How to go about self hosting a wiki of repair guides?
Boring
1 Post – 31 Comments
Joined 1 years ago
I'm a tinkering nerd, so I like to have a headless Linux box.
I did use self hosting operating systems in the beginning, and they're nice. However, when I tried just a plain Ubuntu headless install, I felt way more accomplished after getting everything working.
I would have a failsafe, like use a major email provider for emails that you need to go through for like work order government stuff.
Hosting your own email is a great learning experience and is fun to do; but your emails will get marked as spam, you'll have to constantly perform maintenance, and have major reliability issues.
Most of the issues youll have are fine for personal use, but is dicey if you plan to migrate 100%
Edit: receiving email is less of an issue of sending. The forwarder should be reliable, however, its the sending from the forwarding address that would possibly be an issue.
You can tunnel RDP over SSH. Then you'd only open a port that requires authentication to access and is encrypted.
Did a little research and seems to be a PIA issue; they don't provide config files.. But there is a workaround: https://github.com/pia-foss/manual-connections
Or a Python script to obtain a config file: https://github.com/hsand/pia-wg
But there are other VPNs that will let you download config files for use, I have no idea why PIA makes it hard.
You would need to create a docker image or some sort of container/VM (container preferred) to host wireguard. This is what I personally use: https://github.com/wg-easy/wg-easy
Subnetting and VLANs can get hard to conceptualize when they are virtualized on a single machine.
I'd suggest going to draw.io and making a logical network diagram so that you can have a reference when setting up your network.
If you want EVERYTHING going through piHole which is on a different subnet, easiest way I've done it was make going through the pihole necessary to make it to the default gateway.
But if you have a different situation for pihole you can set up DNS relays.
Personally I'd just spin up a wireguard container with a GUI, user friendly and you can add anyone to your VPN in like 2 minutes wherever you are.
Most advanced part would be forwarding port 51820
A reverse proxy like nginx can automatically implement it for you. Probably the easiest way of generating and using your own SSL with let's encrypt is a reverse proxy.
I use keepassXC and sync across my devices with nextcloud and VPN to my home network with wire guard and this setup has never failed me.
I've toyed around with passbolt, and I really want to try because it just looks cool to me, but I keep having trouble with it playing nice with my reverse proxy.
My personal preference is hosting it myself on my own server and using a VPN to get to it. It gives me peace of mind because I'm not a big enough target for someone to try that hard to get my passwords and I'm not exposed to bitwarden or dashlane getting breached.
So you don't have the root database password, or just the Lemmy user password?
Might be worth it to make a new database and create a new Lemmy user and migrate data from the backup.
I found this article which might help: https://www.postgresqltutorial.com/postgresql-administration/postgresql-reset-password/
I've only ever used Maria dB so YMMV.
Honestly servers don't need to be speced out of oblivion. I use a 10 year old desktop and added a 1TB ssd and it does 99% of what I want it too.
Most important thing for a server is probably the CPU and making sure it has as many cores as possible and maybe hyper threading because you'll be running a lot if simultaneous services and users.
You're probably not exposed to the big internet. But that's no excuse for poor security. I'd look up a hardening guide for your operating system.
You should also look up hardening guides for any applications you plan to run, and follow simple security measures like not logging in as root/admin, strong passwords, 2FA.
Not to say you're at risk, but its good practice to make secure your default. Doing this will help you understand the basics of system security and the risks that systems have.
Looks like it'll work. You should look into flashing that router with openwrt or pfsense and VLANing off those smart devices.. They can be a security issue.
Also adding a second AP that you place on a different channel for guest and untrusted devices would work and increase bandwidth, but adds some routing complexity.
The issue is that pihole has a default on port 80 that can be set up to redirect to /admin. If your running searx on the same ports on the same IP something's gonna break.
You'll need to change one if the applications port number and specify the port in your URL (192.160.0.19:8080) to get there.
A reverse proxy will help only after you set your ports correctly.
/admin isnt a port it is just a subdirectory of lighttpd, the webpage pihole uses to display itself. If you don't specify a port, your browser defaults to port 80 for http, and 443 on https.
You can use the netstat -a while the webpage is open on your terminal to find what port is in use.
In docker you can find this and change it in the yaml file if you deployed that way, otherwise you may need to kill the container and remake it and choose a different port when specifying the "p" in docker.
If you didn't use docker for pihole you will have to navigate to /etc/lighttpd/lighttpd.conf and modify the port number there.
Edit: if you want to add a reverse proxy to this equation with a an actual domain name and real SSL certs check out this video: https://www.youtube.com/watch?v=qlcVx-k-02E
I bought a pi0 when I first started hosting things. It ran a pihole and piVPN instance for about 3-4 years before it died.
I would love to have another one, they are great pieces of hardware.. but are just scalped to hell. I'll keep buying old desktops and laptops with higher specs for cheaper until the costs go down.
The reverse is easy, maybe consider hosting the apps as containers?
Depends on your definition of safe.
If you do a public port forward and set up basic security and proper SSL its safe from the majority of people.
