• 0 Posts
  • 4 Comments
Joined 2 years ago
cake
Cake day: June 13th, 2023

help-circle

  • If something doesn’t absolutely have to be public, then hosting a VPN or using tailscale (or if you prefer something self-hosted, nebula) can be good too.

    If you DO want the application(s) to be public, then something I tried in the past that worked well:

    I set up on a super cheap VPS and then set up a tunnel (using nebula) to a VM in my homelab. I made sure to configure nebula networking so as to only allow the VM and VPS.

    Both the VPS and the VM were set up to allow only SSH using an ssh key. I threw on fail2ban for the VPS for good measure. It’s scary seeing just how many bots attempt to log in the logs.

    On the VPS, I installed nginx proxy manager and configured URLs on the nginx proxy manager to redirect each to different ports on the VM where apps (like nextcloud, an xmpp server etc) were running in docker.

    Doing things that way you’re only using the VPS as a HTTP/TCP proxy to the server in your home, not actually using VPS storage/processing power beyond the bare minimum for running nginx.


  • I love Nix even if the learning curve is STEEP.

    Like you, I’ve replaced Homebrew with nix and home-manager.

    I’ve also had a bit of fun spinning up full desktop environments with NixOS inside virtual machines and though it took far longer than I thought to get it going to start with, I’ve now got a good foundation and am super happy with it.

    I’m working up to trying out nix-darwin. Think I’ll start out with a MacOS VM first just in case I butcher it.