easeKItMAn

joined 2 years ago
[–] easeKItMAn 2 points 8 months ago* (last edited 8 months ago)

Some fancy case options depending on your needs: Shop Inux3d
Added passive cooling for PI running HA and never encountered any issues.

[–] easeKItMAn 0 points 10 months ago* (last edited 10 months ago)

I used VMs some time ago but never managed to look deeper into separation of bare metal vs VMs. Hence I can’t assess this reasonably.
Docker got me interested when it started and after discovering its networking capabilities I never looked back.
Basically I’m trying to minimize the possibility that by intercepting one dockerized service the attacker is able to start interacting with all devices. And I have lots of devices because of a fully automated house. ;) My paranoia will ensure the constant growth of privacy and security :)

[–] easeKItMAn 2 points 10 months ago (1 children)

Guessing it is more a habit from back in time when ssl certification wasn’t common. Panic of MITM attacks, friends sharing their trusted access to other friends, etc. all contributed to my actual status of paranoia.
Don’t make me reconsider my cybersec approach ;)

[–] easeKItMAn 6 points 10 months ago (3 children)

Rotating passwords only for web services. Vaultwarden does make it easy. Not all services allow 2FA.

[–] easeKItMAn 5 points 10 months ago (7 children)

I’m somewhat paranoid therefore running several isolated servers. And it’s still not bulletproof and will never be!

  • only the isolated server, ie. no internet access, can fetch data from the other servers but not vice versa.
  • SSH access key based only
  • Firewall dropping all but non-standard ports on dedicated subnets
  • Fail2ban drops after 2 attempts
  • Password length min 24 characters, 2FA, password rotation every 6 months
  • Guest network for friends, can’t access any internal subnet
  • Reverse proxy (https;443 port only)
  • Any service is accessed by a non-privileged user
  • Isolated docker services/databases and dedicated docker networks
  • every drive + system Luks-encrypted w/ passphrase only
  • Dedicated server for home automation only
  • Dedicated server for docker services and reverse proxy only
  • Isolated data/backup server sharing data to a tv box and audio system without network access via nfs
  • Offsite data/backup server via SSH tunnel hosted by a friend
[–] easeKItMAn 1 points 11 months ago* (last edited 11 months ago) (1 children)

Pydf displaying df -h differently

[–] easeKItMAn 2 points 1 year ago

Personally I use Raspi 2 and Zero for that purpose. HATS for digital connection or if you want connecting speakers directly consider AMP2 HAT.
Homeassistant controls grouping, volume etc.

[–] easeKItMAn 2 points 1 year ago

You can configure multiple zones on a server snap with multiple hosts
A client can assign to one host only.

[–] easeKItMAn 5 points 1 year ago* (last edited 1 year ago) (4 children)

I can recommend mopidy and snapcast.
This will allow for a Sonos like setup you are looking for.

[–] easeKItMAn 7 points 1 year ago* (last edited 1 year ago) (1 children)

If I'm understanding you correctly, you could make use of a shell script for this. Use WGET to download lists, then combine them into a single large file, and finally create a new file with no duplicates by using “awk '!visited[$0]++'”

wget URL1 URL2 URL3
cat *.txt > all.txt (This overwrites all.txt)
awk '!visited[$0]++' all.txt > no_duplicates.txt

[–] easeKItMAn 9 points 1 year ago (1 children)

It depends a bit on what you want to accomplish, the threat model, the devices in use, and other topics. I think this is a good read: https://avoidthehack.com/best-pihole-blocklists

Some specific social blocklists: https://github.com/d43m0nhLInt3r/socialblocklists

[–] easeKItMAn 3 points 1 year ago* (last edited 1 year ago)

Beets is my favorite tagger since I prefer CLI. Match making policy can be adjusted and discogs plugin can be added I recommend the folder structure /artist/album/track

76
Intel passed NUC baton to ASUS (www.tomshardware.com)
submitted 1 year ago by easeKItMAn to c/selfhosted
view more: next ›