You’re probably interested in creating a firewall on openwrt that blocks all traffic from/to certain IPs
- 5 Posts
- 138 Comments
stratselfto
Selfhosted@lemmy.world•Is there a solution to use tailscale (or pangolin) alongside a traditional VPN on grapheneos?English
3·11 days agoI use my own “solution” to host a WireGuard node inside a tailnet: https://github.com/stratself/tswg
You can also try https://github.com/juhovh/tailguard
Gluetun + Tailscale also kind of worked, but quite slow
stratselfto
Selfhosted@lemmy.world•Tips on speeding up remote connection to personal server?English
2·12 days agoRun
tailscale pingif it’s using a DERP relay that means you’d get abysmal speed and bandwidth. Usually this is because the NAT can’t be punched through. Try opening proper ports and/or configure a peer relay
I custom-build the Caddy container since it is easy to do with
xcaddy. It is automated to run every week via Forgejo Actions on a Forgejo repo, and one can pull the latest images from there using Portainer or whatever docker updater software there is.You can also use any other CI/CD solutions you like as long as it churn out a regularly updated image. Github Actions is another good one if you don’t wanna set up Forgejo.
The
caddy-cloudflareimage is probably also enough for your use case, assuming they’re regularly updated. But if you like control, CI is one way to go.
stratselfto
Matrix@programming.dev•Need Help: I'm not getting notifications to my chat.English
2·15 days agoi’m not sure what you mean? you configure it as your default ntfy server, then delete the previous topic. Then Element X should be able to recreate a new topic again and you can test if notifications are working.
If your server is a continuwuity then there are some little push problems. But if you’re on matrix.org or any other Synapse server it should be fine.
stratselfto
Matrix@programming.dev•Need Help: I'm not getting notifications to my chat.English
1·16 days agoProbably https://ntfy.schildi.chat/ which is maintained by the SchildiChat developers
stratselfto
Matrix@programming.dev•Need Help: I'm not getting notifications to my chat.English
2·16 days agoThe default https://ntfy.sh/ server ratelimits Matrix notifications by a lot and is therefore unusable. Try a different ntfy server
stratselfto
Linux@lemmy.ml•Why are so many Linux projects on Microsoft GitHub? Shouldn't they all move to Codeberg?English
4·16 days agoThe idea is to download the “project” down to a local machine, switch to the contributors’ PRs, and have those new files natively show up in their directories. Then they can use local software i.e. Inkscape/Illustrator/etc to edit those SVGs and commit the appropriate changes. This is really not feasible with a forge’s web UI.
stratselfto
Linux@lemmy.ml•Why are so many Linux projects on Microsoft GitHub? Shouldn't they all move to Codeberg?English
24·17 days agoThe case of free CI/CD, visibility, and network effects are already said. So I wanna offer an anectode: someone I know is a graphic designer, who maintains a project that curate icons. Moving to Codeberg means he has to interact with PRs using the CLI, which he really does not have familiarity with. GitHub OTOH has a simple desktop client that allows natively switching across PRs, approving then in the UI, etc. It’s really, really convenient for someone who’s not a developer.
I think Forgejo-based platforms will need to work on a very good GUI client, in order to attract less technical contributors.
Hi, I do think this is a very cool idea. I appreciate using the WebRTC stack, and see that there are even AR/VR integrated too. I do have some questions about this project:
- How do you see groups to be implemented (if that’s on your roadmap)? IIRC webrtc mesh topology doesn’t scale really well with many nodes, and how does a group handle netsplits between participants when some are offline?
- Will you address offline delivery of messages, and how? Afaict, maybe something like a P2P relay with limited retention can help, although it must be in semitrusted/trusted territory
- Do you see any chance this technology may be used in alternative networks (TOR, I2P, etc)? I guess that deviates from the webRTC model by a lot, but could there be any technical developments for it to become a possibility?
