tux7350

@tux7350@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Would we be able to use the measles virus to reset the immune systems of people with autoimmune disorders like MS or rheumatoid arthritis?⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
Did you watch ‘I am Legend’? This is exactly what starts the apocalypse lol

Side note, book was waaaayyyyy better
⁨Comment⁩ on ⁨Multi zone and domain setup question.⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:

The routers or computers you are using for this have to support forwarding traffic. With Linux this is pretty straight forward for other OSes I’m not sure how easy it is.

You can get around this by having tailscale installed on the default gateway (router) of each network. It might be quite a pain for OP to change routers at each location. On the plus side, OpenWRT has some other cool features like PXE booting.

Here is an article about tailscale on an OpenWRT router.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
:3
⁨Comment⁩ on ⁨Just created my own zero trust network!⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Ahhh interesting video! I appreciate the post. I see the mTLS is more about authenticating who the client is outside the application.

Don’t worry, Im not just exposing thing willy nilly 🤣 For client-side authentication I use Authentik combined with 2FA, Duo, and fail2ban. Authentik provides identity management through LDAP to jellyfin and any sign in request goes to MFA and you get a Duo notification to approve. You can do other MFA, i just havent set it up.

Ive got a lot of family who use my server. Asking them to install a TSL cert on every machine would be impossible. My method also monitors all sign in requests. Setting up Authentik was a hugggeee game changer for me.
⁨Comment⁩ on ⁨Just created my own zero trust network!⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Well ya know this is a forum and I was trying to engage in a friendly conversation to learn about something you brought up.

But yeah I know how to fucking Google lol
⁨Comment⁩ on ⁨Just created my own zero trust network!⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Oooo ya know I actually don’t know about these. I’ve done both A and B for my homelab and C for work.

Any good resources / insight into mTLS? I appreciate the response btw!
⁨Comment⁩ on ⁨Just created my own zero trust network!⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Ya got three options.

Option A is to create your own certificate that is self-signed. You will then have to load the certificate into any client you want to use. Easier than people realize, just a couple terminal commands. Give this a go if you want to learn how they work.

Option B is to generate a certificate with Let’s Encrypt via an application like certbot. I suggest you use a DNS challenge to create a wildcard certificate.

Option C is to buy a certificate from your DNS provider aka something like cloudflare.

IMO the best is Option B. Takes a bit to figure it out but its free and rotates automatically which I like.

I like helping and fixing stuff, if you’d like to know anything just ask :D
⁨Comment⁩ on ⁨The good old days⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
( ͡° ͜ʖ ͡°)
⁨Comment⁩ on ⁨Vintage gaming advertising pictures: a gallery⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Might not be exactly vintage but it is getting close to 20 years old (ouch my age).

The Halo 3 advertising campaign.

And specifically this “Believe” video.

I cannot describe the emotions of excitement I felt for this game to be released. Waiting for the midnight release for this game is still one of my favorite memories haha. And once we got the game, the hours and hours of fun with friends… really was something looking back on it.
⁨Comment⁩ on ⁨Unless users take action, Android will let Gemini access third-party apps⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I use a smart watch for contact less payments ¯\_(ツ)_/¯
⁨Comment⁩ on ⁨My reason for wanting HomeAssistant and a locked down VLAN...⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I wish I had setup an identity management system sooner. Been self-hosting for years and about a year ago took the full plunge into setting up all my services behind Authentik. Its a game changer not having to deal with all the usernames and passwords.

