SirMaple__
@SirMaple__@lemmy.ca
- Comment on 3-2-1 Backups: How do you do the 1 offsite backup? 1 week ago:
I use Proxmox PBS for all my backups. Datastore is on my file server at home. I sync the datastore daily to a little NAS at a family members house and to a super cheap storage VPS on the other side of the country. I also do a manual sync to an external drive that keep offline at home.
Any super important documents such as tax records health related files, backup of the data volume from vaultwarden, or anything related to wills & estates get backed up as well to 2 USB thumb drives that are LUKS encrypted. I keep 1 in my go bag and another is hidden somewhere… Thumb drives get updated once a month, or sooner if anything major changes.
- Comment on Reddit Plans Extra Verification Steps To Detect The Human-Like AI Bots 1 week ago:
- Comment on CrowdSec vs Fail2Ban - What to use? 2 weeks ago:
No problem. It’s a great piece of software. I have it monitoring logs for nextcloud, vaultwarden, mailcow(postfix & dovecot), basic nginx proxies (just to be safe and for rate limiting). I have 4 OPNsense and 1 Debian bouncers.
I had an issue with so a note about setting up the bouncer on OPNsense. If you have the LAPI on a different machine you can currently only connected OPNsense to the using the command line. The LAPI options in the web interface are for defining the interface to bind to and run the LAPI on OPNsense itself. Which isn’t an issue, I just wanted it on a VM so it’s easier to keep online instead of it going down if the OPNsense it’s on fails. Plus I like to keep SSH disabled on my OPNsense devices and spend a bit of time using cscli on the LAPI VM from time to time.
- Comment on CrowdSec vs Fail2Ban - What to use? 2 weeks ago:
I’ve been thinking about going this route. What size subnet are you blocking? /24?
Only thing stopping me is I selfhost email and don’t want to ban say a whole subnet from Microsoft/Azure and end up blocking the outgoing servers for O365. I’m sure I can dig around and look at the prefixes to see which are used for which of their services just haven’t had the time yet.
- Comment on CrowdSec vs Fail2Ban - What to use? 2 weeks ago:
Crowdsec with a central LAPI server. You should install it on the servers themselves to monitor the application logs directly. Then every bouncer(firewall, router, edge device) connected to the LAPI will all block the same IPs. I got sick of repeat offenders and up the ban time to 1 year in hours.
- Comment on Biwatt releases 4.5 kWh sodium-ion battery - Energy Storage 2 weeks ago:
- Comment on Trump tells Canadians to Elect the guy who'll make them the 51st State of US [Canadian elections today] 3 weeks ago:
- Comment on FCC head Brendan Carr tells Europe to get on board with Starlink 5 weeks ago:
- Comment on Hedge fund billionaire says US may face ‘worse than a recession’ from Trump tariffs 5 weeks ago:
Should have thought of that when voting …
- Comment on America is fucked 5 weeks ago:
Where I live in Canada traffic moves for anything with lights(other than a tow truck unless of course they have an EMS escort). We pull up on to sidewalks, curbs, and anything really to clear a path. Heck I’ve seen people put their vehicle into a snow bank pr a ditch to get out of the way. I guess we’re of the mindset that others will do the same for us should we be the ones awaiting EMS to arrive or deliver us to an ER.
- Comment on Canadians could face detention if denied U.S. entry, Ottawa warns 1 month ago:
It’s time for travel.gc.ca to be updated to yellow for the US.
- Comment on Moving from Cloudflare tunnels for media streaming, first plan didn't work out due to double NAT 1 month ago:
Do not. I repeat do not expose Jellyfin to the internet. It has too many security issues to be direct accessible from the internet.
I use Jellyfin and only access it over WireGuard. I have a mesh setup between the routers at a few family members houses.
If you have absolutely no other way then to expose it to the internet you need to make sure that you whitelist only the approved IPs in your VPS firewall and block everything else.
- Comment on Encrypting data on local servers? 1 month ago:
- Comment on Encrypting data on local servers? 1 month ago:
I use LUKS on my systems. I use mandos and wireguard in intramfs to connect to a mandos server to unlock LUKS during boot.
- Comment on Sophos XG Firewall Home Use 1 month ago:
Nope. I’ll stick with OPNsense which is open source.
- Comment on Which non-US domain registrar to use? 1 month ago:
No upselling. Yes they might have something in the order process. Like when ordering a VPS you can add windows os or some control panel type software. I didn’t pay anything extra and my domains all have private whois details when lookups are done. The one thing they did offer in the order process for domain transfer was something to do with anycast DNS, but it was just a box on the page and wasn’t in your face or annoying.
No annoying emails either. I only get emails from them related to services I purchased from them which include changes to whois contacts(also usually get a email from CIRA for my .ca domains), bill PDF being ready for download, or additional IP is available and ready for use etc.
- Comment on Which non-US domain registrar to use? 1 month ago:
Canuck here. I’ve been moving all my domains from porkbun over to OVH. I still use desec.io for the DNS since they’re based in Germany and like to keep it separate from the registrar.
If OVH plays its cards right they’re going to be getting a lot more business from those looking to dump GCS, AWS, and Azure.
- Comment on [deleted] 1 month ago:
Stay in Canada and out of the US. I know this is not an option everyone. Do stay safe and do anything you can to protect yourself online and physically as well. Just wanted to add my support to those in the US who didn’t ask for this.
