So like the 21st century version of smallpox blankets

That happens on my RSS reader, I haven’t looked into it too deeply but I’m assuming he’s using JavaScript to populate the entries and are thus not being populated on none dowser clients

I don’t know about local send specifically, but KDE Connect will do that. And if you have an FTP client on your phone, then yes you can easily spin up an FTP server on your local network and transfer files that way

Spotube is an android app that provides a frontend to Spotify and allows you to download songs you listen to to your device. Im guessing you could sync those files to your server and store them in a different system.

FreeIPA and Keycloak will give you directory management (LDAP and Kerberos), identity management, and single-sign on (OIDC and SAML) which if all your computers are running Linux as well, will give you centralized management of users.

You can then set other FOSS business management/productivity applications like NextCloud, Oodoo, Seafile, OnlyOffice, LibreOffice, CryptPad, etc. To use Keycloak as its authentication mechanism.

A lot of this will depend on what kind of work the business does.

You’ll also want to look into log management and SEIM for security monitoring, Wazuh, Graylog, and others. This is especially true if the business has any data compliancy responsibilities in the country this is in.

In that case, this seems pretty reasonable – disclaimer: I can’t personally attest to the effectiveness of this

https://github.com/Lissy93/personal-security-checklist

Inform them of their rights: https://www.ilrc.org/red-cards-tarjetas-rojas#item-4476

I think the general consensus for homelabbers is a mesh network – Tailscale and Netbird are the two most popular options

I just wish I had done something absurd like sport a bright pink mohawk at some point before going bald 😂

Lol “Ukraine’s war against Russia” get the fuck out of here you punk ass shill

How about instead of restricting use of the software, adding in a clause that states "Use of this software is a formal acknowledgement and agreement by the user that race and gender are a social construct, gender identity and sexual orientation is a spectrum, humans can not be illegal,… " etc.

Thus use of the software is not restricted and is still open source, but forces groups, organizations, and people who disagree with the above to acknowledge something counter to their system of power.

The Homelab Show was a good one, though they haven’t posted a new podcast in almost a year. Lawrence Systems and Learn Linux TV are the makers of it and have their own content as well

What’s your solution? PiHole? The thing I don’t like about the PiHole is the lack of wildcard domain rewrites. I’ve been playing with AdGuard Home and Unbound, not sure what my final solution will be, though.

Yeah I’ve been toying with FreeIPA for IdM, Keycloak for SSO, and Netbird to create a zero trust internal network. DNS is the hurdle I’m currently figuring my way over

I’ve been playing with Stalwart-Email as a combined SMTP/IMAP server. Its open source and written in rust, still pretty early in development and I haven’t played with it enough to give any real opinion on the pluses or minuses compared to other software, but its worth taking a look at.

Well the internet down scenario has only happened once, and I returned home to no internet, booted up my laptop, and could not connect to any of my services since I couldn’t reach my control server. I haven’t forced the issue to occur by disconnecting my internet and testing connectivity. I just did the lazy thing and connected to the services I wanted via their IPv4 address

you’re almost certainly routing local network traffic over NetBird instead of using local routes

That’s precisely the functionality I want, though. Secure, encrypted, mutually identified traffic should be the only traffic in a zero trust network.

I’m simply trying to create an ingress point into this network for outside access.

Thanks for your response! I’m completely self-taught, so I’ll go ahead and acknowledge knowledge gaps on my end, but how would putting all the nodes in a network cause routing problems or ARP poisoning?

I recognize that what I’m trying to accomplish is a bit overkill for the average home network, and a lot of my reasoning behind my design is purely for learning. My reasoning for putting everything on a mesh network is 2-fold:

• Providing encrypted, secure, and mutually identified networking between all nodes
• Creating a centralized source of truth and control – NetBird runs its own DNS system behind the scenes, which allows all nodes to be addressed by name regardless of location, which interests me because it creates a single point of administration for ACLs, routing, etc. I’m also able to access any node I want across the mesh network as long as I’m connected to it.

I have successfully run this setup previously with the NetBird management console hosted in a VPS, however the issue I ran into was that if internet went down at home, I could no longer access my locally hosted services through the mesh network. I could still access them via IP, since I was on the same LAN, but that defeats my goal of centralized control, mDNS, and a central source of truth that I got via the mesh network.

I have also successfully ran this setup completely local, however I am unable to access it from outside my homelab. For my use case, I think having all components of the mesh network hosted within my homelab is the best design. However now I have to figure out the best way to allow external connections to my management interface. Thus my original question should I use a cloudflare tunnel to my management interface, set up a wireguard tunnel from an externally accessible VPS service pointed to my management interface, or something different?

Ahh gotcha, that makes sense, so like the difference between a self signed SSL certificate and something like LetsEncrypt.

Re 2: I was thinking in the scenario to allow auto discovery of your certificate, so someone who is emailing you for the first time could look up your public key automatically and use it to encrypt their email.

Also, great writeup and thank you!

Question 1: What’s the point of using Actalis? Can’t you generate your own certificate?

Question 2: Is there a way to get your email.server to automatically publish your public key?