530·
7 months agoGood FOSS software and reliable service providers? Etc.
Wow much detail. You’re gonna get so much help.
Brownian Motion
¡ɹǝpun uʍop ɯoɹɟ ʎɐppᴉפ
- 1 Post
- 23 Comments
Joined 2 years ago
Cake day: July 6th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Selfhost Bitwarden. Has apps for everything, browser extensions and can be accessed via webpage as well.
It was only a few weeks ago (maybe 4). Systems are all kept up to date with ansible. Most are Debian but there are few Ubuntu. The two that failed were both Debian.
Granted both that failed have high [virtual] disk usage compared to the other VM’s. I cannot remember the failure now, but lots of searching confirmed that it was likely unrecoverable (they could boot, but only into read only). None of the btrfs-check “dangerous” commands could recover it, spitting out tons of errors about mismatching somethings (again, forgotten the error).
My setup is different to yours but not totally different. I run ESXi 8, and I started to use BTRFS on some of my VM’s.
I had a power failure, that was longer than the UPS could handle. Most of the system shutdown safely, a few VM’s did not. All of the EXT4 VM’s were easily recovered (including another one that was XFS). TWO of the BTRFS systems crashed into a non recoverable state.
Nothing I could do to fix them, they were just toast. I had no choice but to recover using backups. This made me highly aware that BTRFS is still not a reliable FS.
I am migrating everything from BTRFS to something more stable and reliable like EXT4. It’s simply not worth the headache.
31 branches? uh… okay.
It’s in their docs. https://docs.nextcloud.com/server/latest/admin_manual/installation/index.html
Follow the pages one by one, (ie install php modules etc, edit settings, install apache2, edit settings, etc etc). Follow the recommendations (eg. PHP8.2, don’t try to use bleeding edge).
You’ll be running in no time, and have a properly updatable system using apt, and the nextcloud ./occ command.
I would recommend using Debian 12 over Ubuntu variants. There are other guides, like this: https://www.digitalocean.com/community/tutorial-collections/how-to-install-and-configure-nextcloud But you may have to “convert” some of the Ubuntu specific stuff to Debian, but actually there is probably no difference (php module naming convention maybe? Is that still a problem today?)
I find Joplin perfect for my needs. Markdown, embedding images, links etc. I sync to my selfhosted nextcloud.
I like tags, I would like them to add a “directory tree” type of view to help sort “folders” (the thing they call “notebooks”) but only because I am more used to just filesystem type structured filing. But the notebooks and tagging idea works for me too.
I strictly use it for notes/note keeping, in particular “HOWTO’s” and specific topic notes. So I dont even do a great deal of markdown in my notes, but I love the ability to add screen captures etc to them for clarity.
And being on nextcloud, I can access those notes anywhere on any device, PC, Android, Raspberry Pi!! Joplin has an app for all of them
Thats not how it works.
You have a LAN and hopefully you have a firewall that shields your LAN from WAN. Your fw is probably handing out DHCP lease IP (like 192.168.x.y)
When you “bridge” your VM looks like an independant device on you LAN. Nothing at this point has allowed it to the public. Your dhcp can even give it an IP (but its probably better to set a static ip). In bridge mode, a "fake mac is spoofed alongside you nic’s real mac, and only for said VM)
At that point the VM id accessible likr any other device on the LAN.
if you then want to use vpn, just connect to your LAN however that works(vpn to computer or vpn to firewall/vpn server) and access.
if you want to access from WAN without vpn, then you need to understand reverse proxying and youll need a full proper firewall\gateway device at the front of your network (like OPNsense).
deleted by creator
I run iRedMail (a collection of dovecot, postfix etc, plus sogo and roundcube web clients and managed by a nice web frontend, all open source and runs on any linux.
I’ve run for about 8 years, no dramas other than my isp technocally doesnt allow it. But they don’t block anything and occasionally they submit their ip ranges for customers to places like spamhaus, so i just script check every month to see if they added my ip back, then i just submit removal, it takes all of 30sec. (IP is semi static, probably changes once every 9 months or so, so not a drama to update dkim on my domain registrar.)
the biggest issue with N.switch is that it requires static outgoing ports.
i have not used pf in years (opnsense here so should be same) but what you need to do is set hybrid outgoing NAT, designate a static IP to the switch, and then tell outgoing NAT for that IP to use static ports, outgoing.
by default pf\opn randomises the outgoing NAT port and that messes up the Nswitch royally. (especially online like MK8deluxe)
most of what is being posted about uPNP and N.switch is not correct. As long as your firewall rules allow the switch to get out (lock ports if you want to, but its a console, so … why?)
