The funny part is that they sell it as modern yet they use Java like if it was a banking software from the 90’s. Thanks for the tip.

Nextcloud Music (…) Downside: it is Nextcloud.

It’s so hard to have a SMB share with one folder per game. The solution is obviously to run 4000 docker containers.

Yeah because apparently it is too hard to double click on setup.exe but using a docker is okay.

So, looks like tons of HTTP services and SSH.

Great, but what services are you hosting ? What ports you need?

Yeah, those may work. Since you’ve one how does it look like? Are there blocked ports line SMTP? Are the IP good / aren’t blacklisted everywhere already? Thanks.

This means I don’t need to mess around with QBT’s “proxy” settings?

No, you don’t. In short, trackers will look at the source address of the incoming connection on their side, that means you VPS IP because you’re doing NAT on the VPS.

Just make sure qBittorrent is restricted to the WG interface and nothing else.

but without nix it’s a pita to maintain through restores/rebuilds.

No it isn’t. You can even define those routing polices in your systemd network unit alongside the network interface config and it will manage it all for you.

If you aren’t comfortable with systemd, you can also use simple “ip” and “route” commands to accomplish that, add everything to a startup script and done.

major benefit to using a contained VPN or gluetun is that you can be selective on what apps use the VPN.

Systemd can do that for you as well, you can tell that a certain service only has access to the wg network interface while others can use eth0 or wtv.

More classic ip/route can also be used for that, you can create a routing table for programs that you want to force to be on the VPN and other for the ones you want to use your LAN directly. Set those to bind to the respective interface and the routing tables will take place and send the traffic to the right place.

You’re using docker or similar, to make things simpler you can also create a network bridge for containers that you want to restrict to the VPN and another for everything else. Then you set the container to use one or the other bridge.

There are multiple ways to get this done, throwing more containers, like gluetun and dragging xyz dependencies and opinionated configurations from somewhere isn’t the only one, nor the most performant for sure. Linux is designed to handle this cases.

In terms of homelab stuff, I know a lot of people appreciate the containerized approach.

What I said applies to containerized setups as well. Same logic, just managed in a slightly different way.

Just fire up Wireshark and inspect what Firefox calls, a lot of calling home and even if you change all the settings and config parameters to something sane it will still contact a 3rd party analytics company. Mozilla also acquired an ad analytics company recently for some reason.

Yeah repositories and FTP don’t include that, but it is kind shady that the first way to get it (website) for the majority of regular users (Windows/macOS) has a unique ID - after all this is the company that goes all in for privacy…

Nothing, not everyone liked it, the only difference is that my comment would result in a shit show of downvotes last week while not people are starting to realize what Mozilla/Firefox really is. Mozilla was never the “all savior” pained them to be and it only took Wireshark and a couple of minutes to see it.

No no, guys Mozilla are the good guys. They never did something nasty like bundling tons of spyware and 3rd party calls with Firefox nor adding unique IDs to every installation. Mozilla also acquired an ad analytics company recently for some reason.

By “set up wireguard to route through the VPS” you mean having wireguard forward a port from the VPS to a port on the homeserver at its wireguard IP address?

Yes, he means that.

qBittorrent will still need to publish the right IP address to peers though, right? So I will need to configure the proxy VPS’s IP address in qBittorrent…

No. For most things qBittorrent does public IP detection. For the rest your VPS will be doing NAT between the WG interface and the public internet. This means your qBittorrent client sends outgoing packets with the source address of your WG private IP and then the VPS will change those to it’s public IP address.

The thing you must be careful about is that you need to restrict qBittorrent to only send and receive traffic on the WG interface, otherwise it will be using both. You can do it in the settings, but the safest way is to do it at the container setup or systemd service level and completely hide any interface that isn’t the WG one from it.

You can force all outgoing traffic to use the VPN interface via iptables/routes (meaning if it doesn’t exist or doesn’t work nothing will be able to access the internet) OR use systemd globally hide the non-VPN network interface from all services except for the VPN client.

All of that can be achieved with simple systemd or iptables/routes tweaks. You can force all outgoing traffic to use the VPN interface via routes (meaning if it doesn’t exist or doesn’t work nothing will be able to access the internet) OR use systemd globally hide the non-VPN network interface from all software except for the VPN client.

Hm, so now people suddenly notice and care about this? lol

Exactly that’s a job for the parser / consumer.

No, I’m kind of serious, the comment situation is already solved in JSON… about the rest yeah, Yaml might be easier but the different isn’t that much. Non tech people can’t edit Yaml properly either so.