adamshand @ adamshand @alien.top

BOT

Posts

2

Comments

61

Joined

2 yr. ago

I switched from Traefik to Caddy a few years ago and have no ragrets. The only complaints I have about Caddy:

• It doesn't support configuring virtual hosts automatically via docker labelsl (like Traefik).
• Many features (like DNS auth for certs) require compiling Caddy. Which is easy but annoying.

Assuming you already have a shared calendar system, just setup a shared calendar for whatever resources you need to schedule.

I don't understand this sub sometimes. You are very right.

This sub's aversion to hosting email (and now DNS) is bizarre.

As another option why not docker swarm? I think it will do what you need and is much simpler than k8s.

I’ve been using caprover and really liking how simple and reliable it’s been. In the process of going from a single node to a swarm, still researching / experimenting but liking it so far!

I use a todo app for this. I have a Read/Watch list and just add things there.

I like this because it's super fast/easy to add something, I can sync todos to all my devices via CalDAV, and I am regularly reminded about them when I use my todo list. :-)

KVM (Kernel-based virtual machine) is just a specific technology to provide a VPS (virtual private server).

There's no reason for you to care about the tech stack at this point, just get a VPS that is geographically close to you and is reasonably priced.

I like the $5 / month Vultr VPS, but there are other cheaper options.

There are many, many prebuilt open source projects.

You might find starting with something CasaOS, Unraid, or TrueNAS an easier way to start. I haven't used any of them, others may have better suggestions on ways to start on a VPS.

Rsync is great, but unless you are using a system on top of rsync (eg. rsync-backup) it only gives you a single copy which isn't the best option for backups.

For example, you accidentally change a file but by the time you notice the version you want has been overwritten.

There’s nothing inherently insecure about exposing a service to the internet. But it does create an attack surface.

A firewall or proxy (Cloudflare, Nginx etc) allows you to restrict access via ip address or authentication, but if there’s a bug in your service it can still be exploited.

The good news about a service you write is that there are no ready built tools to exploit it. The bad news is that there are almost certainly more bugs.

So it really comes down to what your ap has access to (is it jailed or restricted in someway), is it read only or does it allow modifying file in the system? How confident are you with your code? If someone starts bashing in it, will you be alerted? Is it did get a coloured how serious would that be? There is no “right” answer, is a risk assessment you have to make based on your situation.

I love projects like this, but I'm really struggling to think of a use case for it? Have you had any thoughts about how people might use it?

That's an interesting anecdote about setting SPF to drop. Thanks!

As far as I know, this doesn't exist yet in the open source / selfhostable world. Lots of people want it though and some are starting to cobble together systems that work for them.

https://lemmy.world/post/2048481

I'm not entirely sure what you are asking for.

Yes, you can setup a chain of SMTP servers which will redirect email's however you like. Postfix is an excellent choice for this.

If you want emails sent to reflector@example.com to be automatically forwarded to many people you can do that with the /etc/aliases file which most SMTP servers provide.

If you are wanting a more complete system (for example to allow people to subscribe to the email address, to automatically unsubscribe bouncing addresses, to create archives, to only allow some people to send messages etc) you want to use a mailing list.

If this is for group discussion you want something like Mailman. If this is for newsletters (eg. only you send messages), you might look at something like ListMonk or Mautic.

thanks!

and be sure the http page tor exits host is working

Thanks for the info, but what does this mean??

If you are using bind mounts with your container, there is a really easy way to backup before an update.

• stop the database container
• cp -a bind_mount_dir/ bind_mount_dir.20231019

Then pull the latest database image and restart database container. If it works, yay, you're done.

If it doesn't work, reverse the steps:

• stop the container
• mv bind_mount_dir/ bind_mount_dir.broken
• mv bind_mount_dir.20231019 bind_mount_dir

Restart container and you're back to exactly where you were before the upgrade.

You need to make up your mind about the licensing.

README.md says:

The code in this repository is licensed under a personal, non-production source-available license. Visit https://etcha.dev/pricing/ for additional licensing options.

LICENSE.md says:

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions ...

For an actual wiki that does all the things a wiki is supposed to, it’s hard to beat dokuwiki.

If you want a desktop wiki (as opposed to a web app) you might like Zim.

Learn rsync, it is your only friend for these sorts of jobs. :-)

The answer is, as always, it depends.

Some exploits allow the attacker access to the application (in which case they can do whatever the application allows them to do).

Some exploits allow the attacker to get shell access (in which case they can do anything the permissions of the user allow them to do).

Some exploits allow the attacker to get a root shell (in which case they can do almost anything).

Root exploits are much less common, and typically require much more skill, than application exploits. Getting root almost always requires exploiting an application, and then getting shell first.

This is why security people talk about "defence in depth".

If your application is exploited, what can you do to make it as hard as possible for the attacker to get a shell. If they get a shell, what can you do to make it as hard as possible for them to get root. If they get root, what can you do to restrict the amount of damage they can do. If they do damage, how do you know what they've done and what can you do to repair it.

When people are relying on VPNs for security, they are building what security people refer to as the "crunchy on the outside, chewy on the inside" model. There's no defence in depth, once the attacker is in ... you're screwed.

In a homelab, part of the fun is that we get to decide how much of this we can be bothered with. :-)

I'm not aware of anything purpose built that does this, but should be pretty easy to build something with Budibase or similar lowcode tool?

If you can be bothered putting in all the ISBNs into your database, it should even be pretty straight forward to implement a bar code scanner to lookup.

https://docs.budibase.com/docs/barcodeqr-field