This is the less edg version of my naming scheme; greek gods

If my ISP didn’t constantly break my network from their side, I’d have effectively no downtime and nearly zero maintenance. I don’t live on the bleeding edge and I don’t do anything particularly experimental and most of my containers are as minimal as possible

I built my own x86 router with OpnSense Proxmox hypervisor Cheapo WiFi AP Thinkcentre NAS (just 1 drive, debian with Samba) Containers: Tor relay, gonic, corrade, owot, apache, backups, dns, owncast

All of this just works if I leave it alone

I think the point is that root is a universal user found on all linux systems where as users have all kinds of names. It narrows down the variables to brute-force, so simply removing the ability to use it means they have to guess a username and a password.

Do you like dry reading? I do, and I started here http://intronetworks.cs.luc.edu/

Good to know!

what do you mean upgrade WiFi to any device?

Wireguard and DNS filtering (albeit not as fine tuned and automatic as pihole) can all be done on OpnSense

I recommend OpnSense on whatever modern low-power hardware you can get your hands on, ThinkCentre, NUC or whatever, if you are okay with a separate device for WiFi or do not need WiFi. WiFi APs can be had for as low as 20 bucks and are usually straight forward to set up, but you gotta shell out more if you want the latest and greatest connectivity.

There is also the possibility for adding WiFi directly to OpnSense but I have not even bothered touching it. If you love tinkering and suffering, that’s a route you can go.

For the love of God, if you’re going to install PfSense, just get OpnSense instead. It’s just better.

rsync for backups. SMB / NFS for things I need on a daily basis. SSH FTP (use whatever client you want) for things I need rarely but don’t wanna bother with SCP and I especially don’t bother ever setting up vsftpd for ‘real’ FTP.

IPv6 can use NAT; there are some unfortunate souls out there whom are only getting a /128 (one address, basically) by their ISP, instead of a /64 or /48

I’m very uncertain about your network topology. Why is WAN 192.168.x.x?

I’m not really sure what this does that necessitates all of this code and backend? I just have a single HTML file with embedded CSS, and it looks better than their demo.