maiskanzler

@maiskanzler@feddit.de

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Cloudflare is bad. Youre right.⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Nice, thank you!
⁨Comment⁩ on ⁨Cloudflare is bad. Youre right.⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Oh neat! That looks like a perfect fit for me! I saved your post and will come back to it once the biyearly “just f*ing fo it again” motivation hits me once more :D
⁨Comment⁩ on ⁨Cloudflare is bad. Youre right.⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Yes, I do loose the origin IP and I’m a little bugged by it. It also means that ALL traffic incoming on a specific port of that VPS can only go to exactly ONE private wireguard peer. You could avoid both of these issues by having the reverse proxy on the VPS (which is why cloudflare works the way it does), but I prefer my https endpoint to be on my own trusted hardware. That’s totally my personal preference though.

I trust my VPS provider to not be interested enough in my data to setup special surveillance tooling for each and every possible software combination their customers might have. Cloudflare on the other hand only has their own software stack to monitor and all customers must adhere to it. It’s by design much easier for them to do statistics or snooping.
⁨Comment⁩ on ⁨Cloudflare is bad. Youre right.⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I am using the smallest tier VPS from IONOS for 1€/month. Good, reliable and trustworthy as it is a subsidiary of 1&1 telecommunications.
⁨Comment⁩ on ⁨Cloudflare is bad. Youre right.⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Rent a VPS, point DNS to it, have it act as central wireguard peer and connect your server(s). Then bridge incoming traffic to server via socat or firewall rules. Done
⁨Comment⁩ on ⁨Cloudflare is bad. Youre right.⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Sure it’s easy to set up, but the same behaviour is what I get with my handrolled solution. I rent a cheap VPS with a fixed IP solely for forwarding all traffic through wireguard. My DNS entries all point to the VPS and my servers connect to the VPS to be reachable. It is absolutely network agnostic and does not require any port shenanigans on the local network nor does it require a fixed IP for the internet connection of my home server.

Data security wise the HTTPS terminates on my own hardware (homeserver with reverse proxy) and the wireguard connection is additionally encrypted. There are no secrets or certificates on the rented VPS beyond the bare minimum for the wireguard tunnel and my public key for SSH access.

Shuttling the packets on the VPS (inet to wireguard) is done by socat because I haven’t had the will or need to get in the weeds with nftables/iptables. I am just happy that it works reliably and am happy to loose some potential bandwidth to the kernelspace/userspace hoops.
⁨Comment⁩ on ⁨Light system monitor service with Home Assistant integration⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
There’s prometheus node exporter which can collect such data from several hosts. You can hook it up with Grafana for neat dashboards and I’m almost sure it also integrates with Homeassistant.
⁨Comment⁩ on ⁨Community⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Make sure you upgrade your Emotional Damage attack points!
⁨Comment⁩ on ⁨My Overconfidence Killed Me and My Immich Installation⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
What? I’ve never had the feeling that nextcloud assumes that. Are you using a special all-in-one docker image? Because I am using the regular one and pair it with db, redis etc. containers and am absolutely happy with it.
⁨Comment⁩ on ⁨Backblaze B2 vs other storage providers to store legally ripped media⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I’ve used restic before and it worked great with OVH’s object storage. Moved away from cloud backups because of the cost though.
⁨Comment⁩ on ⁨Backblaze B2 vs other storage providers to store legally ripped media⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Yeah, has anyone ever actually tried restoring from then? I only remember one disgruntled redditor posting about it, but that’s about it.
⁨Comment⁩ on ⁨Backblaze B2 vs other storage providers to store legally ripped media⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Depends a lot on what backup software you use. Blackbase B2 ist just an S3-like object storage service. It’s the underlying software stack of many different things, one of those can be backup software. They do have their own backup solution though. But in that case B2 is the wrong product for you to look at.
⁨Comment⁩ on ⁨Backblaze B2 vs other storage providers to store legally ripped media⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
But Borg does not work with object storage, it needs a borg process on the receiving side.
⁨Comment⁩ on ⁨Europe's biggest 3D-printed building rises in just 140 hours⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Oh and you also need a decently sized stone crusher for all your failed attempts and speedbenchies.
⁨Comment⁩ on ⁨Can serial killers sell their carbon offsets?⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
She might even argue for significantly more hours if she wipes out an entire blood line at once.
⁨Comment⁩ on ⁨Article suggests that 1 million ML specialists will be needed in 2027. What do you think of that?⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Whenever a new hype is going around I like to think back about the 3D printing craze and how little is left of all the glorious promises.

