TCB13

TCB13, 1 year ago

I’m not upset, just wondering / looking for way to keep the potato from growing further and/or alternatives.

TCB13, 1 year ago

This isn’t reasonable at all, 700MB of ram + 10GB of storage for a simple webui that charts sensor data and only keeps it for 10 days.

TCB13, 1 year ago

What I’m going to do is setup HA Core on a container manually and run without addons / docker. That will be about installing python and should waste way less resources.

TCB13, 1 year ago (edited 10 months ago)

If you don’t need the addons you don’t need Docker. HA Core is a python script with a few dependencies that can run with pyenv and a simple systemd service unit at every boot.

TCB13, 1 year ago

Yes, but I would rather do it inside a LXC container.

TCB13, 1 year ago

I wasn’t aware that node-red existed until this post :P

TCB13, 1 year ago

Interesting. I’ll have to check what might be logging so much info.

TCB13, 1 year ago (edited 10 months ago)

You can selfhost the email server wherever you want. But you’ve to use some external system to deliver the email or you’ll end up in spam because your residential IP is most likely dynamic and already flagged by most email providers.

One way to do it is to get a VPS somewhere and setup Wireguard on it. Then configure your local system to bind to the Wireguard interface and IP so all email send and received using the tunnel. Dovecot doesn’t care what interface it is running on, Postfix has specific options that you can change in master.cf to accommodate the fact that it will be binding to the VPN IP and the real IP is the VPS public IP.

1. Setup a install of Dovecot / Postfix / Rspamd on your local server: workaround.org/ispmail-bookworm/
2. Start by setting up a Wireguard tunnel between your local server and the VPS: digitalocean.com/…/how-to-set-up-wireguard-on-ubu…
3. Create a outgoing transport for the email that uses the WG tunnel and is aware of the VPS public IP:

<span style="color:#323232;">out-wg      unix  -       -       n       -       -       smtp
</span><span style="color:#323232;"> -o proxy_interfaces=188.xxx.xxx.xxx # the real public IP of the VPS
</span><span style="color:#323232;"> -o smtp_bind_address=10.0.0.2 # the IP that your local server has on the WG interface
</span><span style="color:#323232;"> -o inet_interfaces=10.0.0.2 # same as above
</span><span style="color:#323232;"> -o myhostname=server.example.org # should match the PTR / reverse DNS entry on the VPS IP
</span><span style="color:#323232;"> -o smtp_helo_name=server.example.org # should match the PTR / reverse DNS entry on the VPS IP
</span><span style="color:#323232;"> -o syslog_name=smtp-wg
</span>

4. Set your VPS firewall to NAT/forward incoming traffic on port 25, 587, 465 and 993 to the local server (wireguard client 10.0.0.2);
5. Change main.cf to use the transport by adding: default_transport = out-wg.

That’s everything you need to get it going. Use www.mail-tester.com to debug if DKIM and everything else is properly setup at the end.

TCB13, 1 year ago (edited 10 months ago)

Your basic requirements are:

• Some kind of domain / subdomain payed or free;
• Preferably Home ISP that has provides public IP addresses - no CGNAT BS;
• Ideally a static IP at home, but you can do just fine with a dynamic DNS service such as freedns.afraid.org.

Quick setup guide and checklist:

1. Create your subdomain for the dynamic DNS service freedns.afraid.org and install the daemon on the server - will update your domain with your dynamic IP when it changes;
2. List what ports you need remote access to;
3. Isolate the server from your main network as much as possible. If possible have then on a different public IP either using a VLAN or better yet with an entire physical network just for that - avoids VLAN hopping attacks and DDoS attacks to the server that will also take your internet down;
4. If you’re using VLANs then configure your switch properly. Decent switches allows you to restrict the WebUI to a certain VLAN / physical port - this will make sure if your server is hacked they won’t be able to access the Switch’s UI and reconfigure their own port to access the entire network. Note that cheap TP-Link switches usually don’t have a way to specify this;
5. Configure your ISP router to assign a static local IP to the server and port forward what’s supposed to be exposed to the internet to the server;
6. Only expose required services (nginx, game server, program x) to the Internet us. Everything else such as SSH, configuration interfaces and whatnot can be moved to another private network and/or a WireGuard VPN you can connect to when you want to manage the server;
7. Use custom ports with 5 digits for everything - something like 23901 (up to 65535) to make your service(s) harder to find;
8. Disable IPv6? Might be easier than dealing with a dual stack firewall and/or other complexities;
9. Use nftables / iptables / another firewall and set it to drop everything but those ports you need for services and management VPN access to work - 10 minute guide;
10. Configure nftables to only allow traffic coming from public IP addresses (IPs outside your home network IP / VPN range) to the Wireguard or required services port - this will protect your server if by some mistake the router starts forwarding more traffic from the internet to the server than it should;
11. Configure nftables to restrict what countries are allowed to access your server. Most likely you only need to allow incoming connections from your country and more details here.

Realistically speaking if you’re doing this just for a few friends why not require them to access the server through WireGuard VPN? This will reduce the risk a LOT and won’t probably impact the performance. Here a decent setup guide and you might use this GUI to add/remove clients easily.

