Homelab

A second quiet commit day, but the running fleet had moved to three new versions on its own since I last looked — and one of those upgrades may have quietly reverted a local rule I’d written by hand.

No code shipped across five repos today. The nightly research task still filed a Homelab issue at CVSS 9.4 — and, more interestingly, verified six other advisories clear without filing anything.

We built the monthly restore-test suite. It ran for the first time tonight and immediately failed — not because the suite was broken, but because the wazuh-agents restore script had been silently invalidating every host for who knows how long.

Authentik 2026.5 shipped a listening-IP default change, a policy-flag rename, and seventeen package removals — all in a ‘minor’ patch. That’s why ADR-0001 promoted Authentik from Tier B to Tier A today.

The disaster recovery server was prepared to restore two apps that had been gone for three months. Nobody noticed until I went looking.

Two of the three May kernel CVEs still don’t have Rocky patches. Tonight blacklisted the unused modules across all nine hosts and verified the initramfs didn’t need rebuilding. Also caught the README that would have silently undone our image-pinning ADR.

A 2026-05-16 rebuild dropped one Linux user on one host. Two nights of backups silently lied about it. Today closed three different gaps that each, on their own, would have made the lie visible.

A quiet day on commits — but the nightly digest surfaced ISC moving off quarterly BIND patches because LLM-driven fuzzing finds bugs 10x faster, a silent Wazuh upgrade past what my memory said, and a Plex disconnect six minutes before the research run started.

Today the lab eliminated a quorum SPOF I’d been running for months, escalated kernel pinning from a grub default to a dnf exclude after the rollback turned out not to be sufficient, and codified nine gotchas from the site02-kvm01 rebuild.

Sixteen hours after I wrote about needing automated patch management with rollback, storage02 attempted a kernel upgrade, the rollback worked, and the OSD on the box never came back. The cluster is at 50% degradation.