Vick's Hangout

Alpine Gateway WireGuard

I’m currently working on a project to provide secure connectivity from multiple locations to a centralized server in an organization’s headquarters. I contemplated using several firewall solutions, or building one using Debian. After building some containers on Alpine, I figured why not just use Alpine itself as the gateway with WireGuard. The setup was done on a QEMU Virtual Machine on Ubuntu 24.04. I’ll then move the VM to the devices on each premises to have an always-on, auto-connected virtual tunnel that is secure. This lightweight setup allows me to spin up a gateway that does what I need quickly and efficiently with minimal hassle.
9 minutes to read

Part 4 - Setting up Caddy Reverse Proxy

Following Part 3 of the series, the final component to be set up is the Caddy reverse proxy. I previously used traefik and while it worked, there were a few hiccups I encountered. I can’t recall the exact issues I ran into, but they were enough for me to switch things up this time. On this particular VPS, I won’t be running many services so auto-discovery is irrelevant. I’m binding each service to a specific IP and port, then using Caddy to reverse proxy to them, which simplifies a lot of the management and admin. Caddy also handles automatic certificate renewal with my custom CA using the ACME endpoint I set up earlier, so that’s an added bonus.
3 minutes to read

Part 3 - Setting up Smallstep CA

Following Part 2 of the series, the second component to be set up is the Smallstep Certificate Authority server. Smallstep is a lightweight CA I use to issue and manage TLS certificates for my internal services. It makes it easy to automate cert handling without relying on external CAs such as Let’s Encrypt, nor do I have to reveal details about my domain names to the public.

The Docker Compose file and configuration of Smallstep is located in /containers/smallstep base folder.

4 minutes to read

Part 2 - Setting up AdGuard Home

Following Part 1 of the series, the first component to be set up is the AdGuard Home DNS server. I chose this because it also blocks ads and unwanted services which enables my VPN clients to have a better web browsing experience. Aside from this, I get a useful GUI to view resolutions requests and to configure custom domains in an easy-to-use manner. I did contemplate utilizing dnsmasq but finally decided on AdGuard Home.
4 minutes to read

Part 1 - Custom CA with Smallstep on a VPS

I am in the process of rebuilding my personal Certificate Authority using Smallstep on a cloud VPS. My previous VPS was running for a few years but I didn’t document how I got the whole concept working. This time around, I decided to jot my notes down so I can replicate this back in the future if needed. This time, I also decided to make a little change to my setup, that is changing from traefik to caddy, not because traefik doesn’t work but I just wanted consistency across all my public-facing web servers.
2 minutes to read

SSH Certificates

I’ve been using SSH certificates for years to connect to my servers no matter where they are, and they’ve always worked perfectly. I’ve used both client and server certificates, but since I automated the setup I sometimes forget the steps. This guide records the process for future reference.

What are SSH Certificates?

Just as HTTPS certificates verify our websites, SSH certificates confirm the identity of both server and user before any connection begins. When you first connect to a new SSH server, you’ve no doubt seen that warning about an unknown host key and clicked “yes” because you just created the machine and assume it’s safe. SSH certificates remove that guesswork. A trusted authority signs the server’s public key in advance, and your client automatically checks that signature on every connection. On the flip side, the server only accepts user keys that carry a valid signature from the same authority. Certificates can include expiration dates and be revoked if necessary, giving you precise control over who can connect and for how long. With SSH certificates in place, there’s no need to blindly trust that initial prompt.

5 minutes to read

D 5E Character - Wolverine - Building

About This Build
This build explores the design of Tharn Wildvein, a Half-Orc Barbarian in Dungeons & Dragons 5e inspired by the essence of Wolverine — the feral loner, the unstoppable survivor, the relentless fury in the face of overwhelming odds.

Rather than a direct adaptation, this is a fantasy reinterpretation: a savage warrior whose power is not bestowed by science or sorcery, but awakened by rage, trauma, and unrelenting instinct. His body is the weapon — muscle, claw, and willpower forged through countless battles.

