I'm thinking about upgrading my W-Fi and I was curious what wireless access points (WAP) people are using. I'm currently using a Netgear R7800 running OpenWRT.

Considering a lot of people here are self-hosting both private stuff, like a NAS and also some other is public like websites and whatnot, how do you approach segmentation in the context of virtual machines versus dedicated machines? This is generally how I see the community action on this: ## Scenario 1: Fully Isolated Machine for Public Stuff Two servers one for the internal stuff (NAS) and another for the public stuff totally isolated from your LAN (websites, email etc). Preferably with a public IP that is not the same as your LAN and the traffic to that machines doesn't go through your main router. Eg. a switch between the ISP ONT and your router that also has a cable connected for the isolated machine. This way the machine is completely isolated from your network and not dependent on it. ## Scenario 2: Single server with VM exposed A single server hosting two VMs, one to host a NAS along with a few internal services running in containers, and another to host publicly exposed websites. Each website could have its own container inside the VM for added isolation, with a reverse proxy container managing traffic. For networking, I typically see two main options: - Option A: Completely isolate the "public-facing" VM from the internal network by using a dedicated NIC in passthrough mode for the VM; - Option B: Use a switch to deliver two VLANs to the host—one for the internal network and one for public internet access. In this scenario, the host would have two VLAN-tagged interfaces (e.g., eth0.X) and bridge one of them with the "public" VM’s network interface. Here’s a diagram for reference: https://ibb.co/PTkQVBF In the second option, a firewall would run inside the "public" VM to drop all inbound except for http traffic. The host would simply act as a bridge and would not participate in the network in any way. ## Scenario 3: Exposed VM on a Windows/Linux Desktop Host Windows/Linux desktop machine that runs KVM/VirtualBox/VMware to host a VM that is directly exposed to the internet with its own public IP assigned by the ISP. In this setup, a dedicated NIC would be passed through to the VM for isolation. The host OS would be used as a personal desktop and contain sensitive information. ## Scenario 4: Dual-Boot Between Desktop and Server A dual-boot setup where the user switches between a OS for daily usage and another for hosting stuff when needed (with a public IP assigned by the ISP). The machine would have a single Ethernet interface and the user would manually switch network cables between: a) the router (NAT/internal network) when running the "personal" OS and b) a direct connection to the switch (and ISP) when running the "public/hosting" OS. For increased security, each OS would be installed on a separate NVMe drive, and the "personal" one would use TPM with full disk encryption to protect sensitive data. If the "public/hosting" system were compromised. The theory here is that, if properly done, the TPM doesn't release the keys to decrypt the "personal" disk OS when the user is booted into the "public/hosting" OS. People also seem to combine both scenarios with Cloudflare tunnels or reverse proxies on cheap VPS. ------- **What's your approach / paranoia level :D** Do you think using separate physical machines is really the only sensible way to go? How likely do you think VM escape attacks and VLAN hopping or other networking-based attacks are? Let's discuss how secure these setups are, what pitfalls one should watch out for on each one, and what considerations need to be addressed.

Ok, it's me again. I've been checking the sampled logs on my cloudflare website and I've noticed some very particular requests:  Some context: I'm hosting my own static website (a personal blog) at home and serving it to the internet through a Cloudflare tunnel. Upon inspecting them it seems like they are bots and web-crawlers trying to access directories and files that don't exist on my server, (since I'm not using wordpress). While I don't really have any credentials or anything to lose on my website and these attacks are harmless so far, this is kinda scary. Should I worry? Is this normal internet behaviour? Should I expect even worse kinds of attacks? What can I do to improve security on my website and try to block these kinds of requests/attacks? I'm still a noob, so this is a good opportunity for learning. Thanks

cross-posted from: https://lemm.ee/post/49620916 > Now that 2024 is coming to the end and Christmas around the corner, have you considered any donations to be given? If yes where?

Hello! 😀 I want to share my thoughts on docker and maybe discuss about it! Since some months I started my homelab and as any good "homelabing guy" I absolutely loved using docker. Simple to deploy and everything. Sadly these days my mind is changing... I recently switch to lxc containers to make easier backup and the xperience is pretty great, the only downside is that not every software is available natively outside of docker 🙃 But I switch to have more control too as docker can be difficult to set up some stuff that the devs don't really planned to. So here's my thoughts and slowly I'm going to leave docker for more old-school way of hosting services. Don't get me wrong docker is awesome in some use cases, the main are that is really portable and simple to deploy no hundreds dependencies, etc. And by this I think I really found how docker could be useful, not for every single homelabing setup, and it's not my case. Maybe I'm doing something wrong but I let you talk about it in the comments, thx.

I've been running a Plex server for music off my gaming laptop for a few months and (I think) I'm ready to take it further - that is, I'd like to have the server running on its own hardware. At this point, I'd just be running a music server, but I know I'll want to add more services. The first would be something like Google Drive - I'm working with a couple of other people on business plans and I'd love to self-host our files and the software (like LibreOffice) to edit them. I'm comfortable with the software side and I'm finding lots of options, especially in this community. The hardware side... I'm feeling a little overwhelmed by all the options and I don't know enough to judge the search results. Any recommendations for hardware or links to guides would be appreciated.