Don’t be afraid to expose the Wireguard port because if someone tried to connect and they don’t authenticate with the right key the server will silently drop the packets.

Now if your ISP doesn’t provide you with a public IP / port forwarding abilities you may want to read this in order to find why you should avoid Cloudflare tunnels and how to setup and alternative / more private solution.

TCB13, 1 year ago (edited 1 year ago)

Why bother with Windows? Mostly the same reasons moving from Windows to a Mac can be a pain, however on macOS you get better professional software support and less reasons to virtualize Windows from time to time. To be fair, what’s the point of using X operating system if some of the tools you need require a virtual machine or you’ve to use alternatives that are sub-par, will make you waste time and have a worse experience. Again even under macOS with Microsoft’s own MS Office for Mac things sometimes aren’t as compatible as they should be.

Linux desktop is great, I love it but I don’t sugar coat it nor I’m delusional like most posting about it. Here is a list of cases that aren’t easy to deal in Linux:

• People who need the real MS Office because once you have to collaborate with others Open/Libre/OnlyOffice won’t cut it;
• Designers who use Adobe apps that won’t run properly without having a dedicated GPU, passthrough and a some hacky way to get the image back into your main system that will cause noticeable delays;
• People that run old software / games because not even those will run properly on Wine;
• Electrical engineers: Circuit Design Suite (Multisim and Ultiboard) are primarily designed for Windows. Alternatives such as KiCad and EasyEDA may work in some cases but they aren’t great if you’ve to collaborate with others who use Circuit Design Suite;
• Labs that require data acquisition from specialized hardware because companies making that hardware won’t make drivers and software for Linux;
• Architects: AutoCAD isn’t available (not even the limited web version works) and Libre/FreeCAD don’t cut it if you’ve to collaborate with AutoCAD users;
• Developers and sysadmins, because not everyone is using Docker and Github actions to deploy applications to some proprietary cloud solution. Finding a properly working FTP/SFTP/FTPS desktop client (similar WinSCP or Cyberduck) is an impossible task as the ones that exist fail even at basic tasks like dragging and dropping a file.

If one lives in a bubble and doesn’t to collaborate with others then native Linux apps might work and might even deliver a decent workflow. Once collaboration with Windows/Mac users is required then it’s game over – the “alternatives” aren’t just up to it.

Windows licenses are cheap and things work out of the box. Software runs fine, all vendors support whatever you’re trying to do and you’re productive from day zero. Sure, there are annoyances from time to time, but they’re way fewer and simpler to deal with than the hoops you’ve to go through to get a minimal and viable/productive Linux desktop experience. It all comes down to a question of how much time (days? months?) you want to spend fixing things on Linux that simply work out of the box under Windows for a minimal fee. Buy a Windows license and spend the time you would’ve spent dealing with Linux issues doing your actual job and you’ll, most likely, get a better ROI.

Also, the guys take on “what you go for it’s entirely your choice” when it comes to DE is total BS. What usually happens is that you’ll eventually find out while you can use any DE in fact GNOME will provide a better experience because most applications on Linux are design / depend on its components and installing them on KDE will simply give you small issues here and there, windows that don’t pick on your theme or simply create a frankenstein of a system composed by KDE + a bunch of GTK components.

TCB13, 1 year ago (edited 1 year ago)

• Linux desktop provides entertainment, countless hours of trying to get things running properly / a bearably usable operating system to end up with something that may work fine for your workflows unless you’ve to collaborate with others.
• Windows provides ROI, get a cheap license and be up and running with all the professional software properly supported, easy to install and seamless collaboration with other professionals. Required daily use to work properly.
• macOS is a “toaster OS”, perfect for your weekend internet surfing activities, all polished, won’t nag you much about anything and ready to work even if you don’t use the computer for months.

Both macOS and Linux suffer from the same issue when it comes to software, people end up having to virtualize something they require but at least in macOS that’s more rare and there’s professional software like MS Office and Adobe apps for it :)

TCB13, 1 year ago

My question is: what’s wrong with browser bookmarks and something SIMPLE to sync them between like devices like floccus (+ webdav server)?

TCB13, 1 year ago

What’s the real difference between an “anarchist communist” and a “communist”? The first one can have “personal property” while the second cant? So… an anarchist communist can own a car but not a house? According to the internet “personal property” is everything that can be moved (not real estate) and isn’t considered for production of something…

TCB13, 1 year ago

It’s 2024, avoid Proxmox and safe yourself a LOT of headaches down the line.

You most likely don’t need Proxmox and its pseudo-open-source bullshit. My suggestion is to simply with with Debian 12 + LXD/LXC, it runs VMs and containers very well. Proxmox ships with an old kernel that is so mangled and twisted that they shouldn’t even be calling it a Linux kernel. Also their management daemons and other internal shenanigans will delay your boot and crash your systems under certain circumstances.

What I would suggest you to use use instead is LXD/Incus.

