irmadlad

@irmadlad@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

Incessant tinkerer since the 70’s. Staunch privacy advocate. SelfHoster. Musician of mediocre talent. soundcloud.com/hood-poet-608190196

⁨Comment⁩ on ⁨In what way am I the product when using CloudFlare's free tier?⁩ ⁨⁨1⁩ ⁨hour⁩ ago⁩:
Indeed you can. When a user makes a request, it is sent to Cloudflare, which then routes it to your server through the tunnel. The traffic can be encrypted while in transit to Cloudflare, ensuring that their network does not inspect or decrypt the contents. Once the encrypted traffic reaches your server, you handle decryption using your own application logic. Only your server has the keys to decrypt the data, so Cloudflare remains blind to any sensitive information.
⁨Comment⁩ on ⁨Tempus v4.6.0 android subsonic client⁩ ⁨⁨1⁩ ⁨hour⁩ ago⁩:
I self host Navidrome, and after deploying one or two companion apps for Navidrome, I’m right now digging Substreamer. I have never heard of Tempus, so I have added it to the ‘apps to try’ list. One of the features of Substreamer that I really enjoy is the Playlist Builder. Substreamer apparently goes through your collection and pre-creates playlists based on commonalities like genre, tags, etc. Let’s say that you click on the Blues playlist. It then has the Blues master playlist broken down into All Time, Recent, 2010+, etc. After you listen to/edit the playlist, you can save it to Navidrome. I find this feature to be quite handy and it just works very well for me. Not only can I physically make playlists in Navidrome, but in Substreamer automatically as well.

Saying all of that to say, does Tempus have any such feature? Like I said, I’ve never heard of Tempus, which really doesn’t mean much, but it looks very well put together. I’m sure OP didn’t set out to make Tempus a Substreamer copycat, I just find that one feature of Substreamer very handy.
⁨Comment⁩ on ⁨In what way am I the product when using CloudFlare's free tier?⁩ ⁨⁨15⁩ ⁨hours⁩ ago⁩:
I’m an expert at nothing, however, the following is how I understand the relationship between your origin server and Cloudflare Tunnels/Zero Trust services. I stand by to be schooled:
- Traffic between your origin server and Cloudflare’s edge is always encrypted (with outbound only connections via cloudflared daemon). That protects against eaves dropping on the wire between your origin server and Cloudflare.
- Traffic between end users/clients and Cloudflare’s edge is encrypted (via HTTPS/TLS).
- However, Cloidflare acts as a proxy, similar to a reverse proxy. For standard HTTP/HTTPS services. Cloudflare terminates TLS decrypts at their edge to apply features like WAF, DDoS protection, caching, or Zero Trust policies. They then reencrypt and forward the traffic to your origin server. This means Cloudflare can see the plaintext content of your traffic in transit through their network.
- If you expose non-HTTP protocols that are end 2 end encrypted by design (e.g., SSH, RDP, or VPN protocols like WG/OVPN), and you tunnel them thru Cloudflare Tunnel without Cloudflare terminating the encryption, the application slayer data remains encrypted end 2 end. Cloudflare only sees encrypted blobs which they can’t decrypt without the keys.
- Utilizing Tailscale on the origin server creates a mesh VPN using WG. It encryps all traffic directly between devices. P2P when possible, or encrypted relays. Your data is encrypted on the source device and only decrypted on the destination device. Neither Tailscale’s coordination servers nor Cloudflare can decrypt it.
If this is inaccurate, please do EILI5. I’m always down to learn.
⁨Comment⁩ on ⁨In what way am I the product when using CloudFlare's free tier?⁩ ⁨⁨18⁩ ⁨hours⁩ ago⁩:

In what way am I the product when using CloudFlare’s free tier?

I realize the name of the game is to protect as much of your data as possible, however, unless you have your own ISP/backbone, you are, at some point, the product. I utilize the evil Cloudflare Tunnels/Zero Trust. For last month, I used 375.28 GiB. I don’t run the 'arr stack tho. I do, however, stream my own audio collection via Navidrome. I have had zero issues with the evil Cloudflare Tunnels/Zero Trust, except for a brief pause while Cloudflare had some issues last month. Other than that, smooth sailing. I also have tailscale as an overlay on the server and on the stand alone pfsense firewall, which has a very robust set of rules and heavy filtering going on.

