Victor's Blog

I built a Rust CLI tool without writing a single line of code

2026-05-14T09:54:00+00:00

This blog post was written by Claude. Like the project itself, not a single word was typed by hand.</p> </blockquote>
I've been self-hosting my music with Navidrome</a> for a while now, and one thing that always bothered me was the lack of a good way to shuffle a playlist in place. Subsonic clients can shuffle playback, but the playlist order on the server stays fixed — so if I want a fresh random order I had to do it manually.</p>
So I built subsonic-shuffler</a>: a small Rust CLI that shuffles a Subsonic playlist. It can shuffle in place, write the result to a different playlist, or create a new one. It reads credentials from environment variables and runs as a one-shot Podman container on my CoreOS server, triggered nightly at 3 AM by a systemd timer.</p>
The interesting part: I didn't write a single line of code.</p>
The experiment</h2>
I've been using Claude Code for a while for smaller tasks, but this time I wanted to see how far I could push it on a greenfield project with no existing codebase to guide it. The rules I set for myself: describe what I want, answer clarifying questions, review what gets produced — but never touch the keyboard to write code myself.</p>
The result is a fully working Rust project with:</p>

A CLI built with clap</code>, using the opensubsonic</code></a> crate for the Subsonic API</li>
Flexible source/destination options (--source</code>, --source-id</code>, --output</code>, --output-id</code>, --create</code>)</li>
Helpful error messages that list matching playlists with their IDs when a name is ambiguous</li>
A Justfile</code> for local development</li>
A multi-stage Containerfile</code> producing a minimal Alpine image</li>
The image published to my Forgejo container registry</a></li>
The crate published to my Forgejo cargo registry</a></li>
A Quadlet .container</code> file for systemd integration on CoreOS</li> </ul> All of it committed in a git repository with meaningful commit messages — also written by Claude.</p> What worked well</h2> The back-and-forth felt natural. I'd describe a feature, Claude would ask clarifying questions when the design wasn't obvious (shuffle in place vs. create new? what happens on ambiguous names?), implement it, verify it compiled, then commit. When I asked for changes — removing a redundant flag, changing error message formatting, adjusting the --create</code> semantics — they landed correctly on the first try.</p> The knowledge of the ecosystem was solid. It looked up the opensubsonic</code> crate's actual API on docs.rs before writing code rather than guessing, which meant the implementation was correct from the start.</p> What still required my input</h2> Judgment calls that needed context I held: which registry to publish to, what the container image path should be, how the systemd unit should be structured, what OnCalendar=</code> value to use for the timer. These aren't things an AI can know — they're decisions about my infrastructure. But once I supplied the answer, execution was immediate and correct.</p> Conclusion</h2> For a self-contained tool with a clear spec, AI-assisted development is genuinely useful — not as autocomplete, but as a collaborator that can take a description and produce a working, well-structured result. The limiting factor wasn't the code; it was me articulating what I actually wanted.</p> The source is at forgejo.victorsavu.eu/victor/subsonic_shuffle</a> if you want to use it or read through what was generated.</p>



Backup Radicale to git
2026-05-10T20:00:00+00:00
Radicale</a> allows for storage hooks</a> to record changes in git. Getting it working in a container is a bit more involved though. You need:</p>

A .gitconfig</code></li>
Access to the repository</li>
Configuring Radicale</li>
</ol>
Set up .gitconfig</code></h3>
git</code> requires a global .gitconfig</code> containing at least a name and email to be able to create commits:</p>
[user]</span></span>
        email = <a@email.address></span></span>
        name = <Some name></span></span></code></pre>
This needs to be mounted into the container (this example assumes the root</code> user):</p>
Volume=/var/<somewhere>>/.gitconfig:/root/.gitconfig:Z,ro</span></span></code></pre>Give Radicale access to the repository</h3>
ssh</code> is not available in the repository, we have to use https. To keep things simple, you can add the user and password to the repository URL itself:</p>
git remote add origin https://<user>:<password>@<repository>.git</span></span></code></pre>
Forgejo</a> supports repository scoped access tokens</a> that are ideal in this case (added to version 15). The token must be used instead of the password and can be restricted to a single repository.</p>
For other git hosts, check what is available and avoid storing your actual user password in plaintext.</p>
Configure Radicale</h3>
Add a hook to commit and upload changes to your radicale config:</p>
[storage]</span></span>
hook = git add -A && (git diff --cached --quiet || git commit -m "Changes by \"%(user)s\"") && git push</span></span></code></pre>