Might be janky, but if you really wanted this for free you could get a speech to text program like futo, play the video and have it transcribe it and save it to a text file, then copy and paste in the subtitles
Need more information.. This could be many issues.
Networkchuck has a good video on setting up a VPN connection to Nord on a router, will probably work with Express
Link: https://piped.video/watch?v=jlHWnKVpygw
On the not being able to connect to your server via VPN while having a outgoing VPN connection at the router level.. That could be a number of different things.. Weird topology, conflicting ports, misconfigured VPN, etc. So we need more info to help out there.
No only the server, you can host an openssh server and have clients connect remotely.
Sorta like how you can host a webserver and a client doesn't need 443 open. Except a reverse shell is possible with ssh, allowing a client to be controlled without their port 22 open.
Yea, I haven't played with it too much. You'll ever have to host your own SMTP server to send it or use gmail or protons SMTP service.
Doing it yourself might cause big companies to send your mail to spam or possibly just drop the packets cause you're not using a trusted IP, have the wrong DNS settings, etc. and your ISP may even block port 25
This can be circumvented by using a SMTP relay service but can still have some issues like mail sending limits.
Yes, but stoicism also preaches wisdom and being a good citizen.
It is natural for humans to form political systems and it would conform to nature to participate. It would be completely in line with the philosophy to protest, have an opinion against exploitations, vote someone they politically align with into power, and even revolution.
However, focusing on the depressing aspects of tyrants stains the mind and will lead to a loss of self discipline and will only allow the tyrants more power over your mind as they can keep you in a reactive state.
I personally think is disingenuous to recommend something to casual users who are used to solving problems with money.
But the issue here is it is usually Firefox advertising themselves to customers so that they can have a subset of those customers actually use google.
They market themselves as a "download and be private" which interests the casual user who hears about how invasive Facebook and google is online and is looking for a nontechnical fix. This small subset of users on Firefox are what funds Mozilla to use googles money to fund their hobbies.
Yes, people should educate themselves, but I personally think it's unethical for Mozilla to fund for-profit businesses that they control by exploiting this small, uninformed subset of their userbase and it makes it hard for me to trust them based on how they justify their means to an end.
And no, fuck brave, I'm for educating people on how the internet works and to educate themselves if they want privacy or security instead of trusting massive corporations.
I like ads as long as they aren't super personalized and advertising companies didn't track my every move I made to deliver it to me.
Plus if admins directly hosted ads they'd get 100% of the revenue, massive advertising companies routinely scalp the revenue and only give pennies to admins that host them.
You could host a wireshark instance, and maybe even host a SIEM like security onion.
Ooookay.. Took me a second to wrap my head around the layout.. Originally I only looked at the picture, which only shows a single switch.
This is an odd topography. Typically when working with switches, you want them connecting directly to the router and not connected to another switch.
You are going to have bandwidth issues out the ass, along with having a troubleshooting nightmare when something goes wrong and you need to trace packets.
Right now you have a hub and a spoke inside a hub and spoke.
Since it looks like your Asus is just an AP in this scenario, you'd be better off:
- hooking both switches to the ISP router
- enabling DHCP on the ISP router for the 2.5g switch
- set your 1g switch to a different subnet, with default gateway to your ISP router
- enable dhcp for different subnet
- add Asus for WiFi ability on new subnet
You can then play around with VLANing on the managed switch. You won't be able to separate IoT and Personal WiFi signals with VLAN. Youd need to create a guest SSID for that functionality and change the channels to 6 and 11 so you get good bandwidth
Edit: this is assuming you have a layer 3 switch, if its a layer 2 I would use the Asus as a router/AP and hook it directly to the ISP router and hook the switch up to the Asus.
Yea, it does seem weird.. But money doesn't lie. Its very easy to search online how Mozilla has enough money to lay for all their weird projects.
They even cost cut their nonprofit products like Firefox and Thunderbird so they have more money to burn on other hobbies.
They're like a giant corporate MLM where users are encouraged to sell "privacy" to their friends and the profits syphon up to Mozilla where they cash out to google.
Repost bots can help siphon users from reddit and make it easier to transition.
Its more so the principle. Many people that download Firefox are doing so to escape google, and if they are not born as cyber security experts they may download Firefox and continue with no real improvement to their privacy.
Secondly, the main thing you should look for is where a company gets its funding. If Mozilla gets almost 100% of its funding through google.. How much do you really expect them to push back against the data collection of their userbase?
I rank Mozilla with the likes of ExpressVPN, NordVPN, etc. They preach privacy and security against surveillance.. But its just theatre to make money in specific demographics.
Coming from a company the preaches about privacy and rates privacy respecting businesses, while collecting telemetry and accepting 500M/ year to from google to promote their search engine... I'll take this as the puff up piece that is is.
Check out wireguard, its way smaller and faster than OpenVPN and still FOSS.
https://www.privateinternetaccess.com/vpn-features/wireguard
Very user friendly if you install it with a GUI, almost to plug and play level.