In a similar vein, before Authentik, I used Vaultwarden to manage all my credentials. That was also a huge game changer with my significant other. Being able to have them setup their own account and then share credentials as an organization is super handy.
⁨Comment⁩ on ⁨You got it, buddy⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Yeah its awful. Ive had the BV situation happen with two different partners. And God forbid, you bring up anything thats considered outside the heterosexual spectrum in an educational setting. Could you imagine if men were taught about the possibilities of the prostate in a judgement free environment?
⁨Comment⁩ on ⁨Friendly reminder that Tailscale is VC-funded and driving towards IPO⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Thats just how IPv6 works. You get a delegate address from your ISP for your router and then any device within that gets it own unique address. Considering how large the pool is, all address are unique. No NAT means no port forwarding needed!
⁨Comment⁩ on ⁨I hope i don't get downvoted for this⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
That is the Forest Spirit from the movie Promcess Mononoke. Wonderful movie if you haven’t seen it! Watches more like a Disney movie than an anime.
⁨Comment⁩ on ⁨Steam Deck / Gaming News #16⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
This is amazing!! Thank you for the hard work 😁
⁨Comment⁩ on ⁨Horror⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Windsurfing? 🏄‍♀️
⁨Comment⁩ on ⁨Help with 504 Error and UFW+NPM Setup on AlphaVPS⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
The rules still apply to the host, just not inside the container. Docker is just ignoring the rules. If you block all ports but then have port 81 open like you do in that section of docker compose, you would think that UFW would block docker but thats not the case. Going to yourip:81 will show then NPM gui, even if you specifically use ufw to block 81. If you only expose port 80 and 443, you should be fine. Your NPM container would have to be compromised then they would have to break out of the container.

Also I think your issue is with your DNS. You should have an A record for the IP pointing to example.com and then a CNAME record pointing to sub.example.com
⁨Comment⁩ on ⁨Help with 504 Error and UFW+NPM Setup on AlphaVPS⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Docker completely ignores UFW rules. If you check your ip tables you’ll see docker rules are put in before UFW. For the 504 though, it sounds like traffic is not getting to NPM. Have you routed ports 80 and 443 to the docker container?
⁨Comment⁩ on ⁨Security of running Headscale on a VPS⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I use headscale on a VPS as an ingress point into my network and I love it. On top of headscale, I use two instances of traefik to make my network. I have one instance of traefik running on the vps which runs a couple of services that I want running 24/7(headscale-ui is nice). It pulls a subdomain certificate for TLS. So any services under say *.vps.example.com get routed to the VPS.

Then I have a wildcard TCP rule pointing the rest of the network traffic to my home server through headscale. My home server is running another instance of traefik where all my services are running. This pulls another wildcard cert for the rest of the *.example.com subdomains.

Cool thing about this setup is I can now have my DNS server rewrite *.example.com to my servers LAN IP. Now when my device is home, it works even when WAN is out. But when I’m out and about, it hits the public DNS and goes through my VPS. With traefik I can write a not !ClientIP rule and essentially block the VPS. Now I can host a service at home but also block it from being accessed from the public. But if I need access to the LAN remotely, I can just use a tailsacale client and get into headscale and see everything.

Its an odd network, but it’s super flexible and works very well for my use case. If you have any questions I’d love to help you set something like this up :D
⁨Comment⁩ on ⁨I present: Managarr - A TUI and CLI to help you manage your Servarr instances⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Lol how funny. I was also very into modding the PSP growing up. I had a couple of Pandora batteries. The only reason I caught onto it was because my name is also Alex haha hello fellow Alex!
⁨Comment⁩ on ⁨I present: Managarr - A TUI and CLI to help you manage your Servarr instances⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
… are you the DaX from the PSP modding scene?!
⁨Comment⁩ on ⁨Docker firewall question⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Oh boy I went down this same rabbit hole awhile ago. Here is a git repository that will explain why this happens and also offers a fix on how to modify your IP tables to ensure that docker respects the UFW.

Docker and UFW
⁨Comment⁩ on ⁨Why do all languages share the same intonation for questions?⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Can you tell me more?
⁨Comment⁩ on ⁨Nintendo Targets YouTube Accounts Showing Emulated Games⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Which switch emulator do you use? I’m pretty savy with Linux and run it on my desktop but haven’t really taken the dive to set any of them up. Metroid has been calling my name lately and I’m thinking it’s now or never. Got any suggestions?
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
35k for a base Kia? Hell naw, I bought a fully loaded 2024 hyundai elentra hybrid for 34k out the door. Base Kia K4 is 22k plus tax title and reg. That’s like almost a third less than what I paid lol