Use Proton to send emails from Grafana
2026-04-22T20:30:00+00:00
To allow Grafana</a> to send emails using Proton</a>, you need to:</p>

Create an SMTP token in Proton from settings</a>.</li>
Configure Grafana</a> using grafana.ini</code>:</li>
</ol>
[smtp]</span></span>
enabled=true</span></span>
host=smtp.protonmail.ch:587</span></span>
user={{SMTP username}}</span></span>
from_address={{SMTP username}}</span></span>
startTLS_policy=MandatoryStartTLS</span></span>
password={{SMTP token}}</span></span></code></pre>
Where {{SMTP username}}</code> and {{SMTP token}}</code> should be copied from Proton.</p>


I'm switching from Proton Calendar to Radicale
2026-04-03T19:50:00+00:00
I have given up trying to use Proton Calendar</a> as my main calendar application due to three big issues:</p>

Proton does not use CalDAV</a> and on Android, other applications can't read calendars from the Proton Calendar app. To synchronize events on my smartwatch I need to export the calendar to a 3rd party service (Google in my case).</li>
To be able to plan things, I need to see my work events in my calendar app. Proton has a quite large sync delay</a> for external calendars</a>, large enough for me to make mistakes.</li>
Proton contacts also don't sync with Android (you can import, but not export</a>).</li>
</ol>
To make my life simpler, I've migrated to a self-hosted instance of Radicale</a>. I lose the Proton Mail</a> app integration, but I can still use Thunderbird</a> to manage everything including contacts. On Android I use DAVx5</a> to sync everything with much shorter sync delays. I hope CalDAV Push</a> will make the delay go completely away once Radicale supports it.</p>
See also</h3>

Backup Radicale to git</a></li>
Override the radicale user when using docker</a></li>
Sharing Calendars using Radicale and symlinks</a></li>
</ul>


Sharing Calendars using Radicale and symlinks
2026-04-03T19:00:00+00:00
While Radicale</a> now supports sharing</a>, an older and very simple way to make it work is to just use symlinks. Here I assume user1</code> wants to share their planning</code> calendar with user2</code> with full permissions.</p>
cd <path to collection-root>/user2</span></span>
ln -s ../user1/planning/ user1_planning</span></span></code></pre>


Override the radicale user when using docker
2026-04-03T18:40:00+00:00
The Radicale</a> Dockerfile</a> hardcodes 1000</code> as the UID running inside the container. If that user is not available, it can still be overridden. If using quadlet</a> You can add User=<your choice></code> to the [Container]</code> section. The podman</a> or docker</a> CLI equivalent is --user <your choice></code>.</p>


Allow Thunderbird to archive proton emails
2026-04-03T18:30:00+00:00
If you get a Operation Not Allowed</code> error when archiving emails in Thunderbird</a> when using Proton Bridge</a>, try to update your account settings in Thunderbird.</p>

Open Settings</code>.</li>
Open Account Settings</code>.</li>
Select your bridge account.</li>
Open Copies & Folders</code>.</li>
Go to the Message Archives</code> section and select your archive folder in Proton.</li>
</ol>

    
</a>
Thank you years old reddit question</a> and the reply from ProtonMail</a>.</p>


Create a BIMI compatible file from Inkscape
2026-03-22T21:00:00+00:00
Background</h2>
BIMI</a> only supports SVG Tiny Portable/Secure</a>, which is a quite restricted profile. My logo is quite simple, but Adobe Illustrator and Inkscape both create entries that are not compatible with it, mostly by usingstyle</code> attributes. Saving an Optimized SVG and editing the resulting file worked from Inkscape.</p>
Steps</h2>
1. Add a title</h3>
The document should have a title for the format to be valid for BIMI. Add it in Inkscape:</p>

