• 0 Posts
  • 22 Comments
Joined 1 year ago
cake
Cake day: June 26th, 2023

help-circle



  • It shouldn’t mess with your current routing but if you’re running other VPNs you may run into issues.

    After you join the machines to the tailnet, each machine gets a new IP address ( only visible to other machines in the tailnet), by default it’s a 100.x.y.z you can check the tailnet for the device IP.

    Now you can keep the port closed on your router and it will still be accessible over the usual lan ip and port. But when you want to access remotely, turn on tailscale and connect using the tailnet IP.

    Another cool thing you can do with this setup is turn your home server into an exit node. By default it will only route things that are in the tailnet (100.x.y.z subnet). But if you turn your home server into an exit node you can funnel all your traffic back through the exit node. Instant free VPN back home!



  • Unencrypted HTTP can mean that anyone can see your traffic as it passes through their network. Your ISP will see that traffic. If you’re streaming pirated music and you’re in a country that cares about those things, might not go very well. From a security stand point though, you still wouldn’t want to trust the authentication on the open port. A vulnerability may exist that you don’t know about. It’s always better to keep them closed and add another layer or two between your home computer and the public.

    Tailscale let’s you tunnel into your home network without opening any ports, and it encrypts the traffic. Much safer way of doing it.





  • I think the problem is that most people dive right in and go to NixOS which has its quirks as a linux OS (see FHS). The Nix language is great at building and moving source code between computers, really any big collection of binaries. If you don’t do that, try just using the nix-shell command to instantly run a piece of software without installing it. You can write a shell.nix file to hop into and out of an environment with whatever software you need. Once you can write a couple .nix files then move onto NixOS; which after all is just a big collection of binaries.







  • Servarr is a stack of applications that sets up a media suite. Radarr and Sonarr handle the managing of movies and TV shows, respectively. Prowlarr searches for the media through either Torrenting or Usenet. Then you’d need a downloader like SABnzbd or Deluge. Ombi is another application to handle requests and finally you’d need a streaming app like Plex, Emby or Jellyfin.

    Think of it like a marionette; you’re making a bunch of services work together for one goal. Most people use docker and create a docker compose file to manage all the services. Typically the flow goes like this, a person makes a request to Ombi for something to watch. That request goes to Radarr or Sonarr, which creates a folder and populates the Metadata from IMDB. Then a request is sent to Prowlarr to find the media. Once found its sent to the downloader, like Deluge, to actually grab the media. After it’s done, Radarr / Sonarr will import the media into the correct folder. Now you’ve got a perfect collection for Plex / Emby / Jellyfish to start streaming your media. Really awesome suite once you get it up and running.


  • tux7350@lemmy.worldtoMildly Infuriating@lemmy.worldMFA
    link
    fedilink
    English
    arrow-up
    3
    ·
    7 months ago

    You use a GPG key that you then add to the yubikey. The keys can only be written or deleted off the yubikey, you can’t read the secret once written. Then you can use the GPG key to either encrypt a file or sign it. Check out Pretty Good Privacy and the GnuPrivacy Guard software for more information on how that works.

    I use my yubikey to encrypt files, sign my work in Git, as well as the usual password authenticator stuff. You can still use FIDO, U2F and OTP codes while using the GPG too.

    Check out this awesome guide on how to setup an airgapped computer to generate the GPG key. https://github.com/drduh/YubiKey-Guide




  • I bet you it’s because of the intel RST settings in the UEFI. If RAID is turned on the RST driver is needed. Ive ran into this exact same issue, not being able to see my drives when installing windows. Swap over to AHCI and the windows installer should see the drives.

    Note that changing that setting can cause problems for existing OS installations. Make a backup and do your research before changing that.