Is there another way

There are always other ways. Pangolin, et al. It just depends on you, and what you want to put in to get out of it all. If you are going this route, investigate a WAF like Crowdsec, or similar, and you might want to look at pfsense or opnsense.
⁨Comment⁩ on ⁨A self-hosted approach to long-term file storage and control⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
I was hoping for an answer. I think OP is saying that the backends are not persistent. So each time data is written or accessed, the backend may be dynamically created or modified. Guessing in lieu of OP’s response.
⁨Comment⁩ on ⁨What are some unique Games to host server's of?⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
It was a load of fun.
⁨Comment⁩ on ⁨Suggestions for Community Organizing⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
I’m not sure if NextDoor is available in your area but a lot of people dig that sort of thing. Maybe you could put the word out leveraging NextDoor.
⁨Comment⁩ on ⁨Setting up VPS (finally)⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
I was rather green then, and when I got the nastygram, the host had already shut things down because it was reeking havoc. So I never really got to observe and I didn’t want to light that candle again. I just wiped it…started studying, and when I felt comfortable, I gave it another go.
⁨Comment⁩ on ⁨Setting up VPS (finally)⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
I sure haven’t seen any nay sayers. Just some people giving advice, and sharing their experiences.
⁨Comment⁩ on ⁨Self-Host Weekly #150: Watchtower No More⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Sure. It wasn’t a dig against OG Watchtower, it was just that it ceased to work correctly for me, and I sought other options. Whomever produces selfh.st does have a bit of sarcastic wit to his writing that I kind of like anyways. When speaking about GitHub, he threw out another zinger: ‘Cue the intense backlash from users who hate paying for things’. So, I just think it is his writing style. I didn’t get all hung up on it.
⁨Comment⁩ on ⁨What are some unique Games to host server's of?⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Oh this one here will keep you from having a seizure everyday, but you’ll shit your pants every 30 minutes. So the choice is, do you want to roll around on the ground looking like you’re trying out a weird pop-lock break dance, trying to eat your tongue, or do you just want to crap your pants on a regular basis. You pick.
⁨Comment⁩ on ⁨Self-Host Weekly #150: Watchtower No More⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Hey thank you very much for the tip. I have bookmarked it. I feel better knowing it is going to be maintained.
⁨Comment⁩ on ⁨Self-Host Weekly #150: Watchtower No More⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
My issue was that Watchtower would sporadically just fumble the update, making re-deployment sometimes necessary. It wasn’t a tag issue. At least none that I could see. Of course, the possibility exists that I could just very well be a dumbass. I just assumed that to be the Docker updates that have happened over the past year, and, without any new code, it just broke. It happens.

I either read somewhere or someone tipped me off to the fork. I can only speak for my network, but the fork did the trick. Have had zero issues, and I’ve been using it for a good while. Now, I notice that Watchtower fork hasn’t been updated in 6 months. I guess it’s either been abandoned again or there just hasn’t been a need to do so.
⁨Comment⁩ on ⁨Self-Host Weekly #150: Watchtower No More⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Same. No issues.
⁨Comment⁩ on ⁨Setting up VPS (finally)⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
I mean, there can be some serious consequences, especially if your server starts attacking other servers. They don’t take that shit lightly.
⁨Comment⁩ on ⁨Setting up VPS (finally)⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
I remember the first Linux server I stood up on a VPS. It got thoroughly hacked almost immedietly. Not only did they hack the server, they set up attack vectors on other servers…aaaand a bitcoin miner. Got up that morning, checked mail, and there was a nastygram from my host wanting to know WTF over. Since then, I did a ton of reading, took a couple basic online courses for my own edification. I now tend to go overboard on security now days if that is possible. I’ve been told my set up is way over engineered. However, it’s been ticking along these many, many years now without issue. Also, since I am the only user of my network, it’s a little easier to lock down. Users create complexities and complexities cause issues.

I’m sure you have done the leg work in bolstering your knowledge base in setting up your first VPS server, but as others have said, beware. It reminds me of the movie Constantine, where just beyond light, in the shadows, lurk thousands and thousands of demons. They are sophisticated bots too, and are quite autonomous.

Authentik

In my reading, tho I don’t run it, VoidAuth is supposed to be lighter than Authentik. Do you have a directive or purpose sketched out for your server? What you want to accomplish, etc?

VPN (At least for local-to-VPS connection, but possibly also for external clients?)

Tailscale is my choice for my VPN overlay on the server. I also use the evil Cloudflare Tunnel/Zero Trust. All devices also run their own VPN.

I have played around with Cosmos. Pretty neat little package, especially for someone just starting out. I can’t speak to it’s performance, but I read glowing reviews. YunoHost would be in that category as well, with a very large app catalog.