    
</a>
2. Save the right format</h3>
Use Optimized SVG</code> in the Save As</code> dialog:</p>

    
</a>
3. Configure export</h3>
The precision of the output must be set to 2</code> and Collapse groups</code> should be selected.</p>

    
</a>

You are removing precision from the original SVG</code>, review the output, particularly around corners and edges.</p>
</blockquote>
4. Edit the resulting SVG</h3>
Replace the version attribute of the svg</code> node from version="1.1"</code> to version="1.2" baseProfile="tiny-ps"</code>. As a sed one-liner:</p>
sed -e 's|version="1.1"|version="1.2" baseProfile="tiny-ps"|'  </span></span></code></pre>
You also need to remove the metadata</code> section as Inkscape adds incompatible elements to it (like rdf:RDF</code>):</p>
 <metadata></span></span>
  ...</span></span>
 </metadata></span></span></code></pre>5. Validate the result</h3>
Follow the official instructions</a> and validate the resulting svg</code> file using jingtrang</code>. I added this to my justfile</a>.</p>
Illustrator steps</h2>
1. Export correctly</h3>

    
</a>

You are removing precision from the orignal SVG</code>, review the output, particularly around corners and edges.</p>
</blockquote>
2. Remove groups</h3>
If your SVG</code> contains groups (<g></code> elements), they need to be removed. I used svgo</code></a> to minify the file and it does it automatically.</p>
3. Add a title</h3>
Even when a title is set in Illustrator, it will not be added to the final SVG</code>. Add <title>Your Title</title></code> as the first child</strong> of <svg></code> by hand.</p>
4. Set the version</h3>
Change baseProfile="tiny"</code> to baseProfile="tiny-ps"</code>. If using svgo</code>, the version gets removed, add it back as version="1.2"</code>.</p>


I have a logo
2026-03-22T20:00:00+00:00

    
</a>
Logo</h2>
Admire my new glorious logo. It's now everywhere on this website (which got a header just to hold it) and should also show up in my emails by using BIMI</a> after fighting tooling a bit</a>.</p>
Thank you</h2>
Thank you Hannelore Savu</a> for this logo.</p>
2026-03-23 Now with more precision</h2>
After reviewing the files in more detail, the precision loss when exporting to tiny-ps</code> with 2 decimals made the logos look odd. A bit more polishing by Hannelore and the logos look amazing in the minified and standards-compliant form.</p>
See the broken logo here</a> and pay attention to the rightmost curve.</p>


Forgejo is now live
2026-03-07T20:00:00+00:00
TL;DR: Forgejo is live</a>, Website code here</a></h3>
Forgejo</h3>
I like git</a> and good UIs to review changes, so I use Forgejo</a>. This setup took a while since I got sidetracked with SSH passthrough</a>, which I never got working on CoreOS</a>. But now, by using the built-in SSH server and a moved sshd port</a> I have a working forgejo instance 🎉.</p>
This website</h3>
This website is built using Zola and completely static. You can now read the source code</a>, including all the history</a>. Everything is intended to be public so let's show the world how the sausage is made.</p>
Other projects</h3>
I'm slowly migrating from an older Forgejo instance (which started as Gitea</a>) to this one, expect more repositories to show up soon. Most of them are private though.</p>
See also</h3>

Use Proton to send emails from Forgejo</a></li>
Change the SSHD port in Fedora CoreOS</a></li>
</ul>


