3·
2 months agothe best way to learn is by doing!
- 0 Posts
- 36 Comments
Joined 1 year ago
Cake day: June 20th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I just built my own automation around their official documentation; it’s fantastic.
https://www.wireguard.com/#conceptual-overview
vyatta and vyatta-based (edgerouter, etc) I would say are good enough for the average consumer. If we’re deep enough in the weeds to be arguing the pros and cons of wireguard raw vs talescale; I think we’re certainly passed accepting a budget consumer router as acceptably meeting these and other needs.
Also you don’t need port forwarding and ddns for internal routing. My phone and laptop both have automation in place for switching wireguard profiles based on network SSID. At home, all traffic is routed locally; outside of my network everything goes through ddns/port forwarding.
If you’re really paranoid about it, you could always skip the port-forward route, and set up a wireguard-based mesh yourself using an external vps as a relay. That way you don’t have to open anything directly, and internal traffic still routes when you don’t have an internet connection at home. It’s basically what talescale is, except in this case you control the keys and have better insight into who is using them, and you reverse the authentication paradigm from external to internal.
Talescale proper gives you an external dependency (and a lot of security risk), but the underlying technology (wireguard) does not have the same limitation. You should just deploy wireguard yourself; it’s not as scary as it sounds.
Fail2ban and containers can be tricky, because under the hood, you’ll often have container policies automatically inserting themselves above host policies in iptables. The docker documentation has a good write-up on how to solve it for their implementation
https://docs.docker.com/engine/network/packet-filtering-firewalls/
For your usecase specifically: If you’re using VMs only, you could run it within any VM that is exposing traffic, but for containers you’ll have to run fail2ban on the host itself. I’m not sure how LXC handles this, but I assume it’s probably similar to docker.
The simplest solution would be to just put something between your hypervisor and the Internet physically (a raspberry-pi-based firewall, etc)
+1 for cmk. Been using it at work for an entire data center + thousands of endpoints and I also use it for my 3 server homelab. It scales beautifully at any size.
19·6 months agoThat is usually more incompetence than malice. They write a game that requires different operation on amd vs Nvidia devices and basically write an
If Nvidia: Do x; Else if amd: Do Y; Else: Crash;
The idea being that if the check for amd/Nvidia fails, there must be an issue with the check function. The developers didn’t consider the possibility of a non amd/Nvidia card. This was especially true of old games. There are a lot of 1990s-2000s titles that won’t run on modern cards or modern windows because the developers didn’t program a failure mode of “just try it”
You would expose a single port to multiple vlans, and then bind multiple addresses to that single physical connected interface. Each service would then bind itself to the appropriate address, rather than “*”
You should consider reversing the roles. There’s no reason your homelab cannot be the client, and have your vps be the server. Once the wireguard virtual network exists, network traffic doesn’t really care which was the client and which was the server. Saves you from opening a port to attackers on your home network.
Sorry I should have said “carbons and carbons related qol extensions”
Did you ever get carbons working properly? (As in, mobile and desktop clients of the same user both getting messages and marking as read remotely between them)
4·7 months agoI support your position in principle, but canceled my own nitro when they did the android app redesign. It went from really snappy (respecting system animation scale settings) to completely ignoring them. It feels like molasses compared to every other phone app that operates at the system set 0.25 animation scale.
They also completely broke foldable support, and if your device changes aspect ratios inside a chat, you have to restart your client to get it to behave correctly again.
The enshittification is real and I am voting with my wallet.
Xmpp is by design, an extensible protocol. There just doesn’t seem to be any motivation to develop for it.
341·8 months agoespecially true for when manufacturers stop supporting the console you invested into, stops making replacement parts, issuing security patches, etc. Having the ability to make, repair and use copies of the games you purchase is critical to digital preservation.
There are also full-suites like rancher which will abstract away a lot of the complexity
How has nobody in this thread said check_mk yet?
It’s free, you host it yourself. It’s built off of nagios, compatible with nagios plugins, supports snmp or agent based checks. It can email, SMS, slack or discord you when something breaks, you can write your own custom checks in any language that can output to a local console… I could never imagine even looking for something else.
7·9 months ago“The tryhard poopsock”
has xmpp figured out carbons yet between multiple clients? also are there any good mobile clients?
If one doesn’t exist, it would seem to be a fairly straightforward (if not a smidge tedious) thing to implement. Ever thought about learning web development?
TL/DR he wants to move the touchback to the 35