Nintendo servers simply do not like you joining a game lobby on outgoing 34567, and then starting the game on 23456, and then turning a corner on lap 2 switching to outgoing port 18845.
It dropped today! I would not recommend rolling out to production immediately without testing first. There are some known issues that do need thought.
I’d also like to make those who use opnsense aware that there is a community that specifically targets it. Of course we are here in Selfhosted to help, and wouldn’t stop.
I replied to a nginx plugin question years ago on Reddit. Simple fact is, the plugin is really just designed to host a simple-ish webpage. https://www.reddit.com/r/OPNsenseFirewall/comments/klauwb/setting_up_a_web_server_on_my_opnsense_box_with/
I recommend you serve whatever you want to serving on vm’s/whatever on your internal network, and then use HAProxy (Built-in) to do the forwarding via opnsense. HAProxy is a High Availability and Performance proxy and load balancer, it does what nginx proxy manager does and more.
Mine is ~300w @ 230v most of the day. It varies only on what is being used.
when power fails and i have to switch to generator, the servers stay about the same but I can add about 250w to that for my PC, modem(nbn) etc . (which is why i know this info!)
This is a different problem. But when you configure a competent DHCP server, you tell it to give out a bunch of information to the client, not just an IP address. It should tell it IP, subnet, gateway, DNS server IP and default domain name. (in opnsense most of this is default so you dont have to actually configure it - hit the (i) button and it will tell you. Example for domain name: “The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here.”)
Then on top of that google devices are notorious for ignoring DNS (ahem chromecast, etc) and want to use 8.8.8.8. This is because google does all sorts of non-DNS buggery on those devices, for example checking and pushing updates). Chrome on you PC could well be doing this as well, but it shouldnt it should be honouring your NICs config. However I don’t for a second doubt that Chrome is preferring DoH to somewhere like 8.8.8.8 first.
You will need to create a rule to enforce your local DNS server and block all other outgoing attempts.
To do this create a NAT rule port forward -> set the interface to LAN ,set the destination to LAN net and INVERT. Then destination port to DNS. Finally redirect target to your DNS server (127.0.0.1 for your opnsense) and DNS port (53).
This NAT rule says any DNS NOT headed to the LAN network must be redirected to the DNS server in your LAN.
Holy crap. Burn it with fire and make the switch.
A few weeks ago, I purchased a TP-Link AX53 for $200 AUD. Not the absolute bleeding edge for speed, but its WIFI6 does WPA3, mobile devices typically get 1Gb/s. More than enough for most use cases (Yes, you can get much faster but expect $$$$$)
Well yes. Normally you would put opnsense on 192.168.1.1/24 and then the wifi device on say 192.168.1.10/24. Then you allow opnsense to do the DHCP and disable DHCP on the wifi (they like to offer these services which can be nice for really simple setups).
What you are realistically running into is a DHCP war, and google will probably win over opnsense for wifi devices.
If what you actually want is to separate the devices to different subnets, then you really need to create a LAN / WAN and WIFI interfaces. And plug the wifi devices in the the WIFI interface (another network port on your opnsense box).
Then doing this, you can create a firewall rule(s) that allows data LAN <-> WIFI etc however you please. (or not even, maybe only WIFI <-> WAN and not let wifi devices access your LAN net).
Alternatively if you have a smart enough switch you could isolate with VLANs. But for a simple network, this isnt really necessary.
I use LMS and it is fantastic. However not knowing your setup in detail, I cannot help you more.
I looked through my extensions and I cannot see a ‘spotcast bridge’ option, but doesn’t mean it doesn’t exist. You’d have to look about, maybe github.
Finally, like you have ‘snapclient’ on the RPi’s you can/could change them to ‘chrome clients’ (different project but same deal as the snapclient).When checking, it seems the solutions that exist are pretty out of date, and there are comments that google has locked down on the ‘chromecast api’ that check the client is legit or not, through signed certificates. So everything is fine if you have legit chromecasts, but it might not be so successful with an emulated cc, such as VLC client or omxplayer.More finally though, Logitech Media Server, is designed to be that - the central server of your music. Ideally you would have all your music locally, rather than on other services. So it probably isn’t what you are looking for.