It’s Sunday somewhere already so why wait?

Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.

I’ll post my ongoing things later/tomorrow but I didn’t want to forget the post again.

  • MonkeMischiefEnglish
    5·
    5 days ago

    I have a family member across the country that wants to break from Google and really isn’t the type to self-host themselves, and I connect to my self hosted NextCloud solely through TailScale.

    NextCloud permissions seem easy enough, but I’m researching how to add them to my Tailnet safely to avoid potential compromise of my network if something happens to their system.

    Presuming this involves ACLs, which look intimidating, but I’m doing some research on that.

    • rumba@lemmy.zipEnglish
      6·
      5 days ago

      ACLs are not a bad as they look.

      Get your nextcloud instance hooked into tailscale

      You just need a sample file

      Group for admins, add yourself

      Tag owner for internal is admins Tag owner for nextcloud is admins

      Action accept, src admin, dst *:*

      Action accept, src nextcloud, dst nextcloud *.

      Then tag your nextcloud ts connection as nextcloud in the webadmin

      Tag all your other clients admin in the webadmin

      Note: you can’t just paste what I put here you need to find a viable template and then follow along. I’m on a mobile device where I would give you something more finalized

      Edit: tag your fam client as nextcloud

      Something like this:
      I stripped down one of my configs, I took out SSH, I don’t think it requires it

      {
	"groups": {
		"group:admins": [
			"bob@bob.com",
		],
	},

	"tagOwners": {
		"tag:admin":    ["group:admins"],
		"tag:nextcloud": ["group:admins"],
	},

	"acls": [

		{
			"action": "accept",
			"src":    ["tag:admin"],
			"dst":    ["*:*"],
		},

		{
			"action": "accept",
			"src":    ["tag:nextcloud"],
			"dst":    ["tag:nextcloud:*", "autogroup:internet:*"],
		},

	],

}
        • rumba@lemmy.zipEnglish
          3·
          4 days ago

          No problem. They really should spend about 10 hours having somebody make a GUI for it

    • tofuwabohu@slrpnk.netOPEnglish
      2·
      5 days ago

      Is exposing it to the internet not an option? Boarding more family members on could be cool.

      • MonkeMischiefEnglish
        2·
        4 days ago

        It might be some way, however not easily. My mega-corpo ISP blocks incoming connections on common hosting ports, because they want to keep the network safe sell expensive home-business plans. Lol

        I’m also very amateur at this as I go along, and I’m not sure I’m ready to deal with the fallout of missing some security step and getting my server botted or ransomwared lol.

        I haven’t done the hardware stuff with setting up my own router/firewall box either, for instance.

        So Tailscale works really well for me by seemingly magically bypassing a lot of that nonsense and giving me less to worry about. They allow 3 users for free, but have a relatively inexpensive family plan for like 6 users as well, if that becomes necessary.

        I mainly just need to tell them not to try and use my server as an exit node if they’re across the country 😂.

        But yeah definitely, I’m using this as a way to test the waters for running service alternatives as the web we knew collapses around us lol. I’m not ready to be running something people really rely on yet, though. :)

      • sugar_in_your_tea@sh.itjust.worksEnglish
        4·
        5 days ago

        I expose mine for convenience, and I use multiple layers of security to reduce risk:

        • Cloudflare protections at edge
        • IP filtering at VPS
        • connection from VPS to NAS is over Wireguard
        • TLS handled in my network (so no snooping at VPS)
        • all exposed services are in containers with minimal access

        That cuts most of the issues.