Gooey0210 @ Gooey0210 @sh.itjust.works

Posts

15

Comments

531

Joined

2 yr. ago

I'm actually not from the "close everything, don't open ports, always sit behind cloudflare" camp

We selfhost so we can use and share our services

There are other things we can practice instead of just isolationism and keeping everything as simple as possible

1.2.5 doesn't seem to be cracked. It's there, but not cracked (tell me if i'm wrong)

Edited: typo

You mean 1.2.5? 😅

And also, why not, if 1.2.0 got cracked, when 1.2.5.

That's why i'm asking where to get it

It's easy to find 1.2.0, but not 1.2.5

Bitcoin

There are many ways to do many things in nixos

For updates you can do automatic updates

Also, there are many deployment tools, like deploy-rs, morph, colmena, bento. They all have different approaches. Some you use ssh to deploy a remote system. Some just fetch the configuration and autodeploy it.

There are many ways how you can play with this. So you can disable sudo, and deploy with ssh only from some or a specified ip. Or you can keep ssh for root disabled and just deploy home-manager. It's really a lot, you imagination is the only limit

P.s. or you can just generate an image from a trusted machine, and flash it onto the device you want, unlimited number of ways

It's basically 2 seconds to change the track in jellyfin 😅

I'm a Nixos user, I wouldn't be much help unless you do Nixos. But it's a whole new rabbit hole which would take you months/years to learn and setup 😅

What I can say, you can do "access from home network", "access from VPN network", "1fa/2fa from the internet" OR "access for / and /api, but 1fa/2fa for stuff like /admin, /admin-settings, or just /login or /logged-in"

Fail2ban is fun, also maybe have a look at crowdsec

Tailscale's android client should be foss

Wireguard is foss

Outline is foss damn, it's nodr vpn

So, some of the apps from the screenshot are legit

Notifications on system file access

Notifications on root login/sudo

Declarative OS, tmpfs root, disabled sudo

Bastion server, but right now I don't have a proper router to do it at home

Yubikey, or a separate phone on Graphene OS for otp, keys, etc

Authelia + fascist fail2ban (or some CSF)

Most of these are pretty normal, but usually you don't do them all at once 😄 also, I don't really like hiding my services from the open internet, authelia is fine tuned to let people only access what they are supposed to. And regular users of my server usually don't notice that I even have it

Jellyfin?

But you still need a PC? 🥺

Why? 🥺 you can just do wireless adb to the same device, and open the shell in termux 🫣

Even better with wireless debugging and some app manager or shizuku

You still should set two dns servers.. Two piholes/adguards

That's why you usually have two piholes, or adguard homes

And can even synchronize them

Nixos, brothers and sisters, show yourself 🥸

Yep, yep, yep

For me it sounds more like: i like these features, what your option can offer, let's discuss

I mean, other commenters can read the post, they can see other options, but they all just flood "Firefox", with no explanation or comparison, etc

To a very lazy and uninformative message, there a very lazy and uninformative reply

Probably not, firefox has many users anyway 😄