You’ll have to pry my pixel 4a out of my cold dead hands.

Currently trying to figure out how to create and maintain an internal CA in order to enable pod to pod TLS communication, while using letsencrypt for my public ingresses.

It’s okay, no issues with normal use. Not sure about gaming, since I never game anyway. The only issue is that pixel 6 is nearing eol for grapheneos. Still gonna use it after, but might be good to know.

GrapheneOS on my Pixel 6, all others (Xiaomi mi 8, LG g5) run LineageOS.

Excellent point, thank you!

I use dperson/samba, which is both simple and comes with usage examples.

I will be moving my entire homelab to a different country, which currently consist of two kubernetes nodes, a NAS and various home automation devices. I will be scaling down gradually, taking cold storage backups of everything and plan to resurrect everything on new hardware once I have moved.

There are several things you can and should do to harden your server, many of them can be found here.

You could look into apps like authelia, keycloak, authentic, etc.

I run my self hosted stuff on a k3s cluster at home on bare metal, then use cloudflare to protect the IP and access only by VPN.

Good suggestion, but I find it hard to find the source of those charts (might be a mobile thing though). I will be sure to check it out more closely on my desktop.

Usually Debian as base, then ansible to setup openssh for accessandd for the longest time, I just ran docker-compose straight on bare metal, these days though, I prefer k3s.

Off the top of my head, here are a few things to check.

• is your ssh server configured to only use a specific network interface? If it is, is that network interface reachable from the internet?
• is the correct port open in your firewall?
• is it possible you are doing port redirect in your firewall? Meaning the wan port redirects to a different land port.