beerclue

@beerclue@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Ansible sounds interesting⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Oversimplifying it, Ansible playbooks are nothing more than some commands that should be run on a remote machine via ssh. Ansible knows or has modules for a variety of different package managers (apt, yum, etc) and automagically knows how to handle services or various config files.

It can get complex, but I think just the startup phase, until you have an inventory of remote machines, the ssh keys are in place, etc. I second the Jeff Geerling recommendation, his stuff is solid, both ready to use playbooks, and tutorials.

I would suggest to also look into cloudinit. Makes setting up VMs on proxmox easier, faster, more consistent, with users, networking, ssh keys, etc ready to use (by you or by Ansible).
⁨Comment⁩ on ⁨This was the theme song used in a documentary about a failed corporation. Can you name the company?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Do they make cardigans?
⁨Comment⁩ on ⁨Is it possible to set what DNS server cloudflare tunnels uses when resolving local ips?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Yeah, I think coredns offers all the options you need.
⁨Comment⁩ on ⁨C4illin/ConvertX: Self-hosted online file converter that supports 1000+ formats⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
This is a great addition to my home-lab, no more “free online convert” tools needed.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Am tot auzit și eu, da’… sursa?
⁨Comment⁩ on ⁨Cucumbers taste like the white part of watermelons⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
My family pickles watermelons, for generations. They are delicious.
⁨Comment⁩ on ⁨How do I host Jellyfin in the most secure manner possible?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I agree with you, but this was specifically about jellyfin.
⁨Comment⁩ on ⁨How do I host Jellyfin in the most secure manner possible?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I don’t think so, but don’t quote me on that. My machines come with a 65w charger.
⁨Comment⁩ on ⁨How do I host Jellyfin in the most secure manner possible?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
A micro sized PC with an i5 and 8gb or ram can cost under 100€, and it’s way more powerful compared to a pi. Power efficient too. That’s what I used for a long time for my jellyfin server.
⁨Comment⁩ on ⁨Testing vs Prod⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I personally use my home lab to test and learn, and I try to mimic a corporate environment. I have multiple instances of DNS, proxy, etc and I have a “prod” and a separate “staging” k8s environment. I try as much as possible, without going nuts about it, to update and try new changes that might be breaking in the staging cluster.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Jizăs Craist.
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I don’t think I’ve ever encountered what you say… I use WG it to access a network, not a device. I have a few dozen devices, physical and virtual, why should I set up wg on all of them? Tailscale, maybe, it’s a different story, but I prefer to “self host” and not rely on a 3rd party provider. Wireguard was relatively easy to set up too, a few years ago… and in the meantime, if I need to add a new client, it’s a two minute job.
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Right, but I have wireguard on my opnsense. So when I want to reach jellyfin.example.com, if I am at home, it goes phone -> DNS -> proxy -> jellyfin (on the same network). If I am connected to the VPN, it goes from phone -> internet -> opnsense public ip -> wireguard subnet -> local subnet -> DNS -> proxy -> jellyfin. I see some unneeded extra steps here… Am I wrong?
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Oh, I get that, but it just doesn’t make any sense to me to be physically next to the server, and connect to it via VPN…
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
My network is not publicly accessible. I can only access the internal services while connected to my VPN or when I’m physically at home. I connect to WG to use the local DNS (pihole) or to access the selfhosted stuff. I don’t need to be connected while I’m at home… In a way, I am always using the home DNS.

Maybe I’m misunderstanding what you’re saying…
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I can stay connected, still works, but I don’t think I need the extra hoops.
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I also have a different subnet for WG. Not sure I understand what you’re saying…
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Same, wireguard with the 'WG Tunnel" app, which adds conditional Auto-Connect. If not on home wifi, connect to the tunnel.
⁨Comment⁩ on ⁨Rocky rock rocking⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Ok.
⁨Comment⁩ on ⁨Rocky rock rocking⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Ok.
CVE-2025-1974: vulnerabilities that could make it easy for attackers to take over your Kubernetes clusterkubernetes.io ↗
Submitted ⁨⁨2⁩ ⁨months⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨3⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Wonder what it tastes like⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
foodporn@lemmy.world :)
⁨Comment⁩ on ⁨Amazon customer receives fake Ryzen 7 9800X3D, turns out to be decade-old AMD CPU⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
It happened to me a few years ago, when I ordered for work an i9 9900k, and inside the sealed box was a core 2 duo… After the seller (not Amazon) refused the return, I looked up a bit online, and it’s a common practice. I even found rolls of “Intel original” seals for 5€ on eBay.
⁨Comment⁩ on ⁨This Week in Self-Hosted (7 March 2025)⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
60k stars for a free open source self hosted project? I’d say that’s a really healthy number. Jellyfin has 37k.
⁨Comment⁩ on ⁨What's up, selfhosters? - The Sunday thread⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I did have backups, it was an easy fix. I had a pihole -up on a crontab for years, probably not the best idea :)

FW rule accept :53 from pihole only, deny :53 from all. I had some devices with hardcored DNS settings (8.8.8.8).
⁨Comment⁩ on ⁨What's up, selfhosters? - The Sunday thread⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Pihole 6 broke my DNS (dnsmasq), and since I had a fw rule in opnsense to only use pihole’s DNS, and deny public DNS access, it was an early rise for me :)
⁨Comment⁩ on ⁨What's up, selfhosters? - The Sunday thread⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Why not just use forgejo’s actions and runner?
⁨Comment⁩ on ⁨Exclusive: Microsoft is finally shutting down Skype in May⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
They’ve owned it since 2011. When they did buy it, they had Lync, which sucked pretty bad. Now they have Teams, probably the result of merging Lync and Skype.
⁨Comment⁩ on ⁨HELP! How do I help educate my son about his body when I know nothing about boys??⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I never received any kind of talk from my parents. Also, in my home country, during the communist era and even after, sex ed in schools was taboo. Crazy thing too, since it had (and still has) one of the highest teen pregnancy numbers in Europe.

Anyway, I did not want that with my kids. Luckily where we live now there is a strong sex ed program in schools, but also at home, we were always open. We talk about sex casually, we reiterate “always ask for consent” and “no means no”, and my son even ratted out one of his school buddies who’s a Tate fan. He knew that what the guy was saying was wrong, so they don’t hang out anymore.

Also, sexuality. One of my daughters came out to us over dinner, so casually, “dad, I think I’m gay”. I just said “cool” and gave an awkward fist bump.

Just be open, casual, don’t make things weird.
⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Check out crowdsec. Like fail2ban, but with crowdsourced lists on top.