All I need is for them to fix the public collection RSS feed bug where they embed “https,http” in the feed xml if you’re behind a reverse proxy - which breaks parsing

and has integration for Oxidized, smokeping, greylog and more

Yes. But also, despite having done it literally thousands of times, I still can’t tell you which way round to put the target and the link name for a softlink on the first go.

My first guess is always

ln -s $NAME $TARGET

No amount of repetition will fix this.

Sounds like you have reason to bump it up the list now - two birds with one stone.

I need to do this too. I know I have stuff deployed that has plaintext secrets in .env or even the compose. I’ll never get time to audit everything. So the more I make the baseline deployment safe, the better.

You’re a monster. My scps would go nowhere

It’s the right move.

I tell you, the first time you’re sat in front of a CEO and an auditor and you have to explain why the big list of servers has a highlighted one called C-NT-PRIK-5 is when the fun stops.

Explaining that it’s short for ‘customer network tester Mr. Prickles 5’, and is actually a cacti server never really seems to help the situation.

At least a few of the customers got a laugh out of it being on the reports!

Username checks out

You had me digging through old hosts files and ssh configs to find some of these.

I try to name them something that resembles what they do or has something to do with what their purpose is.

Short is good, and if it can match more than one of the machine’s purpose/os/software/look, the better.

If it’s some sort of personal machine, it gets a personal name

Phones

• traveller
• pawn
• rook
• bishop

Virtual Workstations

• boxy

• moxy

• sandbox

• cloud

• ship lxc container host

• dock docker host

Laptops

• ciel Razer blade stealth with a rainbow LED keyboard
• arc runs arch.
• lled is a dell

Desktops

• bench
• citadel
• bastion

Lots of people have been talking about products and tools. It’s docker, tailscale, cloudflare proxmox etc. These are important, but will likely come and go on a long enough timescale.

In terms of actual skills, there’s two that will dramatically decrease your headaches. Documention and backup planning. The problem with developing those skills is, to my knowledge, they’ve only ever been obtained through suffering. Trying to remember how to rebuild something when you built it 6 months ago is futile. Trying to recover borked data is brutal. There’s no fail-safe that you haven’t created, and there’s no history that you haven’t written. Fortunately, these are also the most transferable skills.

My advice is, jump in. Don’t hesitate. The chops in docker/linux/networking will come with use and familiarity. If it looks cool, do it. Make mistakes. You will rapidly realise what the problems with your set up are. You will gain knowledge in leaps and bounds from breaking a thing vs learning by rote or lesson. Reframe the headaches as a feature, not a bug - they’re highlighting holes in your understanding. They signpost the way to being a better tech, and a more stable production environment.

The greatest bit about self hosting for me is planning the next great leap forward, making it better, cleaner, more robust. Growing the confidence in your abilities to create a system you can trust. Honing your skills and toolset is the entirety of the excercise, so jump in, and don’t focus on any one thing to master or practice before hand!

It’s the solution on the user experience side, but not the backend/server side. For both infrastructure and idealogical reasons. These two things don’t have to be the same.

Disney parks wants park visitors to feel like their exploring, but design in such a way that thepy don’t actually stray that far from the preferred paths. Also they have clear sign posting.

There’s no reason the fediverse can’t design the opposite. Helping users into feeling like there’s a set path, and that they’re doing the right thing, while subtly encouraging exploration.

It’s just the opposite of where all talent and techniques of internet software design are right now, so it’s going to take some work.

Edit: Most people don’t jump into a hedge to get off the main road, they find a small, unplanned trail or desire path, then learn to navigate the jungle when that path ends.

Buster’s slightly concerned he’s about to be replaced with bookworm

So I’ve implemented Obsidian Git, and it works really well. The only trouble I’ve had is on iOS (I’ve got m it on android, fedora, debian and windows) where it’s bot supporting merge changes.

I’m considering moving to logseq and implementing the same.

