non_burglar

@non_burglar@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨How often do you update software on your servers?⁩ ⁨⁨17⁩ ⁨hours⁩ ago⁩:
Be careful with unattended upgrades, even on alpine. A recent breaking change in python3 broke my alpine 23 ansible instance. Thankfully I have backups, but if you’re going to automate the upgrade, you should automate tests as well.
⁨Comment⁩ on ⁨Tempus v4.0.7 android subsonic client release⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
Nice!! Setting up now.
⁨Comment⁩ on ⁨Why do I need a domain to access my Funkwhale library but not SyncThing?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
+1 for afraid.org.

12 years and counting, propagation is sufficiently fast.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Hmmm… Not strong on inference, either…
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Really endearing yourself to your users, huh?
⁨Comment⁩ on ⁨Internal domain and reverse proxy⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
If you’re on the same subnet, no amount of reverse proxy will help with dodgy apps. It’s more appropriate to put the dodgy iot in a DMZ to control what they can do.

Putting https on these is fine, but it’s not a solution to isolating bad clients.
⁨Comment⁩ on ⁨Mini pc for home server?⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
For two years, yes.
⁨Comment⁩ on ⁨A Beginners Guide To Selfhosting Part 1⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Debian’s footguns are better documented and are generally there for good reason. Ubuntu’s footguns are there because “fuck the user”.
⁨Comment⁩ on ⁨A Beginners Guide To Selfhosting Part 1⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I love 11ty, I build my blog with it.
⁨Comment⁩ on ⁨You'll Own Nothing and It's Awful [Gamers Nexus x Level1Techs]⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

worry about socialists

A uniquely American perspective, but I get what you’re saying.
⁨Comment⁩ on ⁨Find My Device has moved⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I use the fmd app, I had no idea I could self host the server!
⁨Comment⁩ on ⁨Selfhosting Sunday! What's up?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
+1 for CWA
⁨Comment⁩ on ⁨Selfhosting Sunday! What's up?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Building out ansible.

Now it’s creating roles and groups, adding a few items to the hardening playbook, and I’ve been playing with tuning the output as playbooks run.
⁨Comment⁩ on ⁨Tempo (fork) v3.17.14 android subsonic client⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Whoah, good initiative!

If you’re looking for any help, I’m willing.
⁨Comment⁩ on ⁨Tempo (fork) v3.17.14 android subsonic client⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I’m a Tempo user, and I love it.

If I’m understanding correctly, you are simply carrying on the dev work from Antonio Cappiello?
⁨Comment⁩ on ⁨m2 to sata adaptor board suggestions?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I’ve been through this, and they all suck.

I’ve been using an MT1064 - based one with an 8087 connector to save the wear and tear of multiple connectors. It’s definitely a better physical connection, but the performance is abysmal.
⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

I can run app based routing and blocking on my router, but whether that would restrict DNS for those services I don’t know.

That’s the double-edged sword of DNS over https. It allows us to hide our DNS queries from local ISP and others, but it also allows applications to hide theirs also. It just looks like encrypted web traffic to your router.
⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Hard-coded DNS is in the application, you cannot change this from any dhcp option. Browsers do it, lots of versions of prime video apps do it. Google nest and home devices are famous for this.

You can write a NAT rewrite rule at your router to catch any UDP or TCP request on port 53 and send it to your ad-blocking DNS server/forwarder, but you won’t be able to stop DoH (DNS over https), which just leaves the subnet encrypted on 443.
⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Yeah. Real DNS zones that transfer are a thing of beauty.
⁨Comment⁩ on ⁨I am attempting to get into self hosting after a shockingly frightening experience. I am very lost though.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

What’s the advantage of radicale over NC?

Functionally, they work the same. I got kinda tired of fixing NC every other upgrade, though. It was always some “occ add missing indices” or some similar garbage. Like just solve this, already. Make that part of the upgrade.
⁨Comment⁩ on ⁨I am attempting to get into self hosting after a shockingly frightening experience. I am very lost though.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Certain apps do not allow one to use freeotp et al (o365).
⁨Comment⁩ on ⁨I am attempting to get into self hosting after a shockingly frightening experience. I am very lost though.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I moved my calendar to Nextcloud, then radicale. My contacts too. Gmail is just a wean away.

My problem is how I’ll be able to deal with work apps like ms authentication. Even if I set up a 2nd “normal” phone for work only, I need to sign in to the play store to get the app… Its a chicken-and-egg problem.
⁨Comment⁩ on ⁨I am attempting to get into self hosting after a shockingly frightening experience. I am very lost though.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I’m about 90% decoupled from Google, it’s been a journey.

I’m at the difficult stage of contemplating how to decom my gmail email, and the Google account itself.

I’ll throw my hat in the ring and offer any help if you need it. Similar to others here, I suggest you start with something discrete like photos.
⁨Comment⁩ on ⁨Custom Firewall⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Well, it wouldn’t hurt anything to install fail2ban and enable the popular templates, but it sounds like you might need to explain your service layout and how it’s exposed to the web before anyone can suggest a security measure.

Generally in the self-hosted space there are two common approaches: set up a VPN into your network for your trusted devices, or set up a reverse-proxy with a trusted tunneling proxy like cloudflare.

That you are seeing “attack attempts” in your caddy logs should be elaborated as well. What exactly are you seeing?
⁨Comment⁩ on ⁨Custom Firewall⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Not exactly sure what you’re looking for here; neither fail2ban nor crowdsec are firewalls by their strict definitions.

Are you looking for an IDS/IPS or other security measures? If so, what are you trying to secure?
⁨Comment⁩ on ⁨Multi node media server⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
That will unfortunately make any server-side improvements moot. You can scale up transcoding capabilities all you like, but the internet is made of Tubes.

Now if you could find some friends in telecom and have your server live at a peering point…
⁨Comment⁩ on ⁨Readarr alternative suggestions?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
There isn’t really an agreed-on metadata system for ebooks, which is surprising to me, considering the ISBN system is wells established as a credible source.

Uploading ebooks to my CWA instance is a guaranteed metadata edit on each one.
⁨Comment⁩ on ⁨Blocking releasegroups from Sonarr/Radarr⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Oh, I missed that. My bad.
⁨Comment⁩ on ⁨Blocking releasegroups from Sonarr/Radarr⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
You can also approach this by blocking file types at the download client.
⁨Comment⁩ on ⁨[question] Help me access my local homeserver using a public domain name⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Glad you figured it out.