N0x0n
@N0x0n@lemmy.ml
- Comment on Tempus v4.2.4 android subsonic client release 4 minutes ago:
Why is the Tempus logo green on the phone’s homescreen but red in the application itself? Is this to differentiate the “degoogled version”?
Btw, thanks for keeping Tempo alive !
- Comment on 1 week ago:
Oh yeah I was aware that it won’t change from 1080 to 720 :p.
But I thought the movie would just be corrupted an unplayable not lose quality bits !
- Comment on 1 week ago:
start to lose quality
Wait… That’s a thing? You can lose video quality off a video file on a HD over time?
- Comment on Promised myself I will support them after they go stable. They kept their promise and so did I 2 weeks ago:
Yeah :) Maybe give lychee a try :) it’s minimalistes and does one thing, but it does it well !!!
- Comment on Reducing Homelab Laptop energy consumption 2 weeks ago:
Oh nice tip, thank you ! It won’t be that much of a difference I guess, but why would you let a wifi module on if it’s never used !
- Comment on Google flags Immich sites as dangerous 3 weeks ago:
Thanks for sharing this nice blocklist :)
- Comment on Linkwarden downloaded the whole flipping Internet ... 4 weeks ago:
Same here ! Although, sftpgo is a bit overkill if you only need it for webdav !
- Comment on Custom Firewall 5 weeks ago:
I still need to find a “$35 Raspberry Pi” 🤣
- Comment on [Question] Visual feedback of my Linux homelab setup/system? 1 month ago:
This seems cool and is not off topic at all :) It does seem to answer to my “question” and seems a nice thing to have :) However, someone suggested Terraform but after some reading it’s not the tool I was looking for… Ansible seems more the like I guess ! But coolify seems also very interesting ! Different and more similar to my current setup.
I think Terraform, Ansible, Tofu are the next generation tool to solve my current issue… They are declarative tools ! But I don’t want to rush things and have another dead setup lying arround !
Thanks for your reply !
- Comment on issues setting up nginx as an https proxy 1 month ago:
This is indeed similar ! And looks like a working certificate :) (You even use as .csr file).
The book adds something (Not very useful but kinda neat to have): a certificate revocation setup and an IntermediateCA signed by your rootCA. So you can keep your rootCA out of your system :)
- Comment on issues setting up nginx as an https proxy 1 month ago:
(Thanks to darkan15 for explaining that).
I have to look at his answer to have a better understanding :P
The diagram would be useful. Considering that rn I’m losing my mind between man pages.
I’m working on it right now :) I’m a bit overwhelmed with my own LAN setup, and trying to get some feedback from other users :P
As for the book… I can’t accept. Just give me the name/ISBN and I’ll provide myself. Still. Thanks for the offer.
Good. If you have the money to spare please pay for it otherwise you know the drill :) (Myself I’m not able to pay the author so it’s kinda hypocrite on my end… But doing some publicity is also some kind of help I guess?)
Demystifying Cryptography with OpenSSL 3 . 0 by Alexei Khlebnikov <packt>
ISBN: 978-1-80056-034-5
It’s very well written, even as a non-native it was easy to follow :). However, let me give you something along the road, something that will save you hours of looking around the web :) !
Part 5, Chapter 12: Running a mini-CA is the part you’re interested in and that’s the part I used to create my server certificates.
HOWEVER: When he generates the private keys, he uses the
ED448 algorithm, which is not going to work for SSL certificates because not a single browser accepts them right now (same thing goes for Curve25519). Long story short, If you don’t want to depend on NIST curves (NSA) fall back to RSA in your homelab ! If you are interested in that story go top123:Brainpool curves are proposed by the Brainpool workgroup, a group of cryptographers that were dissatisfied with NIST curves because **NIST curves were not verifiably randomly generated, so they may have intentionally or accidentally weak security. **
Here is a working example for your certificates:
Book:
$ mkdir private $ chmod 0700 private $ openssl genpkey \ -algorithm ED448 \ -out private/root_keypair.pem
But should be:
$ mkdir private $ chmod 0700 private $ openssl genpkey \ -algorithm RSA \ -out private/root_keypair.pem
You have to use RSA or whatever curve you prefer but accepted by your browser for EVERY key you generate !
Other than that, it’s a great reading book :) And good study material for cryptography introduction !
