node815 @ node815 @lemmy.world

Posts

8

Comments

164

Joined

2 yr. ago

I'm not that good with building kernels, in fact have never done it. By LTS I mean "Long Term Support" as in a kernel which will not be unsupported for a few years yet.

Probably the only true way of knowing is by setting up an EXTERNAL host somewhere on a VPS or maybe a reputable VPS provider. Then, on that provider, set up Uptime Kuma, or if you don't want to go through that trouble and don't mind a potential 10 minute gap in knowing, https://uptimerobot.com/ which checks every 5 minutes and sends an alert.

Once you do this, unless you have a Static IP, you will want to register with a DDNS provider so you can then tell the uptime service to ping your DDNS host which should echo back . If your internet is down, it won't echo back and then it will trigger their alert. Of course, this won't work if your IP changes, so staying on top of that is key unless you use a router which auto updates it which a lot do now days.

Or, if you use Cloudflare Tunnels, it can be configured to alert you when the tunnel is down or unhealthy (A.K.A. No internet or the server is rebooted).

I will update my OP soon, but with the help of Dave811@lemmy.today here I was able to resolve my domain to my machines at least through Cloudflare using the ''' --accept-routes''' tag in my tailscale up command. This then, allowed me to point the A Record to the IP for the machine which Tailscale gives. I will have more details on this later this weekend or maybe sooner. I'm still working on resolving my password manager being exposed through Tailscale which I figured out this morning, so I need to migrate that over to a new LXC container. Then, after that - I'm ready to move away from CF once I copy my existing tunnel mappings over to the A name records with Porkbun. (shoot! I might just write a new post about this so anyone can glean from it when I'm done). Its still very much a Work in Progress.

Well, there's this if you want to use it in Linux, I've used it before, liked it well enough, but not paying for it so I removed it (It's sort of crippled if run free). I personally use Konsole on KDE which works quite well. I've read and think that Konsole also allows multiple bookmarked connections. I haven't really tested it myself, I have roughly 10 machines I log into daily so I may try that further.

https://termius.com/

Before I made the leap to Linux years ago, I loved using MRemoteNG. Simply hands down the best. IMHO

I tesed the client posted here by the OP. While it looks pretty nice, it suffers the same thing as others I've tried. Nothing beats the simplicity of the plain 'ol shell in Linux or in OSX. :)

Understood! I have subnet routing enabled as well. First thing I did when I realized my phone couldn't access my local server once connected to Tailscale. :)

Simply put - I won't risk making my work's IT mad by logging into my machinename.tailscale-defined.ts.net. I don't know if it's blocked there, but you never know with IT polices and such. I've already been able to get through to my foo.example.com address without issue so I'm letting a sleeping dog alone so to speak.

Also, I think it's easier to tell someone to go to videos.example.com than machinename.tailscale-defined.ts.net. :)

Gotcha, so normal means of exposing services via reverse proxy. :) With mine so I could access my local IP I just enabled the --advertise-routes option.

Nice! So, using the --accept-routes part, does that allow you to use a CNAME record to your funnel's address (machine.tailscale-id.ts.net) ? I tried to do this and it failed to resolve for reasons of too many redirects.

Thanks! That's one part of the equation. I think. I have a lot to read up on, I just got set up about an hour ago with Tailscale so a lot to ingest.

Ideally, I want to replace my Wireguard connection which I am currently using (WG-Easy) to stay connected to my home network when I'm away from home so far that's been hit/miss on 2 out of 3 phones I have running Android 13. I'm working on getting that to work with my new setup on Tailscale.

1 or 2.
I don't care so much for pixel art or the greenish 'honeycomb' one. The bottom left would be third choice.

Brings back memories of running "The Upper Room BBS" and "007 BBS" as a teenager in the late 80's as a SYSOP. Those were fond memories, of having someone dial into your computer and making online friends from across the country sometimes.

I think now though, you can just Telnet into different BBS's still.

https://www.telnetbbsguide.com/bbs/list/brief/

I heard about it off and on, but this was the days in dial-up and downloading an ISO to install Linux was too expensive in time and bandwidth . I had discovered at my local Office Depot, a Mandrake Linux box set so I splurged on that and got my first taste of Linux then. I also was able to surf the web and learn how to install it manually, but it didn't make any sense at all and was too complex. For Mandrake, I didn't care for it. It wasn't until later on when I started working with hosting sites, that I got used to Centos and Ubuntu for servers. I even had Mac OSX for a while, which taught my about the directory structure, but I went back to Windows until around 2015ish when I jumped ship and went to Linux fulltime. I worked technical support and the servers were Linux based so I had learned a lot more doing that and got very comfortable with it. I then jumped through different distros to where I am now (Arch). I firmly hold belief though that Arch isn't the best and no distro is truly the superior one. Instead, whatever Linux distro you use, if it does what you need it to do, then so be it!

To answer the question though, what pushed me toward Linux was really the whole push toward Windows 10 being more loaded down with the pushed tracking and advertisements that comes with the Windows Territory. Plus - I grew to love the command line and it's sort of my second home now.

I just installed Pomerium and got it to integrate with AdguardHome and my router which both use basic HTTP, I also use Authentik. It's a bit of a learning curve, but in short, this is what the config.yaml file needs to work to get it up and running:

The basic auth header for this is just UN: example PW: Password

 --

    
authenticate_service_url: https://verify.mydomain.com
idp_provider: oidc
idp_provider_url: https://Authentik.mydomain.com/application/o/pomerium/
idp_client_id: AUTHENTIK'S CLIENT ID
idp_client_secret: AUTHENTIK'S CLIENT SECRET
idp_provider_scopes: null
routes:
  - from: https://agh.mydomain.com
    to: http://192.168.1.200  ##Adguardhome address
    policy:
      - allow:
          or:
            - email:
                is: myemail@mydomain.com
    set_request_headers:
    # https://www.blitter.se/utils/basic-authentication-header-generator/
       Authorization: "Basic ZXhhbXBsZTpwYXNzd29yZA==" #AdguardHome
      allow_websockets: true


  - from: https://router.mydomain.com
    to: http://192.168.1.254
    policy:
      - allow:
          or:
            - email:
                is: myemail@mydomain.com
    set_request_headers:
    # https://www.blitter.se/utils/basic-authentication-header-generator/
      Authorization: "Basic ZXhhbXBsZTpwYXNzd29yZA=="  #Router 
    allow_websockets: true


cookie_name: pomerium
cookie_secret: RANDOM 32 CHARACTER COOKIE=
cookie_domain: mydomain.com
pomerium_debug: true


  

So, now when I go to my Adguardhome's URL ( agh.mydomain.com), it auto directs to my Authentik instance, then upon matching my signed in email in the browser session, it transparently logs me into Adguardhome without issue. The same applies to my router's login.

In short, if you have found an NVR which supports basic http auth, Pomerium is the missing piece I've found to work.

I'm not a Wyze subscriber and just use the cams for monitoring. The Wyze Cam Pan 3 so far has been quite amazing with low light full color pics whereas my Pan Cam 2 is just black and white in same low light.

With the bridge, you can pipe the feed it provides to Shinobi or another DVR which reads RTSP, RTMP or HLS feeds and saves them to your storage for full time recording so you don't need the subscription. You do have to login to your Wyze account for the bridge to work though but that's fine with me.

Because, for Home Assistant, I moved it from Raspberry Pi 4 to a KVM and found it faster. I use Proxmox for that which I found to play nicer with it than just setting up a Debian Server and spinning up a KVM via QEMU on a desktop. I've been there and had issues over time. As for why LXC's they are smaller and the only ones I use are from https://tteck.github.io/Proxmox/ which makes them super simple to set up and run!

Under Proxmox, I have the following running currently:

**As LXC Containers: **

• AdguardHome
• Psono Password Manager
• Zitadel SSO and
• One I'm trying to get Pomerium installed on

As a VM

• Home Assistant

The rest is all docker on the host OS which is Debian 12, this is not my complete list but the most used ones in my world:

• Dozzle (great docker log viewer)
• Uptime Kuma
• Authentik configured to allow passkey login (Simply awesome!)
• IT-Tools - https://it-tools.tech/
• Homepage by Ben Phelps
• WyzeCamBridge (So I can have RTSP for Home Assistant)
• SterlingPDF (MultiTool for PDFS)
• sshwifty - SSH within your browser - your logins are locally stored in your session only. https://github.com/nirui/sshwifty
• Portainer
• Vaultwarden

Protected by Authentik's SSO

• Portainer
• Statping
• Proxmox
• Wordpress (I'm evaulating this for a suitable Joplin replacement ) In short - I found that it's easier to reference a site instead of installing Joplin when I rebuild my computer.
• Psono password manager

You may wonder why I am using Zitadel and Authentik, I first started with Zitadel, and moved to Authentik, but am evaluating both. They both have their positives. So far Authentik has been the most useful for me. And about the two password managers, I use Vaultwarden as it supports everything I need including Passkey support. My step daughter who is an adult is disabled so having an easier password like Psono makes it easier for her.

I like to think of it this way in my little bubble. :) I have a Yubkey 5 with NFC. I use passkeylogin into Authentik so all I have to do is plug in my key, unlock it with my master password for the key and touch the disk and I'm logged into my site. If I view the contents of my key with the ykman software, then I can see that I have two logins, one for mobile and one for my site. Each has is different so it knows which one is mobile and which is desktop.

The same principle may apply with the PC's TPM. Your credentials may apply the same way there. I'm not 100% familiar with the TPM process but think as long as it works with Fido2 , you should be fine.

This person gives a good run down of how to integrate NetData + Prometheus + Grafana to create a nice dashboard:

https://noted.lol/netdata-prometheus-and-grafana/

I am not much into those, but got into Netdata, it's really just a nice information portal which provides way more data than one can use, but they pretty much expose it so you can use it for your purposes. I have it on a few of my systems and like looking at it when they seem slow.

For what I have for my end though - I use Proxmox for my VM's and then use Portainer for a good rundown of what ports I have available to allocate. But then I also use docker compose files whenever I can so it's easier to update/deploy as needed.

I fully understand. :)

For hosting providers, you can always scout out deals on lowendbox.com or webhostingtalk.com, especially this time of year where black Friday deals are coming. Then, install something like HestiaCP (https://hesticp.com) and it will take care of the rest of the stuff like email and site hosting. Plus - with a VPS, you get a shiny new static IP you can use. :)

If you don't want a site, that's easy enough, just make an empty index.html page so if a curious email recipient wants to visit your site based on your email's domain, they just get a blank page and move on.

Either that - go with a well known hosting provider which does basic cPanel hosting with low disk space.

I've never dared going the route of setting up an e-mail server at home mostly because of having a dynamic IP which rotates often enough to cause problems.

I use Purelymail for my primary domain's smtp and imap server. As long as you don't use it for nefarious purposes like automated emails, then you should be fine. My primary use is to hook it into my services such as Vaultwarden, my uptime monitors (Uptime Kuma and StatPing) and Watchtower, so maybe less than 100 per month on it. They don't seem to mind. They have great support via Discord and it's been close to 1.5 years I think that I've been with them, no downtime.

https://purelymail.com/