krash

Thank you for all the questions to help me clarify my use case 🙂

At the very basic, I'd like to:

1. achieve better security through segmentation by isolating cloud-connected devices, guest devices from trusted devices.
2. Being able to "pin" a Mac address to an IP, and being able to use internal network name resolution to reach those devices.
3. a blocklist for known ad-domains / malicious domains.

Once the basics are in place, I'd like to elevate my netsec game and implement:

• a high level monitoring capability to seen what devices are communicating with what domains / IPs
• An IDS capability of some sort to be able to detect anomalies in my LAN.

The NAS part is just for convince, it would be nice to have a samba / NFS with my files available when I need them.

Welcome to the deep rabbit hole :-) how much do you know about how computers work? In general, you're going to need to understand some basic networking and general Linux administration, but if you already have a grasp on that then I'd say you just need to start small (simple service, aim to have a resilience goal with backups and restoration) and other metrics that motivates you. Perhaps you want to learn something new with every service you host? You decide, this is your hobby :-)

WORD

Scholz and Merkel have their flaws, but they're not fascist buffoons. Yep, that's where the bar is right now.

I think for matrix to be usable in a homelab setting, Matrix needs to enable a way to handle these huge data storage with prune or something similar.

I found snikket to be quite decent, give it a whirl.

Awesome <3

If you need feedback, testing etc. on this feature, I'm happy to help. Just pm me and I'll give you my github account.

This is really cool. Happy that you included the comments, as I find them often quite insightful. Look forward to spin this up and try it.

Edit: I know this is really hard to design and implement, but is it possible to bring in certain amount of child comments as-well? E.g., past a certain vote threshold or only X child comments deep. This might be a requirement that want to "move" the social media platform into the RSS feeder, but I want to entertain the idea.

There are so many monitoring tools with various degrees of complicated setup / configuration or the amount of information you get. And honestly, I've looked into various tools: checkmk, monit, Prometheus... And realised that I rarely look into that information anyway. Of all "fancy" tools, I liked the ease of Netdata to set up and the amount of information that you get. However, beware that their in the process to make their free / homelad offering worse. I've been eyeing beszel and don't forget CLI based tools that are avaible such as atop, btop, htop or glances.

If you want to delve deeper into the rabbit hole of monitoring, I can recommend you to read this article below: https://matduggan.com/were-all-doing-metrics-wrong/

I've tried different approaches with fail2ban, crowdsec, VPNs, etc. What I settled on is to divide the data of my services in two categories: confidential and "I can live with it leaking".

The ones that host confidential data is behind a VPN and has some basic monitoring on them.

The ones that are out in the public are behind a WAF from cloudflare with pretty restrictive rules.

Yes, cloudflare suck etc., but the value of stopping potential attacks before they reach your services is hard to match.

Just keep in mind: you need layers of different security measures to protect your services (such as backups, control of network traffic, monitoring and detection, and so on).

I really like this. Is it possible to have it search several sources in the future?

I like this thread :-)

I have just checked off a long standing item in my backlog: implementing OIDC on at least two apps. I've used a remote keycloak instance for authention for my household and so far so good. Now I'll try to understand the configurations a little better before take on other items on my backlog.