Hi guys! I'm trying to re-compress a few TV shows that are mostly animation to some animation-friendly codec (HEVC 10bit, maybe even AV1), to reduce the storage it takes on the NAS (I'm looking at *you*, One Piece/Simpsons!). I've used handbrake with full folders to handle whole seasons of a TV show before, but that was a bit frustrating to run on my desktop PC, hence the install of Tdarr. However it's a bit...overwhelming with all the options, without quite hinting what each one does. I'm adding a...library. Ok, what's the library? Is it say, an -arr full TV Shows library? Or should I add one library per TV show (custom specific settings for each one?). How do I work...with the transcode options? I see it's all drag-drop, but I'm not sure of all these options. I'd like to transcode to say, HEVC 10bit, reduce perhaps audio with Opus or AAC, and keep same tracks and subs. How would I go about this? THanks!

So, I've been trying to accomplish this for a while. First I posted asking for [help getting started](https://lemmy.world/post/16815751), then I posted about trying to [open ports on my router](https://lemmy.world/post/22824143). Now, I proudly post about being able to show the world (for the first time ever) my abysmal lack of css and html skills. I would like to thank everyone in this community, specially to those who took the time to answer my n00b questions. If you'd like to see it, it will be available at: https://nginxtest.kazuchijou.com/ (Beware however, for you might cringe into oblivion and back.) Since this website is hosted on my desktop computer, there will be some down-time here and then, however I'll leave it on for the next 48 hours (rip electricity bill) only for you guys to see. <3 --- Now, there are a couple of things that need addressing: I set it up as a cloudflare tunnel and linked it to my domain. However, I still don't know any docker at all (despite using it for the tunnel), and the process was too incredibly and stupidly easy. I don't think I learned as much as I expected and I didn't feel challenged at all. The original idea was to do some port forwarding. (This was foolish and a bit of a waste of time). Despite getting a "public-ip-address" from my ISP, I still was unable to open ports successfully. I kept getting the same error again and again. If you'd like to read my original post about port forwarding you may follow this link: ["[Solved] ((lie)) Noob stuck on port-forwarding wile trying to host own raw-html website. Pls help"](https://lemmy.world/post/22824143). While I know doing this represents a security risk, I still wanted to at least have a small success with port forwarding. I just wanted to have the raw-internet-connection experience, you know? like, the basics and such. And Cloudflare is holding my hand way too hard, I want to feel like I can shoot myself in the foot (without actually doing so) But to be honest, I'm quite happy with the outcome. There are many other avenues I'd like to explore in the future, like setting up a reverse proxy with nginx or even darknet hosting (as sugested by another commentor). I hope to keep learning and some day help another poor soul like myself in a similar situation. I thank you again guys, you're the best. [TL;DR] This is the best and most helpful community ever! thx <3

I'm looking to replace my sff J5040 Wyze machine. Its still plenty fast enough, but storage has become an issue with its limited USB endpoint availability of ~50 device limit. I know that just switching it up to a newer Intel system could give me double the endpoints because of the two XHCI chip setup, but I was thinking that if I'm going to replace it, I'd like to not limit myself. As such, even though Ryzen is far faster than I need, it does now support USB4. Does anyone know if the switch to USB4 would give the system a larger address range and have more than 127 USB devices or is that limitation still in place and I might as well not waste my money?

Hi everyone, it's been a while :) Postiz is an open-source social media scheduling tool that offers scheduling on the following: Instagram, YouTube, Dribbble, LinkedIn, Reddit, TikTok, Facebook, Pinterest, Threads, X, Slack, Discord, Mastodon and BlueSky. [https://github.com/gitroomhq/postiz-app](https://github.com/gitroomhq/postiz-app) There's been tons of interest in Postiz. It's super exciting but also challenging—around 5-10 tickets per day (without a support team 😿), mainly coming from Portainer, Coolify, and Unraid—and I still haven't figured out how to solve it. I need to balance shipping and customer support. Tons of new features since the latest release: * Option to add stories to Instagram and tag people for collaboration. * Customer separation - you can group accounts per customer, and when you schedule, you can filter by customer. * Option to tag companies on LinkedIn (I wanted to tag people also, but it was not possible) * Fixes for different social media posts failing. * **Introducing Plugs!** This is a concept you can find in other tools that can boost your engagement for your current posts. Here are some examples: * Once your post reaches X amount of likes, repost it (to regain visibility to it) * Once your post reaches X amount of likes, add another message to it (all your existing commenters will get a notification) **What's next:** * Public API - I have been too lazy to make it, I have to push more :) * One Inbox - so you can reply to all your messages from one place. * Google My Business provider * AI Agents - I am still trying to figure out what to do with it, but it looks interesting. Special thanks to this community that supports me with every post ❤️ Any star to the repo is a blessing ⭐️ ** Fediverse networks will come soon :)

Hello, have setup my proxmox server since some weeks recently I found that LXC containers could be useful as it really separate all my services in differents containers. Since then I figured out to move my docker's services from a vm into several LXC containers. I ran into some issues, the first one is that a lot of projects run smoother in docker and doesn't really have a "normal" way of being package... The second thing is related to the first one, since they are not really well implemented into the OS how can I make the updates? So I wonder how people are deploying their stuffs on LXC proxmox's containers? Thanks for your help! EDIT : Tried to install docker upon debian LXC but the performances were absolutely terrible...

Hello everyone! Mods here 😊 Tell us, what services do you selfhost? Extra points for selfhosted hardware infrastructure. Feel free to take it as a chance to present yourself to the community! 🦎