refactoring: make structure better

content/posts/how-i-got-through-uaes-firewall/index.md → content/posts/2019/how-i-got-through-uaes-firewall/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/how-i-got-through-uaes-firewall/"
 categories: ["pinned", "cyber security"]
 date: 2019-10-14T23:32:27Z
 description: "How I bypassed UAE's DPI-based VPN blocking while on vacation in Dubai using just an iPad and AWS."

content/posts/macbooks-switch-tousb-c-was-too-fast/index.md → content/posts/2019/macbooks-switch-tousb-c-was-too-fast/index.md

@@ -1,4 +1,5 @@
 +++
+url = "/posts/macbooks-switch-tousb-c-was-too-fast/"
 categories = ["multimedia"]
 date = 2019-04-09T11:37:00Z
 description = "Why Apple's 2016 switch to USB-C-only MacBooks was premature and the peripheral ecosystem wasn't ready."

content/posts/make-own-local-dns-and-learn-more-about-it/index.md → content/posts/2019/make-own-local-dns-and-learn-more-about-it/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/make-own-local-dns-and-learn-more-about-it/"
 categories: ["tech", "pinned", "sys admin"]
 date: 2019-08-05T21:19:53Z
 description: "Tutorial on setting up a local DNS resolver using BIND on Linux, covering DNS theory and practical configuration."

content/posts/new-home/index.md → content/posts/2019/new-home/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/new-home/"
 categories: ["devops", "sys admin", "tech"]
 date: 2019-07-12T01:59:10Z
 description: "Migrating the blog to Google GCP for learning cloud infrastructure and the value of self-hosting."

content/posts/some-comercials-times-macos/index.md → content/posts/2019/some-comercials-times-macos/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/some-comercials-times-macos/"
 date: 2019-08-03T17:26:48Z
 description: ""
 draft: true

content/posts/apple-script-to-remove-all-cookies-from-safari/index.md → content/posts/2020/apple-script-to-remove-all-cookies-from-safari/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/apple-script-to-remove-all-cookies-from-safari/"
 categories: ["multimedia", "Software development"]
 date: 2020-12-06T01:00:15Z
 description: "How to use AppleScript to automate removing all cookies from Safari and protect your privacy from tracking."

content/posts/dont-trust-vpn-provider-good-make-you-own-vpn/index.md → content/posts/2020/dont-trust-vpn-provider-good-make-you-own-vpn/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/dont-trust-vpn-provider-good-make-you-own-vpn/"
 categories: ["pinned", "sys admin", "devops"]
 date: 2020-02-29T14:22:00Z
 description: "Why you shouldn't blindly trust commercial VPN providers and how to set up your own VPN on a cloud server using Ansible."

content/posts/simplest-way-to-install-docker-compose/index.md → content/posts/2020/simplest-way-to-install-docker-compose/index.md

@@ -1,4 +1,5 @@
 +++
+url = "/posts/simplest-way-to-install-docker-compose/"
 categories = ["tech"]
 date = 2020-10-01T14:45:00Z
 description = "Comparing pip install vs direct binary download for getting the latest docker-compose version."

content/posts/git-fixup/index.md → content/posts/2021/git-fixup/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/git-fixup/"
 categories: ["Software development"]
 date: 2021-01-21T01:43:00Z
 description: "How to use git commit --fixup and git rebase --autosquash to cleanly amend a specific past commit."

content/posts/how-i-caught-crypto-miner-on-company-servers/index.md → content/posts/2021/how-i-caught-crypto-miner-on-company-servers/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/how-i-caught-crypto-miner-on-company-servers/"
 date: 2021-12-29T01:52:45Z
 description: "How I discovered an unauthorized Ethereum miner running on a company GPU VM and traced the culprit through forensic log analysis."
 draft: false

content/posts/how-run-firewalld-with-docker/index.md → content/posts/2021/how-run-firewalld-with-docker/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/how-run-firewalld-with-docker/"
 categories: ["sys admin", "devops"]
 date: 2021-05-16T17:26:48Z
 description: ""

content/posts/macos-swap-problem/index.md → content/posts/2021/macos-swap-problem/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/macos-swap-problem/"
 categories: ["tech", "multimedia"]
 date: 2021-01-18T01:01:23Z
 description: "How macOS aggressively swaps memory and writes a RAM-sized sleep image to SSD, and how to disable it."

