July 12, 2025
Here’s a little post about how I do SSH hardening for my RHEL9 homelab and how I ensure that the Ansible automation user is properly set. The playbook stems from an incident I had in Red Hat Insights where it was reported that I had an SSH configuration that allowed legacy ciphers. It was also adviced to create a crypto policy that disables weak algorithms.
July 3, 2025
This guide covers setting up BIND9/named for internal reverse/forward DNS resolution on a RHEL9 server. Unlike public authoritative DNS servers, internal DNS servers provide recursive resolution for your internal network and handle local domain queries.
All IP addresses, network ranges, and hostnames in this guide are examples. Replace them with your actual values.
For the entirety of the guide we’ll be running every single command as root.
July 3, 2025
This guide covers setting up BIND9/named as an authoritative public DNS server on RHEL9. Unlike internal DNS servers that provide recursive resolution, public authoritative DNS servers are responsible for answering queries about domains you own and control.
This setup includes security hardening measures such as proper logging and zone transfer restrictions to protect your DNS infrastructure from abuse.
All IP addresses, domain names, and server configurations in this guide are examples. Replace them with your actual values.
July 3, 2025
Red Hat Identity Management (IdM) provides centralized authentication, authorization, and account information by storing data about users, groups, hosts, and other objects necessary to manage the security aspects of a network of computers. This guide covers installing IdM/IPA server without the integrated DNS service on RHEL9.
This guide demonstrates setting up a high-availability IPA deployment with two servers:
July 3, 2025
When I started looking into automating my homelab VM provisioning, I was surprised by the lack of examples combining Ansible with OSBuild for KVM environments. Not many tutorials focus on KVM, so I wanted something that used Red Hat’s tooling - as I run a RHEL homelab.
I used to provision my homelab virtual machines by hand and eventually I got tired of doing it since I like to tinker around a lot and constantly add new VMs. So, I decided to automate the process using the combination of Ansible and OSBuild.
June 3, 2025
The EPEL repository provides packages that are not included in the standard RHEL repositories, such as htop and vim for example.
Before installing EPEL, you need to enable the CodeReady Builder repository, which provides dependencies for many EPEL packages.
subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
After installation, you can verify that EPEL is enabled by listing available repositories: