1·
2 months agoIf they’re all resolving to the same IP and using a reverse proxy for name-based routing, there’s no need for multiple A records. A single wildcard should suffice.
- 0 Posts
- 15 Comments
Joined 1 year ago
Cake day: July 6th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Not sure if this is helpful in any way, but it might give you some clue.
100./8 addresses are reserved for CG-NAT.
This is probably the IPv4 address your modem/router is receiving from the ISP.
I might pick it back up some day but at the moment I have other projects going on at the moment.
I’m still using Proxmox myself but unfortunately it’s all fairly manually configured.
I started writing a Terraform provider for Proxmox a while ago.
Unfortunately, the API is a massive mess and the documentation is not very helpful either. It was a nightmare and I eventually gave up.
K3s is k8s
lol at the downvote. K3s is k8s. The very first 2 words in its website are
Lightweight Kubernetes. https://k3s-io.github.io/
On macOS I’ve been using Ollama. It’s very easy to setup, can run as a service and expose an API.
You can talk to it directly from the CLI (
ollama run) or via applications and plugins (like https://continue.dev ) that consume the API.It can run on Linux but I haven’t personally tried it.
It’s pretty easy with Ollama. Install it, then
ollama run mistral-7b(or another model, there’s a few available ootb). https://ollama.ai/Another option is Llamafile. https://github.com/Mozilla-Ocho/llamafile
I run it on my router which has the CG-NAT IP address.
Whilst you’re right that it could clash, it’s very unlikely (a 1 in 4194302 chance), I imagine Tailscale would detect the clash and change IPs though I could be wrong as it never happened to me (and probably never will - though in all fairness it will eventually happen to someone).
Been using Tailscale behind CG-NAT for years. It works wonderfully and very rarely needs to route through the DERP infrastructure - it’s almost always a P2P connection.
You’re not wrong that the storage itself is undoubtedly more robust on any cloud provider than a cheap consumer NAS box.
However, there are other factors to consider.
A NAS or any storage solution is only useful if you can access it if you need and if the network speed and stability match your expectations.
A cloud solution will be inaccessible if your internet is down. It may also suffer tremendously if your connection is unstable or slow.
In that sense, even a laptop’s drive connected to your switch could prove more robust than any cloud solution.
You don’t have to use the registrar’s DNS system.
I use LuaDNS. They even offer a fully functional free tier that might be enough for your needs.
They have an API that can be used with certbot, and you can manage your zones with git.
£35 for symmetrical 1gbps. In practice, I get fairly stable ~850mbps either way but I reckon my router is the bottleneck rather than the actual line.
I’ve been using Posteo with my own domain for a few years.
You do need an email forwarder in addition to the hosting since, as you noticed, they don’t support that use-case natively.
My DNS provider, LuaDNS, does that for me. I pay for their Basic tier (US$29/year) but only because I’m using a lot more than what the free tier provides. I did get away with free for about a year though, so that could in fact be sufficient for you, if you decide to go that route.
IMAP is not proprietary. Gmail does support it though, as does pretty much every email provider under the sun. It has limitations though, and JMAP is one proposed alternative to solve some of those.
Note that I don’t have enough knowledge to emit an opinion on whether it’s good or not. I’m just pointing out a couple facts.
I don’t think I’ve ever come across a DNS provider that blocks wildcards.
I’ve been using wildcard DNS and certificates to accompany them both at home and professional in large scale services (think hundreds to thousands of applications) for many years without an issue.
The problem described in that forum is real (and in fact is pretty much how the recent attack on Fritz!Box users works) but in practice I’ve never seen it being an issue in a service VM or container. A very easy way to avoid it completely is to just not declare your host domain the same as the one in DNS.