A less intrusive solution would be to just put your sensitive data in LUKS and configure services that use that data to depend on the partition being mounted. That doesn’t require modifying the normal system startup process. You’re less likely to mess up your startup process at the expense of needing to be more mindful about where you’re putting your files.
Tang and Clevis have already been mentioned as a way for one server to boot using another server.
You can also create an environment where the server boots into a phase 1 where it obtains network connectivity and then waits for you to provide it the key to continue booting. The first phase is unencrypted, so don’t put sensitive data in there.
It is bad practice because of point 2 and if you have multiple replicas you can probably get different versions running simultaneously (never tried it). Get Rennovate. It creates PRs to increment the version number and it tries to give you the release notes right in the PR.
deleted by creator
Borg / k8s / Docker are not the same thing. Borg is the predecessor of k8s, a serious tool for running production software. Docker is the predecessor of Podman. They all use containers, but Borg / k8s manage complete software deployments (usually featuring processes running in containers) while Docker / Podman only run containers. Docker / Podman are better for development or small temporary deployments. Docker is a company that has moved features from their free software into paid software. Podman is run by RedHat.
There are a lot of publicly available container images out there, and most of them are poorly constructed, obsolete, unreprodicible, unverifiable, vulnerable software, uploaded by some random stranger who at one point wanted to host something.
VLANs are lower than IP so you don’t need a router to have a VLAN, but you will need a router to get packets between the networks. I don’t think a WiFi repeater works. You likely need separate WiFi client and AP devices so you can put your WiFi on a different channel. Otherwise you’re probably halving your WiFi performance when connecting to the other network over the same airwaves.
Unless you can convince the other network to route your IP addresses, this setup will give you another layer of NAT and may cause problems with online games.
The ones on Amazon are intended to run GPUs for crypto farms, but they’re all brands you’ve never heard of with dubious claims and they’ve all got at least one review where either the device was defective or something was installed incorrectly and it caused damages.
I did this but buying these on Amazon is scary. Try to find one that won’t burn your house down.
Does Syncthing actually work with device IDs? It seems to work with encryption keys which should be stored in the user directory, at least if Syncthing is running as a user. Is the problem just that you have two machines with the same name in the same network? You can change the name.
Mediamtx will receive video from the camera using whatever protocol the camera supports and make it accessible over HTTP.
Make sure if you’re using an infinite file HTTP stream instead of DASH or HLS that you configure the timeouts on the reverse proxy appropriately or else your proxy might interrupt the video after some number of seconds. I’ve wasted a lot of troubleshooting time on proxy misconfiguration like that.
This fixes the issue of hosting any nefarious content.
How does removing images change anything? Any file can be transmitted by text, as we used to do with e-mail, and you don’t need to use images to make illegal or just intentionally offensive content.
It may or may not be a concern to you, but if you are hosting it from your home then people will be able to determine your IP and rough physical location.
If you’re on American cable internet and expecting a lot of traffic, your upload speed may become a problem.
Having a non-garbage domain provider can be a luxury. I used to work at a place where we were paying boatloads of money for certificates from Sectigo for internal services, and they were charging us extra per additional name and even more if we wanted a wildcard, even though it didn’t cost them anything to include those options. Getting IT to set up the DNS records for Let’s Encrypt DNS verification was never going to happen.
I’m pretty sure browsers stopped distinguishing EV certificates years ago.
A large percentage of those hosts with SSH enabled are cloud machines because it’s standard for cloud machines to be only accessible by SSH by default. I’ve never seen a serious security guide that says to set up a VPN and move SSH behind the VPN, although some cloud instances are inherently like this because they’re on a virtual private network managed by the hosting provider for other reasons.
SSH is much simpler and more universal than a VPN. You can often use SSH port forwarding to access services without configuring a VPN. Recommending everyone to set up a VPN for everything makes networking and remote access much more complicated for new users.
Shodan reports that 35,780,216 hosts have SSH exposed to the internet.
Moving SSH to ports other than 22 is not security. The bots trying port 22 on random addresses with random passwords don’t have a chance of getting in unless you’re using password authentication with weak passwords or your SSH is very old.
SSH security updates are very infrequent and it takes practically no effort to keep SSH up to date. If you’re using a stable distribution, just enable automatic security updates.
Having SSH open to the internet is normal. Don’t use password authentication with weak passwords.
It’s also ahead of gitea in some aspects: https://forgejo.org/faq/#is-there-a-roadmap-for-forgejo
intel’s WiDi software supported Miracast, which is a standard.
Is this a lost karma bot?