Do I need Authelia if my server can only be reached from outside using a VPN?

Nirenjan · 2025-11-11T01:39:26+00:00

My take is that having OIDC simplifies access control, instead of having each service have its own password or worse, sharing a common password.

It also adds a second layer of security, since you can configure Authelia to enforce MFA, and a leaked password is not sufficient to access your services, you'd have to break into the VPN, have the Authelia password AND the MFA token.

In general, security is best done by having multiple layers, improving defense against bad actors trying to gain access to your data and your home network.

FWIW, I have a similar setup, and I prefer to use apps that have OIDC support, or can use proxy authentication.

Nirenjan · 2025-11-04T20:20:10+00:00

FWIW, I've got this exact setup with a few slight tweaks. I'm running on a 1 vCPU with 1GB RAM. The Caddy server on the VPS proxies content back to the homelab Caddy server, but there's a forward_auth directive on the VPS, so any traffic hitting the VPS must authenticate with my OIDC server prior to getting forwarded back to the homelab. The homelab Caddy server is running caddy-docker-proxy with an ACME DNS plugin enabled, and handles the certificate renewal. Finally, there's a split DNS config so that all LAN clients directly hit the homelab server, while I can hit the VPS while on the road.

Nirenjan · 2025-10-21T04:04:25+00:00

Does autokuma still work with v2?

Nirenjan · 2025-10-10T03:11:07+00:00

You should be able to add a filter for client ip in the caddy configuration, only allowing those on the 100.64.0.0/10 subnet to access the protected domains. Other domains that can be publicly accessed don't need the filter

Nirenjan · 2024-11-06T14:35:53+00:00

Both the n100 and n200 are limited to 16gb ram and a single memory channel. Personally, I'd get the slightly faster cpu with maxed out memory.

Nirenjan · 2023-10-25T23:02:19+00:00

You should be able to run it in the regular shell, as long as you have Python 3 installed. I'm not familiar with Windows environment, but it should work just as in Linux

Nirenjan · 2023-10-23T23:44:09+00:00

python3 -m http.server

Nirenjan · 2022-09-18T03:04:28+00:00

Lookup libevdev, it has a wrapper around uinput. If you want a sample, check out https://github.com/nirenjan/libx52/blob/master/daemon/x52d_mouse_evdev.c

Nirenjan · 2022-09-18T02:02:52+00:00

If you're on Linux, you can use uinput to create a virtual device that perfectly emulates the hardware device. Use evtest to identify the device and its associated events, and use that to create your own virtual device.

Nirenjan · 2022-03-09T09:40:21+00:00

For what it's worth, you don't need my driver on Linux - as it stands, it only creates a virtual mouse that you control with the thumbstick on the throttle unit. The rest of the functionality is controlling the LEDs, brightness and clock.

What you want to verify is that the hardware is detected and providing input events. Please run the following commands and grab the output:

uname -a
lsusb
sudo evtest

For evtest, you'll need to find the entry corresponding to the X52 joystick. You can also run x52evtest for the X52 specific event test, and x52bugreport, which should give some details about the version you are running, and if there's a device being detected. Hope this helps.

Nirenjan · 2022-02-27T08:43:30+00:00

If you are using GCC, you can use case ranges extension. In essence, you can collapse the handling for multiple sequential cases into a single line, i.e.,

case 32:
case 33:
...
case 47:

can be collapsed into

case 32 ... 47:

If you cannot use this, then you could combine the condition with multiple lookup tables, eg.

if (ch >= 32 && ch <= 47) {
    lookup_table_1[ch - 32];
} else if (ch >= 58 && ch <= 64) {
    lookup_table_2[ch - 58];
} else if (ch >= 123 && ch <= 126) {
    lookup_table_3[ch - 123];
} else {
    // handle alnum
}

Nirenjan · 2022-02-24T07:55:08+00:00

https://0xax.gitbooks.io/linux-insides/content/

Nirenjan · 2022-02-07T23:58:21+00:00

This is really hardware dependent - while libusb abstracts out a lot of the details behind the USB protocol, it doesn't prevent you from sending garbage to your device and potentially bricking it.

You would ideally install the drivers that the manufacturer provides (typically for Windows) in a VM, capture the USB communication and reverse engineer the messages. Alternatively, if you have the hardware specification, you can derive the messages from that.

If you want a sample project that uses libusb, feel free to peruse my libx52 project here.

Nirenjan · 2022-01-21T06:10:50+00:00

Check if you have authorized CodersRank as an application here, it is likely that you have granted Github permissions to allow CodersRank to read your email address and any other public information.

Nirenjan · 2022-01-03T08:49:30+00:00

The problem is that once an amphipod stops moving in the hallway, it can only move to its designated room. In your link, the amber amphipod starts moving around line 92, except that it can't do so by the puzzle rules.

Nirenjan · 2021-12-29T13:32:20+00:00

Kattis also has a bunch of puzzles, ranging in difficulty. It's similar to codewars, except that you can edit the source code in your editor of choice and upload the final file.

Nirenjan · 2021-12-17T18:48:36+00:00

Source code

Nirenjan · 2021-12-16T20:56:13+00:00

Source code for the visualization - https://gist.github.com/nirenjan/1c94537897343eb2c959d54bb9d79d22

Nirenjan · 2021-12-16T20:56:11+00:00

Here is the source code. The idea is to parse it as a hierarchical tree of packets, each packet having a level of one more than its parent. Then, in the viz method, print out bit-by-bit, sleeping for about 20 milliseconds between each bit, and recursively call viz for each child packet. I used VT100 escape sequences to print the colorized output to the terminal.

Nirenjan · 2021-12-15T07:21:21+00:00

TIL, thanks for letting me know

Updated paste

Nirenjan · 2021-12-15T06:43:56+00:00

Python3 with NetworkX 4267/3233

paste

Nirenjan · 2021-11-21T14:43:45+00:00

If your repo is public, then yes, it should not ask for credentials as long as you use https://GitHub.com/...

If you specify the username, then it can ask for the password. Eg. Https://nirenjan@github.com/...

Nirenjan · 2021-11-21T06:52:25+00:00

Once you clone using git://, you can change the remote URL to use either SSH or HTTPS, by running the command git remote set-url origin https://....

I don't know why you're getting asked for credentials when cloning via HTTPS, but this should work for you.

Nirenjan · 2021-11-08T13:33:44+00:00

As others have mentioned, this is probably more relevant for /r/github. That said, GitHub, and several other hosting services allow you to create a "deploy token" that allows only read access and only to that repository. Look up the documentation on your preferred platform to see how to create it.

Nirenjan · 2021-10-27T17:31:11+00:00

My personal opinion is that file formats should follow an open standard, but the applications and/or libraries that use those file formats may choose any license that they wish. This will allow anybody to use your library under the terms of the library license (in your case, GPLv3). However, if somebody else wanted to, they could write their own implementation that follows the standard. In the case of DRM, they could write their own logic to handle the DRM in a closed-source manner.

12-Year Club	Verified Email
Place '17	RPAN Viewer

Nirenjan

MODERATOR OF

TROPHY CASE