stratself

@stratself@lemdro.id

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Need some help with networking - tailscale, gluetun etc⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Two separate functions should go into two separate nodes
1. Run Tailscale binary on host. Connect to Jellyfin server using that node’s IP address.
and
1. Run Gluetun + another Tailscale instance in containers. Don’t use host networking, use bridge or something else. Connect to that node as an exit node
As an alternative to Gluetun + Tailscale I propose tswg (my project)
⁨Comment⁩ on ⁨How to make a Tailscale-like mesh VPN work without the internet?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
I’ve vaguely thought about this with Split DNS.

My concern would be the need to set up some non-Tailnet mechanism to expose it to the internet and keep it secure. Either port forwarding, Pangolin, or even using Funnel… all of which would be better off on a separate device (and maybe a separate VLAN)

It’d be an interesting idea for sure, perhaps for when I can get myself the separate Headscale-dedicated device
⁨Comment⁩ on ⁨How to make a Tailscale-like mesh VPN work without the internet?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
That’s a nice thing with Wireguard yea. I’ll keep this in mind if ever I can grok Tailscale to do such things
How to make a Tailscale-like mesh VPN work without the internet?
Submitted ⁨⁨6⁩ ⁨days⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨6⁩ ⁨comments⁩
⁨Comment⁩ on ⁨What is the current state of Matrix?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
- DNS adjustments aren’t needed if you do .well-known delegations which is easier
- Can recommend continuwuity, it runs much better on less resources. Lacks certain features compared to Synapse but overall good
- Notifications (and read markers) depend on client-specific black magic to work
- Federation do sometimes silent-fail completely, you can reset continuwuity’s cache when that happens. But full room history convergence needs patience
- Don’t join large rooms unless your server can handle the load
- Don’t host public rooms without modbots
The many small bugs make Matrix still bad - I wouldn’t recommend a non-tech user unless accompanied by a 24/7 admin. It is trying to improve but very slow because of reasons
⁨Comment⁩ on ⁨18% of people running Nextcloud don't know what database they are using⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Should’ve specifically asked the operators/hosters if they need a better answer. But this has more engagement so
⁨Comment⁩ on ⁨Alternative to NordVPN Meshnet?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Worth noting that there’s an open issue to support Wireguard peers into Headscale, so you could use it with e.g. a wg0.conf file from upstream
⁨Comment⁩ on ⁨Alternative to NordVPN Meshnet?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
If you can selfhost an exit node (and since you’re asking in /c/selfhosted), I wanna shamelessly plugin my solution: github.com/stratself/tswg. Basically mount a WireGuard config from Nord or any upstream VPN, and the container use it to create an exit node on that VPN for you.

There are other gluetun + tailscale solutions that are worth a look too
⁨Comment⁩ on ⁨How to selfhost with a VPN⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Ah right, completely forgot about that (80 for HTTP-01, 443 for TLS-ALPN-01)
⁨Comment⁩ on ⁨How to selfhost with a VPN⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Thanks for the guide. How did you get the VPN forwarded port? I believe this depends on the VPN provider’s software?
⁨Comment⁩ on ⁨How to selfhost with a VPN⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Let’s Encrypt are rolling out IP-based certs, you may wanna follow its development. I’m not sure if it could be used for your forwarded VPN port, but it’d be nice anyhow
⁨Comment⁩ on ⁨Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I’ve poked around Homarr’s setup a bit, and it seems like it can run rootless after a few tweaks!

For anyone interested, I’ve written a POC and feature request here - github.com/homarr-labs/homarr/issues/3913

Hope it can be officially supported
⁨Comment⁩ on ⁨Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Thanks for the advice. I’m already using podman rootless with custom subuid/subgid, which should achieve the same thing
⁨Comment⁩ on ⁨Started hosting my own Nextcloud and its awesome!⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I agree that the file sync is good. They (and owncloud afaik) are the only ones supporting virtual files on windows where you only download files when needed, saving storage space.

I suppose these fancy file features (bidirectional syncing, advanced conflict resolution etc) are targeted to the enterprise, not home users. So it’s natural they’d include it with a bunch of bells and whistles that are half as good
⁨Comment⁩ on ⁨Started hosting my own Nextcloud and its awesome!⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Owncloud had a rewrite called oCIS (Owncloud Infinite Scale). Then it was bought by Kiteworks. Then many of the core devs switched to a new product/company called Opencloud. There’s been quite some history over the past few years
Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC
Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨7⁩ ⁨comments⁩
⁨Comment⁩ on ⁨HELP: Wireguard for home network with remote exit node⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Hey, glad you got it working. I’m late to the party, but I got a similar solution here: github.com/stratself/tswg. Basically just mounts your own wg.conf to the container and get Tailscale connected over it

Since Wireguard is peer-to-peer, I suppose the “intended” way is to install Tailscale on every client. But it is possible to use the router as a VPN gateway as per this [OpenWRT guide])openwrt.org/docs/guide-user/services/vpn/…/start#…). Hope you get it working anyhow