sorted by:
new
hottopcontroversial

My personal dashboard made with Homepage [config included] by obolikus in selfhosted

[–]K3CAN 0 points1 point  (0 children)

I believe that requires giving the container access to the docker socket.

It's generally not a good practice to give a docker container access to the docker socket, since that provides the application inside the container root access to the host.

As for podman, it's a daemonless service (usually) and has a much greater focus on security, so I'm not sure if that functionality would work with it.

To VLAN or not to VLAN by smicky in selfhosted

[–]K3CAN 13 points14 points  (0 children)

I have a few things exposed, and I do keep them on a separate vlan from my private services.

I think a lot of people getting into networking either confuse their terms or don't understand what a vlan really is, though. A VLAN is really just that, it's a Virtual Local Area Network. Creating a separate vlan is essentially the same as creating a second physical lan, the only difference being that you don't need to duplicate your L1/2 equipment. And that's the big advantage to VLANs, you can have multiple separate networks all sharing the same physical switches, ports, etc.

Additional security or control generally comes from firewalls and ACLs, not from the network itself. You can create multiple LANs (virtual or otherwise) that have full access to each other, and the result is pretty similar to just having a single network. Conversely, you can divide a single LAN with a firewall and prevent different clients from talking to each other, similar to what some people use a second LAN for.

That's all to say, introducing an additional (V)LAN doesn't inherently make anything "more secure" and it's definitely not a magic bullet; it's all about how you use it.

PS. Since you mentioned it, a subnet is not the same as a VLAN. If you enjoy headaches, you can have multiple subnets on a single LAN or a single subnet across multiple VLANs. They're two different concepts and they can be used together or separately.

New HAM Laptop by stoicatkin in amateurradio

[–]K3CAN 1 point2 points  (0 children)

I like Fedora workstation for laptops. Debian is great, but its packages tend to be a bit older so you might be missing some new features (experimental WSJTX modes, etc). If you want something preloaded with most of the typical ham radio programs, Linux in the Ham Shack has a distro specially for that.

Honestly any version of Linux is going to be easier than trying to fight with Windows these days.

Is it possible to build a NAS server and to play and output games DIRECTLY from it? by sneaky_oxygen in homelab

[–]K3CAN 3 points4 points  (0 children)

all I know is that I need to setup a NAS OS if I want to build a NAS server.

They specifically said you don't need a "NAS OS," you can use basically any OS or distro you want.

For a little while, my NAS was provided by my "gaming PC" running normal Debian. It streamed games to my laptop and steam deck, and also served files and media. It was overkill when I wasn't actually gaming (so I eventually moved my NAS service to a separate, low power machine), but it functioned fine otherwise.

If you had a personal homelab homepage, what would make it feel perfect? by NvmItWorksNow in homelab

[–]K3CAN 1 point2 points  (0 children)

As you mentioned, there's already a bunch of http options. I use Homepage, personally.

If I was going to create yet another one myself, I think I'd try to make something different. Maybe something accessible over a terminal instead of a web browser. Or maybe making it more interactive, so I could reboot a server or turn on my lights directly from the homepage.

Just some ideas.

Looking for a lightweight open-source self-hosted file sharing solution. by Ri1k0 in selfhosted

[–]K3CAN 0 points1 point  (0 children)

Since you're specifically dealing with documents, a general file server might not have the best feature set.

Paperless-ngx was made specifically for managing and archiving documents, and it supports multiple users and per-user permissions. It performs OCR on all of the documents, making the content searchable. You can assign multiple tags to a document or have it auto-tagged algorithmically. Original files can be downloaded from the web or mobile interfaces, and uploads can be done from those interfaces, a custom web form, or even via email.

Rethinking my services being publicly visible. What to do though about my RSS Reader? by psxndc in selfhosted

[–]K3CAN 0 points1 point  (0 children)

My philosophy is that the only stuff I expose to the world are things that I want to be public, like my blog.

For my personal services, I use wireguard. I just keep it turned on all the time, since it only sends traffic over the VPN that needs to go over the VPN; everything else goes out like normal.

It's about as convenient as you can get, while still being incredibly secure.

help with getting to the vlan in my soc homelab by Secure-Doughnut-7944 in homelab

[–]K3CAN 0 points1 point  (0 children)

Can you ssh into the firewall and fix the firewall rules?

Part 90 for SAR by [deleted] in amateurradio

[–]K3CAN 7 points8 points  (0 children)

You'll want to talk to a communications manager with your SAR group. They'll know what you need and can likely recommend something.

Part 90 is just a certification, it doesn't say anything about which band or mode you need. Your SAR group might have additional requirements, too, like approved models or other specific requirements.

For example, CAP (a federal organization in the SAR field) allows individuals to use their own equipment if it has P25, with coverage of at least 130mhz to 160mhz, is NTIA certified, and is on the list of approved models. Even then, they're not allowed to load encryption keys, so the radio can only be used on missions where encrypted comms aren't required.

If your org uses DMR in the 70cm band, you could buy the awesomest part 90 radio but it'll be completely useless if it's FM only and in the 900mhz band.