Incessant tinkerer since the 70’s. Staunch privacy advocate. SelfHoster. Musician of mediocre talent. https://soundcloud.com/hood-poet-608190196

  • 36 Posts
  • 1.94K Comments
Joined 1 year ago
cake
Cake day: March 24th, 2025

help-circle



  • I didn’t realize how overwhelming this would be, the amount of information is incredible.

    Speaking from experience, it was quite overwhelming to me at first as well. It took me a handful of tries to wrap my head around Cloudflare Tunnels/Zero Trust. I persisted tho, and succeeded. It doesn’t help much that Cloudflare keeps rearranging their site, making it difficult to find necessary information. I will say, that when I migrated to a new server recently, it was a snap and everything clicked in place. There was no need to set up anything on their side. As I remember, it was a matter of a one liner code sequence they provided, to install the necessary components on my server. Jack’s a doughnut, Bob’s your uncle.











  • The 4790 will always have a special place in my heart 😂

    I was actually pleasantly surprised. I had two Dell T320, which are good too, but put out a lot of heat, and cost about $40 USD/month to run. So I decommissioned one, and am now looking to purchase an additional 7020 and decommission the other T320. Don’t know what to do with the T320s tho. Nobody on ebay would be willing to pay what it cost to ship a boat anchor. The money I’ll save in electricity costs will more than cover the price of admission.




  • I tried this a long time ago. My conclusion was that there is not really a way to install Linux on the Xbox One. There have been reports that have run Linux inside of a jail/VM, but things don’t seem to mesh correctly like network connectivity. There is a whole hacking and modding the boot chain. I gave up. LOL

    Perhaps there has been progress since I last tried. Also, very possible, I didn’t have the skills to pull it off. Perhaps someone else will chime in.


  • What are your concerns about Cloudflare and getting ‘banned’? There used to be a clause in the TOS that prohibited streaming video. However, as one user here has pointed out, that has been since superseded. Now, I’m not going to tell you that you can share your JF with 20 other users and not raise an eyebrow with Cloudflare. I don’t have a clue what they would do in that case. As far as streaming, I run Navidrome around the house from the time I get up in the morning, until I go to bed at night, and have had no issues. There also isn’t a bandwidth cap that I can find anywhere in Cloudflare’s documentation.



  • This is the security I’ve implemented on my network:

    • Modem receiving IP from ISP. Modem to router. Router to stand alone pfsense firewall. Router has a 54 character complex password for WiFi. There are no guest provisions for WiFi.
    • Pfsense firewall with pfblockerng & suricata running on both lan and wan, both with a full array of rules/feeds updated daily. pfsense has tailscale as an overlay vpn. Server traffic and PC traffic have their own VLAN provided by pfsense. My approach is to deny all until something complains and address that on a case by case basis. Additionally ntopng is utilized for traffic analysis. IPv6 is disabled.
    • Server running Tailscale as an overlay VPN, UFW deny all posture, and fail2ban with an aggressive posture. Server has been hardened against Lynis spec where applicable. Not all recommendations apply to my server. Server is utilizing host deny/host allow and SSH keys.
    • Server is utilizing containers for services.
    • Server is using Cloudflare tunnel/zero trust.
    • Server and pfsense communicate via Tailscale encrypted tunnel. PC/Phone/mobile device can communicate with pfsense via Tailscale.
    • Server services are accessed via https.
    • PC connected to pfsense firewall with same rules as server. PC is using a VPN with Cloudflare 1.1.1.1/1.0.0.1 for DNS queries. Firefox is using 1.1.1.1/1.0.0.1. Settings for Firefox are the strictest for Enhanced Tracking Protection, and DOH. HTTPS-Only mode enabled. PC is also running a soft firewall.
    • All other devices such as phones, laptops, and tablets run a VPN with Cloudflare 1.1.1.1/1.0.0.1 for DNS queries.
    • IoT devices are isolated. Phones are isolated. Smart TVs are isolated.

    I’ve been told repeatedly that I go overboard on security.

    Do you guys just enjoy cybersecurity?

    To the extent of my knowledge thereof, yes.

    Do you actually keep sensitive data on your self hosted systems?

    No I do not. No password vaults, no financial info, etc.

    Do you self-host on expensive hardware?

    No. In fact I just finished decommissioning one of my Dell T320s. In it’s place I put an Optiplex 7020 SFF. The Dell T320 was adding $40 USD of my electric bill, while the Optiplex 7020 sips about $8 a month, plus it doesn’t pump heat in to the lab like the T320s do. I have one more T320 to decommission and then I’ll be done with that type of equipment. I’m looking to sell the two T320s, but I’m not sure someone wants to pay to ship a boat anchor.

    It’s not that the data on my server is so sensitive. I just don’t want anyone mucking around in my lab all willy nilly, which is why I run all the above and isolate everything I can, so that anyone who might get through, wouldn’t have any lateral movement,