Thanks in advance for any responses :)
stratselfto
Selfhosted@lemmy.world•HELP : Cannot upload files bigger than ~180MB to matrix serverEnglish
1·24 days agoUse the
--resolveflag e.g.curl --resolve matrix.example.com:8008:127.0.0.1 https://matrix.example.com:8008/
stratselfto
Selfhosted@lemmy.world•HELP : Cannot upload files bigger than ~180MB to matrix serverEnglish
5·26 days agoWhy is there two nginx containers? Can you do nginx1 --> continuwuity?
Does continuwuity show any logs? What about nginx? Check Element Web’s devtools, does the 499’d network request say anything of note?
Maybe have a chat in the support room
stratselfto
Selfhosted@lemmy.world•Where is the love for conduit? Everybody is preferring continuwuity or tuwunel?English
4·26 days agoIf you are running a conduit fork, what is your reason for leaving conduit, and if you are running conduit, why didn’t you switch?
Conduwuit (predecessor of Continuwuity and Tuwunel) hard-forked from Conduit and introduced breaking database changes. That is a significant people don’t easily “switch over”
It may be slow in development, taking a bit longer to implement a new feature, but not too much longer.
I would say its pace of development is very slow compared to the pace of Matrix in general. But if you only want the barebones features, you can use it.
Or am I missing something the others have to offer?
Feature-wise, Continuwuity offers email support, single-use registration token, policy server integration, user suspending, a ton more of admin commands, and some extra endpoints for Element Call. It is also actively working on OIDC-OAuth (so you can login with your IDP), and an ecosystem-wide Admin API. It also has an active community. I can’t speak for the other fork.
Lastly, I don’t think anyone “hate” conduit, the project is alright. It’s just not the topmost option.
stratselfto
Selfhosted@lemmy.world•Where is the love for conduit? Everybody is preferring continuwuity or tuwunel?English
2·26 days agoAs to answer your questions, threaded conversations are mostly a client issue. The UX for them are still not very good so not a lot of people use it.
SSO/Auth is actually quite hard to support. There’s the “legacy SSO” option which is deprecated in favor of native OIDC, and afaict only Synapse supports it for now. But Continuwuity is actively working on it.
Support for delegation to an external IDP (without MAS) is a work-in-progress
stratselfto
Selfhosted@lemmy.world•What are your self–hosted alternatives for inter device communication?English
7·1 month agoTaildrop if you use Tailscale.
<offtopic> It’d be nice if there’s a Syncthing built into Tailscale or some of the mesh VPN solutions. Taildrop is good but it’s not entire directory sync with proper conflict resolution.
Surely I can use Syncthing inside Tailscale but 1. I have to depend on their public discoservers, or 2. I have to host and configure the discoserv myself for every client which is tedious to do </offtopic>
Account data isn’t encrypted? Is that an oversight?
Not exactly. Some data like push rules and presence configs needs to be unencrypted so the server can process it. There is still value in encrypting other parts of account data tho
Opencloud.eu should be leaner, has apps for those platforms, and preserves file structure on-disk. If you don’t need fancy syncing options and just wanna share links to file, look into copyparty
stratselfto
Selfhosted@lemmy.world•Towonel: Open Source drop-in Cloudflare Tunnel alternativeEnglish
2·2 months agoNot exactly a tutorial, but I use SNI routing + TLS passthrough with Caddy-L4 (and previously Traefik), and wrote/collect some stuff about it over the years:
-
https://theorangeone.net/posts/wireguard-haproxy-gateway/. From TheOrangeOne, involves TCP routing with HAProxy and plain WireGuard. Most likely what you want.
-
https://muoi.me/~stratself/articles/tailscale-notes/#the-public-website. Me using Traefik + Tailscale to route TCP to the backend
-
https://jdedev.org/projects/tophomelabwork/docs/solutions/traefik/traefik/. Another Traefik example
-
https://muoi.me/~stratself/articles/the-cost-of-tls-passthrough/#scenario-1-passthrough-encryption. Same but for Caddy-L4 and involves SNI routing. If you want plain TCP routing just do
{ layer4 { tcp/:443 { tcp/127.0.0.1:538 } } }-



You will need to create the address (or alias) using your newmatrix.org account. Check the space’s settings and see if that could be done