overview for bookworm

How should I secure my data on Nextcloud against physical attackers? in c/[email protected]

[–] [email protected] 10 points 9 months ago

I would say there are better methods to solve this problem these days than a script. Check out Ansible or NixOS.

Seeking Advice to Ensure Robust Security for My Home Server Setup in c/[email protected]

[–] [email protected] 13 points 9 months ago (2 children)

Put your external facing services behind the VPN, or at least put them in a separate VLAN that's firewalled in such a way that they can't reach the rest of the network if they become compromised.

I feel like I need a separate body towel (big towel), and 3 other small towels for hair, face, and hands. 4 towels in total. Is that normal? in c/[email protected]

[–] [email protected] 5 points 9 months ago* (last edited 9 months ago) (1 children)

For the last question I welcome you to [email protected] where's there's a lot of helpful people that can help you with that! 😊

Forwarding ports to other devices via Wireguard doesn't work in c/[email protected]

[–] [email protected] 5 points 10 months ago* (last edited 10 months ago) (1 children)

I would advise that you instead also connect the Windows machine to the VPS with WireGuard as 10.1.0.3, basically mirroring what you've done on the Ubuntu server. The routing will be a mess otherwise. Another option is running the WireGuard tunnel on your gateway with something like OPNsense.

Forwarding ports to other devices via Wireguard doesn't work in c/[email protected]

[–] [email protected] 2 points 10 months ago (3 children)

Does the machine running the WireGuard tunnel to the VPS acts as a "router" aka gateway for the network? Otherwise the windows machine doesn't have a return path for the connection.

Suggestions to new networking gear in c/[email protected]

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

S920

I'm running this as my router. It handles a 500/500mbit connection over WireGuard for me without a problem. CPU usage can spike up to 80% when I push it as much as I can, so depending on how it scales I'm not 100% sure how it would handle 1gbit routing+vpn for example.

Users of PiHole/AdGuard/Blocky, what blocklists are you using? in c/[email protected]

[–] [email protected] 2 points 10 months ago (1 children)

Same! Which version do you use? Small or big?

Any experience with Zen 1 idle power consumption running Proxmox? in c/[email protected]

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago)

You probably need to enable some power saving features that Windows does by default but Linux may not. Run something like https://wiki.archlinux.org/title/TLP just to see if it helps, and then do some tuning because it might be too aggressive.

What are the rules of buying used storage? in c/[email protected]

[–] [email protected] 29 points 10 months ago

Backup your data regularly and the risk should be very small.

Asuswrt-merlin + ClamAV in c/[email protected]

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

It's a good way to see if someone has cracked your WiFi password for example so why not. Doesn't add much security but better than nothing.

Asuswrt-merlin + ClamAV in c/[email protected]

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago) (2 children)

ClamAV is an anti-virus software that you would run on end-devices to scan files, an intrusion detection scans network traffic to detect anything potentially malicious. I don't know your exact router model but I suspect it's way too weak to run intrusion detection. If you have a switch that's capable of mirroring you could use that to utilize a more powerful machine to scan network traffic.

*Permanently Deleted* in c/[email protected]

[–] [email protected] 2 points 11 months ago (2 children)

myaccounttag

Why did you add this part? And you're supposed to add a @ before the channel name. Also, is your channel really called channel-1?