LXD/Incus provides a management and automation layer that really makes things work smoothly - essentially what Proxmox does but properly done. With Incus you can create clusters, download, manage and create OS images, run backups and restores, bootstrap things with cloud-init, move containers and VMs between servers (even live sometimes).

Another big advantage is the fact that it provides a unified experience to deal with both containers and VMs, no need to learn two different tools / APIs as the same commands and options will be used to manage both. Even profiles defining storage, network resources and other policies can be shared and applied across both containers and VMs.

I draw your attention to containers (not docker), LXC containers because for most people full virtualization isn’t even required. In a small homelab if you can have containers that behave like full operating systems (minus the kernel) including persistence, VMs might not be required. Either way LXD/Incus will allow for both and you can easily mix and match and use what you require for each use case.

For eg. I virtualize the official HomeAssistant image with LXD because we all know how hard is to get that thing running, however my NAS / Samba shares are just a LXD Debian 12 container with Samba4, Nginx and FileBrowser. Sames goes for torrent client that has its own container. Some other service I’ve exposed to the internet also runs a full VM for isolation.

Like Proxmox, LXD/Incus isn’t about replacing existing virtualization techniques such as QEMU, KVM and libvirt, it is about augmenting them so they become easier to manage at scale and overall more efficient. I can guarantee you that most people running Proxmox today it today will eventually move to Incus and never look back. It woks way better, true open-source, no bugs, no BS licenses and way less overhead.

Yes, there’s a WebUI for LXD as well!

https://lemmy.world/pictrs/image/9caa6ea8-17b1-48f6-a8c2-ff3f606f3482.pnghttps://lemmy.world/pictrs/image/a5a110b2-ed6f-431f-a767-0a21fb337a6b.png

TCB13, 1 year ago

why is it Postgres db…

Why on earth are you using that? Just use WebDAV, you’ll only be required to have some WebDAV server such as Nginx and it will sync GB of notes without issues. joplinapp.org/help/apps/sync/webdav/ medium.com/…/build-a-webdav-server-with-nginx-866…

I would’ve NEVER ever moved to Joplin if it wasn’t able to sync with WebDAV. I’m not into having a special daemon running on a server for that task, makes zero sense.

TCB13, 1 year ago

Why docker?

Its all about companies re-creating and reconfiguring the way people develop software so everyone will be hostage of their platforms. We see this in everything now Docker/DockerHub/Kubernetes and GitHub actions were the first sign of this cancer.

We now have a generation of developers that doesn’t understand the basic of their tech stack, about networking, about DNS, about how to deploy a simple thing into a server that doesn’t use some Docker or isn’t a 3rd party cloud xyz deploy-from-github service.

oh but the underlying technologies aren’t proprietary

True, but this Docker hype invariably and inevitably leads people down a path that will then require some proprietary solution or dependency somewhere that is only required because the “new” technology itself alone doesn’t deliver as others did in the past. In this particular case is Docker Hub / Kubernetes BS and all the cloud garbage around it.

oh but there are alternatives like podman

It doesn’t really matter if there are truly open-source and open ecosystems of containerization technologies because in the end people/companies will pick the proprietary / closed option just because “it’s easier to use” or some other specific thing that will be good on the short term and very bad on the long term. This happened with CentOS vs Debian is currently unfolding with Docker vs LXC/RKT/Podman and will happen with Ubuntu vs Debian for all those who moved from CentOS to Ubuntu.

lots of mess in the system (mounts, fake networks, rules…)

Yes, a total mess of devices hard to audit, constant ram wasting and worse than all it isn’t as easy change a docker image / develop things as it used to be.

TCB13, 1 year ago

I’m more worried about what’s going to happen to all the self-hosters out there whenever Cloudflare changes their policy on DNS or their beloved free tunnels. People trust those companies too much. I also did at some point, until I got burned by DynDNS.

TCB13, 1 year ago

Yes, mostly gpt4all.io only to find out that even the “uncensored” models are bullshit and won’t even provide you with a Windows XP Pro key. That’s kind of my benchmark for models nowadays. :P

TCB13, 1 year ago

This post is proof that Linux desktop isn’t as good, perfect and polished as everyone says it is. Stop living in the delusion.

TCB13, 1 year ago

What am I doing wrong here?

Using Nextcloud for anything obviously. I do the same with Nginx / simple WebDAV server and everything works just fine.

TCB13, 1 year ago

Everything was fine until…

these are PCIe Gen3 x2 only

Fucks sake. I’ve seen ARM board with PCI better than that.

TCB13, 1 year ago

Why not install Linux on them?

Because 1) it wont cut it and 2) when Windows 10 EOLs (and trust me MS will extend the current date) those machines will be trash either way.

TCB13, 1 year ago

It depends. They’re simply the most annoying drives out there because Seagate on their wisdom decided to remove half of the SMART data from reports and they won’t let you change the power settings like other drives. Those drives will never spin down, they’ll even report to the system they’re spun down while in fact they’ll be still running at a lower speed. They also make a LOT of noise.

TCB13, 1 year ago

Its… Debian.

TCB13, 1 year ago

Is this yet another MS product like VSCode that is free forever but has a license that only allows to official builds to be used and/or running on their servers or…?