They are cool and a neat way of manufacturing things, but what they are absolutely not is magic machines.

AI/ML will find it’s niche and will allow for new and even exciting things, but it won’t be the end-all-be-all in it’s current form. It’s an overgrown version of statistics after all.
⁨Comment⁩ on ⁨Survive the zombie apocalypse⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
I’m fine with three! Tent, Flashlight and Camera. That way I’ll have the easiest way out by being the sidecharacter who gets murdered during the exposition before it all goes to shit.
⁨Comment⁩ on ⁨What does it look like for a YouTube creator when the audience uses something like NewPipe or Freetube?⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
+1 NewPipe Germany
⁨Comment⁩ on ⁨Can’t log into my Nextcloud⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Have a look into the logs of nc and see if it complains about a trusted proxy or similar. The ip range within a container network often changes between resstarts and that was a problem for me with my reverse proxy setup.
⁨Comment⁩ on ⁨⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
+1 for MTU and persistent keepalive. The last one helps if the connection is lost after a certain amount of time and does not recover, the first is often the problem when connection is intermittent or just “weird”.

Setting MTU requires knowing the MTU of your connection. Many ISPs provide IPv4 encapsulated in IPv6 protocol (Dual Stack Lite, I believe), meaning that from the regular package size you have to deduct the overhead of the encapsulation and if I remember correctly, also the package overhead for wireguard.
⁨Comment⁩ on ⁨What's the best way to run a temporary eth cable?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Yeah that made a massive dufference for me. Then again, it was unshielded cable so what did I expect?
⁨Comment⁩ on ⁨What's the best way to run a temporary eth cable?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
But also unshielded so uncoil them entirely and do not lay them next to other data lines. I had so many dropped packages because of that.
⁨Comment⁩ on ⁨Wisest Upgrade from Raspberry Pi⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Intel’s low power offerings are sometimes even less power hungry than a RPi and handle more stuff. I like Asrock’s line of CPU-onboard motherboards and use one myself. You get the convenience of a full x86 machine but it sips power. Mine peaks at ~36W with full load on CPU, GPU, RAM and 4 SSDs or disks. Usually it is much much lower. You can always go smaller with an Atom x5 z8300 (~2W Idle without disks or network, 6W with both and some load), but those are getting a little old and newer stuff is better and more feature-rich. Maybe an N100 machine with 4 or 8 gigs of RAM are a good option for you? Don’t go overboard with RAM if you are using docker for everything anyways. I use 8 but 4 would be more than enough for me and my countless containers. I run Nextcloud, Jellyfin, Paperless-ngx, Resilio, Photoprism and a few more. Only the minecraft server benefits from more than four. Very happy with my J5005 board.
⁨Comment⁩ on ⁨Another good reason not to open port 22⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Fair point. These logs are only useless chatter anyway for everyone with proper key auth.
⁨Comment⁩ on ⁨Scammers vs Impossible Password Game⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Some insanely great moments in there! At least twice he slipped in a subtle meme into what he said and it just went over the scammer’s heads entirely.
⁨Comment⁩ on ⁨Last week I posted about my custom 3D printer⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
The algorithm has put us in a group of similar interests I guess, haha! Your design looks very neat (and strong too)!
⁨Comment⁩ on ⁨Last week I posted about my custom 3D printer⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Looks cool! Designing my own printer has been on my practically infinite list of projects for a long time, so it’s nice to see you do yours.

I recently stumbled upon a video series you might enjoy about designing 3d printed parts creatively and with the full possibilities of 3d printed geometries in mind. Careful, it has rabbithole potential!