I have a VPS that I secure as much as possible since the IP is public, but does a wireguard-access-only homelab warrant the same efforts? Those with homelabs like this, what do you do?

  • i_stole_ur_taco@lemmy.ca
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 hours ago

    I use pangolin and traefik together and expose a few of my services that way. But not everything.

    I slot services into categories based on:

    • do I really need to be able to access this externally?
    • …with full admin rights?
    • what write/delete access am I granting?
    • if an attacker got in, how much damage could they do with what they could access?

    Then the service is either not externally open at all, secured behind pangolin SSO, or secured behind pangolin SSO AND that service’s native auth. Which is an annoying double auth, but I feel like it’s another layer of protection in case one of them gets a 0-day exploit.