tapdattl

joined 1 year ago
[–] [email protected] 9 points 3 days ago

Which eventually leads to the Dark Side

[–] [email protected] 9 points 3 weeks ago (2 children)

Why is there a dunkin donuts app?

[–] [email protected] 9 points 3 weeks ago (1 children)

You could self host a web client

[–] [email protected] 1 points 1 month ago

Well the internet down scenario has only happened once, and I returned home to no internet, booted up my laptop, and could not connect to any of my services since I couldn't reach my control server. I haven't forced the issue to occur by disconnecting my internet and testing connectivity. I just did the lazy thing and connected to the services I wanted via their IPv4 address

[–] [email protected] 1 points 1 month ago

you're almost certainly routing local network traffic over NetBird instead of using local routes

That's precisely the functionality I want, though. Secure, encrypted, mutually identified traffic should be the only traffic in a zero trust network.

I'm simply trying to create an ingress point into this network for outside access.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (3 children)

Thanks for your response! I'm completely self-taught, so I'll go ahead and acknowledge knowledge gaps on my end, but how would putting all the nodes in a network cause routing problems or ARP poisoning?

I recognize that what I'm trying to accomplish is a bit overkill for the average home network, and a lot of my reasoning behind my design is purely for learning. My reasoning for putting everything on a mesh network is 2-fold:

  • Providing encrypted, secure, and mutually identified networking between all nodes
  • Creating a centralized source of truth and control -- NetBird runs its own DNS system behind the scenes, which allows all nodes to be addressed by name regardless of location, which interests me because it creates a single point of administration for ACLs, routing, etc. I'm also able to access any node I want across the mesh network as long as I'm connected to it.

I have successfully run this setup previously with the NetBird management console hosted in a VPS, however the issue I ran into was that if internet went down at home, I could no longer access my locally hosted services through the mesh network. I could still access them via IP, since I was on the same LAN, but that defeats my goal of centralized control, mDNS, and a central source of truth that I got via the mesh network.

I have also successfully ran this setup completely local, however I am unable to access it from outside my homelab. For my use case, I think having all components of the mesh network hosted within my homelab is the best design. However now I have to figure out the best way to allow external connections to my management interface. Thus my original question should I use a cloudflare tunnel to my management interface, set up a wireguard tunnel from an externally accessible VPS service pointed to my management interface, or something different?

 

I'm re-setting up my HomeLab and one of the things I'm trying to learn about on this go-around is Zero Trust networking. To accomplish this I am planning on using NetBird's mesh overlay network. I would like all of my services to use the NetBird mesh network at all times, whether they are communicating within my homelab's LAN or I am accessing them from outside via the greater internet.

I have successfully set up the NetBird management interface on a Hetzner VPS, however the issue I run into is if I lose internet access at home, none of my services are able to function as they can no longer reach the management interface. However, if I self host the management interface in my homelab, I am unable to access it from outside my home LAN.

I've identified 2 solutions that could solve this:

  1. Self host the management interface and set up a Cloudflare tunnel to the management interface, which would allow access from outside my home network.

  2. Self host the management interface, then set up a wireguard proxy/tunnel on a VPS that forwards traffic to my management interface (Similar in my mind to option 1, but not relying on Cloudflare)

What are your thoughts? Any other ideas?

I appreciate your comments/criticisms!

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (1 children)

Ahh gotcha, that makes sense, so like the difference between a self signed SSL certificate and something like LetsEncrypt.

Re 2: I was thinking in the scenario to allow auto discovery of your certificate, so someone who is emailing you for the first time could look up your public key automatically and use it to encrypt their email.

Also, great writeup and thank you!

[–] [email protected] 2 points 1 month ago (1 children)

Any recommendations on a FOSS MDM?

[–] [email protected] 2 points 1 month ago (3 children)

Question 1: What's the point of using Actalis? Can't you generate your own certificate?

Question 2: Is there a way to get your email.server to automatically publish your public key?

[–] [email protected] 8 points 2 months ago

Just trying to keep abreast of the latest ornithological news

[–] [email protected] 9 points 5 months ago (2 children)

Who has killed more Israeli hostages, Hamas or Israel?

 

As the title states, how would you set it up? I've got an HP EliteDesk G5, what are the strengths and weaknesses of either:

  • ProxMox with one VM running TrueNAS and another VM running Nextcloud
  • TrueNAS on bare metal with Nextcloud running in docker
  • Some other setup

I'd like to be able to easily expand and backup the storage available to Nextcloud as needed and I'd also like the ability to add additional VMs/containers/services as needed

 

I'm wanting to create a centralized repository to keep base images of operating systems to be installed on new laptops or workstations bought/used in my household with my local CA already installed, configured to authenticate with my local FreeIPA instance, network configurations already configured, etc.

What do you all use to accomplish this? I'm only free/libre/open source software for my home lab, so that's a requirement as well.

Ideally I'd like to be able to buy a computer, flash the latest and greatest from my repository onto a bootable thumb drive, install onto the computer, and be ready to go without any further configuration.

 

It would be blasphemy not to

view more: next ›