Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)S

stratself

@ stratself @lemdro.id

Posts
5
Comments
112
Joined
9 mo. ago

  • Technitium DNS v15.1.0 released with OpenID Connect integration

    Jump

  • Hi, the other comments have said it pretty well, but you can also check out my previous post for some of the other comparisons.

    I went from Pihole > Adguard Home > Technitium, and stuck with the last one because it supports clustering (syncing data between nodes) and recursion (so no need for external Unbound). The interface is a bit complex and there is no dedicated documentation, but should be intuitive enough as you learn.

    If you want something simpler, I think Adguard Home is a better choice than Pihole as it natively supports encrypted DNS protocol, and has a sleeker UI. But other than that Technitium is nice as you expand your homelab eventually.

  • [Question]Selfhost a home-server with homed and OpenVFS?

    Jump

  • Did you try OpenVFS ever outside of Opencloud? Is that project even published yet?

  • Remote Code Execution in Forgejo?

    Jump

  • I'm not sure why this Lemmy post was titled "RCE in Forgejo" when it just links to a yet-to-be-proven exploit, and the post itself is just a boast on not disclosing the vuln and telling maintainers to duplicate efforts. Feels rather disingenuous.

    Other than that the idea of treating Forgejo as some sort of vendor to pull a carrot on is kind of a stupid joke. The security policy, even if lengthy, provides basis for collaboration. And these behaviors, although coming out the volunteer effort of a security researcher, does not exempt one from looking like an ass.

    Also see the Mastodon thread for more.

  • Cloudflare launches private mesh VPN (Tailscale-like) offering

    Jump

  • It's quite fine, but not as feature complete as the proprietary control plane. My main issue is that it doesn't support tailnet lock yet, and it'll take a while before they'll implement grants instead of the old ACL system

  • How do you use VPN?

    Jump

  • Yes, the app is the only "Android VPN". The exit node is deployed on another network, but there should be no problem deploying it locally.

    My phone would be attempting to make direct WireGuard connections to my other Tailscale nodes (be it the server, the exit node, or any other device), so it'll prefer local connections. When it can't (e.g. in a different and restrictive network), it will relay these traffic through DERP servers. Tailscale automate these processes very well, so no port forwarding is needed.

    Note that to establish these encrypted direct tunnels, Tailscale clients have to talk to a control server to fetch required metadata. I selfhost this piece via Headscale along with the DERP servers. The stack would be quite complicated for those who already had a wireguard tunnel, but I found myself liking it because Tailscale has other cool features too.

    Alternatively, I guess you could also do "split-route" by defining different peers in your Android WireGuard app, and use different AllowedIPs for them.

  • How do you use VPN?

    Jump

  • I use Tailscale with an exit node container that forwards all traffic to the commercial VPN via a wireguard config. This "hopping" solution serves me well enough, and works for Android too.

    If you want to simultaneously have two VPN interfaces, you may wanna consult this and this guide. The principle should apply with non-Tailscale wireguards too I think

  • help debugging LAN -> WAN connection

    Jump

  • Does restarting your router help in these moments? Might just be an underpowered router

    Do your devices use the router's DNS? If so is it still reachable? From the client? From the router machine?

    Might be some kind of DHCP bug too but I'm not well versed in it

  • Web-based document editing without Nextcloud?

    Jump

  • I don't think they require Nextcloud. Consider LaSuite Docs too if you need something simpler

  • Netbird The GOAT

    Jump

  • FWIW, you can use Headscale's embedded DERP server, or host your own. They need a STUN port and an HTTPS port

  • How to get a phone notification if my VPS goes offline?

    Jump

  • Ntfy can send/receive notifications to/from the phone. You can selfhost it or use a public instance. For the healthcheck app, consider Uptime Kuma as it has ntfy integration. But a simple cron script that monitors + cURLing ntfy when it fails could also be used.

  • What can I do with no job and no VPS?

