Fresh Graphene. In order to get stock Android back you would need to install it back on your phone. A factory reset removes all data, settings, and apps that were put on the phone by the user.

What is a “feg”?

When you get a 502 it usually means that your reverse proxy is unable to connect to your backend server. I’m not sure if you’ve obfuscated the URL in your post but 0.0.0.0 is not a valid IP (it just means ALL IPs). If you are attempting to connect on the same machine that is hosting use 127.0.0.1. if you are on the same network then use the local IP.

You can do this with a site-to-site wireguard VPN. You will need to set up the proper routing rules on each termination. On the Internet facing side you will want to do DNAT (modifies destination, keeps source) to redirect the incoming traffic to your non- internet facing side through the tunnel. Then on the non- internet facing you need to set up Routing rules to ensure all traffic headed for public IPs is traversing the tunnel. Then back on the Internet facing side you need to SNAT (modify source, keep destination) the traffic coming through the tunnel headed for the Internet. Hopefully this helps. People saying this goes against standards are not really correct as this is a great application for NAT.

Maybe not the lowest power possible… I wouldn’t recommend running your NAS on a raspberry pi even though plenty of people do

I’ve got a 3800x that has plenty of performance but also uses a lot of power and I’m seriously considering upgrading to a 5700G. It’s about 170 from Amazon right now.

Also, I don’t think you’re going to want your NAS to sleep/standby, that’s really not typical.

I wonder if this is the cause for the UI failing and showing a white page with “server error”. It has something to do with a failure to retrieve the site icon and if postgres is crashing that could explain why lemmy-ui is failing to retrieve the site icon.

My current “fix” for this is a script that runs every 10 minutes and sets the site image to NULL, curls the site URL, then sets the site image back to what it was. This does seem to work around the problem and if the UI does crash it’s only down for a maximum of 10 minutes.

Very nice walkthrough. Gonna bookmark this.

Port 8080 is where the Web-UI / Web-API is running. If you want to be able to upload data and not just leech you need to forward port 6881 (and probably also tell QBT to listen on that port)

Since 0 comes before 1 you’re probably gonna need to rename the files and possibly the metadata as well. Probably gonna need a custom numbering scheme to do what you want to do.

I’m fully aware of what the word means, but I’m sick of it being used so often. There are plenty of other words in the English language to describe the situation.

I get that “enshitification” is the hot new buzzword but cold we please give it a rest. Reading this community you start to think that people can’t express that the Internet is not to their liking in any other way.

For a VPN I picked privateinternetaccess (PIA) because it has port forwarding and I got a deal on a 5 year subscription for a one-time payment of $75.

Give it a couple hours or even a day. Stay active in the communities you subscribe to. Eventually your server will get most posts and comments.

Not sure if you use OPNSense, but the acme plugin allows you to automatically upload certificates (via ssh) to the appropriate servers whenever the certificates are updated.

One other way would be to use a reverse proxy internally (if you only need SSL for web interfaces).

Packets initiated from the NAS to the Internet are allowed. Packets initiated from somewhere on the Internet to the NAS are not allowed.

If the NAS requests files from a download server they will be allowed to come through the firewall because the files are a response to a request and not unsolicited traffic. I hope that makes sense.

Vaultwarden password manager

You can do all of those things with wireguard as well… I’m not seeing any benefit to running Tailscale/headscale.

If you don’t have a static IP then you will automatically have a dynamic one. You don’t need to ask for a dynamic IP as that is the default. And I’m no idiot, I’ve used dynamic DNS services for for over 20 years.

If you’re going to do that you may as well cut out the extra server/service and run regular wireguard.

Tailscale is a service that relies on a third party to facilitate the VPN connection between your client and server. It is designed for people who don’t want to or cannot forward ports. Your server and your client both talk to the Tailscale servers and traffic is routed that way.

Dynamic IP is one that changes. I think you meant static IP.

Recently commented on a different post about setting up a VPN. Check out firezone

I don’t recommend using Tailscale or anything that relies on a third party.

I can recommend firezone as well. Served me well before I decided to host my wireguard server on OPNsense.

I still miss the super easy client setup from firezone! OPNsense really needs to make it easier.

Check this GitHub link for instructions. https://github.com/LemmyNet/lemmy-ui/issues/1530#issuecomment-1605781461

Once I get home from work this afternoon I will post my docker-compose.yml which has an extra container that automatically deletes the database entry then resets it.

EDIT: Here is the extra container from my docker-compose.yml

  icon-fix:
    image: iconfix:latest
    command:
      - /bin/sh
      - -c
      - |
        sleep 10
        # Remove Site Icon - be sure to set your postgres password
        PGPASSWORD=<POSTGRESS PASSWORD HERE> psql -U lemmy -h postgres -d lemmy -c "UPDATE site SET icon = NULL WHERE id = 1;"
        # Refresh Site - replace example.com with your sites domain
	curl -f -sS -H "Host: example.com" http://lemmy-ui:1234 > temp.html
        # Reset Site Icon - Set your postgres password and replace the URL with one that points to your icon
 	PGPASSWORD=<POSTGRESS PASSWORD HERE> psql -U lemmy -h postgres -d lemmy -c "UPDATE site SET icon = 'https://example.com/pictrs/image/2cc85182-5739-4c86-b982-94fc913e80d3.webp' WHERE id = 1;"
    depends_on:
      - postgres

And here is the Dockerfile for building the iconfix image

FROM docker.io/postgres:latest
RUN apt update
RUN apt install -y curl

This is an issue that has been present for a long time but recently came back worse with the 0.19 update. It is caused by lemmy-ui failing to load the site icon and it typically happens whenever the the docker container is started/restarted while you have a site icon set. The only fix at the moment is to manually delete the database entry which contains a link to the site image.

Pretty sure that’s only if you use their proxy service on your domain. Regular, non-proxied, DNS should not have any restrictions like that.

Security. Keeping publicly accessible and locally accessible on different networks.

Well I learned a new word from that article : invigilator Thanks BBC

Glad you figured it out. I’ve also run into issues with Firefox using the wrong DNS.

Change your allowed IPs config to 0.0.0.0/0

I did some reading and found that the trusted_proxies setting is required. Can you try setting it to 0.0.0.0/0?

Are you absolutely sure that NPM has an IP from the subnet 172.22.0.0/24? Is there any way you can remove the trusted_proxies setting from homeassistant and then check if it will accept the connection from NPM?

As far as motherboards go, you would probably be fine with any consumer desktop brand but you should probably look for something with dual NIC. If you want something a bit more robust AsRock Rack has some really great options. I’ve been using the X470D4U for about 4 years now without any issues.

For your CPU I recommend Ryzen 5700G. Powerful enough for everything you want to do, the TDP is only 65 watts so it’s not going to destroy your power bill, has a decent integrated GPU, and costs only about $200. Another positive is that it uses DDR 4 so you can load up on that for pretty cheap too.

I can second this. It took a while after an update for the domain to show properly and not give an error. I don’t know exactly how long but I started it in the early morning and it wasn’t working but by 11 am it was all sorted out.

I just got a mini AMD box from CWWK off Amazon and I’m quite impressed. I even got a free CPU upgrade (ordered a 5600u but received 5825u)

It is a config issue. Allowed IPs for your client should be 0.0.0.0/0 not 0.0.0.0/32

The allowed IP’s for your peer should be 0.0.0.0/0 NOT /32. (That literally means that only IP 0.0.0.0 is allowed). I’m pretty sure that’s your problem since 0.0.0.0 is not a valid IP that anyone is assigned.

[alwayshasbeen.jpg]