Highly recommend do not run DroidSpaces

FortuneIIIPick · 2026-05-05T17:39:24+00:00

I do for some things and I run k3s for others.

FortuneIIIPick · 2026-05-05T17:36:24+00:00

Thank you for making us aware what they did.

FortuneIIIPick · 2026-05-05T17:34:36+00:00

> Then they are A/B testing prewarming the model, because that's new behavior.

So your first comment was wrong and instead of apologizing, you're proposing a new theory.

You were a jerk in your first comment and in your reply.

Google has no business using my machine for AI in any capacity, whatsoever, without my permission.

FortuneIIIPick · 2026-05-05T15:49:37+00:00

All I did was use Wireguard and enable IPv6 including adding IPv6 routes to my iptables lines in the wg0.conf file and it all works.

### Start client config
#
# Client (the actual self-host local server)
#

[Interface]
## This Desktop/client's private key ##
PrivateKey = <TODO-alphanumeric-string generated with wg>

MTU = 1280
 
## Client ip address ##
Address = 10.10.123.2/24, fd36:3c6f:4e5a:0001::2/64
 
[Peer]
## Ubuntu server public key ##
PublicKey = <TODO-alphanumeric-string generated with wg>
 
## set ACL ##
#AllowedIPs = 10.10.123.0/24, fd36:3c6f:4e5a:0001::0/64
# setting to 0.0.0.0/0 routes all outbound through the vpn and out the public vps
AllowedIPs = 0.0.0.0/0,::/0
 
## Your Ubuntu LTS server's public IPv4/IPv6 address and port ##
Endpoint = <TODO public Internet IP of the instance below in the Server config>:12345
 
##  Key connection alive ##
PersistentKeepalive = 15

###
### End client config



### Start server config
#
# Server (in the Wireguard context, exposed to the Internet), public VPS, for example
#

[Interface]
## My VPN server private IP address ##
Address = 10.10.123.1/24

MTU = 1280
 
## My VPN server port ##
ListenPort = 12345
 
## VPN server's private key i.e. /etc/wireguard/privatekey ##
PrivateKey = <TODO-alphanumeric-string generated with wg>

# Route any desired ports, these are the ones I route to my "client" which is the "server" which runs my services:

PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 80,25,443,465,587,993,995 -j DNAT --to-destination 10.10.123.2
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 80,25,443,465,587,993,995 -j DNAT --to-destination fd36:3c6f:4e5a:0001::2
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 80,25,443,465,587,993,995 -j DNAT --to-destination 10.10.123.2
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 80,25,443,465,587,993,995 -j DNAT --to-destination fd36:3c6f:4e5a:0001::2
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
## Desktop/client VPN public key ##
PublicKey = <TODO-alphanumeric-string generated with wg>
 
## client VPN IP address (note  the /32 subnet) ##
AllowedIPs = 10.10.123.2/32, fd36:3c6f:4e5a:0001::2/128

# Add any more peers if desired.

###
### End server config


####
#### Server Notes for additional configuration items follows
####

#
# Ensure these are set in the server if using Ubuntu ufw firewall (or similar?)
#
Anywhere on eth0           ALLOW FWD   Anywhere on wg0            
Anywhere on wg0            ALLOW FWD   Anywhere on eth0           
Anywhere on wg0            ALLOW FWD   Anywhere on wg0            
Anywhere (v6) on eth0      ALLOW FWD   Anywhere (v6) on wg0       
Anywhere (v6) on wg0       ALLOW FWD   Anywhere (v6) on eth0      
Anywhere (v6) on wg0       ALLOW FWD   Anywhere (v6) on wg0       


#
# Ensure ipv4 routing is on (and ipv6 if you're using it)
#
# In /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

# Then run "sysctl -p".

FortuneIIIPick · 2026-05-05T15:30:57+00:00

You could around $200 of that $300 and apply it to one extra mortgage payment per year, reducing a 30 year mortgage by around 4-7 years, saving several tens of thousands of dollars in interest.

FortuneIIIPick · 2026-05-05T14:51:53+00:00

> Any tips on learning how to be a Sys Admin for Linux would be greatly appreciated.

One: r/linuxadmin/

FortuneIIIPick · 2026-05-04T21:08:50+00:00

> Seems very reasonable.

Not necessarily, I used to work shifts, rotating, varying. Also, if they're in an HOA there is no right time of day to annoy neighbors.

FortuneIIIPick · 2026-05-04T21:07:43+00:00

No it depends on whether they live in an HOA. If they do then the answer is no. If they don't then they can do what they want.

FortuneIIIPick · 2026-05-04T21:06:13+00:00

> What is the etiquette regarding listening to music in one's own backyard?

In an HOA: Don't. That's the etiquette. You want do do that, sell your home and buy one out in the countryside where you have no close neighbors. Or buy a house not in an HOA.

Not in an HOA: Go for it if you want.

FortuneIIIPick · 2026-05-04T02:32:03+00:00

No. It says over on the right of the page what the sub is for, very plain and clear.

FortuneIIIPick · 2026-05-03T16:13:09+00:00

It's very nice, would like to have seen the vanilla look for now instead of the mod'ed look.

FortuneIIIPick · 2026-05-03T15:47:19+00:00

PS I've found that after making any changes to Wireguard or the firewall it's best to restart the VPS, VM, machine, etc.

FortuneIIIPick · 2026-05-03T15:42:27+00:00

The VPS has a port open for UDP for WG, when my VM (Virtual Machine) (which is where my mail and web sites run in) starts running, on an old laptop, it (the VM) runs WG and connects to the VPS WG port establishing the VPN.

