oranki

I wish I knew about Photon before. Just spun up my own instance and loving it!

Wireguard runs over UDP, the port is undistinguishable from closed ports for most common port scanning bots. Changing the port will obfuscate the traffic a bit. Even if someone manages to guess the port, they’ll still need to use the right key, otherwise the response is like from a wrong port - no response. Your ISP can still see that it’s Wireguard traffic if they happen to be looking, but can’t decipher the contents.

I would drop containers from the equation and just run Wireguard on the host. When issues arise, you’ll have a hard time identifying the problem when container networking is in the mix.

I used to run everything with Pis, but then got a x86 USFF to improve Nextcloud performance.

With the energy price madness last year in Europe, I moved most things to cloud VPSs.

One Pi is still running Home Assistant, hooked to my heating/ventilation unit via RS485/modbus.

I had a ZFS backup server with 2 HDDs hooked up over USB to a Pi 8GB. That is just way too unreliable for anything serious, I think I now have a lot of corrupted files in the backups. Looking into getting some Synology unit for that.

For anything serious that requires file storage, I’d steer clear from USB or SD cards. After getting used to SATA performance, it’s hard to go back anyways. I’d really like to use the Pis, but family photo backups turning gray due to bitflips is unacceptable.

They are a great entrypoint to self-hosting and the Linux world though!

Thank you!

Oh the times when getting GTA from a friend required 30+ 3½" floppy disks IIRC. That plus making 5 or 6 round trips to friend’s house, because one of them almost always got corrupted during the zip process.

And since no one had the disk space or knowhow to store the zip packets on HDD for the inevitable re-copying, had to redo the whole pack from scratch each time.

Edit: disk->HDD

Did a bit of research and found out the feature is available on Fennec F-Droid too via about:config.

Here’s how to enable: https://community.mozilla.org/en/campaigns/firefox-cookie-banner-handling/

Remember to check the polarity of the plug too. Some have + in the center pin, others have -

This must be related to people in their 20’s not knowing how to read a traditional clock anymore.

Plain NGINX has served me well.

+1 for rootless Podman. Kubernetes YAMLs to define pods, which are started/controlled by systemd. SELinux for added security.

Also +1 for not using auto updates. Using the latest tag has bit me more times I can count, now I only use it for testing new stuff. All the important services have at least the major version as tag.

I’m in the same boat. I use Cloudflare email routing to route mail for my domain to Gmail. That covers the inbound email, CF routing provides a catch-all option and you can direct individual addresses to different inboxes.

For outbound, just use any provider that gives SMTP for custom domain. I used Zoho for a while, recently went back to running my own server for outbound. In Gmail web interface, you can add other addresses to send mail as using external SMTP servers.

All of this is of course not very good privacy-wise. Both CF and Google can read your mail… But putting that aside, the setup works really well. You can get your custom domain to Gmail with the price of a cheap email service. Zoho is around 10€ / year, but you could even use something like Amazon SES, I understand with low volumes it’s practically free.

I thought about just forwarding from my own MX to Gmail, but that may cause problems if spam gets forwarded. SPF + DKIM setup is simple for traditional use, but forwarding all mail requires the original headers included in the fw mails, seemed like CF probably knows how to handle that better than me.