The other alternative to self hosting is ‘SyncThing’. After I introduced my dad to obsidian, I saw how he did his synchronization with it, and it looks like a lot less overhead - fairly compelling

Happy to share some notes on my setup and his if you like

This is also true for UDP and ICMP connections, in case anyone reading wasn’t sure. This is how you’re able to ping stream and browse from behind your regular firewalls

No, that’s handled by ARP requests. In this case, it’s likely that the DHCP server is on the gateway, as that’s a pretty common setup for home ISP router arrangements.

Gateway refers to a router that has access to other networks. In this case, the default gateway, which will be the router that has access to the internet.

DNS or name servers are a separate option in DHCP leases, as are the IP addresses for DHCP servers, which are more of a windows thing generally.

In this case this comment is probably an accurate description of what’s happened:

https://lemm.ee/comment/7429148

I’d hesitate to call it truly enterprise, but I’ve used the 24 port/10Gbe version of these in a datacenter. Not many issues to write home about - seems to handle vlanning pretty well.

Has 10Gbe uplinks, US power, and PoE+. Probably access to a fancy dashboard too.

$1600 is probably as cheap as you’re getting.

Edit: Oh yeah, they’re probably not dual attached, and the ‘redundant power supply’ (RPS) is a separate appliance, which I consider kinda bullshit, that takes up another U.

I’ve had no trouble with actual switching performance though fwiw.

Edit 2: They’re probably compatible with the AR mobile app, which is hella cool, and somewhat useful in customer sites.

48 port Ubiquiti

Lining up the wires, ensuring they’re straight and making sure they’re trimmed to the same length will help avoid crossover too.

You can help straighten them on the square edge of a table, just press them between your finger and the table at the part that’s stripped from the insulation, then pull them over the edge applying pressure the whole time.

You can also look for the newer cat 6 connectors. Lots of brands have an insert that you can slot the wires in to before putting them in the housing, which helps a lot.

Example here: https://www.amazon.com/W-NECTOUN-100-PACK-Connectors-Ethernet-Connector/dp/B0B1DHQCP7/

Sweet! Yeah, I’m guessing that the iptables-mangle and landing page link setup relies on getting that IP before populating the page, and that it’s not reactive to changing IP address. It might have worked if you were disconnecting networking all together, and joining a different network, but with the wonky way wifi roaming actually works, the mediabox management scripts probably never noticed there was a need to re-trigger.

You’re looking for mdns! Depends on which distro you’re on. For apt based stuff like mint, look for mdns (used to be libnss-mdns on raspberry pis, guessing it’s the same for mint? It’ll install avahi zeroconf stuff if it’s not there already. Check the service is running, then ping $HOSTNAME.local - replace with whatever your host name is.

If you’re starting the mediabox setup on the isp network, it’s doing local natting with iptables, based on the IP that it resolves from the hostname. Probably would need to shut down and re-up to walk between the deco’s and the isp wifi domains.

I agree with the other comments, looks like you might be in a double NAT scenario - fortunately for you, I think I know how to fix it, seeing as we’re both running deco’s!

You want to go into the smartphone app, go to ‘More’ at the bottom right, (as opposed to ‘Network’), Advanced > Operation Mode > Access point.

Be aware this will cause a disruption, and anything connected to them will need to be reconnected so it gets dhcp/ip addressing from the isp router rather than the deco.

The other alternative is, if they’re already in AP mode, it might be recognizing the deco SSID as a separate network to your ISP’s router, and randomizing your mac address (for anonymity across airports and hotels and such). Then, with your original mac address holding the first IP in lease, your ‘new’ mac address gets a different one. Check your mac with ip link too when connected to the two different networks, and see if you can find an option to set it manually for both networks, or just use your default one for those networks.

I’d love to hear how you get on, I’ve been putting off building this exact solution (mediabox) from scratch, had no idea there was a project set up to run it all

Can you give us some more details about how your network, mesh and machines are setup?

Are you trying to access the containers from the machine they’re running on, or from a different machine?

Is the container host moving between different AP’s, or is it on ethernet?

What IP address do you get when connected to the different access points? Does it change?

Are your access points in Access Point only mode, or are they acting as routers? What brand/model?

How are the mesh access points connected - powerline, ethernet, wifi meshing?

Amen. Also they tend to draw less power than your average cheap desktop, so it’s a great middle ground between pc and sbc