• 0 Posts
  • 49 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle

  • There is plenty of tooling for Linux to accomplish most if not all of the same goals but in my experience the difference between the two is the the windows tooling is much “friendlier” and for better or worse easier to get off the ground than a Linux equivalent.

    Going the Linux route can and will work but it practically requires you have a a very good admin running the show who truly understands the infrastructure you are working with. I love Linux and greatly prefer working with it over Windows is basically every capacity but I’m not about to go my director and try to convince him we should switch from Windows to Linux as that conversion would be an immense undertaking and I am realistically the only person on staff capable of managing it.

    Additional given so many other businesses/partners are also Windows based shops it very often just makes things easier when everyone is playing on the same or very similar field.


  • themachine@lemmy.worldtoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    1
    ·
    2 months ago

    Because it’s “easier” to support Windows from a business perspective and it’s easier on users to use Windows as most already do use it and thus need no additional training/decreases support tickets.

    I’m a small business environment it’s much easier to manage with Linux but you still need an OK Linux admin on staff.

    Once you start scaling up on paper Linux certainly works but there are a lot of factors that most people (such as yourself) don’t consider.

    This is coming from a pure Linux admin working on a mixed Enterprise environment where 99% of the infra is windows




  • I constantly hear this but I just want to be the counter argument here.

    Self hosting email is not the impossible tasks that people make it out to be. It is on the more advanced side of things though if you are hosting your primary email that you rely on.

    I’ve been hosting my own email forany years now and have had no issues whatsoever but I also have years of experience and know how email works better than many that have no interest in such.

    I would NOT recommended starting your self hosting journey with email but I will never discourage people from doing it.

    Take your time. Ask questions any time you don’t understand something. Be ready to learn a lot and design a solid plan for disaster recovery.








  • Just know that this is a step forward in the direction of making it technically possible to force people to usw the app.

    I disagree. There is nothing stopping that as it is. What this really does is remove one more level of control from the end user on their device.

    Ask yourself if you trust them to not try and profit from this.

    Im not sure what you are getting at here. Of course i don’t trust “them”. Nor do i trust any corp. It’s those reasons among others why i have completely removed google from my computing life and almost exclusively use open source software as well as self host functionally all network services.


  • In the scope of wireguard it’ll just be a matter of you building appropriate firewall rules.

    Since you want their internet traffic to go through you then i assime you’re effectively pushing a 0.0.0.0/0 route to your clients. You then need to add firewall rules on your server to block traffic to its local subnet and in the future allow traffic to only your jellyfin server.

    This is also pretty simple and nothing wrong with that setup.




  • themachine@lemmy.worldtoSelfhosted@lemmy.worldJourney into self-hosting
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    4 months ago

    You did not answer what VPN tech you are using.

    Without that knowledge i would recommend setting up tailscale and having your users use that. If you want to be fully self hosted you can also run Headscale as the control plane instead of relying on Tailscales own service.

    I recommend tailscale as it is very easy to grant a user privileges to ONLY use an endpoint as an exit node but also grant access to any other endpoints as needed (such as your future jellyfin server) via theor ACLs.




  • If you want simple you’ll have to manually decrypt each time it needs doing.

    If you want it to be “automatic” then your best bet is something network based. A “simple” would be to just have a script ssh’s somewhere, pulls the decryption key, and then decrypts the disks. There’s plenty of flaws with this though as while a threat actor couldn’t swipe a single encrypted disk they could just log in as root, get your script, and pull the decryption key themselves.

    The optimal solution would be to also encrypt the root partition but now you need to do network based decryption at boot which adds further complexity. I’ve previously used Clevis and Tang to do this.

    I personally don’tencrypt my server root and only encrypt my data disks. Then ssh in on a reboot or power event and manually decrypt. It is the simplest and most secure option.