But k3s so niiiice.
Badabinski
Alt account of @Badabinski
Just a sweaty nerd interested in software, home automation, emotional issues, and polite discourse about all of the above.
- 0 Posts
- 5 Comments
Joined 1 year ago
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
link fedilink 25 days ago3·arrow-up
link fedilink 2 months ago9·arrow-up Wireguard was written with the explicit goal of having sane, secure defaults. I totally feel you w.r.t. openvpn or ipsec, since it’s easy to do something wrong. Wireguard is much easier because it simply refuses to give you the choice to do things incorrectly.
w.r.t. the certificate thing, you could set up a reverse proxy and do HSTS to ensure nobody can load up a rogue CA on your devices. HSTS has the issue that SSH has (trust on first use or whatever it’s called), but you just need to make sure nobody is MITM you for that first connecting and then you’ll be good to go. This would let you use a self-signed certificate if you do desired.
link fedilink 3 months ago12·arrow-up For people like me who lack context:
Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.
link fedilink 4 months ago1·arrow-up rsync -avr --progressin termux or a file explorer app built on top of scp or rsync. It doesn’t work like your use-case, but I’ve been happy with it.
Should have just used AGPL from the start, instead of falling back to this fucked up modified BSD license. It wouldn’t stop people from stripping the branding, but they’d have to release source code which would tell all users what they’re actually using.