alto

joined 2 years ago
sorted by: new top controversial old
jotty·page - Checklists & Notes made it easy in c/selfhosted@lemmy.world
[–] alto@lemmy.ml 8 points 1 day ago

Matrix is generally very nice for chat, and Discourse for forums.

Including a Pangolin VPS in homelab cluster? in c/selfhosted@lemmy.world
[–] alto@lemmy.ml 1 points 1 month ago* (last edited 1 month ago)

Yeah I think were on the same track, what I can think of is to do this;

  • Set up firewall rules on my LAN router (which hosts the Wireguard server), restricting access to the Wireguard client coming in from the VPS.
  • Set up firewall rules on the cloud provider to restrict access to anything but my public IP where the Wireguard server is hosted.
  • Do the same in the VPS host internal firewall.
  • Configure the Wireguard server and client config to only allow access to the IPs relevant for the clustering.
  • Set up CrowdSec as part of Pangolin, it's an integrated feature
  • Move the Newt + service containers exposed via Pangolin to their own isolated VLAN in order to further harden the environment around them
  • Configure Nomad and Consul tokens to only allow the VPS to register the Pangolin services and nothing else
Including a Pangolin VPS in homelab cluster? in c/selfhosted@lemmy.world
[–] alto@lemmy.ml 1 points 1 month ago (2 children)

But I think that's kind of where the problem lies; if we're talking about external firewalls applied on the cloud provider, then I need an external IP for my homelab network to use in the rules, which defeats the point of Pangolin to begin with. And if we're talking about the firewall inside the VPS, like ufw or whatever, then that would be forfeit if a bad actor would gain root access on that host, they would just disable the rules. This is kind of where my thinking is at currently.

Including a Pangolin VPS in homelab cluster? in c/selfhosted@lemmy.world
28
Including a Pangolin VPS in homelab cluster? (lemmy.ml)
 

I'm slowly working my way through deploying Pangolin on a VPS to securely expose some services publicly. I came to wonder a bit about how to approach this VPS security-wise. My homelab runs as a Nomad/Consul/Vault cluster, and it would have been nice to have the VPS as a client node as well, allowing me to spin up and manage the Pangolin components with Nomad jobs. However this means that the VPS would need connectivity to the cluster, essentially a Wireguard connection back to my LAN, this got me thinking.

Should I just forego the entire cluster client idea here and instead see the Pangolin VPS as a completely isolated thing, or is there some secure way to tighten down the connection to my local network with Wireguard? I could for instance restrict the AllowedIPs for the VPS to only be able to reach some specific host for the clustering.

Anyone done anything similar and care to share?

Healthchecks.io: Throughput Upgrade (With Train Illustrations!) in c/selfhosted@lemmy.world
[–] alto@lemmy.ml 0 points 3 months ago

Interesting read, it does seem like time to start looking at horizontally scaling the workers based on request pressure. Having a dynamic number of workers that can do the database updates and then quickly release the mutex should increase throughput.

Free hosting options for Pangolin in the EU? in c/selfhosted@lemmy.world
[–] alto@lemmy.ml 1 points 3 months ago

That's interesting, I'll have to look into that again, they seem to have a server location option that is EU which looks nice, I'll just need to find out which countries that actually refers to.

Free hosting options for Pangolin in the EU? in c/selfhosted@lemmy.world
[–] alto@lemmy.ml 2 points 3 months ago* (last edited 3 months ago) (1 children)

I created an account on Scaleway just to check prices, which seem to be the same as Hetzner. But looking around online I find that people are heavily in favor of Hetzner over Scaleway due to reliability and service, so I'm leaning more toward Hetzner.

Free hosting options for Pangolin in the EU? in c/selfhosted@lemmy.world
[–] alto@lemmy.ml 1 points 3 months ago (2 children)

Is the 1€/month price permanent or a limited time deal where it will go up later? Because I didn't see that kind of pricing on their site which wouldn't go up to 12€/month after a year.

18
Free hosting options for Pangolin in the EU? (lemmy.ml)
 

Are there any folks here who have set up hosting for Pangolin in the EU and if so; what hosting options have you chosen? Are there any good free tier options?

I'm also keen on finding a platform which supports terraforming the setup for the VPS, firewall etc.