We expose about a dozen services to the open web. Haven’t bothered with something like Authentik yet, just strong passwords.
We use a solid OPNSense Firewall config with rather fine-grained permissions to allow/forbid traffic to the respective VMs, between the VMs, between VMs and the NAS, and so on.
We also have a wireguard tunnel to home for all the services that don’t need to be available on the internet publicly. That one also allows access to the management interface of the firewall.
In OPNSense, you get quite good logging capabilities, should you suspect someone is trying to gain access, you’ll be able to read it from there.
I am also considering setting up Prometheus and Grafana for all our services, which could point out some anomalies, though that would not be the main usecase.
Lastly, I also have a server at a hoster for some stuff that is not practical to host at home. The hoster provided a very rudimentary firewall, so I’m using that to only open necessary ports, and then Fail2Ban to insta-ban IPs for a week on the first offense. Have also set it up so they get banned on Cloudflare’s side, so before another malicious request ever reaches me.
Have not had any issues, ever.
I recommend using Usenet for German stuff, all the private trackers I have tried in the past were… seedy.
Yes, you need to pay for access to the Usenet, but it’s worth it for German language audio IMO.
Check out scenenzbs.com, no need to pay to search there. Check if everything you need is available, though likely, it will be.
I have not had a failed download yet.
I’m slightly younger than that even, currently finishing up my master’s but have been working as a backend dev for a couple of years.
I’ve learned an order of magnitude more about networking from just being in the vicinity of my girlfriend (who is a network technician) than from uni, and it’s definitely already paying off.
+1 from me.
The Shield is a couple years old, but it handles everything you throw at it perfectly.
Thanks for the recommendation! Looks like a great option. Actually, the p2p aspect prompted me to have another look at the Jitsi docs, and lo and behold, there’s an option for that, as long as no more than 2 people participate in a chat… (The reason I’d prefer Jitsi is actually just that NixOS comes with options for jitsi out of the box, for Miro I would have to introduce containers into my setup :D)
Yeah, I am havong mixed feelings about this. But at least during Covid, it was apparently the norm, so it must work, somehow…
I could find a teacher closer to me, but for one thing, I only have a boke available, and biking ~10km with the cello on my back is not something I look forward to doing on a regular basis. The other thing is that I consider this teacher a friend, she’s given me lessonsfor more than a decade in the past, and I know we vibe well together.
Yeah, those are all fair points. We’ve been using Jitsi for work with pretty much no problems, albeit in group calls where video and audio quality don’t matter too much. Someone below gave some good recommendations for hardware as well.
The helpdesk issue… IDK. If Jitsi works, it is incredibly easy to use, right? Basically just, click this link and you’re in. (If does some heavy lifting there, I know :D)
THank you for the suggestion! It looks like a great option for playing together. I must say though, what would probably kill it for me/my teacher is the complexity of the setup. Separate video, and from the docs, it seems like a bit of an involved setup to get good results?
Besides, we will probably not be playing together at all 😅
Oh wow, someone with the exact same usecase!! :D
Thank you for the hardware recommendations. Tbh that is not something I have put any thought into yet.
Can I ask you, is the UMC204HD necessary only because you have to mics, or would you recommend something like it regardless?
I have been thinking of just using a pair of headphones with built-in mic for talking/hearing my teacher, but yeah, it seems like at least something additional for the cello would be beneficial. Do you have any experiences with pick-up mics for the cello? I saw that there are some comparatively well-priced options around
It’s definitely the fallback option if DIY doesn’t pan out. The no-filtering can definitely also be enabled in the Jitsi config, so at least in that regards I’m not too worried.
Throughout the pandemic I’ve largely been able to avoid both Teams and Zoom, but Zoom did cause a number of problems on Linux, so I’m not too hyped to give it another try :/
I thought about adding a link, but am a bit hesitant to de-anonymize myself on here 😅
But it’s basically this:
TBH this sounds way more complicated than it is / feels to use 😄
(Preface: almost all of this is handled in a single Nix config, and no docker in use at all)
At home, in a two-hosts Proxmox cluster:
On a bare metal machine at a reputable cloud provider:
Wishlist:
Good idea. I get a number of CORS errors - but I also get them without the VPN, so I don’t think that’s it.
The idea that CR doesn’t block me, their content hipster does though - that might have merit. Hm. I have noticed that some sites require me to solve the Cloudflare Captcha. So maybe that happens when requesting the page/stream, and then since I don’t (can’t) solve it, nothing happens?
Do you have an idea how I could verify this? 😅
Alright, this is weird. I ran tcpdump
on the server, and checked both physical and wg0
interface. For things like youtube, it’s a constant stream of packets coming in on the physical interface, then immediately being relayed through wg0
- just as it should be.
But for Crunchyroll, there’s… Nothing. I get an initial burst of packets when opening the site containing the video I want to stream, and then packets just stop coming in once the page itself has fully loaded.
We were talking about SwiftKey