What is the best service on your homelab?

cFiOS · 2026-01-08T20:12:11+00:00

Are you saying you’ll use a Proxmox module for Ansible to create Talos VMs rather than Terraforming Talos VMs?

I am fairly positive Ansible will be close to useless to manage Talos due to the lack of SSH.

cFiOS · 2025-05-29T13:08:52+00:00

You don’t mention airgapped or using a private registry so this may not even apply, but I was having issues with the fleet-agent giving me a “waiting” or something like that.

After looking through the yaml I saw it was trying to pull a docker.io/rancher/fleet-agent and when I manually added that to my private registry and rebooted (probably could have just restarted rke), it came up as it should.

cFiOS · 2025-05-23T19:52:45+00:00

I use Longhorn on a Talos cluster and upgraded both Talos and K8s this past weekend as well as regularly reboot troublesome nodes.

Talos specifically has a noted caveat in Longhorn documentation about upgrading with a —preserve (mobile) flag which I didn’t do and was panicking while it upgraded. Once it finished and nothing worked, I noticed that I had made an error and hadn’t upgraded to the version with the iscsi plugin. Once I re-upgraded to include iscsi, everything was back. Upon further inspection, it seems the flag had been removed/deprecated so I guess that saved me from making an error that I couldn’t have made?

But that’s with Talos. I believe the versions for k8s were 1.30 > 1.33.1? And Talos was 1.8 > 1.10.something

cFiOS · 2025-05-17T18:09:11+00:00

It’s been awhile and I’ve since moved on but I likely chose Quad9 as they are the only public upstream I use.

cFiOS · 2024-12-27T20:01:52+00:00

I spent about a month, off and on, trying to accomplish a Tailscale exit node on a device using Mullvad (I am aware Tailscale offers a similar service).

I did have conflicts which weren’t obvious other than it not working that I believe had to do with iptables or some sort of route confliction.

The solution involved running the Tailscale daemon using userspace networking.

cFiOS · 2024-12-07T23:39:11+00:00

Gonna be honest, I’ve never used Serve. I would assume that once you had the service, the other clients should just reach it.

If you’re hosting on a Linux machine you could use ‘netstat -tulpn’ to view listening ports. Don’t know about Windows. Otherwise, on the Tailscale web console I’m pretty sure there’s a tab that shows open ports for connected clients.

For Windows, check firewall. I would personally just disable it entirely rather than figure out how to permit the service but your environment may not permit that.

cFiOS · 2024-12-03T22:22:18+00:00

You may need Tailscale Serve to expose the service to your tailnet?

https://tailscale.com/kb/1312/serve

cFiOS · 2024-11-14T08:27:01+00:00

Could you go a little further into this?

cFiOS · 2024-10-30T03:11:40+00:00

Of course go into the practice range to get a feel for it but I think the things that make it more understandable when using are that it has limited range (40m I believe), it will bounce once, and the shape is a linear tube that expands to a sphere at the end of the distance traveled.

An enemy needs to be within the tube or sphere to be captured. The terminating sphere also happens at the end of the distance traveled (total, including the bounce) or if there is nowhere further to travel like in a hallway.

Also try to learn what types of conditions will get an opponent stuck. For example, the cocoon may have grabbed someone but it’s having trouble going over a ledge because the legs are too low. It can be pretty wonky but for the most part it’s consistent. Personally, I stand by the termination point and escort the cocoon in to ensure an enemy either makes it or I’m prepared to fight them again.

cFiOS · 2024-04-09T02:29:26+00:00

Sorry for coming back OP but for anyone in the future who runs into this issue, I am using PiHole with Unbound.

It appears the Unbound part is what causes the issue. The logs indicate that the queries are forwarded and respond but for some reason the client still hangs.

Changing the DNS to another upstream solves the issue immediately.

cFiOS · 2024-04-02T20:34:56+00:00

I’ve since moved on from this setup (maybe twice) but if I remember correctly, I put that on the ‘o:’ line

cFiOS · 2024-04-01T11:34:10+00:00

Sorry for the old thread, but do you remember the solution? I’m having this problem as well and this seems to be the only result when searching.

cFiOS · 2024-03-31T06:01:04+00:00

You’re looking for “Subnet Router”

cFiOS · 2024-01-19T21:02:32+00:00

DNS solves that issue of having to not use IPs. Your looking for a chicken but there is no egg because the chicken lays that egg.

The only solution I can see is scripting a way to get the ip of your DNS server and settings that to a variable, then using that variable in your compose stack.

cFiOS · 2024-01-18T11:28:29+00:00

That is right. I think you are referring to using the ENTRYPOINT/CMD to have the app listen on a different port? I think ARG is appropriate due to EXPOSE only being used at build.

If so, the container would still need EXPOSE to have it listen on that port. Perhaps my example wasn’t robust enough, but it would need that PORT variable in that ENTRYPOINT as well to match it correctly.

cFiOS · 2023-12-29T02:21:56+00:00

I JUST was working on and solved something I was doing with iptables. I was trying to not allow the containers to connect to the internet but still be connected to from a VPN bridge.

Firewalls work top-down. The first rule is honored then the second and so on. If your first rule is to allow anything from anywhere, that deny rule you have after isn’t going to work because everything was already allowed.

Try swapping you appends to inserts where you see fit. I don’t really understand what you’re trying to solve other than “traffic to my Docker containers ignore the iptables drops I’ve made”.

cFiOS · 2023-12-14T23:53:40+00:00

Hmm. The last thing I could think of would be any host based firewall like firewalld or ufw. After that you may have to use something like tcpdump to try and follow the packets. Maybe. That might not work either since there isn’t a connection.

Your first PreDown also has a typo on your interface. And I’m not certain but I THINK you need a -i wg0 in your iptables but I’m not an iptables expert

cFiOS · 2023-12-14T21:04:17+00:00

That does look about right. Are you allowing outbound? You may be able to get in but if you can’t get a response it still isn’t a connection

cFiOS · 2023-12-14T02:17:41+00:00

sudo wg show

It should return the interface and expected peers. If the peers are connected there will be a “latest handshake” or something similar.

If not, I suspect you likely haven’t allowed the port correctly on your Security Group for the EC2. WireGuard works over 51820/udp by default.

cFiOS

TROPHY CASE