I run a homelab. I name my servers after astronomical phenomena. It runs beautifully for 2 years.
But at the same time, I committed my Authelia user database to git.
Not to a private repo with careful access controls. Just — to git. With a git add . and a push to main, the way a bootcamp student commits a .env file on their first Django tutorial.
Here's the thing about .gitignore: it works great when you're in the directory that has it. The root .gitignore said *.sqlite3. The root .gitignore was not consulted when I cd'd into /infra and typed git add . like a person who has never made a mistake before.
db.sqlite3: committed. users_database.yml, which contains every TOTP secret for every service I care about: committed. notifications.txt, a complete log of every auth event with timestamps: also committed, as a bonus.
The git log is very informative. "add: 2fa formalized" it says, cheerfully, 311296 bytes of binary database and all.
I have 2FA. It is now in version control.
What actually saves you:
A .gitignore in the subdirectory you're actually running git add . from. The five seconds of hesitation before pushing directly to main.
I now have all three.
Days since credential leak from My Homelab: 1 (and counting)
Top comments (0)