Janik Vonrotz

Configure SAML Authentication for Nextcloud with Keycloack


The complex problems of identity and access management (IAM) have challenged big companies and in result we got powerful protocols, technologies and concepts such as SAML, oAuth, Keycloack, tokens and much more.

The goal of IAM is simple. Centralize all identities, policies and get rid of application identity stores. Not only is more secure to manage logins in one place, but you can also offer a better user experience. As the title says we want to connect our centralized identity management software Keycloack with our application Nextcloud.


Github Action for validating markdown links

GitHub Action are free computing resources to run CI/CD jobs that build, lint, test or deploy a software project. On the Awesome PowerShell I asked contributors to submit a PR for a quality check job. Not much later Frederik Hjorslev submitted a nice solution.


Automate Odoo backups with this script

Odoo’s database manager provides an simple interface to backup an odoo database (tenant). This interface can be used to run automated backups. I have created a script to easily request odoo backup archives. The script works like every other command line tool.


Backup Docker volumes with Ansible and restic

In a new assignment I’m in charge of the infrastructure for a new startup. I was given a blank canvas and decided to use Ansible and Docker from the start. Therefore I’ve setup an Ansible project containing various roles and deployment scenarios. Have a look here for details: https://github.com/Mint-System/Ansible-Playbooks. To put it simply, this project deploys open source web application as Docker containers on a target system. Currently, I am adding new features and polishing existing ones. An important role that is still missing is the backup. Having a robust and reliable backup and recovery system is key. While developing the backup system I had a few key points in mind:


Nginx WAF with ModSecurity and OWASP CRS

This tutorial explains how to enable and test the Open Web Application Security Project Core Rule Set (OWASP CRS) for use with the Nginx and ModSecurity. We are going to setup a Docker Compose project and deploy a ModSecurity enabled Nginx container with the CRS. Everything will be done using Open Source tools only.


Apollo GraphQl server and client sorting

GraphQl is not opinionated about sorting and pagination. It is up to you to implement the sorting for your query. I’ve seen various approaches doing that, but none seemed elegant. After compiling a few blog posts and tutorials I came up with the following solution.


O3M 83 - Good Dance

Let’s dance 💃


Build a stateful serverless Telegram bot - Part 2

In part 1 of this tutorial we’ve setup the initial folder structure for our chatbot and made a first deployment. In part 2 we are going to teach the bot some new commands and implement a state management for the chat dialog chain.


Build a stateful serverless Telegram bot - Part 1

For the first time in my life I bought a plant to decor my room. The plant is a Monstera, growing up to 2 meters if watered properly. It actually needs to be watered every two weeks. Now there are various options to remind myself of watering it. Installing an app, set an alarm on my phone or place a paper calendar next to the plant. But this is too easy, lets make it more complicated.


Surveillance Berlin

Last week I visited my favorite city Berlin once more. As the season changes so does Berlin. Clear and crisp air, dim lights and early sunsets brought the city into a different perspective. This time I wanted to know more about the GDR (German Democratic Republic) it’s people and the surveillance machinery. For this I visited a Stasi prison and the HQ of the security bureau. It has been a tense and also fulfilling experience visiting this places. I don’t want to talk about the GDR, but recommend everybody to read more about it. It is a remarkable historic event that has not been finished yet. Here are some pictures of the trip: