• 0 Posts
  • 35 Comments
Joined 1 year ago
cake
Cake day: September 8th, 2023

help-circle



  • My process for project identification has been:

    1. Be annoyed at ads/payment structure/whatever in some app or service
    2. Search https://alternativeto.net/ for alternatives to the thing I’m annoyed with (filtering by Open Source and my devices)
    3. Try out 1-2 of the top alternatives
    4. Settle on what service I want to run
    5. Install, route the subdomain, etc. if necessary (otherwise just access via my tailnet)

    As for how to deploy, docker / podman are great! With podman I’d recommend looking into their systemd integrations too. Incus is a neat LXC option too, meant more for longer term services (less micro service focused, good and bad).

    Hope this helps!


  • Haha I’ve had a journey to get here, all because I have a 12th gen Framework.

    Initially I got Debian Sid working but ran into power management issues with the module system. I switched over to arch and loved that for a while but frankly I was too careless and kept breaking my system. The way I use Arch it wasn’t a stable daily driver. Then I switched over to NixOS and loved it, but I bricked 3 of 4 ports with a firmware update (again me being careless). Graciously, Framework helped me fix the issue.

    After all of that I decided to go with a distro that is officially supported by Framework. Between Ubuntu and Fedora I choose Fedora since they don’t have ads for Ubuntu Pro :) I also like SELinux by default and wanted to broaden my horizons


  • I tried Debian + Nix once upon a time too. Honestly flatpaks and containers did everything I needed and more, and every dev team I’ve been on already has familiarity with the container workflow.

    I’m a huge fan of Debian and Nix, don’t get me wrong, but it was shy of perfect for my use case. Glad it works for you though! I’ve been using Fedora + Nix home-manager with flakes for almost two years and I don’t think I’ll ever go back








  • I’d agree with you in the context of standard (google) android.

    One caveat that I’d like to highlight, though, is that for me GrapheneOS and F-Droid handily achieve the privacy and rich FOSS ecosystem parts. Useful terminal depends on your definition :) but for my use case Termux fills the void.

    It doesn’t feel like Linux (you can’t even use Wifi and Ethernet at the same time for crying out loud) but for a relatively cheap low-power device, I like the flexibility.

    It’s far enough from being a foot gun that I can give a Pixel 5 with GrapheneOS and some F-Droid apps to my grandmother and know she’ll have no problems. Balancing that with having enough extensibility to scratch the itch for 99% of tinkerers is a feat to appreciate in my view.






  • You make a great point. I really shouldn’t contribute to the boogeyman-ification of port forwarding.

    I certainly agree there is nothing inherently wrong or dangerous with port forwarding in and of itself. It’s like saying a hammer is bad. Not true in the slightest! A newbie swinging it around like there’s no tomorrow might smack their fingers a few times, but that’s no fault of hammer :)

    Port forwarding is a tool, and is great/necessary for many jobs. For my use case I love that Wireguard offers a great alternative that: completes my goal, forces the use of keys, and makes it easy to do so.



  • I’ll assume you mean what I mean when I say I want to be safe with my self hosting – that is, “safe” but also easily accessible enough that my friends/family don’t balk the first time they try to log in or reset their password. There are all kinds of strategies you can use to protect your data, but I’ll cover the few that I find to be reasonable.

    1. Port Forwarding – as someone mentioned already, port forwarding raw internet traffic to a server is probably a bad idea based on the information given. Especially since it isn’t strictly necessary.

    2. Consumer Grade Tunnel Services – I’m sure there are others, but cloudflare tunnels can be a safer option of exposing a service to the public internet.

    3. Personal VPN (my pick) – if your number of users is small, it may be easiest to set up a private VPN. This has the added benefit of making things like PiHole available to all of your devices wherever you go. Popular options include Tailscale (easiest, but relies on trusting Tailscale) or Wireguard/OpenVPN (bare bones with excellent documentation). I think there are similar options to tailscale through NordVPN (and probably others), where it “magically” handles connecting your devices but then you face a ~5 device limit.

    With Wireguard or OpenVPN you may ask: “How do I do that without opening a port? You just said that was a bad idea!” Well, the best way that I have come up with is to use a VPS (providers include Digital Ocean, Linode to name a few) where you typically get a public IP address for free (as in free beer). You still have a public port open in your virtual private network, but it’s an acceptable risk (in my mind, for my threat model) given it’s on a machine that you don’t own or care about. You can wipe that VPS machine any time you want, the cost is time.

    It’s all a trade-off. You can go to much further lengths than I’ve described here to be “safer” but this is the threshold that I’ve found to be easy and Good Enough for Me™.

    If I were starting over I would start with Tailscale and work up from there. There are many many good options and only you can decide which one is best for your situation!