Hellmo_luciferrari

  • 5 Posts
  • 119 Comments
Joined 11 months ago
cake
Cake day: December 20th, 2023

help-circle


  • I tried using Bazzite since I didn’t want to fuss with Wayland on Nvidia with Arch.

    I had more gripes and more issues with an immutable distro than I ever did with my Arch install.

    Stuck it out with Arch. It has taught me a lot.

    The problem many folks have with Arch is the fact they don’t want to read or learn; well, newsflash, if you read and learn Arch isn’t exactly all that hard to use, setup, or maintain. It has better documentation than Bazzite and other newer distros. In fact, Arch Wiki has saved me hassle for other distros.

    Your mileage may vary. However, I wouldn’t recommend an immutable distribution nec3ssarily to someone coming from Windows unless they want to shift from one paradigm to another.

    Switching from Windows to something with such a vastly different approach in many cases will turn users away from using Linux. Their experience can dictate they switch away because of lack of knowledge and then proced to conflate every distro as just one “Linux” experience and not want to look back at it.

    I still stand by one thing you will always hear me say: use the right tool for the job.






  • I wasn’t meaning to conflate the two, as I see your point. I didn’t claim it was FOSS, just that the source was available.

    I know for me, I don’t mind using software that is licensed so that it doesn’t directly fall under FOSS. I just like the availability to view the source vs closed source software being a total black box.

    I have no plans to monetize their work, nor fork it, only use it.



  • I know I don’t want to open up any more ports than I have to, but you’re right, that does sound like another alternative to setting up VPN.

    Since I access more than just my pihole when connected to my home network. And because I want access to my home services, and don’t want to open up access to the public, opening one port and connecting to VPN is the way to do it. I have one port opened up for my VPN, and in order to connect you have to have my IP or my domain pointed at the IP, and you have to have a Wireguard profile setup, and know what port is open. So that does help a tad bit with my security concerns.

    Edit: how would I go about that if I felt so inclined? Any tips?



  • I want to self host more, but power draw is a concern.

    So I have gone the route of running to Pi 4 8gb models as my hosts of choice.

    So far I am hosting:

    Non-Docker:

    • PiHole
    • Unbound
    • Wireguard (and Wireguard-UI)

    Docker:

    • ForgeJo
    • Dozzle
    • Homarr
    • LinkWarden
    • Traefik
    • Watchtower

    There are a few other services I want to get up, but I haven’t gotten around to it:

    • Jellyfin
    • Immich
    • Nextcloud

    As to why:

    • ForgeJo to host my own git repositories (Docker Compose files, Chezmoi dot files, Miscellaneous configs)
    • PiHole for ad blocking
    • Unbound, well, having my own DNS
    • Wireguard so I can connect to my home network
    • Dozzle for easy log checking for my docker containers
    • Linkwaren so I can backup bookmarks in a privacy friendly way
    • Homarr for easy access to other web services I host
    • Traefik so I can resolve IP:port to a hostname with SSL certificates even though everything I host is internal only
    • Watchtower to update my Docker containers







  • so in my traefik.yml file I have cloudflare set as my certresolver as follows:

    certificatesResolvers:
      cloudflare:
        acme:
          email: email@example.com
          storage: acme.json
          caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
          # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
          dnsChallenge:
            provider: cloudflare
            #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all aut>
            #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
            resolvers:
              - "1.1.1.1:53"
              - "1.0.0.1:53"
    
    

    And I had to get the secret mounted via the docker-compose file.

    So where you have:

    tls:

            certResolver: examplecom-dns
    
    

    Do I have to redefine all of the same information I did in my Traefik yml but in this separate config.yml?

    (I did set it up in my traefik.yml and docker-compose.yml to mount and use this config, which I had commented out for later use.


    Thank you so much for the help!


    Edit:

    Essentially I am trying to get my PiHole which is hosted on another pi setup with an SSL cert for local use only:

    So in looking at your config I tried using:

    http:
      routers:
        pihole-rtr:
          entryPoints:
          - https
          service: pihole-rtr
          rule: "Host(`ph.local.domain.com`)"
          tls:
            certResolver: cloudflare
    
      services:
        pihole-svc:
          loadBalancer:
            servers:
              - url: "http://<ip>/admin"
    

    However when doing this error logs returned:

    
    2024-07-08T15:04:27-04:00 ERR error="the service \"pihole-rtr@file\" does not exist" entryPointName=https routerName=pihole-rtr@file
    2024-07-08T15:04:28-04:00 ERR error="the service \"pihole-rtr@file\" does not exist" entryPointName=https routerName=pihole-rtr@file
    

    I am doing something very wrong… And feel a little lost.


  • Would the file provider configs live on the Traefik server, or would they need to be on the external service. Reading through this, and looking at the example configuration files doesn’t really seem to point that out. Sorry for the noob questions.

    Trying to understand this, but the way the documentation is written is different than I am used to.

    Thank you!