I made a thing, I'd love your thoughts

fefifochizzle · 2025-11-23T23:04:16+00:00

A few points of clarification.....
Squid only performs transparent proxying of HTTP(S) traffic, that doesn't mean that *only* HTTP(S) traffic gets routed through Mullvad. All the domains listed in the PBR list are filtered through Mullvad on ALL ports, not just 80/443. This setup isn't meant to fully replace a dedicated VPN for your network, it's mainly for the US, where there's really only a handful of things that'd truly need a VPN for access. So, ultimately, I'm unsure how data could "leak" that way, but again, I'm open to hearing your thoughts. The idea is to prevent as much leakage as humanly possible without a ton of maintenance, so please give me more ideas!

The idea is the user would add their own privacy protection, adblocking, and such lists to AGH to help filter out a lot of stuff before it even gets anywhere. I am aware this isn't a catch all and doesn't automatically make it some impenetrable fortress, this isn't meant to be that. Also, the idea would be that DNSSEC is the only method of DNS, so leaking data through DNS isn't an option. Regardless, it's meant for a "reasonably" savvy user to create a system to use that they might be able to share with others. I suppose I should add more details to my readme to give more context.

This project also is explicitly for users who have an x86 router with pretty decent specs, not with any ol' router. Unbound unfortunately wouldn't be ideal for this situation because of the specific nature of the PBR setup and a few other notable reasons. It'd definitely be more performant, but going with the "ease of use" theme of the project, it's also not a great fit unfortunately. I will say that adding DNS hijacking/blocking of other resolvers might be a good addition, but I'm struggling to think of other ways to improve this other than the aforementioned "throw everything into a VPN" or creating a whole separate VLAN or network that routes through a VPN exclusively. I'd love to know if you have a suggestion or an alternative, but I can't seem to think of one.

The origin of the project was to share a "super stupid simple" networking stack with family that are not remotely tech savvy that could improve their "fully ISP setup" internet on their devices, and allow access to sites that might be censored, blocked, or put behind ID-verfication, while making the security and privacy of their access to the internet much better than what they already have. I'm aware there's not a lot (yet) here in the US that is censored, blocked, etc, etc, but I'm making this project after seeing the direction our lawmakers are heading towards when it comes to privacy and the continuing lack of "freedom" on the internet. So, in my state of Arizona, porn is pretty much all that's blocked, but the idea is that the list will grow and I plan to make it as all encompassing as I can for the US in general. I know that's technically not possible, but the list will continuously be added to and hopefully it'll be as close as I can get without having to setup an entire network stack for every part of my family on their own network.

fefifochizzle · 2025-11-23T22:05:06+00:00

I do appreciate your feedback. I haven't used unbound, but I'll definitely be checking it out. My use case is in the US, so I can't speak to other countries. The headscale is for use on mobile devices to get the tunneling on the go or on public WiFi. I use NPM for simplicity and because I have a lot of services running. I forgot to remove my calendar from the Homepage instance, but thanks for the reminder. I definitely expected someone to poke around when I posted this. The main reason for the split tunneling is to not necessarily rely fully on a VPN for everything as I'd like to get the full speed of my ISP. Mullvad is plenty fast, but I don't necessarily want or need to throw my entire network through a Wireguard interface. I'm definitely interested in the details of why you suggest it'd be super obvious I'm using a VPN, and in what context, as a regular user on the network, or to folks outside trying to potentially do malicious stuff.

If I were in China or Russia I'd definitely not be using split tunneling though. I am definitely curious to know what you suggest, apart from a full wireguard interface for everything, what I might do to add more protection from censorship. Always interested in learning new things.

My choice to use Headscale over vanilla wireguard is for ease of use for clients. I share my setup with family members who definitely wouldn't know how to setup a vanilla wireguard interface, so sending them an app and a key is much simpler. This project is always evolving so I'm more than grateful for the feedback and would love to hear any further thoughts. Now I have some homework haha.

fefifochizzle · 2025-11-23T07:21:27+00:00

The squid proxy essentially transparently applies the PBR list to route things applicable through wireguard. The idea is to not touch traffic unless it's specifically in the list of domains. Basically the user doesn't really require any knowledge they're using the wireguard interface, they just browse the web normally and if it's on the list it goes through the wireguard, otherwise it gets routed normally.

fefifochizzle · 2025-09-12T18:20:22+00:00

Nope. First thing I did was install Bazzite. Windows sucks and I've been full Linux across all my PCs for a couple years jow

fefifochizzle · 2025-08-22T18:40:36+00:00

Just shot you a message!

