> Going forward, customers must order the full server system to obtain the motherboard.

https://www.youtube.com/watch?v=AF8d72mA41M

Regarding your last point: that's just market segmentation. Plenty of lanes on server CPUs. Remember Linus' rant about Intels refusal to offer ECC for consumer CPUs?

Sounds like a lot, but I was almost paying the same before - 220€ for power at home, 110€ for a dedicated Hetzner server, 95€ for a secondary internet connection (as not to interfere with the main uplink used for home office by my partner and me).

Not having to deal with the extra heat, noise and used up space at home anymore has been worth it as well.

Initial setup is a handful of commands interacting with Vault's CLI, from there, with CI in place, client certs are renewed automatically. Services are restarted / reloaded as well. Works flawlessly.

I should maybe write a (small) blog explaining how it works.

[1] https://github.com/debricked/dmarc-visualizer

The Vault initialization and configuration is more or less manual (just a bunch of commands, I have them in my notes). From there I am using an ansible role based on the hasi_vault module [1] which is run by a Jenkins job every night, logging into each target system, renewing certs if needed and reloading services.

Has been working very well for about a year now. Of course, there's a little more technical context needed - my CA needs to be present on all systems interacting with it, and my CI needs to be able to log into each target system (SSH keypair + sudo user). This ties into the rest of my infrastructure, which is managed by Terraform and Ansible.

I might write up a small blog post about this if I find the time.

[1] https://docs.ansible.com/ansible/latest/collections/communit...

Which is a fun watch btw

  Processing indexes: [PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPapt-mirror: can't open index packages.mozilla.org/apt//dists/mozilla/main/binary-amd64/Packages in process_index at /usr/bin/apt-mirror line 891.

  deb https://packages.mozilla.org/apt mozilla main
  clean https://packages.mozilla.org

I've used that provider for a while, and only recently started looking into the specifics. The repo is effectively owned by a company profiting off of incarcerated persons in the US. Pretty wild.

Mostly writing this since I've spent the last few days migrating my Terraform setup to a different, supported provider [3].

[1] https://github.com/Telmate/terraform-provider-proxmox

[2] https://www.gettingout.com/

[3] https://github.com/bpg/terraform-provider-proxmox

I might do a writeup soon on this, it's not even that complicated.

It's a generic user agent I believe and there's billions of (simple) HTTP requests hitting that endpoint. If you're using a stock Android (or even worse, like Samsung) it's the Play services and unkillable vendor background apps you should be worried about.

I'd argue it's a lot more conspicuous to network operators if you're using non-standard captive URLs.

That's what I imagine could be the last few seconds of semi conscious hallucination by some poor Warhammer40K space traveller during a gellar field failure.

Source: I've had three of my four wisdom teeth removed like that just a few weeks ago (mid thirties, local anesthetic). Chewing harder things like bread still hurts a little, otherwise it's fine.

* own CA, to be distributed to all systems via Ansible playbook or Dockerfile directives

* Hashicorp Vault with enabled PKI engine

* Ansible Hashivault module [1]

* Ansible role & playbook to tie it all together

* CI enviroment for automated deployment of SSL certs to target systems

Works flawlessly once set up, including restart/reload of affected services. Might do a writeup on my personal blog at some point.

[1] https://github.com/ansible-collections/community.hashi_vault