content/posts/mounted-docker-volume-contains-symlinks.md → content/posts/2021/mounted-docker-volume-contains-symlinks.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/mounted-docker-volume-contains-symlinks/"
 date: 2021-02-18T23:21:02Z
 description: ""
 draft: true

content/posts/my-home-lab/index.md → content/posts/2021/my-home-lab/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/my-home-lab/"
 categories: ["tech", "sys admin"]
 date: 2021-07-02T23:46:00Z
 description: "Introduction to building a home lab in a small space - hardware choices, rack constraints, noise, and heat challenges."

content/posts/netlifx-on-macos/index.md → content/posts/2021/netlifx-on-macos/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/netlifx-on-macos/"
 categories: ["Software development", "tech", "multimedia"]
 date: 2021-06-24T22:10:10Z
 description: "How to create a native-like Netflix desktop app on macOS using the Nativefier command-line tool."

content/posts/simple-fix-for-macos-issue-with-nfs/index.md → content/posts/2021/simple-fix-for-macos-issue-with-nfs/index.md

@@ -1,4 +1,5 @@
 +++
+url = "/posts/simple-fix-for-macos-issue-with-nfs/"
 date = 2021-11-10T17:04:00Z
 description = "Quick fix for macOS NFS mount failures by setting the correct NFS version in nfs.conf."
 draft = false

content/posts/use-touchid-for-sudo-in-terminal-instead-of-password/index.md → content/posts/2021/use-touchid-for-sudo-in-terminal-instead-of-password/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/use-touchid-for-sudo-in-terminal-instead-of-password/"
 date: 2021-10-12T15:52:00Z
 draft: false
 slug: "use-touchid-for-sudo-in-terminal-instead-of-password"

content/posts/arch-linux-fix-the-kernel-zfs-dependency/index.md → content/posts/2022/arch-linux-fix-the-kernel-zfs-dependency/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/arch-linux-fix-the-kernel-zfs-dependency/"
 date: 2022-11-08T16:13:40Z
 description: "How to fix the ZFS kernel dependency error on Arch Linux that blocks system package updates."
 draft: false

content/posts/home-lab-upgrade/index.md → content/posts/2022/home-lab-upgrade/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/home-lab-upgrade/"
 date: 2022-02-02T23:46:00Z
 description: "Home lab upgrade with UniFi Switch 16 PoE, WiFi 6 access points, and improved network coverage."
 draft: false

content/posts/how-to-migrate-azure-dns-to-cloudflare/index.md → content/posts/2022/how-to-migrate-azure-dns-to-cloudflare/index.md

@@ -1,4 +1,5 @@
 +++
+url = "/posts/how-to-migrate-azure-dns-to-cloudflare/"
 date = 2022-04-14T10:50:56Z
 description = "Step-by-step guide for exporting DNS records from Azure DNS and importing them into Cloudflare."
 draft = false

content/posts/using-docker-to-compress-and-extract-volume-backup/index.md → content/posts/2022/using-docker-to-compress-and-extract-volume-backup/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/using-docker-to-compress-and-extract-volume-backup/"
 date: 2022-12-08T18:38:21Z
 description: "How to use Docker context and a temporary container to remotely copy, compress, and extract Docker volume backups."
 draft: false

content/posts/home-lab-another-upgrade/index.md → content/posts/2023/home-lab-another-upgrade/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/home-lab-another-upgrade/"
 date: 2023-09-02T23:46:00Z
 description: ""
 draft: true

content/posts/stop-oracle/index.md → content/posts/2023/stop-oracle/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/stop-oracle/"
 title: "Stop Oracle powering off your VM on free Oracle Cloud tier."
 date: 2023-04-28T00:09:53+02:00
 slug: "stop-oracle-cloud-powering-off-your-vm-on-free-tier"

content/posts/why-i-migrated-from-ghost-to-hugo-and-cloudflare/index.md → content/posts/2023/why-i-migrated-from-ghost-to-hugo-and-cloudflare/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/why-i-migrated-from-ghost-to-hugo-and-cloudflare/"
 title: Why I Migrated my blog from Ghost to Hugo platform (and Cloudflare)
 date: 2023-12-23
 draft: false

content/posts/how-to-deploy-rust-binary-on-light-alpine-docker-image/index.md → content/posts/2024/how-to-deploy-rust-binary-on-light-alpine-docker-image/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/how-to-deploy-rust-binary-on-light-alpine-docker-image/"
 title: How to Deploy a Rust Binary on a Light Alpine Docker Image
 description: "Why Rust binaries fail on Alpine with 'not found' and how to fix it by compiling with musl for static linking."
 draft: false

