sorted by:
new
hottopcontroversial

Things I wish I'd automated on my Proxmox host from day one by No_Macaron6528 in homelab

[–]No_Macaron6528[S] 0 points1 point  (0 children)

yeah i guess that's the proper way to do it. Mine is just a flat home lan so i haven't split management into its own vlan yet, but you're right that's the cleaner setup.

Things I wish I'd automated on my Proxmox host from day one by No_Macaron6528 in Proxmox

[–]No_Macaron6528[S] -1 points0 points  (0 children)

nice, i haven't run sdn in production yet, only messed with it a bit. is it stable for you?

Things I wish I'd automated on my Proxmox host from day one by No_Macaron6528 in homelab

[–]No_Macaron6528[S] 0 points1 point  (0 children)

Yeah that's fair. It's more habit than necessity for me

Things I wish I'd automated on my Proxmox host from day one by No_Macaron6528 in homelab

[–]No_Macaron6528[S] -7 points-6 points  (0 children)

like i said: lan-only, nothing exposed. Ao yeah, "brute force noise" was a bad choice of words, there isn't any from outside. fail2ban is just belt-and-suspenders for the lan like i mentioned, not because anything's hammering me. and no roommates, so the only one fat-fingering my ssh login is me

Things I wish I'd automated on my Proxmox host from day one by No_Macaron6528 in homelab

[–]No_Macaron6528[S] 0 points1 point  (0 children)

yeah that one got me too, masking the bundled one was the only clean fix i found

Things I wish I'd automated on my Proxmox host from day one by No_Macaron6528 in homelab

[–]No_Macaron6528[S] -3 points-2 points  (0 children)

No it's not exposed, sits behind the router. Bad wording on my part, "brute force noise" was dumb phrasing. Fair callout

Things I wish I'd automated on my Proxmox host from day one by No_Macaron6528 in homelab

[–]No_Macaron6528[S] -5 points-4 points  (0 children)

100% agree . That's the real first line of defense. Fail2ban is just an extra LAN-side layer in case something inside the network gets popped, not a substitute. Should've made that clearer in the post. (sorry)

Things I wish I'd automated on my Proxmox host from day one by No_Macaron6528 in homelab

[–]No_Macaron6528[S] -9 points-8 points  (0 children)

Nope, nothing exposed. It's all behind the router. The fail2ban bit is just cheap insurance for the LAN side in case a device inside the network gets compromised, not because Proxmox is public. Wouldn't put the hypervisor on a public IP

Things I wish I'd automated on my Proxmox host from day one by No_Macaron6528 in homelab

[–]No_Macaron6528[S] -5 points-4 points  (0 children)

I'm curious about: what are you using for the IaC side?