Sync Zotero Library to Nextcloud

For my research, I’m using Zotero for bibliography management. It’s free, it’s great, and it fits perfectly for my needs. In this blog post, I show how to configure Zotero to synchronize your Zotero Library to Nextcloud.

For some of the research papers I’ve read during my research activities, there are several (mostly, but not always, similar) versions, for some other papers it is very difficult to find the document. Therefore, I decided to always keep a digital copy of the document I’ve just read, just to ensure to be able to access the exact same version I have accessed before. Zotero allows for attaching files to an entry, and furthermore allows for synchronizing the library as all as the attachments. While synchronizing the bibliography entries meta data (authors, title, …) seems to be free and unlimited, only 300MB of document storage are for free per account. Zotero offers paid plans to increase the storage limit, or to use own, WebDAV based, storage.

Since I have a running Nextcloud instance with WebDAV support, I decided to use my Nextcloud for the synchronization. Actually, it is quite easy to configure it accordingly, however, I spent some time on finding that out and there are also some open posts in the Zotero forums, therefore I’m going to document my solution here.

Configuring the Synchronization of your Zotero Library to Nextcloud

First, we need to create a folder in Nextcloud. Please note that Zotero requires the path to end with zotero. Also consider if you want to use your global Nextcloud credentials (which I don’t recommend to do) or to create a dedicated shared folder for this, which will provide you with extra credentials just for this purpose. Since the name of the folder configured to be shared does not show up in the URL, within the shared folder there has to be the zotero folder containing the actual synchronized attachments.

In my Nextcloud instance, I created a folder PhD/Zotero/zotero and configured and configured the directory PhD/Zotero to be accessible and editable using a link. The link then should look like this:

Now, in Zotero client, configure Sync (Edit -> Preferences -> Sync) as follows: Set File Syncing mode to WebDAV, as URL put, and as username as well as password use the sharing secret (the last part of the URL). That should be it.


The URL is correct when using a sharing secret for the credentials. When using the actual account username and password, the URL is


Kubernetes Cluster on Hetzner Bare Metal Servers

If you want to run your own Kubernetes Cluster, you have plenty of possibilities: You can set up a single node cluster using minikube locally or on a remote machine. You can also set up a multi node cluster on VPS or using managed cloud providers such as AWS or GCE. Alternatively, you can use hardware, e.g. Raspberry Pis or bare metal servers. However, without the functionality provided by a managed cloud provider, it is difficult to take full advantage of the complete high availability capabilities of Kubernetes. We have tried – and present here the instructions for a highly available Kubernetes cluster on Hetzner bare metal servers.

Read more “Kubernetes Cluster on Hetzner Bare Metal Servers”

GitLab on a DiskStation

Sometimes, regardless of the possibilities offered by “the cloud”, you want to host important services yourself. For me as a software and DevOp engineer, this applies to my source code. For this reason, I host my GitLab instance myself. Since the GitLab package for DSM provided by Synology is outdated, I will explain here how to install the latest version of GitLab on a DiskStation using Docker.

Read more “GitLab on a DiskStation”

Ansible Role for tinc VPN

When setting up Kubernetes clusters, it makes sense for the individual nodes of Kubernetes to live in the same private network. If Kubernetes is set up on bare metal machines from suppliers such as Hetzner, it may not necessarily be possible to set up a common network of this kind natively. This is where tinc comes in: it makes it very easy to set up a virtual network across all participating nodes. To keep the configuration of tinc parallel to that of Kubernetes (I use Kubespray for my Kubernetes setup), I developed an Ansible Role for tinc VPN and made it available on GitHub.


  • Installing and setting up tinc VPN service
  • In-place private key generation (private keys are never copied)
  • Support for additional nodes where host machines are not covered by the playbook
  • Support for custom routes for the VPN interface
  • Support for joining existing bridge interfaces on the host machine
  • Custom scripting for up/down hook scripts


For setup instructions or a tutorial how to use my Ansible Role for tinc VPN please check the README. It always contains the up-to-date instructions for using this role and will be updated, if new features come up.


FritzBox LAN 2 LAN VPN with StrongSwan

There are a lot of instructions available on how to connect your FritzBox to a server via VPN. But since it took me a long time to find a working tutorial myself, here again a post describing how to set up a FritzBox LAN 2 LAN VPN with StrongSwan (based on the site

Read more “FritzBox LAN 2 LAN VPN with StrongSwan”