- Comment on [Question] Visual feedback of my Linux homelab setup/system? 1 month ago:
Sorry, what do you mean by physical/logical diagrams :S! You mean something like Excalidraw ?
I did It for sometimes, but If I do some changes in my setup I always have to keep that update also… So I have to think about it… I do like drawing those diagrams, but keeping those updated is sometimes not directly possible and I can get forgetful !
- Comment on [Question] Visual feedback of my Linux homelab setup/system? 1 month ago:
Thanks for the pointer :). I’m more into open source, so TrueNAS is maybe more fitting, however I’m not sure I do understand it right… Those are OSes? Not some application I can host in a container right? More like Proxmox ?
- Submitted 1 month ago to selfhosted@lemmy.world | 10 comments
- Comment on issues setting up nginx as an https proxy 1 month ago:
Sorry I didn’t respond earlier :S !
To let me access the services both from the desktop and the laptop. I’d need to have two DNS resolvers, since for the laptop it needs to resolve to the 192.168.0.* address of the homelab router. While for the desktop it needs to resolve directly to the 10.0.0.* address of the server.
I’m not entirely sure if I get what you mean here. If you have a central DNS resolver like pihole In your LAN it can resolve to whatever is there. I have a pihole which resolve to itself (can access it as pihole.home.lab) and resolves to my server’s reverse proxy, which handles all the port shenanigan and services hosted on my server. I think I can try to make a diagram to show how it works in my LAN right now, not sure if this can be helpful by any mean, but this would allow me to have a more visual feedback of my own LAN setup :P. However, I do use Traefik as my reverse proxy for my docker containers, so I won’t apply to nginx and I’m not sure if this is possible (It probably is, but nginx is a mystery for me xD)
Also, little question. If I do manage to set it up with subdomains. Will all the traffic still go through port 1403? Since the main reason I wanted to setup a proxy was to not turn the homelab’s router into Swiss cheese.
Your proxy should handle all the port things. Your proxy listens to all :80 :443 Incoming traffic and “routes” to the corresponding service and it’s ports.
While I do have my self-learned self-hosted knowledge, I’m not an IT guy, so I may be mistaken here and there. However, I can give you a diagram on How it works on my setup right now and also gift you a nice ebook to help you setup your mini-CA for your lan :)
- Comment on issues setting up nginx as an https proxy 1 month ago:
Subpaths are things of the past (kinda) ! SSL wildcards are going to be a life saver in your homelab !
I have a self-signed rootCA + intermediateCA which are signing all my certificates for my services. But wait… It can get easier just put a wildcard domain for your homelab (*.home.lab) and access all your services in your lan with a DNS provider (pihole will be your friend!).
Here is an very simplified example:
-
Create a rootCA (certificate authority) and put that on every device (Pc, laptop, android, iphone, tv, box…)
-
Sign a server certificate with that rootCA for the following wildcard domaine: *.home.lab and put that behind a reverse proxy.
-
Add pihole as DNS resolver for your local domain name (*.home.lab) or if you like you can manually add the routes on all devices… But that"s also a thing of the past !
-
Let your proxy handle your services
Access all your services with the following url in your lan
This works flawlessly without the need to pay for any domain name, everything is local and managed by yourself. However, it’s not that easy as stated above… OpenSSL and TLS certificates are a beast to tame and lots of reading ^^ so does Ngnix or any other reverse proxy !
But as soon as you get the hang of it… You can add a new services in seconds :) (specially with docker containers !)
-
- Comment on If I use Caddy for reverse-proxying into another local machine... is my local connection not HTTPS? 1 month ago:
It’s really a good book :) And the last part is all about a mini-ca for your homelab !
However, don’t use the ED448/ED25519 algorithm based certificates for TLS as mentioned in the example… They are still not supported by any browser !
If you can support the author, please do ! If you’re on a budget, it’s really easy to find in the piracy corner.
- Comment on If I use Caddy for reverse-proxying into another local machine... is my local connection not HTTPS? 1 month ago:
Yeah thats correct !
I Wouldn’t say heavy though (maybe I see it that way because I got a bit better with bash and the like :p) because you can make use of CLR to revoke your certificates and renew them very easily with your intermediate and ready to use config files.
But yeah, there isn’t any automated way to manage certificates like Smallstep does :)
- Comment on If I use Caddy for reverse-proxying into another local machine... is my local connection not HTTPS? 1 month ago:
Or simply create your rootCA, IntermediateCA, keys and certifictes with openSSL.