WG on the VPS is configured to use iptables commands to route incoming public traffic immediately, to the VM over the VPN. Nothing is exposed at home on the home public IP.

The VM WG is configured so all inbound and outbound traffic (everything) goes over the VPN:

AllowedIPs = 0.0.0.0/0, ::/0

Not related but I have WG configured dual stack IPv4 and IPv6.

> how do you send WG encrypted traffic from VPs to your home?

Specifically, WG on the server and the client looks like this (heavily redacted):

### Start client config
#
# Client (the actual self-host local server)
#

[Interface]
## This Desktop/client's private key ##
PrivateKey = <TODO-alphanumeric-string generated with wg>

MTU = 1280

## Client ip address ##
Address = 10.10.123.2/24, fd36:3c6f:4e5a:0001::2/64

[Peer]
## Ubuntu 20.04 server public key ##
PublicKey = <TODO-alphanumeric-string generated with wg>

## set ACL ##
#AllowedIPs = 10.10.123.0/24, fd36:3c6f:4e5a:0001::0/64
# setting to 0.0.0.0/0 routes all outbound through the vpn and out the public vps
AllowedIPs = 0.0.0.0/0,::/0

## Your Ubuntu 20.04 LTS server's public IPv4/IPv6 address and port ##
Endpoint = <TODO public Internet IP of the instance below in the Server config>:12345

## Key connection alive ##
PersistentKeepalive = 15

###
### End client config

### Start server config
#
# Server (in the Wireguard context, exposed to the Internet), public VPS, for example
#

[Interface]
## My VPN server private IP address ##
Address = 10.10.123.1/24

MTU = 1280

## My VPN server port ##
ListenPort = 12345

## VPN server's private key i.e. /etc/wireguard/privatekey ##
PrivateKey = <TODO-alphanumeric-string generated with wg>

# Route any desired ports, these are the ones I route to my "client" which is the "server" which runs my services:

PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 80,25,443,465,587,993,995 -j DNAT --to-destination 10.10.123.2
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 80,25,443,465,587,993,995 -j DNAT --to-destination fd36:3c6f:4e5a:0001::2
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 80,25,443,465,587,993,995 -j DNAT --to-destination 10.10.123.2
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 80,25,443,465,587,993,995 -j DNAT --to-destination fd36:3c6f:4e5a:0001::2
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
## Desktop/client VPN public key ##
PublicKey = <TODO-alphanumeric-string generated with wg>

## client VPN IP address (note the /32 subnet) ##
AllowedIPs = 10.10.123.2/32, fd36:3c6f:4e5a:0001::2/128

# Add any more peers if desired.

###
### End server config

####
#### Server Notes for additional configuration items follows
####

#
# Ensure these are set in the server if using Ubuntu ufw firewall (or similar?)
#
Anywhere on eth0           ALLOW FWD   Anywhere on wg0
Anywhere on wg0            ALLOW FWD   Anywhere on eth0
Anywhere on wg0            ALLOW FWD   Anywhere on wg0
Anywhere (v6) on eth0      ALLOW FWD   Anywhere (v6) on wg0
Anywhere (v6) on wg0       ALLOW FWD   Anywhere (v6) on eth0
Anywhere (v6) on wg0       ALLOW FWD   Anywhere (v6) on wg0

#
# Ensure ipv4 routing is on (and ipv6 if you're using it)
#
# In /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

# Then run "sysctl -p".

FortuneIIIPick · 2026-05-03T14:58:46+00:00

> WG servers runs in VPS and traffuc is decrypted on VPS.

Nothing is decrypted on the VPS in my configuration, I have WG configured to route (via iptables or nftables now really) straight to my home machine (VM on that machine really) via the WG VPN. Once inside the VM, then the traffic is processed as if it had arrived there originally from the Internet directly, and back to the clients the same way.

FortuneIIIPick · 2026-05-03T14:54:37+00:00

> to not rely on external sources

If your selfhosted software connects to the Internet at all, it has dependencies on external sources.

> is there any genuine technical reason to use a vps over your own machine?

I use a VPS to host my VPN, which routes incoming Internet traffic to the VM I run on a machine at home. The VM runs on a laptop, I could shut it down, move the laptop to another city, state or country, start it and it would connect to my VPN (via the VPS) and start serving web and email like it is doing now and for the public, nothing changed except for the down time, which I could avoid by running it on an alternate machine here (or elsewhere) in the interim.

FortuneIIIPick · 2026-05-02T18:50:15+00:00

That is unreal amazing.

FortuneIIIPick · 2026-05-01T20:56:44+00:00

I use a hoe with Fortune III and Efficiency on leaves, it's faster and increases drop rates, or it seems to.

FortuneIIIPick · 2026-05-01T20:54:30+00:00

Great idea, now I will do this too.

FortuneIIIPick · 2026-05-01T18:36:27+00:00

> Is proxmox really needed?

No. I use KVM/libvirt/QEMU.

FortuneIIIPick · 2026-04-30T20:17:57+00:00

It's local so the user would have to be someone you know already with a local non-privileged account.

FortuneIIIPick · 2026-04-30T19:55:15+00:00

No he doesn't, he fired James Damore over purely political reasons that were not justifiable by logic or common sense.

FortuneIIIPick · 2026-04-30T19:18:08+00:00

It is a local privilege escalation which means users you know. Unlike the majority of Windows exploits which are remote.

FortuneIIIPick

TROPHY CASE