nottelling
@nottelling@lemmy.world
- Comment on Caddy and forgejo 2 months ago:
You don’t. That’s not what caddy is. Use a bastion for ssh.
Random search hit: goteleport.com/blog/ssh-bastion-host/
- Comment on How to avoid "things going wrong" and immutable distros? 2 months ago:
The answer to your overarching question is not “common maintenance procedures”, but “change management processes”
When things change, things can break. Immutable OSes and declarative configuration notwithstanding.
OS and Configuration drift only actually matter if you’ve got a documented baseline. That’s what your declaratives can solve. However they don’t help when you’re tinkering in a home server and drifting your declaratives.
I’m pretty certain every service I want to run has a docker image already, so does it matter?
This right here is the attitude that’s going to undermine everything you’re asking. There’s nothing about containers that is inherently “safer” than running native OS packages or even building your own. Containerization is about scalability and repeatability, not availability or reliability. It’s still up to you to monitor changelogs and determine exactly what is going to break when you pull the latest docker image. That’s no different than a native package.
- Comment on Fox show hosts said Taylor Swift "should be conservative" given her background, because to them it's an identity. 8 months ago:
The problem is that plenty of smart people are conservative. Because conservatism is fundamentally a grift, and the smart ones use the dumb ones to get richer.
Swift just has enough empathy to realize she’s already rich.
- Comment on Looking for peoplecs experiences with Systemd-less distros for a home server 8 months ago:
This is an AB problem in which you’re going to eventually solve the actual problem that isn’t actually systemd after looking real hard at ways to replace systemd.
There’s a lot I prefer about the old SysV, and I’m still not thrilled that everything is being more dependent on these large monolithic daemons. But I’ve yet to find a systemd problem that wasn’t just me not knowing how to use systemd.
- Comment on Anybody here running AD on-prem in your homelab? 9 months ago:
.local is reserved for mDNS responses, don’t use that.
It’s more than best practice. Your active directory controllers want to be the resolvers for their members, separate from other zones such as external MX records or the like. Your AD domain should always be a separate zone, aka a subdomain. “ad.example.com”.
If your DCs are controlling members at the top level, you’ll eventually run into problems with Internet facing services and public NS records.
- Comment on Anybody here running AD on-prem in your homelab? 9 months ago:
made it a subdomain
That is the correct answer.
- Comment on Ditching PaaS: Why I Went Back to Self-Hosting 9 months ago:
Instead of paying for multiple services, I am now renting a decently sized VPS on Scaleway, and hosting all my projects on them.
That’s not self hosting. That’s moving your managed services down the stack from PaaS to IsaS.
It’s an unserious take on the impacts as well. No discussion of availability? Backups? Server hardening and general security? Access and authentication models? Sysadmin on aVPS is more than “running a bunch of commands now and then”, and the author ignores that entire workload.
- Comment on Anyone know of self-hostable security cameras? 11 months ago:
I had no real idea how to phrase it, but all these posts have helped. What I was actually focused on when I posted was mainly hardware that can do what the Arlo cameras do:
- Wifi + battery/solar my house is old and hardwires are a pain in the ass.
- High def, preferably 4k, but 1080 is ok.
- Night vision, color or not doesn’t matter
- Motion-activated, and preferably some way to filter out and not trigger on things like passing traffic cars.
- As small a form-factor as possible.
The Reolink hardware mentioned below seems to fit the bill hardware-wise.
I hadn’t even really considered the software, as I don’t need a lot of features. All I need is to use motion-activated capture to stream to some local storage, and an ability to view a live-stream when I want one. But it looks like there’s a lot of options I need to consider.
- Comment on Anyone know of self-hostable security cameras? 11 months ago:
Reolink looks like a solid answer, thanks.
- Comment on Anyone know of self-hostable security cameras? 11 months ago:
I already hate Ubiquiti’s Unifi networking that I got myself stuck with. I won’t do any of their other products.
- Comment on Anyone know of self-hostable security cameras? 11 months ago:
I’m somewhat stuck on Unifi for wifi APs and Routers, because all the other consumer-grade devices can’t handle the number of small IoT devices I’ve got. Netgear and Asus just lose connections with ESP devices and refuse to let them connect after about a dozen. The commercial grade stuff, in addition to being too expensive, is all rack mounted, high power draw and noisy af.
Aside from the fact that my stuff seems stable on the Ubiquiti hardware, I hate the products. The interface is terrible, Unifi insists on hiding the advanced networking behind a halfass gui, the SSH console lacks half the features of even that terrible gui, and every time i try to create a new routed network, the wifi devices stop connecting.
- Submitted 11 months ago to selfhosted@lemmy.world | 61 comments
- Comment on New homeowner lots of questions 1 year ago:
Did you get a home inspection? Start with the things on that. If you didn’t, then start by reading up on home inspections, and start taking care of those things.
- Comment on How to tell a girl "I love You" without telling her "I love you"..... 1 year ago:
You don’t.
- Comment on [deleted] 1 year ago:
That’s why I didn’t have braces in the first place. I figured if the joints were tight enough, they’d hold. Wrong, because the wood has deformed. I really don’t want to anchor it to the wall unless absolutely necessary.
Plan was to put braces in the lower square portion.
- Comment on [deleted] 1 year ago:
Right, so how do you account for that in the design? In my photo, I didn’t account for it at all. The square cuts have changed and it’s failing. I can resolve it with braces as suggested, but now I’m wondering if those braces will change and it’ll go out of square again.
- Comment on VPN help? How do I connect to local devices? 1 year ago:
Depends on your specific VPN, but look for a feature or setting called “split tunnel.” It should create a separate non-vpn route for the local network.
Usually client-side setting, but not always if the tunnel is built on connection.
- Comment on where do the instances actually reside? 1 year ago:
The Pi4 is a pretty impressive little machine. It’ll probably host a few users, but from what I understand, it’s the federation that really starts scaling the requirements.
Bigger problem with the Pi though is that it runs off an SDcard (by default), which have limited writes, and you’ll burn that up fast.
- Comment on where do the instances actually reside? 1 year ago:
There are no “the Lemmy servers”, since there is no central “Lemmy” central organization to host and run such servers.
So yeah, you can run it on whatever you can find that has available disk space, CPU cycles, and an Internet connection. Hosted VPS, colocated hardware server, raspberry pi, your gaming rig, AWS containers, whatever.
- Comment on Password manager of cookies? 1 year ago:
-
No. Your desktop password manager is encrypted with a strong passphrase that locks when you’re computer locks. (Right?) They’d have to snatch your gear mid-session. Cookies are not safe, and cookie hijacks are a pretty common exploit. Cookies are for convenience, not security. Retaining authentication cookies is a very big security hole that we all do, and it’s why banks don’t let you re-auth on a previous session cookie.
-
“Pretty hard to break into” is the kind of phrase that keeps infosec people up at night.
-
Yes. First party cookies can be just as nefarious in addition to the technical requirements. 3a. Never assume that something supposed to be “mostly benign” isn’t currently being exploited for bad reasons.
To your OP, It’s actually not a terrible idea to uninstall the PW manager browser extension. It’s one more layer of isolation from the browser. You just lose the convenience of autofill.
-