Neither of those are begginer friendly but openSSL is probably a bit easier to get started. There’s a nice book with openSSL (if you are interested I migh look how it’s called) and the last chapter is all about how to create your mini-CA and everthing else to serve your proxy with valid certificates for your homelab.
- Comment on retiring the pigeon homelab 2 months ago:
Them probably uses a special plugin device in the outlet.
I have this bash script you can use and have a general overview but I’m not totally sure if I fully understand it and if it’s the whole system’s wattage or only the CPU 🤷♂️
#! bash time=5 sum_1=$(cat /sys/class/powercap/*/energy_uj | awk 'BEGIN { sum = 0; } { sum += $1; } END { print sum; }' "$@"); echo "before" $sum_1 sleep $time; sum_2=$(cat /sys/class/powercap/*/energy_uj | awk 'BEGIN { sum = 0; } { sum += $1; } END { print sum; }' "$@"); echo "after" $sum_2 sum_1f=$(printf "%.0f" $sum_1) sum_2f=$(printf "%.0f" $sum_2) final_sum=$(echo "(($sum_2f - $sum_1f) / 1000000) / $time" | bc -l) #echo $final_sum | bc -l | xargs printf "%.2f\n" formated=$(echo $final_sum | bc -l | xargs printf "%.2f\n") echo $formated "w"
- Comment on mkdocs for recipe catalogue 2 months ago:
Haha ! Good to keep your brain cells functioning 👍
- Comment on mkdocs for recipe catalogue 2 months ago:
Wow ! I will still try mealie /Tandoor for family purpose and ease of use. If it doesn’t work as expected, I will totally try this out !!
One question if you don’t mind,
servings Indicates how many people the recipe is for. Used for scaling quantities. Leading number is used for scaling, anything else is ignored but shown as units.
Does this function work well? I didn’t saw any examples so maybe you could tell me :)
Thanks !
- Comment on How to selfhost with a VPN 2 months ago:
Fair point ! Yeah sure if you host a blog online it doesn’t make sense… But if you only self-host your services for family and some friends and access them over VPN, a local CA is actually a privacy respecting choice.
Hosting something on the web (specially self-hosted) without the propre software and hardware is a bad idea in the first place anyway !
- Comment on How to selfhost with a VPN 2 months ago:
I also believe it’s possible to set up HTTPS encryption without a domain name, but it might result in that “we can’t verify the authenticity of this website” warning in web browsers due to using a self-signed certificate.
Just create your own rootCA and IntermediateCA and sign your certificate with those, put the CA in your trust store of your system and get rid of this self-signed warning on every device and happily access all your service via: *.home.lab or whater ever local domain pleases you.
- Comment on How to selfhost with a VPN 2 months ago:
In addition to that, without a secure connection you’re stuck with HTTP/1.1
That’s not entirely true. A lot of requests, even with https, are send over HTTP/1.1. And this is kinda mind blowing that in 2025 we still rely on something so old and insecure…
Same goes with SMS and the old SS7 protocol from 1970… 2FA SMS is probably the most insecure way to get access to your bank account or what ever service promotes 2FA sms login.
- Comment on [deleted] 2 months ago:
What application do you use on your phone to mount samba shares (Android)? I know Amaze can mount those but they are not easily accessible by other applications.
- Comment on [deleted] 2 months ago:
Not sure this is what you are looking for but navidrome has smart playlists, which is a small configuration file you can add to your navidrome and will automagically create a playlist in your navidrome based on your config.
- Comment on Best Practice Ideas 2 months ago:
Was going to say the same ! Such a cutsy nice little mini-rack/server setup !
Still fighting my spaghetti setup with cables sprouting everywhere.
- Comment on Jellyswarrm - reverse proxy all your Jellyfin servers from a single interface, presenting as a standard Jellyfin server, clients should work out of the box. 2 months ago:
You can already do that (somehow) with tags and libraries. There’s a plugin for that.
But yeah this looks less complicated to setup and maintain !
- Comment on Do I need the ISPs home router? 2 months ago:
Actually, there are ways for home customers to replace their XGS-PON to use your own hardware (Orange, Free, SFR…) And some other cool stuff and very helpful info at lafibre.info forum !