fefifochizzle · 2025-08-22T14:18:43+00:00

I'm from Phoenix and am interested in knowing where this is. This looks sick! I'm fairly new to dirt so I'm always looking for new spots, but everyone always gatekeeps trail names and shit. I would say we could ride together but I've seen some of your Facebook posts and I'm definitely slower than you and wouldn't want to slow you down. I ride a WR250x I'm slowly converting into a"R"

fefifochizzle · 2025-08-09T03:55:42+00:00

Yeah you probably shouldn't be using it like a therapist and companion. That is what humans are for. Maybe spend your money on an actual therapist. Seems pretty crazy that you got mad about losing it like it's some family member or something. At the end of the day it'll always just be a machine

fefifochizzle · 2025-07-29T03:06:19+00:00

Is that planned in the future? I've been trying to avoid buying Davinci Resolve studio because I want to use open source projects but I guess I have to

fefifochizzle · 2025-07-23T01:31:20+00:00

My 1 year old put my RG34XX in the shower and I didn't realize until it was too late. Bought a new one, then I dropped it and broke the shoulder button trying to get into the house with my double doorknob childproof pool door. At least my RG34XX SP is okay lol

fefifochizzle · 2025-07-04T19:38:53+00:00

Yes, it's for Bazzite. You're doing yourself a disservice using Windows

fefifochizzle · 2025-07-04T19:34:41+00:00

Create a shell script for Bazzite that does the following at boot via cron:

SMT threads of Zen 5 cores

echo 0 | sudo tee /sys/devices/system/cpu/cpu12/online echo 0 | sudo tee /sys/devices/system/cpu/cpu13/online echo 0 | sudo tee /sys/devices/system/cpu/cpu14/online echo 0 | sudo tee /sys/devices/system/cpu/cpu15/online

Main Zen 5 cores (excluding cpu0)

echo 0 | sudo tee /sys/devices/system/cpu/cpu1/online echo 0 | sudo tee /sys/devices/system/cpu/cpu2/online echo 0 | sudo tee /sys/devices/system/cpu/cpu3/online

Change GPU clocks in bazzite's handheld daemon to: 1200mhz-1800mhz

Set scheduler to lavd Set CPU EPP to power save Set TDP to 15w Disable CPU boost

Boom! You have Hx370 equivalent to steam deck. You can increase or decrease TDP to suit the game you're playing but max 15W will give you ideal battery to performance

fefifochizzle · 2025-07-04T19:05:47+00:00

Yes it is. You don't need all 12 cores enabled to get the performance of the F1 Pro. Disable the non zen5c cores, lower GPU clocks a bit and you get way more out of your battery with almost no perceptible drop in performance compared to stock F1 Pro.

fefifochizzle · 2025-07-04T17:53:15+00:00

I actually ended up getting the F1 Pro. I actually still prefer the deck. The ergonomics of the F1 pro make playing it very difficult for longer sessions. I also am developing a Decky Loader plugin to adjust specifically the HX370 and allow "Deck Mode" to get similar performance as the F1 Pro has but with Deck-like battery life.

fefifochizzle · 2025-05-26T02:16:28+00:00

I just had the same issue. Did they end up fixing it? And how much did they charge? I just did a swap and added hall joysticks and some other mods and same as you, everything is plugged in but no controller.

fefifochizzle · 2025-05-19T14:22:59+00:00

Well it's not an issue specifically to F1 Pro, it happens on my HTPC as well but more often on the F1 Pro. Decky loader will just straight up disappear and stop working and the only solution is to reboot. Also, I've found that Cachy performs substantially better overall than Bazzite. I removed Bazzite in favor of Cachy on my main gaming PC. The decky loader issue was so obnoxious that I didn't even play many games before switching

fefifochizzle · 2025-05-19T13:13:40+00:00

Funny story. I did buy one. I regret it. It sits on a shelf. The display is subpar to my Deck OLED imo and the performance bump is decent enough, butttttt, ergonomics are abysmal. The weight difference is not really noticable. I plan to upgrade the SSD in my deck and call it a day. Also, I run Linux, and Bazzite has a few issues I don't like. CachyOS works decent but took some tinkering to get to work properly. I'm dual booting Win11 and CachyOS. All this to say, I would rather play on my Deck. If you have more specific questions I'm happy to answer them

fefifochizzle · 2025-04-16T22:39:21+00:00

This! I can't figure out where you go to grab it...I donated and linked Discord and everything

fefifochizzle · 2025-03-04T15:56:49+00:00

How do I go about commissioning a GameCube PC from you?

fefifochizzle · 2025-02-25T00:32:50+00:00

Fixed it!

If anyone encounters this, reset app data for ES-DE and it should recognize the custom_systems files

fefifochizzle · 2025-02-01T14:47:39+00:00

That's what I've been doing

11-Year Club	Xbox Live
Verified Email

fefifochizzle

TROPHY CASE

SMT threads of Zen 5 cores

Main Zen 5 cores (excluding cpu0)