I subscribed to the mullvad addon to try it out and saw about 30+ mullvad nodes waiting to be signed, probably signed due to the lock. That got me thinking I probably want to configure the NACL so the mullvad nodes I allow on my tailnet are not able to initiate any connections to my other nodes. I didn’t see any documentation on my setup so cancelled the mullvad addon until I have time to dig into it more.

Do you know how it works with tailscale lock?

You bring up a lot of great points. I disabled the firewall on my bare metal cluster nodes and didn’t give it another thought. I had to go digging to figure out how to encrypt secrets, and NFS StorageClass is not very great security wise either. Not to mention lack of isolation for privileged containers. I found kata containers a good solution to that. Then there’s wireguard between workers I don’t know if I got working correctly because I can’t figure out how to really test it.

Having experienced Canonical’s support, if anyone actually needs it they go to RHEL.

How do you have your auth working? Is it basic user/password managed on Nextcloud (external database connected?), is it external auth against something like Okta, or is it user/pass that you define from docker-compose?

If via docker-compose then a restart would clear anything an attacker would have done and it would reload from the docker-compose process I think? I’m not too familiar with the specifics on that as I’m not a security researcher, but generally some attacks are resident in memory only and a restart can clear them only for it to crop up again later either due to a running process that was set to rerun an exploit or someone monitoring your system externally and retrying the exploit remotely again.

Or it could just be some bug in Nextcloud or unique to your environment. Personally I’m only hosting things that are internally accessible via VPN anymore. Tailscale makes that super easy these days.

Are you exposing it to the Internet? Weirdness like that might be from someone exploiting your instance.

Sounds a lot like Netbox, for network management. You can define data centers and racks and equipment and sub equipment as well as the actual network information like what cable is plugged into which port on which device, VLANs, IP addresses, subnets, BPG ASNs, etc.

That sounds awesome. Does it have maintenance reminders and consumable part descriptions/part numbers? I can never remember different filters I need for various things (water, fridge, furnace, cars, etc).

I set up dokuwiki for that the other day. Thanks for posting this, I’ll have to check it out

I’m sorry that you’re going through this and I have no useful advice. If anyone else is reading this, this is why the saying is if you’re not storing offsite you have no backups.

I’m not an electrician. I would assume one adapter in the line would probably be fine if it’s a good quality adapter and no chance of coming loose. I would be worried about shorting / fires and would want an adequate breaker behind it, maybe arcflash.

Yea I can’t help you there. That NEMA 6-30P is going to be tough to utilize for this and could be dangerous. Good luck on your hunt. My only suggestion is maybe fine a PDU that could go between. I do not recommend making your own cable.

Sorry I meant your power outlet. The outlet on the PSU is standard for 220v from what I know

Can you upload a picture of the plug because it should be easy to find standard cables?

There should be a switch that flips the input between 110/220 and you will need a different cable for the PSU

Yea modding routers can be a lot of fun. Can be super unstable sometimes too. Are you still practicing? What’s your favorite custom firmware?

I started off hosting UT2004 servers at LAN parties back in the day then Tremulus? servers, then coubter-strike 1.5/1.6/cz. Started learning VPS with CS:S.

I’m trying to get Lemmy running on k3s. Slow going learning ansible, kubernetes and lemmy all in one go

I’ve been trying to get lemmy broken up to microservices for my Raspberry Pi k3s cluster. I have postgres running but I’m well outside my comfort zone trying to learn how kubernetes works. If I stand up the other microservices (pictrs and lemmy) do I just need to use the same namespace? How do I tell it the server url/fqdn/ip for postgres? Does metallb do that for me?

They’re hosting on tor, they probably don’t want internet hosted fonts from Google. There are tons of CC licenses fonts available that are very useable.