4 minutes to read

DND 5E Character - Iron Man - Building

About This Build
This build explores the design of Jaxen Vantrell, an Armorer Artificer in Dungeons & Dragons 5e inspired by the concept of Iron Man — especially the Heroes Reborn saga, where the character’s brilliance, adaptability, and sheer variety of power suits took center stage.

Rather than a direct conversion, this is a high fantasy reimagining of the archetype: a genius arcane engineer who doesn’t rely on destiny or lineage, but on crafted armor, magical augmentation, and relentless iteration. Every infused item, every armor model, every spell reflects a different version of “the suit” — modular, reactive, and purpose-built.

4 minutes to read

DND 5E Character - The Darkness

Design Note
Zareth Kael is a personal homage to one of my all-time favorite characters — The Darkness, from the Top Cow comic series. I read the entire run starting from the 1990s, and the idea of a reluctant antihero bound to an ancient, sentient force of shadow left a permanent impression on me.

In reimagining this concept within 5E, I wanted to portray the Darkness not just as a weapon or curse, but as a primordial entity — protective and parasitic, elegant and monstrous. Its presence isn’t loud or overt, but it shapes every moment Zareth lives through, watching from behind a cracked mirror and whispering between spells.

7 minutes to read

DND 5E Character - The Darkness - Building

About This Build
This step-by-step breakdown traces the mechanical and narrative design behind Zareth Kael, my reinterpretation of The Darkness comic character in Dungeons & Dragons 5e. As someone who grew up reading The Darkness from the 1990s onward, this project is more than just a character — it’s a tribute to one of my favorite antiheroes.

I wanted to explore how Jackie Estacado’s cursed, sentient power could be expressed through official 5e mechanics, while leaning into my current interest in flawed, complex protagonists. This build is designed for a homebrew game I may run someday — dark, thematic, and soaked in psychic tension.

5 minutes to read

Soulbound Earthdawn

Earthdawn Reforged – A Heroic Take on a Legendary World

What happens when you take the lore-rich world of Earthdawn and explore it through the lens of Age of Sigmar: Soulbound’s heroic engine?

Welcome to Earthdawn Reforged — a personal design experiment where I’m reimagining the Earthdawn setting using the mechanics of Soulbound. This isn’t a full system rewrite or community project — just something I’m exploring for my own creative enjoyment, to see how the themes of survival, horror, and magical legacy can play out in a more fast-paced, cinematic system.

6 minutes to read

Wireguard Peer

Once your server is up and running, you can configure a peer. The process is nearly identical to setting up the server—allowing you to easily replicate these steps for adding multiple peers. As always, ensure that all commands are executed as the root user.

Generate keys

Each peer requires a unique public/private key pair to establish identity and secure connections, just like the server . Run the following commands to create the required files:

4 minutes to read

Wireguard Server

Refer to this article for a brief overview, prerequisites, and server details. Ensure you run all commands as the root user.

Generate keys

Each server requires a unique public/private key pair to establish identity and secure connections. Run the following commands to create the required files:

(umask 0077; wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey)
wg genpsk   # Generates a preshared key for Peer A (adds an extra layer of encryption)

Create configuration file

Create a configuration for the new interface. In Wireguard, the configuration file’s name determines the interface name. For example, if you create /etc/wireguard/wg0.conf, the interface will be named wg0.

4 minutes to read

Wireguard

For my VPN setup, I lean towards using Wireguard because it’s straightforward to configure and delivers great performance. This guide serves as a personal reference for when I need to set up Wireguard again—whether as a server or a client. While I typically run Ubuntu on my production servers, my personal homelab runs Archlinux. Although this guide is focused on Archlinux, the process is essentially the same on Ubuntu, aside from the installation details.
2 minutes to read

One Hero Engine

🛡️ One Hero Engine – Core Rulebook (v 0.12)

A solo-focused, narrative-driven RPG for mythic storytelling, bold decisions, and immersive worldbuilding. Designed to be lightweight in mechanics and rich in expression, One Hero Engine puts the story in your hands—no game master required.


Part I: Creating Your Hero

1. What Is One Hero Engine?

One Hero Engine (OHE) is a solo tabletop roleplaying system where you take the role of a single hero facing challenges, enemies, and unknown fates in a dynamic, mythic world.

22 minutes to read