    Jump
    • Why do you want your own Lemmy instance? Can't you just create a community on another instance?
    • May not be the answer you want, consider exposing your laptop's service(s) via Cloudflare Tunnels. That's the best way if you don't have an exposable public IP.
    • Lemmy and other services will make outbound requests and leak your residential IP. If this is a problem for you, you should proxy outbound traffic on the machine
    • Have you considered Oracle but in another region? Or do they geo-restrict you?
    • For questionable content, look onto moderation tooling for Lemmy. Keep watch on your media folder(s) regularly and delete offensive ones

  • Easiest to set up IAM solution? (OIDC, OAuth2, SSO, etc.)

    Jump

  • Protocol-wise, OIDC is generally the most supported out there. LDAP too, to an extent.

    Software wise, I find Kanidm quite simple to set up (basically just one container). It's mostly managed via the terminal though, and lacks some eyecandy. But some of the examples in its docs should be easy to follow and get you familiar with mapping scopes/groups between Kanidm and services.

    Authelia is okay too

  • Any tips on how to handle matrix moderation?

    Jump

  • Any good selfhosted instant messaging?

    Jump

  • I believe as of now, the databases do not diverge and hence a binary swap/container image swap is doable. If you already set up SSO logins, then I'm not sure because Continuwuity doesn't support that yet.

    Please re-ask the question with the folks in #continuwuity:continuwuity.org to be extra sure before doing anything. Oh and without saying, do clone and backup the data paths for easy reverts later

  • How do you manage messages across multiple apps?

    Jump

  • Matrix bridges or XMPP gateways (like Slidge) would help.

    Not sure how you'd tie them to tasks though. For Matrix, maybe you can set up a private room, and create a thread-based issue tracker with reference to your other chats' message IDs.

  • Any good selfhosted instant messaging?

    Jump

  • It's claimed to be official. But I went with https://continuwuity.org/ since it seemed to have a more active community. Plus ever since then, the core maintainer of Tuwunel has been making threats against Continuwuity including personal attacks, and seems to be quite unpleasant to deal with in general. There's also been a thread about it here. So I honestly lost all taste to reconsider.

  • Any good selfhosted instant messaging?

    Jump

  • For Matrix consider Continuwuity instead of Synapse if you want something easier to maintain. You'll also want to set up Element Call (i.e. the "new" calling stack) for wider client support.

    Notifications can be unreliable but it depends on your push provider (e.g. don't use the default ntfy.sh instance, use another one or selfhost yours). Do let me know of any other nits though.

    For XMPP, notifications is most reliable as it maintains an in-band connection to the server. A/V is a bit more lacking, as mobile clients can only do 1:1 calls, and it misses some smaller features compared to matrix. But it's very lightweight and should be more than capable for use with family and friends.

  • SSL certificates for things inside the lab

    Jump

  • Look into DNS-01 challenge where instead of exposing 80/443, you obtain a cert by creating a TXT record for your domain. This requires your ACME client to support talking to your DNS provider's API. For certbot they're installable via plugins, for lego-acme many providers are included.

  • Troubleshooting Bridges to WhatsApp and Signal

    Jump

  • Hello,

    Is it safe to use bridges at all? Who can read what on the server if I am using a bridge?

    The Whatsapp/Signal bridge-bot thing can decrypt your chat and store them in plain text. So technically, the bridge operators can see the contents of your messages. In your case, they are probably the same people running nope.chat.

    Unfortunately this is required for bridges to work across platforms.

    If you are technically inclined, you may consider selfhosting your own server and bridges to fully control your data. You can also enable end-to-bridge-encryption if need be.

    Second Concern: I keep getting invitations to a WhatsApp-Community I have never joined. I have declined the invitation but it keeps popping up. If I wanted to ban this chat I would have to ban the whole WhatsApp-Bot.

    I believe the best way is to ban this chat from the WhatsApp client directly. Alternatively, you can try banning the room in Matrix too.

  • Self-hosting @slrpnk.net
    stratself @lemdro.id

    PSA: If you are running a Matrix homeserver written in Rust, you'll need to upgrade NOW (see updates in comments)

  • Selfhosted @lemmy.world
    stratself @lemdro.id

    Technitium DNS v14 is released with support for clustering

    github.com /TechnitiumSoftware/DnsServer
  • Selfhosted @lemmy.world
    stratself @lemdro.id

    Made an alternative to Tailscale + Gluetun

  • Selfhosted @lemmy.world
    stratself @lemdro.id

    Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC