stratself
@stratself@lemdro.id
- Comment on 3 days ago:
Rsync depends on OpenSSH, but it definitely isn’t SFTP. I’ve tried using it against an SFTPGo instance, and lost some files because it runs its own binary, bypassing SFTPGo’s permission checks. Instead, I’ve opted for rclone with the SFTP backend, which does everything rsync do and is very well compliant.
In fact, while the main developer published a fix for this bug, he also expressed intention to drop support for the command entirely. I think I’m just commenting to give a heads up for any passerby.
- Comment on Reducing buffering when accessing Jellyfin via Tailscale 4 days ago:
Hi, I think OP wants their sibilings to directly connect to their PC, skipping any relays, even if it’s their VPS.
But if you are comparing setting up your own VPS instead of relaying through Tailscale’s DERP, then the answer is… it depends on the distance and whether you can establish VPS->Local VM direct connections.
I found opening a specified port for Tailscale on the VPS to help with direct connections with CGNAT’d peers. I’m not familiar with Pangolin, but I think the same principle applies as long as at least one address:port combination is agreed between Wireguard peers.
If I’m being honest though, before doing all this, try asking your ISPs for IPv6 to avoid these cumbersome things together.
- Comment on Reducing buffering when accessing Jellyfin via Tailscale 5 days ago:
If both your Jellyfin server and your siblings are behind residential CGNAT, then high chance your connections are relayed through Tailscale’s DERP servers. You can check with
tailscale ping
-ing your sibilings’ nodes.If this is the case, you may consider selfhosting your own DERP somewhere close to you, but I’d argue the performance gains are minimal compared to the extra costs. Another solution may be to enable IPv6 for both you and your siblings, skipping NAT traversal.
This is all assuming you can direct play (i.e. not transcoding) your media. If you’re transcoding, then it’s good to look into hardware acceleration like the other comment mentioned, too
- Comment on Tailscale difficulties 2 weeks ago:
try adding the sysctls parameters to this docker container
- Comment on Share single service via WireGuard 2 weeks ago:
Is there a way for a Wireguard peer to advertise AllowedIPs similar to Tailscale’s subnet routings? If that’s right, perhaps you can configure your host’s address as one of the AllowedIPs on the OpenWRT peer, and skip port forwarding too
- Comment on Need some help with networking - tailscale, gluetun etc 3 weeks ago:
Two separate functions should go into two separate nodes
- Run Tailscale binary on host. Connect to Jellyfin server using that node’s IP address.
and
- Run Gluetun + another Tailscale instance in containers. Don’t use host networking, use bridge or something else. Connect to that node as an exit node
As an alternative to Gluetun + Tailscale I propose tswg (my project)
- Comment on How to make a Tailscale-like mesh VPN work without the internet? 3 weeks ago:
I’ve vaguely thought about this with Split DNS.
My concern would be the need to set up some non-Tailnet mechanism to expose it to the internet and keep it secure. Either port forwarding, Pangolin, or even using Funnel… all of which would be better off on a separate device (and maybe a separate VLAN)
It’d be an interesting idea for sure, perhaps for when I can get myself the separate Headscale-dedicated device
- Comment on How to make a Tailscale-like mesh VPN work without the internet? 3 weeks ago:
That’s a nice thing with Wireguard yea. I’ll keep this in mind if ever I can grok Tailscale to do such things
- Submitted 3 weeks ago to selfhosted@lemmy.world | 6 comments
- Comment on What is the current state of Matrix? 3 weeks ago:
- DNS adjustments aren’t needed if you do .well-known delegations which is easier
- Can recommend continuwuity, it runs much better on less resources. Lacks certain features compared to Synapse but overall good
- Notifications (and read markers) depend on client-specific black magic to work
- Federation do sometimes silent-fail completely, you can reset continuwuity’s cache when that happens. But full room history convergence needs patience
- Don’t join large rooms unless your server can handle the load
- Don’t host public rooms without modbots
The many small bugs make Matrix still bad - I wouldn’t recommend a non-tech user unless accompanied by a 24/7 admin. It is trying to improve but very slow because of reasons
- Comment on 18% of people running Nextcloud don't know what database they are using 4 weeks ago:
Should’ve specifically asked the operators/hosters if they need a better answer. But this has more engagement so
- Comment on Alternative to NordVPN Meshnet? 5 weeks ago:
Worth noting that there’s an open issue to support Wireguard peers into Headscale, so you could use it with e.g. a wg0.conf file from upstream
- Comment on Alternative to NordVPN Meshnet? 5 weeks ago:
If you can selfhost an exit node (and since you’re asking in /c/selfhosted), I wanna shamelessly plugin my solution: github.com/stratself/tswg. Basically mount a WireGuard config from Nord or any upstream VPN, and the container use it to create an exit node on that VPN for you.
There are other gluetun + tailscale solutions that are worth a look too
- Comment on How to selfhost with a VPN 5 weeks ago:
Ah right, completely forgot about that (80 for HTTP-01, 443 for TLS-ALPN-01)
- Comment on How to selfhost with a VPN 5 weeks ago:
Thanks for the guide. How did you get the VPN forwarded port? I believe this depends on the VPN provider’s software?
- Comment on How to selfhost with a VPN 5 weeks ago:
Let’s Encrypt are rolling out IP-based certs, you may wanna follow its development. I’m not sure if it could be used for your forwarded VPN port, but it’d be nice anyhow
- Comment on Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC 1 month ago:
I’ve poked around Homarr’s setup a bit, and it seems like it can run rootless after a few tweaks!
For anyone interested, I’ve written a POC and feature request here - github.com/homarr-labs/homarr/issues/3913
Hope it can be officially supported
- Comment on Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC 1 month ago:
Thanks for the advice. I’m already using podman rootless with custom subuid/subgid, which should achieve the same thing
- Comment on Started hosting my own Nextcloud and its awesome! 1 month ago:
I agree that the file sync is good. They (and owncloud afaik) are the only ones supporting virtual files on windows where you only download files when needed, saving storage space.
I suppose these fancy file features (bidirectional syncing, advanced conflict resolution etc) are targeted to the enterprise, not home users. So it’s natural they’d include it with a bunch of bells and whistles that are half as good
- Comment on Started hosting my own Nextcloud and its awesome! 1 month ago:
Owncloud had a rewrite called oCIS (Owncloud Infinite Scale). Then it was bought by Kiteworks. Then many of the core devs switched to a new product/company called Opencloud. There’s been quite some history over the past few years
- Submitted 1 month ago to selfhosted@lemmy.world | 7 comments
- Comment on HELP: Wireguard for home network with remote exit node 1 month ago:
Hey, glad you got it working. I’m late to the party, but I got a similar solution here: github.com/stratself/tswg. Basically just mounts your own wg.conf to the container and get Tailscale connected over it
Since Wireguard is peer-to-peer, I suppose the “intended” way is to install Tailscale on every client. But it is possible to use the router as a VPN gateway as per this [OpenWRT guide])openwrt.org/docs/guide-user/services/vpn/…/start#…). Hope you get it working anyhow