Change the SSHD port in Fedora CoreOS
2026-03-07T19:00:00+00:00
Changing the port of sshd in CoreOS</a> is not obvious. There are multiple open bugs (1</a>, 2</a>) for this issue and I believe I have found a new approach that works for my server. The old CoreOS instructions</a>, don't take SELinux into account, they just update the sshd</code> configuration. The Flatcar documentation</a> is almost identical.</p>
1. Configure sshd.service</code> and sshd.socket</code></h3>
storage</span>:</span></span>
  files</span>:</span></span>
    -</span> path</span>:</span> /etc/ssh/sshd_config.d/port.conf</span></span>
        contents</span>:</span></span>
            inline</span>:</span> Port 2223</span></span>
        mode</span>:</span> 0644</span></span></code></pre>systemd</span>:</span></span>
  units</span>:</span></span>
    -</span> name</span>:</span> sshd.socket</span></span>
        dropins</span>:</span></span>
        -</span> name</span>:</span> sshd-port.conf</span></span>
            contents</span>:</span> |</span></span>
            [Socket]</span></span>
            ListenStream=</span></span>
            ListenStream=2223</span></span></code></pre>2. Make selinux happy</h3>
Just updating sshd is not enough, it will not have the permissions to bind to any port besides what is set as ssh_port_t</code>. So, let's update that using a cil policy to update the label</a>:</p>
systemd</span>:</span></span>
  units</span>:</span></span>
    -</span> name</span>:</span> custom-ssh-port-t.service</span></span>
      enabled</span>:</span> true</span></span>
      contents</span>:</span> |</span></span>
        [Unit]</span></span>
        Description=Update ssh_port_t</span></span>
        Before=sshd.service</span></span>
</span>
        [Service]</span></span>
        Type=oneshot</span></span>
        ExecStart=/usr/sbin/semodule -i /root/ssh_port_t.cil</span></span>
        RemainAfterExit=yes</span></span>
</span>
        [Install]</span></span>
        WantedBy=multi-user.target</span></span></code></pre>storage</span>:</span></span>
  files</span>:</span></span>
    -</span> path</span>:</span> /root/ssh_port_t.cil</span></span>
      mode</span>:</span> 0644</span></span>
      contents</span>:</span></span>
        inline</span>:</span> |</span></span>
          (portcon tcp 2223 (system_u object_r ssh_port_t ((s0)(s0))))</span></span></code></pre>Alternatives that didn't work for me</h3>

Adding a custom SELinux policy. It only worked if I installed it with selinux -i</code>.

I did manage to deploy a pp</code> file that showed up in semodule --list-modules</code>, but never took effect at both low or high priorities.</li>
</ul>
</li>
Changing ssh_port_t</code> using semanage</code>, but it's not installed in CoreOS.</li>
</ul>


Serve precompressed static files from caddy
2026-03-07T12:00:00+00:00
Background</h2>
While Caddy</a> can compress files</a> as they are requested, my website is completely static (built using Zola</a> )and all of this work can be done once ahead of time. For this purpose I use precompress</a>.</p>
To make everything work, Caddy needs to be instructed to look for precompressed files:</p>
file_server {</span></span>
    precompressed</span></span>
}</span></span></code></pre>
To actually precompress, you just need to install and point precompress</code> at the right folder. The default options work well for me.</p>
cargo</span> install precompress</span></span>
~</span>/.cargo/bin/precompress </span>{</span>{your site folder}}</span></span></code></pre>
I use a justfile</a> to manage building and deploying my website, which lets me do everything in a one-liner:</p>
build:</span></span>
    rm -rf public</span></span>
    ~/.cargo/bin/zola build</span></span>
    ~/.cargo/bin/precompress public</span></span>
</span>
install-deps:</span></span>
    cargo install --locked --git https://github.com/getzola/zola</span></span>
    cargo install precompress</span></span>
</span>
deploy-victorsavu: build</span></span>
    rsync -rzP --delete public/ victorsavu@victorsavu.eu:victorsavu/</span></span></code></pre>


Use Proton to send emails from Forgejo
2026-02-15T00:00:00+00:00
To allow Forgejo</a> to send emails using Proton</a>, you need to:</p>

Create an SMTP token in Proton from settings</a>.</li>
Configure Forgejo</a> using app.ini</code>:</li>
</ol>
[mailer]</span></span>
ENABLED = true</span></span>
FROM           = {{SMTP username}}</span></span>
PROTOCOL       = smtp+starttls </span></span>
SMTP_ADDR      = smtp.protonmail.ch</span></span>
SMTP_PORT      = 587</span></span>
USER           = {{SMTP username}}</span></span>
PASSWD         = `{{SMTP token}}`</span></span></code></pre>
Where {{SMTP username}}</code> and {{SMTP token}}</code> should be copied from Proton.</p>


Limiting deSEC tokens for DNS-01 and dynDNS
2026-02-08T00:00:00+00:00
The deSEC documentation</a> documents how to scope tokens using policies. I used this feature to limit my deSEC tokens to what they are responsible for.</p>

The {{id}}</code> is not the token name and is unfortunately not shown in the UI. See useful commands below</a> for a simple way to query the ids of all your tokens.</p>
</blockquote>
I use just</a> to organize my commands. If you want the commands to work in your shell, just replace {{something}}</code> with ${something}</code>.</p>
dynDNS</h4>
I use dynDNS since I don't have a static IP at home. This allows updating both A and AAAA records, but only for the intended domain and subdomain. For each domain, I use a different token to keep things safer.</p>
desec-limit-token-dyndns id domain subdomain: </span></span>
    curl -sS  https://desec.io/api/v1/auth/tokens/{{id}}/policies/rrsets/ \</span></span>
       --header "Authorization: Token ${DESEC_TOKEN}" \</span></span>
       --header "Content-Type: application/json" --data @- <<< \</span></span>
       '{"domain": null, "subname": null, "type": null, "perm_write": false}'</span></span>
    curl -sS  https://desec.io/api/v1/auth/tokens/{{id}}/policies/rrsets/ \</span></span>
       --header "Authorization: Token ${DESEC_TOKEN}" \</span></span>
       --header "Content-Type: application/json" --data @- <<< \</span></span>
       '{"domain": "{{domain}}", "subname": "{{subdomain}}", "type": "AAAA", "perm_write": true}'</span></span>
    curl -sS  https://desec.io/api/v1/auth/tokens/{{id}}/policies/rrsets/ \</span></span>
       --header "Authorization: Token ${DESEC_TOKEN}" \</span></span>
       --header "Content-Type: application/json" --data @- <<< \</span></span>
       '{"domain": "{{domain}}", "subname": "{{subdomain}}", "type": "A", "perm_write": true}'</span></span></code></pre>ACME DNS-01</h4>
I use wildcard certificates, which can only be issued by using a DNS-01 challenge</a>. This only allows updating the _acme-challenge</code> with a TXT</code> record only, which is enough for the challenge.</p>
desec-limit-token-acme id domain: </span></span>
    curl -sS https://desec.io/api/v1/auth/tokens/{{id}}/ --header "Authorization: Token ${DESEC_TOKEN}" | jq .name</span></span>
    curl -sS  https://desec.io/api/v1/auth/tokens/{{id}}/policies/rrsets/ \</span></span>
       --header "Authorization: Token ${DESEC_TOKEN}" \</span></span>
       --header "Content-Type: application/json" --data @- <<< \</span></span>
       '{"domain": null, "subname": null, "type": null, "perm_write": false}'</span></span>
    curl -sS  https://desec.io/api/v1/auth/tokens/{{id}}/policies/rrsets/ \</span></span>
       --header "Authorization: Token ${DESEC_TOKEN}" \</span></span>
       --header "Content-Type: application/json" --data @- <<< \</span></span>
       '{"domain": "{{domain}}", "subname": "_acme-challenge", "type": "TXT", "perm_write": true}'</span></span></code></pre>Useful commands</h4>
desec-list-tokens:</span></span>
    curl -sS https://desec.io/api/v1/auth/tokens/ --header "Authorization: Token ${DESEC_TOKEN}" | jq '.[] |{name, id}'</span></span>
</span>
desec-list-policies id:</span></span>
    curl -sS https://desec.io/api/v1/auth/tokens/{{id}}/policies/rrsets/ --header "Authorization: Token ${DESEC_TOKEN}" | jq</span></span>
</span>
desec-delete-policy id policy_id:</span></span>
    curl -sS  -X DELETE https://desec.io/api/v1/auth/tokens/{{id}}/policies/rrsets/{{policy_id}}/ \</span></span>
       --header "Authorization: Token ${DESEC_TOKEN}"</span></span></code></pre>


