Debian 13 was released in August 2025. I don't upgrade my servers right away to new version. I wait a few months and in the meantime tinker with new Debian in virtual machine on my desktop. This helps me to identify, if there are any major bugs in the software that I use in my homelab. In this post I will demonstrate how to upgrade Debian 12 "Bookworm" to Debian 13 "Trixie".
OS used: Debian 12, Debian 13
When creating a virtual machine you can utilize swapfile on a disk as a precaution in case the VM runs low on RAM. In such configuration Linux system will use disk space as extra RAM. However, this has an undesirable effect that when disk is used as RAM the whole system can slow down. Generally if your VM is using swap then it's a good indicator to increase RAM. But if you don't have a possibility to increase RAM, then a method to prevent system slow down is to use zram as swap. Zram in this case can be treated as swap partition kept in RAM that will contain compressed data. This compression has some small performance penalty but allows to utilize more RAM than VM physically have. This post will show how to create swap using zram.
OS used: Debian 12
Software used: zram-tools 0.3.3.1
Virtual machine deployment in Proxmox can be achieved faster by creating virtual machine template with desired settings and then cloning this machine. This new virtual machine requires some changes after cloning so to speed-up this process Ansible can be used. Example how to do this will be shown in this article.
Software used: Proxmox 8, Debian 12 cloud image, Ansible 2.14.3
This post demonstrates how to quickly create and afterwards clone virtual machine in Proxmox using Debian cloud image. When not using cloud image, more time must be spent after cloning virtual machine: you need to recreate SSH keys (cloning virtual machine doesn't change host SSH keys and that can cause problems with SSH connection to VMs cloned from same template machine), create new user with SSH access, change partition size when you resize disk in Proxmox, set hostname. All of this can be easily achieved with Debian cloud image because it is using cloud-init and Proxmox has built in support for it. This instruction is for creating virtual machine from cloud image on Proxmox with ZFS filesystem.
Software used: Proxmox 8, Debian 12 cloud image
This article shows how to setup encrypted Proxmox hypervisor with remote decryption through SSH. It's useful if you want to protect your data and all virtual machines in case of physical theft of your homelab server. Keep in mind that in order to decrypt the system (for example after system reboot) you need to log in through SSH and enter decryption password.
OS used: Debian 12
Software used: Proxmox 8, KeePassXC 2.7.4
KeePassXC is a password manager to securely store passwords in encrypted database. KeePassXC also enables securing SSH keys by storing private keys within its encrypted database while only public keys are present on disk. With such setup in order to connect to remote host, KeePassXC database should be opened and keys will be loaded to ssh-agent. Then connection to remote host using SSH will be possible. After closing KeePassXC database keys will be removed from ssh-agent. In this post I will demonstrate how to achieve such setup.
OS used: Debian 12
Software used: KeePassXC 2.7.4
Having a server, it's a good practice to protect it from power supply failures. Solution for such case is to use UPS. Occasionally power down can last longer than UPS battery capacity and then it's recommended to gracefully shutdown server. In order to accomplish this, UPS needs to have some kind of connection with the server (common one is USB) and on the server dedicated software must be installed. Some UPS manufacturers have their own software, but if we have a less common model or an older UPS, than a good solution is to use open source software such as NUT (Network UPS Tools). Big advantage of NUT software is that we can use one software to manage UPS devices from different manufacturers. NUT software is in standard Debian repositories so it's easy to install and can be used on Proxmox hypervisor which is based on Debian. This way, we can have nice homelab hypervisor connected to UPS for protection against power supply issues. In this article I will be using UPS Socomec NPE-0650.
OS used: Debian 12
Software used: nut 2.8.0
Hardware used: UPS Socomec NPE-0650
Fail2Ban is a software that scans logs files and can ban IP addresses, for example with too many failed login attempts. Ban is done by updating system firewall rules to reject connections from those IP addresses for a configurable amount of time. This functionality is really useful to protect your server from brute force attacks. In this article we will look at how to protect one of the most important service which is SSH using Fail2Ban.
OS used: Debian 12
Software used: fail2ban 1.0.2
sudo and su commands with YubiKeySometimes you would like to have a more secure sudo or su command, especially if you are a developer and often use docker (that you run with root privileges). Solution that will give you a little more peace of mind if you are attacked by some kind of malware with keylogger. Answer to this case is using YubiKey for protecting sudo or su command. In the following article I will show how to setup a configuration in which sudo or su command will need standard password and touch of YubiKey present in USB port.
UPDATE 2025-01-25: Added paragraph "Bonus 3" at the end of article describing how to have PAM configuration regarding YubiKey in separate file and include it in PAM configuration files.
OS used: Debian 12
Software used: libpam-u2f 1.1.0
Hardware used: YubiKey 5 NFC