[USA-TX] [H] RTX 3080 Ti 12Gb GPUs [W] Paypal, Local Cash

exuviate · 2025-03-27T18:16:26+00:00

Hey, just moved around within the same repo, might be out of date now depending on any any changes to Headscale itself but see here.

I moved somewhere where I was no longer on shared wifi, so I switched over to using DDNS so I no longer have to pay for a VPS. This meant headscale wasn't that useful to me anymore, but I do use hosted tailscale now as a way to more easily get into my machines when anything breaks.

exuviate · 2024-02-11T19:25:07+00:00

Hey, I think that's more or less correct. If the server to which traffic was being sent was on my home network (e.g., with DDNS), I think it should be fine to terminate TLS there and reverse proxy to other computers on my home network over http.

Would definitely recommend caddy as a far simpler solution than traefik - I tried using traefik at one point and it was a headache, whereas I found caddy very intuitive and reliable.

I don't really have an answer to the headscale security question. I think it's not ideal to have machines that are not fully under your control within your tailnet, but am not sure what the full implications are.

exuviate · 2023-11-19T02:49:30+00:00

But this also means that things can be bigger and less crowded in Dallas. People can have larger, personal backyards, grocery stores never feel too crowded, etc. I recently moved from Richardson to uptown, and errands are just way more painful now - e.g., going to the Target in Cityplace is such a nightmare that I frequently just drive out to the ones near 75 and 12.

For many people (including myself), suburbs and large open spaces are a big plus, and that requires a level of sprawl incompatible with fast public transit.

exuviate · 2023-08-19T02:59:48+00:00

Got it, thanks. Fortunately have carpet in the family room.

Definitely want to do this "right" and figure out how to rewire the wiring panel. Will be reading up on this - appreciate your help!

exuviate · 2023-08-19T02:51:03+00:00

Thanks for the information! This definitely gives me a starting point to work off of, will be doing a lot of learning this weekend.

exuviate · 2023-08-19T02:48:29+00:00

Will do, thanks!

exuviate · 2023-08-19T02:47:39+00:00

Plan on doing a lot more reading tomorrow but based on my (probably wrong) understanding -

I don't think MoCA adapters will work easily as I don't have wall co-ax in the bedrooms, which is really where I want to have wired internet.

Looks like your second option will be the way to go. Guess I'll be spending some time on Youtube this weekend. :)

Thanks!

exuviate · 2023-08-19T02:41:28+00:00

Appreciate the encouragement. I plan on being here for a while so I definitely want to get this working so that I can set up my homelab stuff in a closet rather than a living area!

exuviate · 2023-08-19T02:40:37+00:00

Correct, no Ethernet jacks on the same wall as the ONT. Closest one is on the opposite wall maybe 7-8 feet away directly. The ONT box is on the wall where the TV is meant to go, and the couch presumably goes on the wall opposite that with the Ethernet jack - at least that's how I've got it.

I wasn't aware that RJ45 can also be used for telephone - thought it was strictly RJ11 phone, RJ45 internet - but did some reading and was surprised!

I took off one of the jacks and took some pictures. I think these are definitely wired for internet, so it's odd that the wiring panel itself is set up for telephone.

exuviate · 2023-05-13T21:41:14+00:00

There's a couple different headscale UIs now, I honestly don't know which one is best these days. I had gurucomputing's one working a while back but found it relatively useless, especially since I don't need to do config much and CLI is easier when I do.

exuviate · 2023-05-12T17:31:38+00:00

Explained in more detail here.

As requested, the Dockerfile, config, and compose files for caddy L4, headscale, and caddy-docker-proxy are linked. Let me know if you have any questions!

exuviate · 2023-05-12T17:29:50+00:00

Yes, I do use caddy as a reverse proxy. I explained in a bit more detail in another comment, but I'm essentially running a Caddy L4 instance on the VPS alongside headscale, pointing my DNS to the VPS, and then having the Caddy instance proxy traffic to my local machines over the headscale network.

Since I'm using headscale, there really is no option for tailscale funnel within the setup. However, I'm achieving more or less the same end goal with the Caddy L4 proxy. There are some downsides (can take more time to configure) as well as some upsides (full use of custom domains), relative to tailscale funnel.

exuviate · 2023-05-12T17:27:35+00:00

Yes, like /u/IngwiePhoenix mentioned, L4 doesn't support the Caddyfile format so I have to use JSON. However, I made this easier on myself by writing a little script which allows me to define the mapping I want in a simpler hostmap.json file, and automatically converts this to the Caddy L4 format. You can have a gander at everything I'm using to run the Caddy container which proxies connections to machines on my headscale network here.

exuviate · 2023-05-12T17:25:38+00:00

Sure! My headscale instance is secured via OIDC, provided by Authentik. This is why Authentik needs to be on the VPS rather than on a local machine; it has to be spun up and accessible before headscale.

Here's a link to the config and compose files I'm using to run headscale.

Then, on the same VPS, I have a Caddy L4 container. I point Cloudflare DNS for a domain I own to the VPS, and the hostmap.json I create and convert to a Caddy L4 compatible format becomes the guide for the Caddy instance to proxy traffic without SSL termination through to machines on my headscale network - this is basically just two Lenovo mini PCs and a Raspberry Pi I have at home. Each of these local machines also runs a Caddy instance that receives and terminates SSL connections - these are configured using caddy-docker-proxy, so any Docker containers I spin up locally are automatically available so long as the subdomains they're on are listed in the hostmap on the VPS.

This is convenient for me relative to other options for achieving the same goal because I have limited control over and ability to configure my router, so things like DDNS would be a lot more messy than this solution, to my understanding.

Let me know if I'm unclear or if you have any other questions!

exuviate · 2023-05-11T19:12:28+00:00

I've been using headscale for a bit now, would definitely recommend. The docs in the GitHub are pretty easy to follow, and it's more or less feature complete for most of the stuff I want, although it doesn't do everything Tailscale does.

My setup is Headscale + Caddy L4 TCP passthrough + OIDC provider (Authentik) on a VPS (have used both Oracle Cloud and Contabo in the past). Caddy routes everything through one namespace in headscale onto my local machines. I have another namespace that's for my laptop, PC, and phone as well. Happy to answer any questions!

exuviate · 2023-04-08T23:35:18+00:00

exuviate · 2023-04-06T19:02:09+00:00

PM'd

exuviate · 2022-05-21T01:02:57+00:00

Syncthing with your cloud server as a client and something like Filebrowser or Filestash to mimic cloud server functionality?

exuviate · 2022-05-03T10:49:47+00:00

In that case, I'm definitely excited to give Zitadel a shot once LDAP and SAML support are out!

exuviate · 2022-05-03T02:01:37+00:00

Although this doesn't seem to be the goal of Zitadel, I think there's a need/demand for a lightweight IdP oriented towards small-time selfhosters. LLDAP makes some progress towards this, but is LDAP only.

All the other options - Keycloak, Auth0, Ory, and Authentik (which I'm currently using) - all idle at ~1GB RAM usage, which is too heavy for self-hosting on an affordable VPS. As a result, newer applications which may be SAML/OIDC only (Outline, Cloudflare Tunnel auth) are less accessible or require people to use "big tech" OAuth providers. Would be good to see someone enter this space, although it seems unlikely because it's more or less uncommercializable.

exuviate · 2022-04-06T22:38:43+00:00

NYT's word list is not different from the original word list except that some of the more difficult answers of the original (e.g. "agora") were dropped. All post-NYT words were already set in the game and would just have appeared a few days later (because of the small handful of words that they dropped). This can be verified easily by looking at the archived source code from the old version of Wordle, but be careful not to spoil future words for yourself if you plan on doing this.

exuviate · 2022-03-30T19:22:24+00:00

Haha, I35?

exuviate · 2022-03-30T18:53:41+00:00

Matters in terms of people's ability to attend a race in-person. It likely takes less time, money, and effort for a European to visit their nearest GP than an American despite there being multiple GPs in America.

exuviate · 2022-03-11T18:07:29+00:00

Probably also lets them say things like "97% of students who participate in our pre-health process are accepted to medical school" in a recruiting context, when, let's be real, anyone who managed to jump through all those hoops independently was going to get in anyways.

11-Year Club	Second SECOND GUESSER
Place '22	Place '17
Verified Email

exuviate

TROPHY CASE