Enable ipv6 in a quadlet container
2026-01-17T16:00:00+00:00
In podman, the default network has ipv6 disabled. To fix this, create /etc/containers/systemd/main.network</code> which just enables ipv6:</p>
[Network]</span></span>
IPv6</span>=</span>true</span></span></code></pre>
All containers will then need to add a Network</code> entry in their config:</p>
[Container]</span></span>
Network</span>=</span>main.network</span></span>
...</span></span></code></pre>


Enable ipv6 on a Hetzner CoreOS server
2026-01-17T14:00:00+00:00
Hetzner</a> automatically assigns an ipv6 range to each server, but it does not</strong> assign an ipv6 address to it. This must be done manually for CoreOS</a> by updating the network configuration in /etc/NetworkManager/system-connections/enp1s0.nmconnection</code> to:</p>
[connection]</span></span>
id=enp1s0</span></span>
type=ethernet</span></span>
interface-name=enp1s0</span></span>
uuid=f141878f-5566-303c-8231-1c1ab23f2256</span></span>
</span>
[ipv4]</span></span>
method=auto</span></span>
dns=8.8.8.8,8.8.4.4</span></span>
</span>
[ipv6]</span></span>
method=manual</span></span>
addresses=<your range here>::1/64,fe80::1</span></span>
gateway=fe80::1</span></span>
dns=2001:4860:4860::8888,2001:4860:4860::8844</span></span>
may-fail=false</span></span></code></pre>
For DNS (both ipv4 and ipv6) I picked Google DNS</a>.</p>
This configuration was based on the Hetzner documentation on ipv6</a>.</p>
See also: Use direct ipv6 when possible and a fallback for ipv4</a></p>


Add modules to caddy on CoreOS
2026-01-17T12:00:00+00:00
Some Caddy</a> modules are non-standard</a> and are not included in the official docker image. You can add modules easily using xcaddy</code></a>, but you need to create a custom docker image each time. This can be done in CoreOS using .build</code> files.</p>
Create a Containerfile</code> that builds the image. In this example we add caddy-dns/desec</code> to the image and we install the file as /etc/containers/systemd/Containerfile.caddy</code>.</p>
FROM</span> docker.io/library/caddy:2-builder </span>AS</span> builder</span></span>
</span>
RUN</span> xcaddy build \</span></span>
    --with github.com/caddy-dns/desec</span></span>
</span>
FROM</span> docker.io/library/caddy:2</span></span>
</span>
COPY</span> --from=builder /usr/bin/caddy /usr/bin/caddy</span></span></code></pre>

Use the full image path docker.io/library/caddy</code>.</p>
</blockquote>
To add the build file to quadlet, you need to create /etc/containers/systemd/caddy.build</code>.</p>
[Unit]</span></span>
Description</span>=</span>Build custom Caddy image with deSEC DNS</span></span>
</span>
[Build]</span></span>
SetWorkingDirectory</span>=</span>.</span></span>
File</span>=</span>Containerfile.caddy</span></span>
ImageTag</span>=</span>localhost/caddy-desec</span></span></code></pre>

Note: SetWorkingDirectory</code> is required and also lets you put the Containerfile</code> somewhere else.</p>
</blockquote>
Your caddy.container</code> now needs to reference the caddy.build</code> image by adding</p>
[Container]</span></span>
ContainerName</span>=</span>caddy</span></span>
Image</span>=</span>caddy.build</span></span></code></pre>


Use direct ipv6 when possible and a fallback for ipv4
2026-01-17T10:00:00+00:00
Background</h2>
My network provider only provides me an ipv6 address and uses DS-Lite</a> for outgoing ipv4 connections. This means I can't host something on my home-network and have it accessible from all networks.</p>
To get around this I have a funky setup that allows direct connections over ipv6 and proxies all ipv4 through a server that does have an ipv4 address (I use the cheapest Hetzner</a> server for this). Most networks support ipv6 and a direct connection is used and I don't have to pay for bandwidth. The server is only involved in ipv6 connections.</p>
Setup</h2>

Home server (called homeserver</code>). The server we want to reach from everywhere.</li>
Cloud server (called cloudserver</code>). A cheap server that has a public ipv4 address.</li>
Client (who wants to connect to homeserver</code>) from a different network.</li>
DynDNS provider

Must allow updating only AAAA</code> entries without touching A</code>. DeSEC</a> allows this by passing myipv4=preserve</code>.</li>
</ul>
</li>
</ul>
DNS setup</h3>
home.victorsavu.eu</code>
A</code> - Cloud server ipv4 address - static
AAAA</code> - Home server ipv6 address - DynDNS</p>
home6.victorsavu.eu</code>
AAAA</code> - Home server ipv6 address - DynDNS</p>
Homeserver</h3>
homeserver</code> uses curl to periodically update the AAAA DynDNS entries in home6.victorsavu.eu</code> and home.victorsavu.eu</code>. It has no other special restrictions.</p>
Caddy proxy running on cloudserver</code></h3>
*.victorsavu.com {</span></span>
        tls {</span></span>
            dns <your provider> {</span></span>
                <provider config></span></span>
            }</span></span>
        }</span></span>
</span>
        @redirected `host('home.victorsavu.eu')`</span></span>
        handle @redirected {</span></span>
                reverse_proxy home6.victorsavu.eu</span></span>
        }</span></span>
</span>
        # Fallback for otherwise unhandled domains</span></span>
        handle {</span></span>
                respond 421</span></span>
        }</span></span>
}</span></span></code></pre>
We use Caddy to proxy ipv4 connections from clients connecting over ipv4 to homeserver</code>. Since it can't respond to all http requests (All ipv6 requests go directly to homeserver</code>), we can't use the http-01</code></a> challenge here and need to use something like dns-01</code></a> instead. dns-01</code> also allows obtaining a wildcard certificate. You can proxy as many subdomains as you need with this setup (I use 4 for example). Additional domains just need to be added to the @redirected</code>: host('home.victorsavu.eu', 'second.victorsavu.eu')</code>.</p>
See also: Enable ipv6 on a Hetzner CoreOS server</a></p>


This site is now live
2026-01-17T08:00:00+00:00
My website is now live 🎉. I wanted to share some tips</a> so that is where I added multiple entries.</p>
Expect more content and changes to land soonish.</p>

Configure Radicale</h3>
Add a hook to commit and upload changes to your radicale config:</p>
`[storage]</span></span> hook = git add -A && (git diff --cached --quiet || git commit -m "Changes by \"%(user)s\"") && git push</span></span></code></pre>`

See also</h3>

Backup Radicale to git</a></li>
Override the radicale user when using docker</a></li>
Sharing Calendars using Radicale and symlinks</a></li> </ul>

1. Add a title</h3>
The document should have a title for the format to be valid for BIMI. Add it in Inkscape:</p> </a>

2. Save the right format</h3>
Use `Optimized SVG</code> in the Save As</code> dialog:</p></a>`

5. Validate the result</h3>
Follow the official instructions</a> and validate the resulting `svg</code> file using jingtrang</code>. I added this to my` `justfile</a>.</p>`

`4. Set the version</h3> Change baseProfile="tiny"</code> to baseProfile="tiny-ps"</code>. If using svgo</code>, the version gets removed, add it back as version="1.2"</code>.</p>`

This website</h3>
This website is built using Zola and completely static. You can now read the source code</a>, including all the history</a>. Everything is intended to be public so let's show the world how the sausage is made.</p>

Other projects</h3>
I'm slowly migrating from an older Forgejo instance (which started as Gitea</a>) to this one, expect more repositories to show up soon. Most of them are private though.</p>

