Dran

I guess I should rephrase.

I label a lot of boxes and spice containers but nothing unhinged lol

deleted by creator

DYMO Embossing Label Maker

They’re like $9 on Amazon and I label everything. I have 2 myself, and they’re also my go-to for white-elephant parties.

I run ubuntu’ server base headless install with a self-curated minimal set of gui packages on top of that (X11, awesome, pulse, thunar) but there’s no reason you couldn’t install kde with wayland. Building the system yourself gets you really far in the anti-bloatware dept, and the breadth of wiki/google/gpt based around Debian/Ubuntu means you can figure just about any issues out. I do this on a ~$200 eBay random old Dell + a 3050 6gb (slot power only).

For lighter gaming I’ll use the Ubuntu PC directly, but for anything heavier I have a win11 PC in the basement that has no other task than to pipe steam over sunshine/moonlight

It is the best of both worlds.

the best way to learn is by doing!

I just built my own automation around their official documentation; it’s fantastic.

https://www.wireguard.com/#conceptual-overview

https://www.wireguard.com/install/

https://www.wireguard.com/quickstart/

vyatta and vyatta-based (edgerouter, etc) I would say are good enough for the average consumer. If we’re deep enough in the weeds to be arguing the pros and cons of wireguard raw vs talescale; I think we’re certainly passed accepting a budget consumer router as acceptably meeting these and other needs.

Also you don’t need port forwarding and ddns for internal routing. My phone and laptop both have automation in place for switching wireguard profiles based on network SSID. At home, all traffic is routed locally; outside of my network everything goes through ddns/port forwarding.

If you’re really paranoid about it, you could always skip the port-forward route, and set up a wireguard-based mesh yourself using an external vps as a relay. That way you don’t have to open anything directly, and internal traffic still routes when you don’t have an internet connection at home. It’s basically what talescale is, except in this case you control the keys and have better insight into who is using them, and you reverse the authentication paradigm from external to internal.

Talescale proper gives you an external dependency (and a lot of security risk), but the underlying technology (wireguard) does not have the same limitation. You should just deploy wireguard yourself; it’s not as scary as it sounds.

Fail2ban and containers can be tricky, because under the hood, you’ll often have container policies automatically inserting themselves above host policies in iptables. The docker documentation has a good write-up on how to solve it for their implementation

https://docs.docker.com/engine/network/packet-filtering-firewalls/

For your usecase specifically: If you’re using VMs only, you could run it within any VM that is exposing traffic, but for containers you’ll have to run fail2ban on the host itself. I’m not sure how LXC handles this, but I assume it’s probably similar to docker.

The simplest solution would be to just put something between your hypervisor and the Internet physically (a raspberry-pi-based firewall, etc)

+1 for cmk. Been using it at work for an entire data center + thousands of endpoints and I also use it for my 3 server homelab. It scales beautifully at any size.

Are you maybe thinking of https://distr1.org/ made by the i3 guy?

I’ve heard anecdotally that some 911 services were down in my area, but I can’t speak to how wide that was.

I think the vision was what Motorola delivered briefly a decade ago with webtop. The original version of it was a chrooted lubuntu with full access to apt, and custom applications that let you render your phone, or phone apps as an application. It was powerful enough to get me through my first 3 years of a computer science program in college with a lapdock as my primary “computer”. (Think a brainless laptop, that you dock your phone into)

https://arstechnica.com/gadgets/2011/03/motorola-atrix-the-ubuntu-powered-webtop-experience/

When they moved from android 2.3 to 4.0, they dropped the lubuntu webtop in favor of Android’s tablet mode, which was a huge bummer, and what made me get an actual laptop. Outside of gaming, if that were the average computer paradigm today I’d be a happy camper. Why buy two computers when you can buy one instead?

Generally the lifecycle with this sort of thing is old_thing becomes an alias to new_thing, and eventually old_thing gets dropped as an alias down the line.

It’s still decent advice to learn dnf native calls and to update scripts using yum to those native calls.

Okay, I’m hooked, I have to know the non-clickbait story

I’m a big fan of tiling window managers like i3 or awesome (awesome wm). Awesome is the one I use. It’s tiling and the entire interface is built from scripts that they encourage you to modify. Steep learning curve but once you get it how you like, there’s nothing like it.

That is usually more incompetence than malice. They write a game that requires different operation on amd vs Nvidia devices and basically write an

If Nvidia: Do x; Else if amd: Do Y; Else: Crash;

The idea being that if the check for amd/Nvidia fails, there must be an issue with the check function. The developers didn’t consider the possibility of a non amd/Nvidia card. This was especially true of old games. There are a lot of 1990s-2000s titles that won’t run on modern cards or modern windows because the developers didn’t program a failure mode of “just try it”

I have so many questions

You would expose a single port to multiple vlans, and then bind multiple addresses to that single physical connected interface. Each service would then bind itself to the appropriate address, rather than “*”

You should consider reversing the roles. There’s no reason your homelab cannot be the client, and have your vps be the server. Once the wireguard virtual network exists, network traffic doesn’t really care which was the client and which was the server. Saves you from opening a port to attackers on your home network.