iMeddles

joined 1 year ago
[–] [email protected] 9 points 3 months ago

I worte a guide last year on how I do network bound encryption - that is the disk will automatically decrypt at boot if it's connected to my home network, but not if the disk or machine is removed from my house. The advantage over the dropbear method is that you can set unattended upgrades to auto reboot your server whenever it installs security updates, and it'll come back up with no manual intervention from you.

[–] [email protected] 12 points 3 months ago (1 children)

Dry air causes way more static electricity build up, which electronics really don't like having discharged into them

[–] [email protected] 2 points 11 months ago (1 children)

I had some spare time today, so I wrote it up on my website here

[–] [email protected] 6 points 11 months ago (2 children)

I don't at the moment, because I don't have a need for it, but I did for a while run a PoC with Step CA, and that seems like the easiest way to get up and running, even if its features are overkill for a home lab.

[–] [email protected] 4 points 11 months ago (3 children)

if you go down the luks route, an option to look at is Clevis/Tang for automatic unlocking on a trusted network. I have a tang server running in the cloud, firewalled to my home IP, so if my server reboots in my house, it auto unlocks, but if you steal it and try to turn it on anywhere else, it won't be able to auto unlock, and will require a password.

I should write that config up somewhere as a guide.

[–] [email protected] 1 points 1 year ago

Thinkst have also published opencanary which you can run yourself and contains a decent subset of what their hardware canaries run, including SSH and cifs.

[–] [email protected] 11 points 1 year ago (1 children)

Based on the numbers he's put up so far? Massive overpay.

Based on what else we could buy for the same money? Its probably fair. Football finances are broken :p

As ever, if he's what the system needs, and he adapts to the PL, he could yet be a great deal, but its a gamble. Here's hoping by 2024/25 he's a 20-goal-a-season-striker, and I'm eating my words in the first paragraph!

[–] [email protected] 5 points 1 year ago (1 children)

My aim for the year of voice is to replace my google minis with something that works locally with ha, if this gets integrated that way its gonna save me reasonable amounts of money on speakers :D

[–] [email protected] 6 points 1 year ago (2 children)

Yes, if you've built the network from scratch that works. Retrofitting it into an existing network however is a massive piece of work when you don't have that single source of truth to start with however. On networks I've built sensibly, I'll happily give people whatever CNAME they want to refer to their machine, but the machines actual name is descriptive, not the other way round.

[–] [email protected] 3 points 1 year ago

My home network is somewhat overkill ;p but so far, about £500 on compute to run VMs, >£1000 on a nas and various other offsite and local stoarage, a couple hundred quid on networking gear, and then the extra premium on smart home devices you pay for non-tracking versions of the hardware (e.g a ring video doorbell would have cost me £40 less than the reolink I ended up buying). I've also so far spent over £75 on smart light switches trying to find one that both works with home assistant and fits inside my really narrow back boxes without yet finding one that works, so the number is continuing to go up!

[–] [email protected] 13 points 1 year ago (2 children)

A pihole. Given how much I've spent over the years on self hosting kit, few 'cheap' things have ended up costing me more than that first 30 quid raspberry pi

[–] [email protected] 30 points 1 year ago (7 children)

Every machine is named after what it does (although I do 1337-ify the names, because I'm still a late 90s IRC teen at heart). If you've ever been onboarded into a sysadmin role where all the machines are named with whatever whimsical naming scheme each department chose, you'll fast develop a visceral hatred for non-descriptive naming schemes. The fifth time you get a ticket saying something like 'Hedwig is down' and you have to go crawling through three layers of linked files on SharePoint to find what and where 'Hedwig' is, you'll be ready to beat the person who named it to death, and that attitude tends to persist to your home naming scheme :p

view more: next ›