what the fred

A brief list of the stuff I used to replace my MacBook Air with a Chromebook.

why would you do this

I'm cheap. Macs are expensive. I do web stuff. Also, I'm curious.

This works for me, it may not work for you.





Started on $5/month droplet, moved to $10 for $REASONS. I like their DNS, it's pretty.

CentOS 7.3

It's Not Ubuntu™.

Backups: Dropbox

Everything from the old machine. Runs in Docker because the daemon is weird and full of terrors.

Web Server: Caddy

Blag: Ghost

Already had this elsewhere. Runs in Docker because $REASONS.

# Caddyfile

host fff.red { 
  proxy /

how 2 connect?

I know vim, and files over ssh still sux.



Roaming & because I'm an emacs org-mode junkie.


I love/hate tmux but losing your emacs session is ಠ__ಠ

the deep nerdzone™

It's 2016 2017, let's hit all the modern standards.


There's no place like [::1]. Came out in 1998.

Easy with DigitalOcean, just check the IPv6 box before you create the droplet.

dig -t AAAA fff.red

fff.red.                1799    IN      AAAA    2604:a880:800:a1::62:b001

SSL Labs grade A+

Caddy+LetsEncrypt did this out of the box.

securityheaders grade A

Implementing this: here be dragons. Screwing up Public-Key-Pins can/will break SSL to your site.

# From my Caddyfile
    header / {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; script-src 'self' code.jquery.com; media-src *"
        Public-Key-Pins "pin-sha256=\"ckOIjdimiwD3mfMmkmCh7uiJCBtXvoqoBoKKB1K5UIM=\"; pin-sha256=\"QiTyymM4e635OgWkx9d7nq5xvEuqmgV7HiDjIIGyymo=\"; max-age=2592000"
        X-Frame-Options SAMEORIGIN
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options nosniff