See also</h3>

Use Proton to send emails from Forgejo</a></li>
Change the SSHD port in Fedora CoreOS</a></li> </ul>

DNS setup</h3>
`home.victorsavu.eu</code> A</code> - Cloud server ipv4 address - static AAAA</code> - Home server ipv6 address - DynDNS</p>`
`home6.victorsavu.eu</code> AAAA</code> - Home server ipv6 address - DynDNS</p>`

Victor's Blog

I built a Rust CLI tool without writing a single line of code

Backup Radicale to git

Use Proton to send emails from Grafana

I'm switching from Proton Calendar to Radicale

Sharing Calendars using Radicale and symlinks

Override the radicale user when using docker

Allow Thunderbird to archive proton emails

Create a BIMI compatible file from Inkscape

I have a logo

Logo</h2>
Admire my new glorious logo. It's now everywhere on this website (which got a header just to hold it) and should also show up in my emails by using BIMI</a> after fighting tooling a bit</a>.</p>

Thank you</h2>
Thank you Hannelore Savu</a> for this logo.</p>

Forgejo is now live

Change the SSHD port in Fedora CoreOS

Serve precompressed static files from caddy

Use Proton to send emails from Forgejo

Limiting deSEC tokens for DNS-01 and dynDNS

Enable ipv6 in a quadlet container

Enable ipv6 on a Hetzner CoreOS server

Add modules to caddy on CoreOS

Use direct ipv6 when possible and a fallback for ipv4

This site is now live

Victor's Blog

I built a Rust CLI tool without writing a single line of code

Backup Radicale to git

Give Radicale access to the repository</h3> ssh</code> is not available in the repository, we have to use https. To keep things simple, you can add the user and password to the repository URL itself:</p>

Use Proton to send emails from Grafana

I'm switching from Proton Calendar to Radicale

Sharing Calendars using Radicale and symlinks

Override the radicale user when using docker

Allow Thunderbird to archive proton emails

Create a BIMI compatible file from Inkscape

Illustrator steps</h2> 1. Export correctly</h3> </a> You are removing precision from the orignal SVG</code>, review the output, particularly around corners and edges.</p> </blockquote>

1. Export correctly</h3> </a> You are removing precision from the orignal SVG</code>, review the output, particularly around corners and edges.</p> </blockquote>

4. Set the version</h3> Change baseProfile="tiny"</code> to baseProfile="tiny-ps"</code>. If using svgo</code>, the version gets removed, add it back as version="1.2"</code>.</p>

I have a logo

Forgejo is now live

Change the SSHD port in Fedora CoreOS

Serve precompressed static files from caddy

Use Proton to send emails from Forgejo

Limiting deSEC tokens for DNS-01 and dynDNS

Enable ipv6 in a quadlet container

Enable ipv6 on a Hetzner CoreOS server

Add modules to caddy on CoreOS

Use direct ipv6 when possible and a fallback for ipv4

Setup</h2> Home server (called homeserver</code>). The server we want to reach from everywhere.</li> Cloud server (called cloudserver</code>). A cheap server that has a public ipv4 address.</li> Client (who wants to connect to homeserver</code>) from a different network.</li>

DNS setup</h3> home.victorsavu.eu</code> A</code> - Cloud server ipv4 address - static AAAA</code> - Home server ipv6 address - DynDNS</p> home6.victorsavu.eu</code> AAAA</code> - Home server ipv6 address - DynDNS</p>

This site is now live

`4. Set the version</h3> Change baseProfile="tiny"</code> to baseProfile="tiny-ps"</code>. If using svgo</code>, the version gets removed, add it back as version="1.2"</code>.</p>`

DNS setup</h3>
`home.victorsavu.eu</code> A</code> - Cloud server ipv4 address - static AAAA</code> - Home server ipv6 address - DynDNS</p>`
`home6.victorsavu.eu</code> AAAA</code> - Home server ipv6 address - DynDNS</p>`