I run opnsense, so I need to dump pi-hole. But I don’t have the energy right now to do that.

Pi-Hole was pretty straightforward at the time and I did not look back since then. Annoying, but easy.

That’s my case. I send every new subdomain to my nginx IP on pi-hole and then use nginx as a reverse proxy

Tell that to someone starting out and look at their deer in the headlight face. Then you’ll realize that the point went over your head.

If the apartment/house layout is good for the roomba, it is a great tool. It doesn’t replace vacuuming and floor washing, but it does reduce the dirtness on the floor.

Same, and I use portainer to manage my docker compose stacks.

I can bring down a container without bringing down the whole stack of services.

Thanks for the info, I appreciate it.

I am a newbie so I am not sure I understand correctly. Tell me if my understanding is good.

Your Pi-Hole act as your DNS, so the VPS use the pi-hole through the tunnel to check for the translation IP, as set through the DNS directive in the wg file. For example, my pi-hole is at 10.0.20.5, so the DNS will be that address.

On the local side, the pi-hole is the DNS for all the services on that subnet and each service automatically populate their host name on pi-hole. I can configure the DNS server in my router/firewall (OPNSense in my case)

So when I ping service.example.com, it goes through the VPS, which queries the pi-hole through the tunnel and translates the address to the local subnet IP if applicable.

So when I have the wg connection active and my pi-hole is the DNS, every web request will go through the pi-hole. If the IP address is inside the range of AllowedIPs, the connection will go through the tunnel to the service, otherwise, the connection will go through outside the wg tunnel.

Does that make sense?

How does WG work on the local side of the network? Do you need to connect each VM/CT to the wireguard instance?

I am currently setting up my home network again, and my VPS will tunnel through my home network and NPM will be run locally on the local VLAN for services and redirect from there.

I wonder if there is any advantage to run NPM on the VPS instead of locally?

It is a lot simpler nowadays. Download Caddy, put a 2 line config and you are good to go.

Yes, but since he is working on the product itself, it’s heavily biased.

He can use the app without leaving a review.

The tech itself is great.

But:

• Businesses push that shit where it doesn’t belong
• Businesses replacing people by AI when it is objectively worst, to make a buck
• Business stealing the work of million of people to train their model

I split my docker containers so that I can selectively backup what I want easily on proxmox

For example, I am currently running an Abiotic Factor server that I don’t care to backup. So I just dont add the container to the backups and I am done.

Proxmox is a great starting point for self hosting. You don’t need advanced features to start, and you can easily create VMs and containers.

Yeah that was the issue. I though I had switched to my LTE network connection from my phone, but my phone was still on my local network.

Thanks for the answer

You are right and I should have been more precise.

I understand why docker was created and became popular because it abstracts a lot of the setup and make deployment a lot easier.

I hate how docker made it so that a lot of projects only have docker as the official way to install the software.

This is my tinfoil opinion, but to me, docker seems to enable the “phone-ification” ( for a lack of better term) of softwares. The upside is that it is more accessible to spin services on a home server. The downside is that we are losing the knowledge of how the different parts of the software work together.

I really like the Turnkey Linux projects. It’s like the best of both worlds. You deploy a container and a script setups the container for you, but after that, you have the full control over the software like when you install the binaries

I edited the post. Since it’s all local it’s fine to show the IP. It’s just a reflex to hide my ips.

I use IP directly as I don’t have a local domain configured properly.

The outpost ip in my configuration file is the same provided in the outpost on Authentik.

I am trying to get it to work still, but I am pretty sure that the issue is between Authentik and Firefly.

I don’t see any of the headers (x-authentik-email more specifically) specified in the caddy file when Authentik is sending the request to Firefly. The only header I see is x-authentik-auth-callback.

I am not sure how I can specify which headers are sent in Authentik.

Thanks for the suggestion

I am open to paid SMTP service if you have any suggestion. I was not planning on running my own instance.

Otherwise, what would be my options to have a functional SMTP server for Authelia?

NVIDIA didn’t ask to shut it down, but AMD lawyer probably weren’t that hot to what the project had become and AMD asked the creator to shut down the project l, which he did.

But yeah, lots of work wasted caused by pencil pushers and bean counters.