Yeah. Exactly how I do it. .casa domain to distinguish it from my other domains, DNS challenge and I am good.
Proxmox and OPN Sense work with it themselves, for everything else I use NPM on Proxmox. Couldn’t be more happy with that solution.
Yeah. Exactly how I do it. .casa domain to distinguish it from my other domains, DNS challenge and I am good.
Proxmox and OPN Sense work with it themselves, for everything else I use NPM on Proxmox. Couldn’t be more happy with that solution.
Just saying, but swiss privacy laws are a huge marketing hoax and amongst the worst in Europe.
Yeah. If you are more into the recipe side of things Mealie is imho the way to go.
If you want a ERP at home Grocy is more feature complete,but also more bothersome.
A lot of guides are still for Proxmox 7 or even 6 on that matter.
Proxmox 8 has changed a lot in that regard.
You forgot the “basement dwelling gatekeepers”, there are the ones whose minds never left their parents basement and whose social skills aka lack thereof is evident in their gatekeeping.
Their way is the only correct way and Linus has actually no idea how to run Linux, hardware manufacturers don’t know anything about their products, anyone using not their service of choice is automatically an idiot and if you don’t know how to compile xyz yourself by using a self taught technique you really should get off the internet right now.
Often their advice is inefficient, sometimes it’s outdated and some even blatantly lie (had one boast in a discord that he has a myriad of secret user accounts where he intentionally gives bad advice to a FOSS product he hates).
Some also intentionally make whatever the goal is appear much harder in an effort to look smarter (that behaviour is often found in the professional world as well*)
They are the cancerous sore of FOSS and social media,imho.
PS: Anecdote: I work in healthcare,not IT originally. Everything I know is self taught, therefore. Started a new consulting gig and one of these guys, very much a “IT gatekeeper” always made the company he worked for think it takes a massive effort to install a certain product. Which made everyone’s life much harder because yes,he did install it, but he manually compiled it which took him weeks at a time, while his other work piled up. So they tried not to use this essential product whenever possible and worked their way around it.
I came there, saw that I needed said product and had it installed within 20min. The CEO sat right next to me and was stunned. “You prepared that, right?” “Uhm,no? You can just download and install it like this?”
IT-Gatekeeper was asked to join the meeting asap and told to explain why they need so long. His only excuse was “I need to review all the code” - which he did diligently, but he always reviewed ALL the code not only changes, according to his notes.
I made the mistake of saying to myself a bit to loud “but if you compile that stuff yourself then you are liable if it breaks,if you use the advised packages from the manufacturer they are”(medical device law can be interesting). IT-Gatekeeper exploded and screamed at me how I have no idea how IT works,etc.
He was let go shortly after that.
Thanks for confirming that you’re full of shit.
Because there are very very few Sliding Synch (which is the part of X that makes it faster) instances at the moment and only one that has a major userbase…
Wouldn’t say that. With most Matrix Clients, WhatsApp, etc. it’s far easier. Especially from a perspective of a elderly,less tech adept user.
And on which instance did you experience that?
Depends. If you use an intermediary layer like Yunohost/Cloudron/etc. or now your way around docker it’s manageable easily.
Very unlikely by now, these issues have been adressed a while ago.
Matrix is slow on large instances, but that’s not the case here, especially if no federation is done.
And the issue with sluggishness is currently the main development focus with ElementX/matrixX that will become mainstream matrix soon. With that even the large instances are extremely fast.
It is literally one setting in Matrix to force all rooms to only do encrypted messages.
Signal is pretty unintuitive when it comes to multiple devices per user, device transfers after a device has been lost,etc.
You kids are disgusting with your “ready to go” software. A true IT professional would use a self written virtual assembler layer between Hannah Montana and Proxmox to improve security!
Cloudron does that,not for free, though. But cheap
Not cheap but easy to setup and very very capable are the Dahuas. Especially in HA they are really mighty. But sadly they are not cheap.
Old article by someone who seems to be an absolute newbie in that field.
I can recommend using Cloudron but I don’t use Radicale.
Cloudron is in no way a necessity for anyone - it’s simply me being too lazy to keep everything up to date, read all the necessary documentation for all the services we run,etc. Cloudron does all that for me - and I couldn’t be happier. Johannes,the owner, provides fast support (had two glitches with Hetzner DNS over the years) and the amount of Apps is getting wider each year, although I would rather see their range be broader (e.g. a proper Monitoring system instead of yet another project management),but that’s just me.
In theory it’s even possible to create your own apps for cloudron, both for public and private use, but that is beyond my capabilities. It can also be used as a SSO provider and reverse proxy,btw.
Simply put:No.
You need to make sure none accesses your phone even when stolen (for a myriad of other reasons as well) so passwort protect it.
This has nothing to do with WG-easy or any wireguard implementation itself-it’s simply part of Wireguard. What you could do to at least discourage an attack is to save parts of the secrets (Preshared key, public key of your network) in a password manager like bitwarden and copy and paste it into the client every time you connect - and remove it from there after you’re done. But be aware that this will only discourage a technically inept attacker - the WG client and the OS,etc. will keep enough of data of these transactions around to easily find out this information and for a good attacker you actually make it easier this way. So I would clearly not recommend it. Password protect your phone.
WAG and other solutions put another layer between your network and WG. Basically they add a captive portal and only “unlock” it once you authorised yourself there. It is not a pretty solution and you need to be aware that it easily locks you out of your own network.
Another solution could be that you build two WG connections - one that is limited to your firewall and can exclusively connect to that device. And one that has broader access. Use the first one to enable access, the later one for actual access. Then the first one to disable access again.
The WG easy container should always be run behind an authentication layer,even in LAN as it enables an attacker (who might be already in the LAN) establish full outside connections. This can easily be achieved with a reverse proxy like Caddy/nginx proxy manager. The container then needs to be behind the proxy in it’s own network with only the WG port exposed. Requires a bit of work but is easily doable…And Portainer is your friend in that regard.
2N Verso.
If you want to use their cloud service you have to pay a small fee,but that’s purely optional and you can easily use your own SIP solution to avoid this. Or simply don’t answer your door from somewhere else.
The big downside? It’s ridiculously expensive. But I mean…how often does one buy a new doorbell?
A few (German language)sources: https://www.tagesanzeiger.ch/der-geheimdienst-will-auch-die-internetkabel-anzapfen-895734682308
https://www.republik.ch/2024/01/09/der-bund-ueberwacht-uns-alle
Basically: The Swiss Intelligence Agency do monitor all traffic going in and out of Switzerland(including incountry routing that uses external routes)and have the right to safe as much traffic as they want for 18 months- and can force swiss companies to give them access to their infrastructure even when they do not provide a service for non-swiss customers. Coming from a Intelligence agency that had the highest amount of files of their citizens of all democratic nations once (see Fichenskandal) it is more than troublesome.
Additionally swiss privacy law itself,while improved in 2023 after years of doing nothing, is still inferior to the GDPR. Unlike the GDPR it is not necessary for a person to explicitly consent to data collection unless the data is deemed especially sensitive. Unlike the GDPR there is no time-limit to notify authorities of data breaches and it is only mandatory for high risk breaches. And the right of data deletion is severely limited as the company can refuse to delete the data if it is still deemed “necessary” for the original purpose.
For me this is also why I can’t take Proton and Threema seriously. Whoever uses “swiss privacy law” as a marketing catchphrase without lobbying for improved laws (especially before 2023). And Proton openly lies on their “Why Switzerland” page.