Looks like you are heading in the right direction.
⁨Comment⁩ on ⁨What are some unique Games to host server's of?⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
Factorio
⁨Comment⁩ on ⁨AI’s Unpaid Debt: How LLM Scrapers Destroy the Social Contract of Open Source⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:

only old people use computers.

I feel assaulted.
⁨Comment⁩ on ⁨VoidAuth Release v1.6.0 - Optimization and 1k Stars Celebration 🎉⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
Hmmmm, I did not know that existed. I’ll check it out.
⁨Comment⁩ on ⁨VoidAuth Release v1.6.0 - Optimization and 1k Stars Celebration 🎉⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:

be aware though that if you are not using https

Most definitely using https. I’ll give it a go and see what shakes out. Thanks for the help. I’ll report back.
⁨Comment⁩ on ⁨VoidAuth Release v1.6.0 - Optimization and 1k Stars Celebration 🎉⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
Well, I’m not sure if the evil Cloudflare Tunnel/Zero Trust, Tailscale, would play nice with Caddy in the mix. I used to use Caddy a long time ago and it is a very capable piece of software. Cloudflare Tunnel/Zero Trust handles pretty much what Caddy does, so I’m unsure if it would create conflict.
⁨Comment⁩ on ⁨VoidAuth Release v1.6.0 - Optimization and 1k Stars Celebration 🎉⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:

So in your case you could have a blanket rule covering your entire domain and gradually add more specific paths as needed.

Ok well that’s helpful. Thanks for the input. I have seen a lot of people recommend VoidAuth so there has to be something to it. LOL
⁨Comment⁩ on ⁨VoidAuth Release v1.6.0 - Optimization and 1k Stars Celebration 🎉⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
I’ve always wanted a SSO, however, at this point with over 75 apps, I would have to integrate them somehow.

VoidAuth does NOT provide https termination itself, but it is absolutely required. This means you will need a reverse-proxy with https support in front of VoidAuth, as well as your other services.

How would that work in an evil Cloudflare Tunnel/Zero Trust setup?
⁨Comment⁩ on ⁨A dummy's request for Nepenthes⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
You could (should?) run it on a test server/VPS before committing anything to production. I have a little VPS set up just for this purpose. Spin something up on it and observe.
⁨Comment⁩ on ⁨A dummy's request for Nepenthes⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
I’ve dealt with VC back when I ran an internet radio station. There is pressure to incorporate their wishes, because, well, they want an ROI on their investment.
⁨Comment⁩ on ⁨Router VPN? Express put to rest⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
That’s cool. I pipe everything through a VPN.

also don’t route all my WAN traffic over VPN. Just some of it.

Are there advantages in doing such or what is the reasoning behind that. I would have anxiety…not that I have anything to hide /s
⁨Comment⁩ on ⁨A dummy's request for Nepenthes⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:

and it doesn’t help that corpos insist on cramming LLMs into usecases that aren’t applicable to LLMs at all

I am reminded of back in the late 60s to 70s we did a lot of studies on left handed people and our kneejerk reaction to try and change their dominant hand. We decided that left handed people were absolutely normal, leave them be and stop stressing out adolescents by trying to make them ‘normal’, because they already are. BTW the practice of changing dominant hands goes all the way back to the Catholic church during the middle ages. Anyways, when corporate America heard the news, they started producing all manner of left handed tools, which was helpful, but their motivation was $$. Same with LGBTQ+++. Corporate America capitalized on every aspect.

However, if you plunk down your hard earned money for an AI rice cooker, you’re the idiot and P.T. Barnum would be right once again.
⁨Comment⁩ on ⁨Router VPN? Express put to rest⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
So, how do you change the IP of your VPN on the router if say, you wanted to unblock something that was geoblocked, other than manually on the router’s WUI? Curious, since I have read of people deploying a VPN on the router. Do you just pick a location and go with it? I’ve always have enjoyed the option to change geographical locations on the fly, from the device app.
⁨Comment⁩ on ⁨What are your opinions of using Pi-hole for DNS within a homelab environment?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:

My wife got very upset. Apparently she likes the ads.

Ahhh the WAF (Wife Acceptance Factor). I created a separate vlan just for her when she comes over, and she can have all the ads and crap she wants. Just keep it off my network.
⁨Comment⁩ on ⁨I didn't want to use AI, so I made something that detects it!⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:

I think eventually it’ll be inevitably regulated

I know some fear regulation, or over regulation, but right now it’s the wild wild west. Reminiscent of when the internet first became available to the general public. Regulation is necessary, as much as I sometimes chafe at the thought. Corporate penny pinchers are noticing the increased bandwidth u$age and there is no quid pro quo for them.