These stats are fine and all, but storage and network is what’s going to get you in the end if you open it up to anyone and everyone and it becomes popular.
These stats are fine and all, but storage and network is what’s going to get you in the end if you open it up to anyone and everyone and it becomes popular.
It’s not about actually getting it to work, it’s about having it work PROPERLY.
You have multiple routes to the same network right now it sounds like, and you’re almost certainly routing local network traffic over NetBird instead of using local routes. Have you looked at your routing tables?
Okay, so two really big things:
You’re confused a bit on how network routing works. If you’re building something that bridges multiple networks (local + VPN + VPS), you need to know about how to route things to different places. You’re dealing with 3 networks at this point.
You might be misunderstanding how “zero-trust” and local networking fit together. Right now you have some local machines at least, AND a router. You don’t need all of your local machines to individually bridge a gap to your VPS, you want it the other way around.
If the majority of your machines are local, then make that your hub. Everything else should be a client. Adding all these individual nodes to routes in a mesh network makes absolutely no sense, and will definitely cause routing problems, if not something like ARP poisoning (we can’t see your config).
Just make the remote machine clients to your local network and be done with it.
Plenty of player/recorders cheap out there on eBay and elsewhere. Guess it’s a gamble at this point though.
Lol. You just don’t get it.
Friend…Tailscale uses the same Wireguard protocol as everything else. If Tailscale is working, but your solo configs aren’t, it’s not a Wireguard problem, it’s a config problem. Guaranteed.
Tailscale is Wireguard. If it works, then something is wrong with your Wireguard configs.
You might want to put these pertinent details in your post.
If you’re on a cellular network that has CGNAT, Wireguard may not be able to work. Same deal if it’s an IPv6 network.
Then try setting PersistentKeepalive on the client
If Wireguard loses its connection, it doesn’t automatically requery the host and reconnect AFAIK. So if name resolution fails, or you’re on dynamic DNS and the IP changes, it’s not going to fix itself.
MONTHLY?? That’s a bit much, don’t you think?
If you’re regenerating certa that fast, I can’t think of anything that’s going to secure AND easy enough to satisfy automating this.
Whatever tool you want to use to secure the contents of the cert from its initial creation, to distribution, is fine enough. If you want super easy, use an SSH/SCP script. If you want something more elegant, think Hashicorp Vault or etcd.
Ansible is probably more effort than it’s worth (plus securing the secrets of the cert), and any other config mgmt tool won’t deal with the distribution portion simply, so I’d skip all of that.
Minidisc
Depends on what version you jumped to from the previous. It almost certainly wasn’t a minor update, because you would have gotten a million warnings about deprecating arguments in templates.
It’s just a front-end abstraction for different c ontainer backends, so no. I don’t think they have some distinct features that deal in any functionality for the container ecosystem or anything.
Logs?
Authentication is simply identifying a user.
Authorization is securing access to assets.
You can find a lot of reading about this if the distinction is confusing.
That’s really up to the software again. If you’re not technically inclined enough to run through the code, that’s fine, but you have to trust that other people are.
Go and search GitHub issues or this project by name for what you’re concerned about.
Authentication is also not security, btw. It’s just access. If you can be more specific about your concerns in your post, you may get more direct answers.
Tunnels are not authentication.
Are you asking how to have each service challenge for authentication? That’s up to the software.
Firefox CODE has DNS overrides. How would being in a container change this?
Your SD card is shot. SD cards aren’t built for sustained read/write cycles, and RPi installs regularly kill them from excessive access to disk from things like logging and DB access.
On HA specifically, you can solve for part of this by reducing all logging to minimal, and then for the bulk of the rest setup something like log2ram to store system logs in RAM and prevent wearing out the SD disk.
A more permanent fix would be to get an SSD instead, but that’s not always an option.