https://www.jit-c.eu/blog/ Field notes, ideas and opinions on networking, security, infrastructure and the homelab by Jitser Sevenant. en https://www.jit-c.eu/blog/could-open-source-iam-replace-active-directory-and-entra-id/ https://www.jit-c.eu/blog/could-open-source-iam-replace-active-directory-and-entra-id/ Where midPoint plus Authentik can replace the Microsoft identity stack in a hybrid Windows/Linux shop — and where it can't. A thought experiment, not a build. Mon, 15 Jun 2026 00:00:00 GMT Identity Architecture Security https://www.jit-c.eu/blog/when-your-gateway-hijacks-dns/ https://www.jit-c.eu/blog/when-your-gateway-hijacks-dns/ An internal site that wouldn't load, a resolver that was never asked, and the dead-IP query that proved a 'helpful' gateway was answering DNS behind my back. Mon, 15 Jun 2026 00:00:00 GMT DNS Security Networking Homelab https://www.jit-c.eu/blog/why-were-keeping-venv-for-now/ https://www.jit-c.eu/blog/why-were-keeping-venv-for-now/ I measured uv against our pin-everything dependency policy. It fits — and we're still staying on stdlib venv. The why is more interesting than the verdict. Mon, 15 Jun 2026 00:00:00 GMT Python Tooling AI Agents https://www.jit-c.eu/blog/giving-an-ai-agent-the-keys-safely/ https://www.jit-c.eu/blog/giving-an-ai-agent-the-keys-safely/ Wiring our identity agent into a secrets manager without handing it the kingdom — read-only by default, segregation of duties, and writes you have to mean. Sat, 13 Jun 2026 00:00:00 GMT AI Agents Security Secrets Management https://www.jit-c.eu/blog/how-the-agent-fleet-is-wired/ https://www.jit-c.eu/blog/how-the-agent-fleet-is-wired/ From a typed request to a guarded action against a real system — a walk down the stack that turns Claude Code into a fleet of homelab operators: the CLI, the shared agent-core, the agents, their skills, and the actions they perform. Sat, 13 Jun 2026 00:00:00 GMT AI Agents Architecture Homelab https://www.jit-c.eu/blog/skills-mcp-and-where-credentials-belong/ https://www.jit-c.eu/blog/skills-mcp-and-where-credentials-belong/ A simple question — do our agents need MCP? — that quietly turned into a clearer picture of skills, MCP servers, and the identity layer sitting underneath both. Sat, 13 Jun 2026 00:00:00 GMT AI Agents MCP Security https://www.jit-c.eu/blog/teaching-an-ai-agent-to-speak-technitium/ https://www.jit-c.eu/blog/teaching-an-ai-agent-to-speak-technitium/ Building a DNS skill for our network agent — and the two-layer permission model that hid our zones in plain sight. Fri, 12 Jun 2026 00:00:00 GMT Homelab DNS Automation https://www.jit-c.eu/blog/phase-2-internal-dns-and-the-bootstrap-chicken-and-egg/ https://www.jit-c.eu/blog/phase-2-internal-dns-and-the-bootstrap-chicken-and-egg/ Standing up an authoritative internal resolver as code — split-horizon, encrypted upstreams, and the moment the new DNS box couldn't resolve its own installer. Thu, 11 Jun 2026 00:00:00 GMT Homelab DNS Security https://www.jit-c.eu/blog/on-demand-docker-updates-for-when-watchtower-blinks/ https://www.jit-c.eu/blog/on-demand-docker-updates-for-when-watchtower-blinks/ Teaching my agent to update Docker stacks within policy — including the source-built ones that have no image to pull. Wed, 10 Jun 2026 00:00:00 GMT Docker Homelab Automation https://www.jit-c.eu/blog/phase-1-golden-image-and-why-seabios-won/ https://www.jit-c.eu/blog/phase-1-golden-image-and-why-seabios-won/ Building the cloud-init template every VM clones from — and learning the hard way that UEFI + cloud images + a serial console hides your boot failures. Wed, 10 Jun 2026 00:00:00 GMT Homelab Proxmox Automation https://www.jit-c.eu/blog/phase-0-read-the-house-before-you-renovate/ https://www.jit-c.eu/blog/phase-0-read-the-house-before-you-renovate/ The first phase changes nothing — it just reads live state and proves how wrong the plan already was. Discovery is the cheapest phase and the most valuable. Tue, 09 Jun 2026 00:00:00 GMT Homelab IaC Proxmox https://www.jit-c.eu/blog/rebuilding-the-homelab-as-code/ https://www.jit-c.eu/blog/rebuilding-the-homelab-as-code/ Starting a phased, infrastructure-as-code rebuild of the homelab — and pairing with an AI agent that does the typing while I keep the judgement. Tue, 09 Jun 2026 00:00:00 GMT Homelab IaC Automation https://www.jit-c.eu/blog/hardening-ssh-on-a-fresh-ubuntu-box/ https://www.jit-c.eu/blog/hardening-ssh-on-a-fresh-ubuntu-box/ The five-minute baseline I apply to every new server before it goes anywhere near a network. Fri, 22 May 2026 00:00:00 GMT Linux Security Homelab https://www.jit-c.eu/blog/why-my-homelab-lives-behind-vlans/ https://www.jit-c.eu/blog/why-my-homelab-lives-behind-vlans/ Segmentation isn't just an enterprise checkbox — here's how I split a single Proxmox node into safe zones. Fri, 08 May 2026 00:00:00 GMT Networking Proxmox Security https://www.jit-c.eu/blog/a-cisco-ise-mab-fallback-that-wont-lock-you-out/ https://www.jit-c.eu/blog/a-cisco-ise-mab-fallback-that-wont-lock-you-out/ A critical-auth VLAN so a dead RADIUS server doesn't take a whole floor offline. Wed, 15 Apr 2026 00:00:00 GMT Cisco ISE 802.1X