easeKItMAn

@easeKItMAn@lemmy.world

• ⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  I used VMs some time ago but never managed to look deeper into separation of base vs VMs. Hence I can’t assess this reasonably.
  Docker got me interested when it started and after discovering its networking capabilities I never looked back.
  Basically I’m trying to minimize the possibility that by intercepting one dockerized service the attacker is able to start interacting with all devices. And I have lots of devices because of a fully automated house. ;) My paranoia will ensure the constant growth of privacy and security :)

• ⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Guessing it is more a habit from back in time when ssl certification wasn’t common. Panic of MITM attacks, friends sharing their trusted access to other friends, etc. all contributed to my actual status of paranoia.
  Don’t make me reconsider my cybersec approach ;)

• ⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Rotating passwords only for web services. Vaultwarden does make it easy. Not all services allow 2FA.

• ⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  I’m somewhat paranoid therefore running several isolated servers. And it’s still not bulletproof and will never be!

  • only the isolated server, ie. no internet access, can fetch data from the other servers but not vice versa.
  • SSH access key based only
  • Firewall dropping all but non-standard ports on dedicated subnets
  • Fail2ban drops after 2 attempts
  • Password length min 24 characters, 2FA, password rotation every 6 months
  • Guest network for friends, can’t access any internal subnet
  • Reverse proxy (https;443 port only)
  • Any service is accessed by a non-privileged user
  • Isolated docker services/databases and dedicated docker networks
  • every drive + system Luks-encrypted w/ passphrase only
  • Dedicated server for home automation only
  • Dedicated server for docker services and reverse proxy only
  • Isolated data/backup server sharing data to a tv box and audio system without network access via nfs
  • Offsite data/backup server via SSH tunnel hosted by a friend
• ⁨Comment⁩ on ⁨AdGuard/PiHole Blocklists merge duplicates⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  If I’m understanding you correctly, you could make use of a shell script for this. Use WGET to download lists, then combine them into a single large file, and finally create a new file with no duplicates by using “awk ‘!visited[$0]++’”

  wget
  cat *.txt > all.txt (This overwrites all.txt) awk ‘!visited[$0]++’ all.txt > no_duplicates.txt

• ⁨Comment⁩ on ⁨Users of PiHole/AdGuard/Blocky, what blocklists are you using?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  It depends a bit on what you want to accomplish, the threat model, the devices in use, and other topics. I think this is a good read: avoidthehack.com/best-pihole-blocklists

  Some specific social blocklists: github.com/d43m0nhLInt3r/socialblocklists

• ⁨Comment⁩ on ⁨Getting started with self hosting - resources?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  www.home-assistant.io

  Possibly Home Assistant is able to cover your devices.

• ⁨Comment⁩ on ⁨Discover the Ultimate List of Privacy Alternatives & Tools!⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Original link:

  technomagnus.vercel.app/…/ultimate-privacy-list/

• Discover the Ultimate List of Privacy Alternatives & Tools!lemmy.dbzer0.com ↗
  Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨3⁩ ⁨comments⁩
• ⁨Comment⁩ on ⁨Artist images on Lidarr + Navidrome⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Either add an artist* image in artist folder or add an integration for fetching images

  www.navidrome.org/docs/usage/artwork/#artists

  www.navidrome.org/docs/…/external-integrations/

• ⁨Comment⁩ on ⁨Recommended hard drive monitoring (Ubuntu server) options?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  SMART value monitoring helped me finding faulty drives, not only once. And drives are tested before adding to a production system.
  Certainly system drives are separate from data drives. The latter can be perfectly monitored by SMART values.

• ⁨Comment⁩ on ⁨Recommended hard drive monitoring (Ubuntu server) options?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  If you want regular automatic hdd checks and don’t need a WebUI I recommend (smartontools)[github.com/smartmontools]

• Intel passed NUC baton to ASUS
  Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨7⁩ ⁨comments⁩
• ⁨Comment⁩ on ⁨Hiw do you observe your server funktions?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  I set up custom bash scripts collecting information (df, docker json, smartCTL etc) Either parse existing json info or assemble json strings and push it to Homeassistant REST api (cron) In Homeassistant data is turned into sensors and displayed. HA sends messages of sensors fail.
  Info served in HA:

  • HDD/SSD (size, smartCTL errors, spin up/down, temperature etc)
  • Availability/health of docker services
  • CPU usage/RAM/temperature
  • Network interface/throughput/speed/connections
  • fail2ban jails

  Trying to keep my servers as barebones as possible. Additional services/apps put strain on CPU/RAM etc. Found out most of data necessary for monitoring is either available (docker json, smartCTL json) or can be easily caught, e.g. ‘’’df -Pht ext4 | tail -n +2 | awk '{ print $1}’’’ It was fun learning and defining what must be monitored or not, and building a custom interface in HA.