pezhore @ pezhore @infosec.pub

--- GPG Proofs ---

---

Read more

Posts

0

Comments

215

Joined

2 yr. ago

This is the way. Layer 3 separation for services you wish to access outside of the home network and the rest of your stuff, with a VPN endpoint exposed for remote access.

It may be overkill, but I have several VLANs for specific traffic:

• DMZ - for Wireguard (and if I ever want to stand up a Honeypot)
• Services - *arr stack, some Kubes things for remote development
• IoT - any smart things like thermostat, home assistant, etc
• Trusted - primary at home network for laptops, HTPCs, etc

There are two new additions: a ext-vpn VLAN and a egress-vpn VLAN. I spun up a VM that's dual homed running its own Wireguard/OpenVPN client on the egress side, serving DHCP on the ext-vpn side. The latter has its own wireless ssid so that anyone who connects to it is automatically on a VPN into a non-US country.

Yeah grab that. It should get you started. The full deluxe edition has everything, so if that's not much more, play the $9 and see if you want to upgrade.

I have an absurd number of hours in the Hitman series, and for $9 that's a steal.

I don't know about this. Part of what makes the Hitman series so great is dressing up like a clown and knocking out your target with a fish. I just don't see the sophisticated James Bond doing the same level of crazy.

My homelab is three Lenovo M920q systems complete with 9th gen i7 procs, 24GB ram, and 10Gbps fibre/Ceph storage. Those mini PCs can be beasts.

I don't know if I can completely explain the difference, but I would classify myself as a home labber not a self-hoster.

I use Proton for email and don't have any YouTube/Twitter/etc alt front ends. The majority of my lab (below) is storage and compute for playing around with stuff like Kubernetes and Ansible to help me with my day job skills. Very little is exposed to the Internet (mostly just a VPN endpoint for remote lab work).

I view self-hosting as more of a, "let me put this stuff on the internet instead of of using a corporation's gear" effort. I know folks who host their own Mastodon instance, have their own alt front ends for various social media, their own self-hoster search engines.

Fairly certain it doesn't take it off your record? It just means you get out of the rest of your sentence. You have to admit guilt to accept a pardon IIRC.

Holy shit that referenced poem hits fucking hard.

I have been playing the crap out of Need for Speed Heat. Looks great, plays great.

Speedy Crabman!

ᕦ⦑̅°̅ヘ̅°̅⦒ᕥ三三☲=💨

Yup, here's a search for TikTok on Google play.

This is what I did. Grabbed UL certified faceplates and a bunch of keystones. Total outlay was probably $50 including drywall/Sheetrock mounting brackets.

I went all out with Cat6A. I have some 10Gbps capabilities with my home lab, and although I currently do not have any 10GbE copper capable systems, I thought I'd try to go future proof.

My only regret is that I only went with riser grade cable - plenum was way too much, even for plain Cat6.

I literally just did this over the Christmas break. The drywall mounting outlets are a game changer.

How do signal chats work if I already use signal with my full name? Can I say for a group chat to just use my nick instead?

But .. that's bok choy. 😟

Yes! Freelancer is an amazing (albeit slightly dated) game. It takes some effort to get set up, but it does run quite well on Linux.

Restic to Wasabi S3.

I ran Ethernet from the basement to the first floor office and living room over the holiday break. That was one of my main goals for my first house.

The next project will probably be figuring out how to properly insulate the garage. It's attached to the house via an uninsulated shitty door and that's a problem when the garage is 38°F and I want the house to stay around 68°F.

For the nginx reverse proxy - that's how I ran things prior to moving to microk8s. If you want I can dig out some config examples. The trick for me was to set up host based stanzas, then update my internal DNS to have A records for each docker service pointing to the same docker host.

With Kubes + external-dns + nginx ingress, I can just do a deployment/service/ingress and things automatically work now.