MacOS on /var/log/janio

SOPS + age: Declarative, Secure Secrets Management Without GPG Headache

Tue, 26 May 2026 07:00:00 +0000

As I previously discussed in my post on secret management in macOS and Linux, the real challenge of managing keys and tokens isn’t the encryption itself, but reducing accidental leakage without turning the sysadmin’s daily routine into a bureaucratic nightmare. Over the last few years, however, a duo of tools has gained significant traction and completely changed this dynamic: Mozilla SOPS and age. Together, they enable a declarative, GitOps-friendly, and extremely secure approach with virtually zero friction. This post is a detailed look at how these tools work and how to integrate them practically into your daily workflow.

Secret Management on macOS and Linux: a Practical-Theoretical Approach

Sun, 17 May 2026 11:54:00 +0000

At some point in the life of almost every sysadmin, there comes a slightly uncomfortable realization: too many secrets are scattered across the environment.

A password inside a .env file here, a token buried in shell history there, a forgotten webhook inside a docker-compose.yml, an API key hardcoded into a “temporary” script that somehow survived for two years in production. None of those things seem catastrophic individually. The problem is that infrastructure rarely collapses because of one gigantic mistake; most of the time, it collapses under the accumulated weight of dozens of tiny operational shortcuts.

Automatically deleting emails in Apple Mail with AppleScript + launchd

Mon, 30 Mar 2026 20:24:00 +0000

My inbox is always full of notifications with subjects like [Ticket ID: 12345] Ticket Update. They’re useful for a few hours and then become noise. These aren’t emails that need to be archived, replied to, or revisited, so they just end up taking up mental space.

Deleting them manually is the kind of small task that never becomes a priority, but silently costs you in distraction. So I decided to treat it like any other recurring problem: automate it locally, without relying on external services, no webhooks, and no integrations. The idea is to periodically run a script that moves to the trash any messages whose subject matches a specific pattern and that are older than 48 hours.

Automatically Converting Images to WEBP and AVIF

Thu, 26 Mar 2026 22:19:00 +0000

The two previous posts built the monitoring infrastructure — WatchPaths on macOS, systemd path units and inotifywait on Linux — and promised the scripts would come later. The trigger is ready: launchd or systemd detects when something changes in a directory and fires a command. What is missing is the command itself.

This post delivers the image conversion script that those triggers will fire. The goal is simple: PNGs and JPGs go into a folder, WEBP or AVIF come out. The originals are deleted or moved, depending on the configuration. The script detects which encoders are available on the machine and picks the best one among those installed, with a fallback chain that ensures it works even when the ideal tool is not present. If no compatible encoder is found, the script tells you what to install and from which package manager.

Monitoring Files and Folders with launchd: WatchPaths in Practice

Thu, 26 Mar 2026 18:56:00 +0000

In the previous post about launchd, scheduling worked by time: StartCalendarInterval defined “every day at 7 AM” and the system took care of the rest, including recovering missed executions when the Mac was asleep. For periodic tasks like sending a daily briefing or running a maintenance script, that model works perfectly — it is the functional equivalent of cron, but integrated into the macOS lifecycle.

But not every automation makes sense tied to a clock. Some tasks only need to happen when something changes. A backup that runs every hour is wasting 23 executions per day if the database was only modified once. An image conversion that runs every 5 minutes has nothing to convert most of the time, and when it finally does, up to 5 minutes have passed since the file appeared. The time-based model works, but it is polling disguised as scheduling — and polling is almost always the least elegant solution to any synchronization problem.

Scheduling Tasks on macOS with launchd: No cron, No Workarounds

Mon, 23 Mar 2026 21:29:00 +0000

In the previous post I showed how systemd timers replace cron on Debian and Ubuntu servers with concrete advantages: integrated logging, missed execution recovery, declarative dependencies, and resource control. The logic is compelling and the migration is straightforward — as long as you are on a system running systemd. But if your daily routine includes a Mac, it is a different story.

macOS has its own scheduling system, predating systemd and built on a different philosophy. It is called launchd, it has been around since Mac OS X Tiger in 2005, and it is responsible for practically everything that runs in the background on the system — from internal Apple services to that Spotify updater you never asked to install. Despite being the official and recommended way to schedule tasks on a Mac, launchd lives in a kind of blind spot: people coming from Linux tend to reach for cron out of reflex, and Mac users without a sysadmin background do not even know the option exists.