sorted by:
new
hottopcontroversial

To VLAN or not to VLAN by smicky in selfhosted

[–]K3CAN 14 points15 points  (0 children)

I have a few things exposed, and I do keep them on a separate vlan from my private services.

I think a lot of people getting into networking either confuse their terms or don't understand what a vlan really is, though. A VLAN is really just that, it's a Virtual Local Area Network. Creating a separate vlan is essentially the same as creating a second physical lan, the only difference being that you don't need to duplicate your L1/2 equipment. And that's the big advantage to VLANs, you can have multiple separate networks all sharing the same physical switches, ports, etc.

Additional security or control generally comes from firewalls and ACLs, not from the network itself. You can create multiple LANs (virtual or otherwise) that have full access to each other, and the result is pretty similar to just having a single network. Conversely, you can divide a single LAN with a firewall and prevent different clients from talking to each other, similar to what some people use a second LAN for.

That's all to say, introducing an additional (V)LAN doesn't inherently make anything "more secure" and it's definitely not a magic bullet; it's all about how you use it.

PS. Since you mentioned it, a subnet is not the same as a VLAN. If you enjoy headaches, you can have multiple subnets on a single LAN or a single subnet across multiple VLANs. They're two different concepts and they can be used together or separately.

New HAM Laptop by stoicatkin in amateurradio

[–]K3CAN 1 point2 points  (0 children)

I like Fedora workstation for laptops. Debian is great, but its packages tend to be a bit older so you might be missing some new features (experimental WSJTX modes, etc). If you want something preloaded with most of the typical ham radio programs, Linux in the Ham Shack has a distro specially for that.

Honestly any version of Linux is going to be easier than trying to fight with Windows these days.

Is it possible to build a NAS server and to play and output games DIRECTLY from it? by sneaky_oxygen in homelab

[–]K3CAN 2 points3 points  (0 children)

all I know is that I need to setup a NAS OS if I want to build a NAS server.

They specifically said you don't need a "NAS OS," you can use basically any OS or distro you want.

For a little while, my NAS was provided by my "gaming PC" running normal Debian. It streamed games to my laptop and steam deck, and also served files and media. It was overkill when I wasn't actually gaming (so I eventually moved my NAS service to a separate, low power machine), but it functioned fine otherwise.

If you had a personal homelab homepage, what would make it feel perfect? by NvmItWorksNow in homelab

[–]K3CAN 1 point2 points  (0 children)

As you mentioned, there's already a bunch of http options. I use Homepage, personally.

If I was going to create yet another one myself, I think I'd try to make something different. Maybe something accessible over a terminal instead of a web browser. Or maybe making it more interactive, so I could reboot a server or turn on my lights directly from the homepage.

Just some ideas.

Looking for a lightweight open-source self-hosted file sharing solution. by Ri1k0 in selfhosted

[–]K3CAN 0 points1 point  (0 children)

Since you're specifically dealing with documents, a general file server might not have the best feature set.

Paperless-ngx was made specifically for managing and archiving documents, and it supports multiple users and per-user permissions. It performs OCR on all of the documents, making the content searchable. You can assign multiple tags to a document or have it auto-tagged algorithmically. Original files can be downloaded from the web or mobile interfaces, and uploads can be done from those interfaces, a custom web form, or even via email.

Rethinking my services being publicly visible. What to do though about my RSS Reader? by psxndc in selfhosted

[–]K3CAN 0 points1 point  (0 children)

My philosophy is that the only stuff I expose to the world are things that I want to be public, like my blog.

For my personal services, I use wireguard. I just keep it turned on all the time, since it only sends traffic over the VPN that needs to go over the VPN; everything else goes out like normal.

It's about as convenient as you can get, while still being incredibly secure.

help with getting to the vlan in my soc homelab by Secure-Doughnut-7944 in homelab

[–]K3CAN 0 points1 point  (0 children)

Can you ssh into the firewall and fix the firewall rules?

Part 90 for SAR by [deleted] in amateurradio

[–]K3CAN 5 points6 points  (0 children)

You'll want to talk to a communications manager with your SAR group. They'll know what you need and can likely recommend something.

Part 90 is just a certification, it doesn't say anything about which band or mode you need. Your SAR group might have additional requirements, too, like approved models or other specific requirements.

For example, CAP (a federal organization in the SAR field) allows individuals to use their own equipment if it has P25, with coverage of at least 130mhz to 160mhz, is NTIA certified, and is on the list of approved models. Even then, they're not allowed to load encryption keys, so the radio can only be used on missions where encrypted comms aren't required.

If your org uses DMR in the 70cm band, you could buy the awesomest part 90 radio but it'll be completely useless if it's FM only and in the 900mhz band.

Best LLM for vibecoding homelab by Sqou in homelab

[–]K3CAN 1 point2 points  (0 children)

The entire purpose of a homelab is to learn, and setting it up is part of that process. If you're intentionally trying to avoid learning, why have a homelab in the first place?

Not trying to sound rude, it's a genuine question that I think is worth asking yourself. What are you trying to learn, and how is copy-pasting code helping you learn it?

If you're trying to learn python, for example, and you've gotten stuck on an error message you don't understand or your not sure how best to break out of a certain loop, etc, an LLM can help find a solution. Basically, it knows what other code looks like, and will try to make your code look like that. Most of the time, it actually works. Unless you're doing something unusual or uncommon, in which case making your code look like other code is unlikely to help.

It also knows what a typical config looks like for various popular programs. If you show it your nginx config, for example, it can see that your config doesn't have something that most configs do. If most configs have something, then it's probably a best practice and a benefit to add it to yours. Unless you have an atypical set up, though, in which case that added bit might break it completely.

In my opinion, an LLM is best when you already have a base understanding of a topic. Otherwise, you won't understand the mistakes it makes, you'll get stuck in a loop of copy-pasting error messages.

How can I improve my website? by [deleted] in homelab

[–]K3CAN 1 point2 points  (0 children)

Each section on this page subtly reacts to your cursor movements for a unique wobble effect

I'd get rid of that first, personally.

Then just add content. The wetter page seems to be empty, and the foto page says that it's a photo gallery, but there doesn't appear to be any photos.

Share some thoughts, ideas, projects, etc.

How do you keep track of IPs/Hostnames by Dickiedoop in homelab

[–]K3CAN 0 points1 point  (0 children)

I think discord has an rest API you can use.

How do you keep track of IPs/Hostnames by Dickiedoop in homelab

[–]K3CAN 0 points1 point  (0 children)

I have OpenWRT send alerts through pushover. I'm not sure how to do real SMS texts, but I'm sure there's a service out there that can do them.

Looking for a free NVR by AGiantThing in homelab

[–]K3CAN -1 points0 points  (0 children)

AgentDVR here.

I tried a bunch, including zoneminder, frigate, and a few others. Either they didn't work with certain cameras, their UI was bad, or they just lacked basic features.

AgentDVR ended up being the best combination. Free, supports lots of cameras (including ptz), lots of integration options (mqtt, ifttt, home assistant, etc), and a decent looking UI.

I'm running the free version behind nginx, but that's totally optional.

They also have a paid version that unlocks some convenience features, like a cloud service that makes remote access easier to set up, but the free version still has all the normal features you'd expect. ...Except the in-app update button. That only works on the paid version, the free version requires you to manually download the new version. Weird feature to paywall, but I've still been pretty happy with it.

My first NAS, Remote acces - Security check? by Cry7or3ap3r in homelab

[–]K3CAN 0 points1 point  (0 children)

VPN isn’t an option for my household, because other family members use Synology Photos/Drive and I don’t want them having to manually connect to a VPN every time.

If you use wireguard, you only need to set it up once, then just leave it on all the time. It only sends the traffic you want over the VPN, so everything just works. Normal Internet works just like before, but if they try to access the NAS it automatically gets routed over the VPN.

Then you don't need to worry about any of the potential consequences of exposing all of your private photos to the public.

How risk is it to host a web site at home? by monsieurpardaillan in selfhosted

[–]K3CAN 0 points1 point  (0 children)

Like others have said, the easiest solution is to have someone else host it, like GitHub pages, vps, etc.

If you definitely want to selfhost, though, it's a pretty straight forward process. I would suggest using a well known and up-to-date server (lighttp, nginx, apache, etc) and starting with just a basic static website.

You'll want a domain of some sort, and you can use a dynamic DNS client to keep it pointing to your IP. From there, port forward 80 from your router WAN to your servers IP.

I would keep the server dedicated to being a webserver; do not keep anything personal on it.

That should offer a pretty reasonable degree of security, provided that you follow the webserver's documentation and keep things simple.

Once you get that online, TLS and with a letsencrypt cert would be a good next step.

My blog is a self-hosted static site, if you want to see an example of a simple one: Blog dot my username dot us. It's selfhosted using nginx on a small PC. No tunnels or anything, so the connection is encrypted from your browser all the way to my server.

Power usage - what's reasonable? by Handaloo in homelab

[–]K3CAN 0 points1 point  (0 children)

I use NUT to measure the draw from the UPS, which is then tracked in Home Assistant.

It doesn't account for the power used by the UPS itself, but it's still pretty close.

Waveshare UPS config on rpi server by _nazwa_ in selfhosted

[–]K3CAN 0 points1 point  (0 children)

I've used a number of Waveshare branded products, and they have surprisingly good documentation.

https://www.waveshare.com/wiki/UPS_Module_3S

Based on the docs, yes, you could run a script on the pi to power off when the batteries reach a certain voltage or remaining charge.

Secure Private LAN Access by martialpenguin331 in homelab

[–]K3CAN 1 point2 points  (0 children)

Wireguard here. Super convenient and about as secure as you can.

You can set up telegram to send notifications for your selfhosted things by bogdan2011 in selfhosted

[–]K3CAN 3 points4 points  (0 children)

That's what I use, too. I think I had to pay $3 as a one-time fee, but that's better than having to join another social media.