Exposing wireguard port is not that bad since it’s key auth. Wireguard itself is quite minimal, so it tends to be quite secure and it shouldn’t appear in port scans.

So I wouldn’t worry as much as with other things you can expose.

For usability, you just share a config file with the user and tell them which app to install. Very smooth experience.

However you still need to keep the security in mind when you are letting someone into your network. Setup a DMZ or use ACLs (with iptables for example).

As for myself, I want to be as self sufficient as possible, especially from US tech, so I don’t use cloudflare.

Yes, you need for the client to know where to connect to. If you have a static IP then that’s it, but if you don’t you can use dynamic DNS, and you need to own a domain to use it (in theory there are services like duckdns.org, but it’s been unreliable for me for the past year).

I went for a cheap .ovh domain, which costs me ~3€ a year, and I get the OVH dynDNS as a bonus. I use ddclient to update my IP. Works great.

Now I’m trying migrate my wireguard setup to an LXC and implement ACLs while I’m at it.

Sometimes I break down the tasks into smaller pieces and it works but sometimes I get even more overwhelmed by the multiple new tasks so I end up doing nothing

I’ve been happy with my wireguard setup for a few years now - don’t need to rely on someone else’s servers (as much, I still use DDNS) like with Tailscale

It would be more like a statement

And sending them a GDPR notice would be such a nice feeling, hope they will get fined by EU again

micro is nice, I’ve been using it more for the past few months

And for me, there was no productivity penalty when switching from VSCode, since I didn’t have to learn all new keybinds (still lacks a bit of multicursor, tho)

I wish I could just delete my account, but I still need it occasionally and everone in Poland is using messenger

I decided to go bare minimum effort to get the self-hosted music expirience, so I’m just hosting the music on NextCloud for the Symfonium app to grab. I downloaded most of the music from YT music using yt-dlp, since that’s what I’m quite familiar with and I don’t have the arr stack set up yet.

I’m planning to move to Navidrome or Jellyfin soon™

Happy to hear great suggestions in other comments

rn I’m only using docker for the services I have behind a VPN, so I don’t really put that much thought into securing them. If I had any publicly accessible ones I would setup an automatic patch or even build my custom images.

And as always I’m trying to up my security game, but not at any cost

Only the essentials

I mean there was a train bubble once, simpler times tho

Source

Nice to know

Here in Poland we call it Kombi and VW Passat is our stereotypical boomer car.

And I think in Czech Republic and Slovakia they call it Kombi as well.

Yea, but we mostly call it a kombi or an estate car.

Not quite, Iris Xe is a GPU architecture and is quite distinct from earlier Intel HD and UHD graphics, which was still present in some Intel 11-12th gen mobile CPUs. They basically created a new architecture, and that’s what powers current Intel Arc GPUs.

Iris Xe on Wikipedia

I’m not sure about the branding of the devices, but the iGPU performance is hugely dependent on the memory boundwidth, so the same iGPU would perform worse on a single channel than dual channel and the best performance should be with soldered LPDDR*x memory.

And get at least 16GB of RAM. Decent amount of laptops with better iGPU have it soldered to the motherboard, so not upgradable.

Not all mobile 11-14th gen had Iris Xe - you can look them up on Wikipedia and I wouldn’t go lower than 80 EUs. You should be able to find more used Intel laptops than AMD.

I have i7-1165G7 (96 EUs) and it’s fine for older/not demanding games - I played Cities Skylines 1 on my laptop and it was playable.

PS: last time I checked I had better FPS on Linux than on Windows 10, which might be related to how Intel drivers and dxvk handle DirectX9

Yeah, I evaluated my position since and now I’m trying to deploy Forgejo, but I’m still stuck in the IaC rabbit hole and can’t crawl out

I use NextCloud for syncing photos from my phone and sharing photo galleries with my SO. NextCloud is quite bad for viewing photos, that’s why I have the Memories plugin and app, but it’s still not perfect. I also have the Recognize plugin, but in my setup it’s been broken for a few months and I don’t have the time to fix it.

So if I replace the photo sharing functionality I could replace the NextCloud itself for file sharing with something lighter. Might even go back to SMB.

I’ve been deploying Gitea (or Forgejo, still can’t decide), but I’ve fallen into the Ansible rabbit hole and can’t get out. Also learned Terraform in the last week and I’m still on the fence about using it in my homelab. It’s nice for the cloud but I don’t think it’s as useful on-prem.

It might be time for me to make the switch, too Soo many things to selfhost and not enough time, but nextcloud had been annoying me for some time so it might get the priority

I just picked up a PS2 to pair up with a trinitron that I’m going rescue from my dad’s basement. It was the main TV in the house unitl 2013 and served very well.