IRC with ZNC + certbot

October 28th, 2022

IRC is still a thriving space for communication. There are a mountain of communities online that still prefer to use IRC. Some of the most technically capable people I’ve met were found on IRC. In 2021, many communities migrated from freenode to Libera after the Andrew Lee drama (I might write about this later). Check out Libera if you want to join communities for #archlinux, #ansible, ##rust, #emacs, #gentoo, #fedora, #linux, #neovim, #ubuntu, #wikipedia just to name a few.

Onto ZNC…

Why ZNC? It’s a very capable and stable IRC Bouncer. It stays connected to IRC, and you connect to it instead of directly to the IRC server. This allows your IRC client to be “always online” in IRC, so you don’t have to miss any action (thanks to ZNC’s buffer), people can always message you, and it also hides your home IP. You will need a server to run it on, and it runs on linux.


  • znc is installed on your system and your znc config files are in your home directory in ~/.znc (this is the default behavior when installing)
  • You want to connect to IRC with a bind host instead of an IP address.
  • You’ve already configured rDNS for the IP you want to resolve to the domain you want to connect with.
  • You’ve already updated your nameserver’s zone file (A record) so the IP points to the domain (many providers will require the IP to resolve to the hostname before they’ll allow rDNS to point back to the IP).
  • You want to connect securely to your znc (and you should!)

Here we go. Use a package manager to install certbot. for instance, yum, if you’re on CentOS.

sudo yum install certbot

Before you actually generate a cert, setup a renewal hook deployment script. This will make sure that when the cert is renewed the files get installed into the right spot to make znc work correctly.

cd /etc/letsencrypt/renewal-hooks/deploy/
vi update-znc.pem



[[ $RENEWED_LINEAGE != "/etc/letsencrypt/live/$YOURDOMAIN" ]] && exit 0
echo "Updating certs"
cat /etc/letsencrypt/live/$YOURDOMAIN/{privkey,fullchain}.pem > /home/YOURNUSERNAME/.znc/znc.pem

You’ll need to update the YOURDOMAIN line to change ‘’ to your actual domain. Then generate your cert:

sudo certbot certonly --standalone -d -m [email protected] --agree-tos

Same here – “” should match whatever domain you put in the update-znc.pem file. That’s it. Assuming rDNS has propagated across the internet (this can take up to 48 hours in some cases) you should now be able to launch znc, configure it to connect to the IRC networks you want, and then you should be able to connect to your znc using the domain name you specified, with SSL properly configured for the domain name.

Read more on the znc website for details on setting up connections from znc to IRC.

Good luck and happy IRC’ing.

Krew, A Helpful Kubernetes Plugin discovery tool

October 26th, 2022

I recently stumbled onto Krew, a SIG CLI project. It helps you discover plugins from your machine. It works on MacOS, Linux, and windows. They have an active community and they collaborate in #sig-cli in the kubernetes slack. Here are just a few of the 207 (as of Oct 2022) plugins that are useful:

  • ctx – This provides a faster way to switch between clusters and namespaces in kubectl
  • who-can – If you use RBAC for access controls, this will show who has RBAC permissions to perform actions on different resources in Kubernetes.
  • ns – Provides a faster way to switch between clusters and namespaces

Unrelated to Krew, but if you like to color code things (like color coding production vs non-production) take a look at kubecolor

TikTok Tech Roundup – Part 1

October 25th, 2022

This is the first installment of what I’m calling the Tikok Tech Roundup, where I share videos from TikTok that I found interesting.

First up is Anerdguy. Here he shows how to create a Pi-hole Docker container to block ads on your entire home network. This is where infra/tech and at-home network security intersect.


Replying to @bigpanda161 Create a Pi-hole Docker container to block ads on your entire home network. #pihole #docker #softwareengineer #techtok #tech #ubiquiti

♬ Lo-fi hip hop – NAO-K

Next is @tamsininnit with a video about a free (as in beer) open-source alternative to Zapier. Use this to automate workflows, and you can host it locally or at your cloud provider. Perfect if you don’t trust Zapier with your secrets.

Next is @viciswho explaining on how to setup high definition video for streaming, office meetings, etc.

Next up is @ChiefGyk3D with a solution for backing up your icloud data to your synology NAS using icouldpd in case apple loses files. Also features docker. (Commenters have noted that you can also install Synology Photos on your iOS devices, and that it provides automatic backups just like iCloud). If you have your very own telco closet at home or are a datacenter mole person like me, this you might appreciate this tutorial.