of the most important tools I would always install.

This is just a list of things to consider when updating my GPG subkeys (encryption, signing, authentication) for the particular setup I use on a daily basis:

1. one master key without any expiry date to generate and revoke subkeys
2. I use pass as my password manager.
   1. the basic idea is that it’s a command-line password manager that uses gpg under the hood for encrypting / decrypting the passwords.
   2. the passwords are encrypted with an encryption subkey
   3. pass allows managing its history with git, linking the storage on a remote gitlab / github server.
3. the subkeys are only stored on my yubikey
4. the subkeys are always valid for a period of one year
5. the yubikey I use also has NFC, which makes it possible to use it on my android phone as well

I recently needed to go through this process and did forget to re-encrypt …

MQTT is a popular lightweight protocol for use in home automation. If features a central broker where each of the clients can communicate with in a pub / sub fashion.

Since I’ve been toying around with some home automation setups, I was curious how to secure it with TLS.

Mosquitto

The most commonly used broker implementation I have come across is mosquitto and is quite straightforward to setup on most *nix flavors. In my setup, I wanted to run it on Raspberry Pi, which I could leave running at my local home network. Since it runs raspbian, installing it was as simple as: