a_fancy_kiwi

joined 2 years ago
sorted by: new top controversial old
McDonald's suffers worst U.S. sales decline since 2020, warns of 'anti-American sentiment' abroad in c/news@lemmy.world
[–] a_fancy_kiwi@lemmy.world 28 points 2 months ago (1 children)

Have you seen the price of McDonalds recently? I’d rather miss a meal than get scammed like that. Fuck them.

Trump, on Tariffs, Says ‘Maybe the Children Will Have 2 Dolls Instead of 30’ in c/news@lemmy.world
Can Trump serve a third term as US president? in c/politics@lemmy.world
[–] a_fancy_kiwi@lemmy.world 5 points 2 months ago* (last edited 2 months ago) (4 children)

22nd Ammendment

What’s stopping Trump from having a puppet run for President and he as Vice President? The puppet could then step down after Inauguration Day.

The argument I’ve heard being, the Vice President isn’t elected to the office of the President.

Edit:

Does the 12th Amendment negate that argument? The last sentence in the amendment seems to suggest so.

12th Amendment

Google is lobbying the Canadian senator who introduced a bill to restrict children’s ability to access sexually explicit material online in c/world@lemmy.world
[–] a_fancy_kiwi@lemmy.world 22 points 2 months ago* (last edited 2 months ago)

Agreed. They’ll erode everyone else’s right to privacy in order to “protect children”

Parents are free to restrict the content their children view. If the parents choose not to learn how to set up those restrictions, that’s on them.

China Now Faces 245% Trump Tariff in c/world@lemmy.world
[–] a_fancy_kiwi@lemmy.world 12 points 2 months ago (2 children)

Our government is broken. First the House of Representatives have to vote to impeach a president. Then the senate has to vote to remove the president from office.

Trump was impeached by the, at the time, left leaning house of representatives in his first term but the right leaning senate didn’t vote to impeach him so he stayed in office.

At the moment, both the house and senate lean right so they aren’t likely to do anything. The supreme court also basically said the president is above the law so they aren’t likely to do anything either.

Is there a downside to sticking to iptables over ufw? in c/linux@lemmy.ml
[–] a_fancy_kiwi@lemmy.world 3 points 3 months ago (2 children)

If you know iptables, just stick with that. In my testing, docker containers seem to ignore ufw rules. Supposedly, iptable rules are respected but I haven't learned iptables yet so I can't verify.

*Permanently Deleted* in c/homelab@lemmy.ml
[–] a_fancy_kiwi@lemmy.world 3 points 3 months ago* (last edited 3 months ago)

I'm pretty happy with my Ubuntu, docker, and ZFS with Sanoid/Syncoid server. Nothing against NAS focused distros, I just haven't come across a compelling enough reason to switch.

For hardware, I use a Odroid H4+. Intel N97, 4 SATA ports, Intel quick sync, and low power. It's running my 20ish docker containers with plenty of power to spare. It's been great

can I add video files remotely? in c/plex@lemmy.ml
[–] a_fancy_kiwi@lemmy.world 3 points 3 months ago

There's a bunch of different ways you could do it depending on where you got the video from. You could set up smb/samba on your server, connect to it via a VPN, and upload the video through a file app on your phone. You could also set up the "arr" stack of software which lets you basically navigate to a website on your phone and when you click download, your server gets a message to download the file.

GrapheneOS Developers Talk About VM Feature in c/grapheneos@lemmy.ml
[–] a_fancy_kiwi@lemmy.world 2 points 3 months ago

I cannot think of a situation where I would have access to those but not have access to a full PC

I feel the same way. I'm probably not the target audience for this feature. I could see it being beneficial for lower income families though. Seems like most kids have phones but many don't have their own PC.

Gold surges above $3,000 for the first time as investors seek a haven from Trump tariffs in c/politics@lemmy.world
Gold surges above $3,000 for the first time as investors seek a haven from Trump tariffs in c/politics@lemmy.world
[–] a_fancy_kiwi@lemmy.world 5 points 3 months ago (4 children)

9 meals

I'm not familiar with that reference

GrapheneOS Developers Talk About VM Feature in c/grapheneos@lemmy.ml
[–] a_fancy_kiwi@lemmy.world 4 points 3 months ago (3 children)

2) Running Windows or desktop Linux applications with desktop mode + USB-C DisplayPort alt mode on the Pixel 8 and later.

I'd be curious to know what desktop apps people plan on running on their phones. It's cool that it's possible but I'm not sure what I would do with it.

125
How do you all handle security and monitoring for your publicly accessible services? (lemmy.world)
submitted 4 months ago* (last edited 4 months ago) by a_fancy_kiwi@lemmy.world to c/selfhosted@lemmy.world
70 comments fedilink
 

This is a continuation of my other post

I now have homeassistant, immich, and authentik docker containers exposed to the open internet. Homeassistant has built in 2FA and authentik is being used as the authentication for immich which supports 2FA. I went ahead and blocked connections from every country except for my own via cloudlfare (I'm aware this does almost nothing but I feel better about it).

At the moment, if my machine became compromised, I wouldn't know. How do I monitor these docker containers? What's a good way to block IPs based on failed login attempts? Is there a tool that could alert me if my machine was compromised? Any recommendations?

EDIT: Oh, and if you have any recommendations for settings I should change in the cloudflare dashboard, that would be great too; there's a ton of options in there and a lot of them are defaulted to "off"

85
How do you handle SSL certs and internet access in your setup? (lemmy.world)
submitted 5 months ago* (last edited 4 months ago) by a_fancy_kiwi@lemmy.world to c/selfhosted@lemmy.world
89 comments fedilink
 

tldr: I'd like to set up a reverse proxy with a domain and an SSL cert so my partner and I can access a few selfhosted services on the internet but I'm not sure what the best/safest way to do it is. Asking my partner to use tailscale or wireguard is asking too much unfortunately. I was curious to know what you all recommend.

I have some services running on my LAN that I currently access via tailscale. Some of these services would see some benefit from being accessible on the internet (ex. Immich sharing via a link, switching over from Plex to Jellyfin without requiring my family to learn how to use a VPN, homeassistant voice stuff, etc.) but I'm kind of unsure what the best approach is. Hosting services on the internet has risk and I'd like to reduce that risk as much as possible.

  1. I know a reverse proxy would be beneficial here so I can put all the services on one box and access them via subdomains but where should I host that proxy? On my LAN using a dynamic DNS service? In the cloud? If in the cloud, should I avoid a plan where you share cpu resources with other users and get a dedicated box?

  2. Should I purchase a memorable domain or a domain with a random string of characters so no one could reasonably guess it? Does it matter?

  3. What's the best way to geo-restrict access? Fail2ban? Realistically, the only people that I might give access to live within a couple hundred miles of me.

  4. Any other tips or info you care to share would be greatly appreciated.

  5. Feel free to talk me out of it as well.

EDIT:

If anyone comes across this and is interested, this is what I ended up going with. It took an evening to set all this up and was surprisingly easy.

  • domain from namecheap
  • cloudflare to handle DNS
  • Nginx Proxy Manager for reverse proxy (seemed easier than Traefik and I didn't get around to looking at Caddy)
  • Cloudflare-ddns docker container to update my A records in cloudflare
  • authentik for 2 factor authentication on my immich server
0
Help with understanding throughput of pcie and hard drives (lemmy.world)
submitted 2 years ago* (last edited 2 years ago) by a_fancy_kiwi@lemmy.world to c/selfhosted@lemmy.world
2 comments fedilink
 

I've been interested in building a DIY NAS out of an SBC for a while now. Not as my main NAS but as a backup I can store offsite at a friend or relative's house. I know any old x86 box will probably do better, this project is just for the fun of it.

The Orange Pi 5 looks pretty decent with its RK3588 chip and M.2 PCIe 3.0 x4 connector. I've seen some adapters that can turn that M.2 slot into a few SATA ports or even a full x16 slot which might let me use an HBA.

Anyway, my question is, assuming the CPU isn't a bottle neck, how do I figure out what kind of throughput this setup could theoretically give me?

After a few google searches:

  • PCIe Gen 3 x4 should give me 4 GB/s throughput
  • that M.2 to SATA adapter claims 6 ~~GB/s~~ Gb/s throughput
  • a single 7200rpm hard drive should give about 80-160MB/s throughput

My guess is that ultimately, I'm limited by that 4GB/s throughput on the PCIe Gen 3 x4 slot but since I'm using hard drives, I'd never get close to saturating that bandwidth. Even if I was using 4 hard drives in a RAID 0 config (which I wouldn't do), I still wouldn't come close. Am I understanding that correctly; is it really that simple?

1
Cracking/tinny sound on Apple TV 4k after TvOS 17 update (lemmy.world)
 

PSA

After updating to TvOS 17, my Sonos Beam sound bar started making weird crackling sounds and music sounded tinny. Turns out, I had to change the audio format in the Apple TV settings from Stereo to Dolby Digital 5.1 for the issue to be fixed.

Not sure what I had that setting set to before but I’m leaning toward the idea that the update reset the audio format back to default settings. If you are having sound issues after updating, that might be the issue.

1
Setting up a Home Assistant as a KVM - resize qcow2 and set up network bridge device [Guide] (lemmy.world)
submitted 2 years ago* (last edited 2 years ago) by a_fancy_kiwi@lemmy.world to c/homeassistant@lemmy.world
0 comments fedilink
 

I occasionally find myself reinstalling home assistant and every time I do, I get stuck on two steps because I forgot the commands and didn't write them down from the last time. I'm writing them below mainly for myself but also for anyone else who may get stuck. For future reference, I'm using Ubuntu 23.04 with Virt-Manager.

Before you begin the installation of the provided qcow2 image, you might want to resize that image from 32G to whatever size you want. ex:

qemu-img resize haos_ova-10.3.qcow2 +68G

Next, you might want to make a network bridge device. Navigate to your netplan folder and backup the yaml file that's in there (your file may be named differently)

cd /etc/netplan

cp ./01-network-manager-all.yaml ./01-network-manager-all.yaml.old

Edit the yaml config.

nano ./01-network-manager-all.yaml

Change the renderer to networkd and add the bridge device (br0). Your ethernet device may not be named enp12s0, make sure to use your ethernet device name. If you are on wifi, look up a netplan wifi config and make adjustments as needed.

network:
  renderer: networkd
  ethernets:
    enp12s0:
      dhcp4: true
  version: 2
  bridges:
    br0:
      dhcp4: yes
      interfaces:
        - enp12s0
      parameters:
        stp: true

save the file. generate and apply the new netplan. WARNING - If you are hosting this on your own network, it's possible the Ubuntu host IP could change. If you were doing these steps over SSH, you might need to find the new IP and reconnect. Static IPs can be set in the netplan config but I usually just do it from my router settings afterwards which is probably why the IP changed.

netplan generate

netplan apply

Now just go through the installation process and when you select your network device, make sure you select "Bridge Device" and the device name is "br0"

Edit 12/15/23 - well, I rebuilt my server again. I used regular Ubuntu desktop this time and I for the life of me I couldn’t get networking to function properly. I ended up buying an Ethernet card and passed it through to the VM

view more: next ›