funny tho, I was supporting a PE "dev" for a while.. lovely news
GreenDot 💚
0 Post – 55 Comments
Joined 1 years ago
Ask questions, don't assume. Keep notes of meetings, and notes of your work, little bits. Always have a good rollback plan.
Destiny 2. Played it religiously and got like 3k hours in it since 2018, and just stopped last year. The grind was killing me season after season and the clan I was with has disbanded, everyone is super pissy in LFGs. Great shooter, but can't do everything from zero every 3 months Bungie. Qlso the rotating meta, and the frind to get it.
how come you didn't warn me last time?
🥶 is this it? Do I have rizz now?
I like it here on Lemmy as there are quality talks from people and not too much circlejerking same concepts around. I actually like going trough here.
First of all, this might now answer your question fully, but..
spotify-dl uses youtube music to download stuff, and if you have youtube premium you can get higher quality downloaded, I think it does opus 128 or 156 kbit, and the sound is quite good.
tidal, deezer, or qobuz have cd or hi-res quality songs, and there are utils that help you get stuff from their service. qobuz-dl's the one I have been experimenting with. Obviously you need subscription for it, but spotify is generally shit.
Apart from that I used few other sources to get my music.
did it before my smoke break
Yeah, Project Elixir.
No problem. I'll just go with a oversimplification.
The idea is that you just take whatever traffic hits port 443 and use iptables rules to route the traffic elsewhere, or in this case
Client --> [port 443] --> [iptables] --> [ port 443 home server]
So, it's basically just traffic forwarding from the VPS directly to your home server, being directly to your ISP IP address, or via wireguard IP address.
So all the traffic you are sending back from the VPS is in its original state, and the actual processing happens on your local/home server.
On the home server you have a Web Server of your choice listening on port 443 with, loaded with your SSL certificates. So, request is made to the VPS IP address, iptables just forward the packets to your home server, and there is where the SSL/TLS termination happens. The client negotiates the TLS connection directly with your home server, and web server on your home server then sends the request where you tell it to ( reverse proxy to a docker container, or it serves the content directly).
With this, you basically turn the VPS into a passtrough for traffic.
Here's a quick test I did.. the two servers are connected with Wireguard mesh.
On the VPS you need have net.ipv4.ip_forward=1 .
net.ipv4.ip_forward=1
Your iptables rules should be. Obviously on the home server you can run the webserver on any port you like, doesn't have to be 443. But let's keep it 443 for the sake of argument.
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination HOME_SERVER_IP:443
iptables -t nat -A POSTROUTING -j MASQUERADE
If you want to drop the rules:
iptables -t nat -F
I was hit aggressively by HC sales team last year, we are using TF and Vault, and were looking to add consul, now it is pretty vauge how it will all pan put
gyatt
Do you have sample of what kind of errors you're getting? are they docker related or service related? as in jackett can't connect/reach sonarr for example?
I tried it, its great if you want to get started. or you want to run a vpn on a server that doesnt support wireguard. My main gripe with the client is that it can't do high speeds, it's just too cpu bound. Like going close to a gigabit transfer.
With wireguard I was able to get to 98% gigabit transfer. It was fine for a month I was using it, in the end I just setup a wireguard mesh with Netmaker.
There is headscale where you can run your own hosted central server, so you're not using the tailscale one.
In the end netmaker did what I wanted, however they tend to introduce bit of changes in their releases, so if you're not super technical it might pose a challenege with upgrading until they reach a super stable version. Like jump from 0.10.X to 0.20 had some big changes for the whole netmaker internals. Bit that does not impact wireguard connectivity.
About 6 year uptime on one machine before we shut it down and relocated.
so true
Yes. Reddit is only checked for about 2-3 subreddits, but I'm not checking it daily. Lemmy and Mastodon are my new best friends.
I'd say, what kind of security are you talking about? Apart from standard HTTPS to keep things encrypted, there are other layers if you want to keep your service exposed to the internet.
Also how things are installed and if they are correct, proper file permissions. nothing different than having it on the server somewhere. You just need to keep thing up to date and you'll be fine.
Best option is to directly NAT traffic from VPS to your home server, either directly to your IP or set up a wireguard peer and send traffic via wireguard to your local and do the SSL/TLS termination on your local.
You are best exposing just 443 port on the VPS and moving that traffic over wireguard. Server will have your local public key on the server, and you could implement a wireguard key rotation to change them frequently.
Traffic sent back will be encrypted with the certificate, and even if they get the wireguard server key, you can rotate it, but still they will see encrypted packets.
It depends what kind of things you're doing on your local. If it is just a website thing, then reverse proxy is fine. Anything other than that, NAT would be cleanest one.
LUKS on the disks would encrypt it the data on the block storage level, and, in theory, they should not have a way of reding block storage files directly. But since it is a VPS they can, technically, gather data from host memory.
Next step might be going down a dedi server route, Luks encryption on disks. Only thing thats needed there would be sufficient network pipe.
I'm running both, via docker.
Here's the basic setup:
NGiNX is standard installation, using certbot to manage the SSL certificates for the domains. Setup is via Nginx virtual hosts (servers), separate for Lemmy and Mastodon. Lemmy and Mastodon run each in their Docker containers, with different listning ports on localhost.
lemmy.domain.tld+------------------------+
+------------------+ |
| | Lemmy |
| | 127.0.0.1:3000 |
| +------------------------+
|
+--------------+----+
|NGiNX with SSL | mastodon.domain.tld
|and separate VHOSTS+--------------+-----------------------+
| | | Mastodon |
+-------------------+ | 127.0.0.1:3001
+------------------------
What would be a benefit to run k8s at home, apart from bit dealing with it, compared to docker-compose on a single or two nodes? or docker swarm? Unless there is a big load of services that are selfhosted, which I get, and the autohealing from k8s as the orchestrator.
Just courious, not taking a swing. Thanks!
works fine for me, didn't really see any big issues.
I've worked on both, and as long as I can plug the laptop in a nice monitor, with keyboard and mouse I don't care that much. Laptops great for mobility, and the keyboard and trackpad, well you get used to it, and doesn't bother you that much. For myself, its wfh and then going to the office, isn't a big deal, all stuff is on the laptop and things are synced if I need to do disaster recovery. It depends on the situation, would you benefit from it. if not, desktop's fine
I use Lidarr to watch for new releases and try to get some bootleg albums, while main way of getting things is trough some websites or just pulling stuff from qobuz directly.
All the music is FLAC with a small percentage in mp3 320. also, man sometimes wants to get that 300GB discography pack with 6 different releases of the same album 😁
when people have too much free time
Same here. There are few other apps than Jeroba (Click for lemmy, Liftoff, WefWef) that you could give a go.
But, if you give it time, and especially as "early" adopters of the fediverse, it will only grow and get better.
You can try Woodpecker CI/CD https://woodpecker-ci.org/ It is a opensource fork of droneCI https://woodpecker-ci.org/faq
latest cargo crates updated
I got a used mini pc to run as a media center, running the arr stack and torrent client that's bound to the VPN interface. For usenet stuff I don't care is it on VPN or not. Its running headless.
If you make sure that the torrent client is set to be bound on the VPN interface, you are fine, if VPN is not up, it should not start, since the interface is not up. For VPN I use wireguard and set the VPN to be brought up by via wg-quick command and use systemd to start it during boot.
You'll be fine using it for personal stuff along with pulling stuff from high seas.
Navidrome over wireguard, and music library in folders and proper tagging trough beets and picard. using subsonic as a client for it. tried plex and plexamp but I'm moving away from them.
looks like the guy from History channel or something
I installed it yesterday, I'm using kitty as default one, and noticed its just better in displaying colors. They kinda have a bit of more depth there. Any other cool uses of wezterm that you might recommend? Thanks!
use dpkg -r to remove the packages:
openjdk-17-jre-headless:amd64 openjdk-17-jre:amd64 default-jre minecraft-launcher geogebra
Then install minecraft-launcher and see what it says. might be that openjdk is clashing with default-java.
my 2 cents just on this..
Looks like it's the same thread and I double posted haha
it was sold to squarespace. https://www.androidpolice.com/google-domains-takeover-squarespace/
You got source please?
Thanks for the link.
Yes, that would be possible with this setup. Port on which HAProxy listens just needs to be publicly accessible, and just DNAT traffic from the VPS to your $IP:$PORT .
Technically everything is possible, I just don't have context if you have a static IP with your ISP or it changes every so often (daily, weekly, every n months). If it's not, you might consider using a VPN connection between VPS and your router to keep the connection open at all times, and also not exposing HAProxy directly to the live internet.
disadvantages: everything else
Definately great using on the go, ease of use 10/10