content/posts/unwanted-suprise-after-disabling-sip-on-macos/index.md → content/posts/2024/unwanted-suprise-after-disabling-sip-on-macos/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/unwanted-suprise-after-disabling-sip-on-macos/"
 categories: ["multimedia", "Software development"]
 date: 2024-08-24T01:00:00Z
 description: "The unpleasant surprise after disabling SIP on macOS"

content/posts/yabai-guide-2024/index.md → content/posts/2024/yabai-guide-2024/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/yabai-guide-2024/"
 categories: ["multimedia", "Software development"]
 date: 2024-08-01T01:00:00Z
 description: "A comprehensive guide on how to install and configure Yabai on macOS in 2024."

content/posts/plex-incident-debugging-infrastructure/index.md → content/posts/2025/plex-incident-debugging-infrastructure/index.md

@@ -1,4 +1,5 @@
 ---
+url: "/posts/plex-incident-debugging-infrastructure/"
 date: 2025-09-14T10:30:00Z
 description: "How I debugged suspicious Plex connections using Grafana, Tautulli, and Cloudflare Tunnel after the recent security incident"
 draft: false
@@ -8,29 +9,36 @@ categories: ["tech", "cyber security"]
 title: "Debugging Suspicious Plex Connections: A Deep Dive Into My Self-Hosted Infrastructure"
 ---
 
-Last week, Plex announced a security [incident](https://forums.plex.tv/t/important-notice-of-security-incident/930523) where their user database was compromised, forcing everyone to log out - including server connections. As someone who self-hosts a Plex instance that’s publicly reachable (no VPN in front), this grabbed my attention. Beyond the Reddit threads and confusion, it was a good opportunity to audit my infrastructure. In this post, I’ll walk through how I autdit my Plex server and chased down some weird connections to my Plex server using Grafana, Tautulli, and Cloudflare Tunnel.
+Last week, Plex announced a security [incident](https://forums.plex.tv/t/important-notice-of-security-incident/930523) where their user database was compromised, forcing everyone to log out - including server connections. As someone who self-hosts a Plex instance that’s publicly reachable (no VPN in front), this immediately caught my attention. Beyond the Reddit threads, confusion and panic, it was a great opportunity to audit my infrastructure.
+
+In this post, I’ll walk through how I did audit my Plex server and chased down some weird connections to my Plex server using Grafana, Tautulli, and Cloudflare Tunnel. Let's go!
 
 ## The Wake-Up Call
 
-The Plex incident was a reminder that even well‑secured services can get hit. After the email landed, I did a quick audit: review recent activity, confirm configs, and look for anything odd on the network. When you self‑host, you own both the security and the monitoring. Here’s how I approached it:
+When you self‑host, you own both the security and the monitoring. The Plex incident was a reminder that even well‑secured services can get hit. After the email landed, I started doing the work around.
 
 ## The Investigation Begins
 
 My first instinct was to check my monitoring stack to see if there had been any unusual activity on my Plex server. This is exactly why having proper observability in a homelab matters - during incidents, you need answers quickly. Without logs and monitoring, you’re flying blind. Before we continue here is a  quick overview of my setup:
 
+{{< alert >}}
+**Note**: Although home incidents are of course different then the ones at work but it's good to have place where you can practicise these things if you work at IT as developer or SRE.
+{{< /alert >}}
+
 ### Core Components
 
-- **Plex Media Server**: Running in Docker containers on Kubernetes
+TODO: make here a  diagram
+<!-- - **Plex Media Server**: Running in Docker containers on Kubernetes
 - **Cloudflare Tunnel**: Eliminates the need for port forwarding
 - **Grafana**: Log aggregation and monitoring dashboards
-- **Tautulli**: Plex-specific monitoring and analytics
+- **Tautulli**: Plex-specific monitoring and analytics -->
 
 ### Security Measures
 
 - **No Open Ports**: Everything routes through Cloudflare Tunnel
 - **Country Whitelisting**: Cloudflare rules limit access to specific countries
 - **Container Isolation**: Plex runs rootless in isolated containers
-- **Regular Monitoring**: Automated alerts for unusual activity patterns
+- **Regular Monitoring**: Automated alerts for unusual activity patterns both on Cloudflare and Unifi router
 
 ### Step 1: Grafana logs