21·
3 months agoWhat’s costs do you mean? It’s free and open source.
Dataprolet
Formerly know as u/Arjab.
Anarchist | Antifascist | Anticapitalist.
Arch Linux | FOSS | Piracy | Security & Privacy
Looking for a Mastodon instance?
Check out @serverbot@undefined.social.
- 11 Posts
- 57 Comments
Joined 1 year ago
Cake day: June 12th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Immich has image and facial recognition by default and a very neat Android app. Also it’s running in my home server, which has more power if Immich needs it. In that case I’d say software should serve one purpose and serve that good. Immich is just for picture management and does that very good. Nextcloud is a cloud and the Photos app is just a small extra that can’t compete with a full-fledged software. Nextcloud runs fine on my Raspberry Pi 4, but it’s only used by me and three friends. It’s mainly limited by your network speed and disk speed I’d say. And I’m using an external hard drive without issues.
I use Nextcloud and Immich and would recommend both. Immich might be a bit overkill, but it’s also well maintained, feature-rich and has a large community. It’s super easy to set up and works great.
Borg
It’s easy to use, there are CLI-wrapper and GUIs, it’s crossplattform, deduplicates, compresses, encrypt and based on rsync. I use it for alle backups between machines and networks.
But it’s proprietary, unfortunately.
Thanks, looks promising. I’ll give it a try.
I don’t want to configure a whole Dashboard for at least CPU, RAM, Storage and Network for up to 5 hosts.
I used the following dashboard now, but it’s not really satisfying and also doesn’t really fit more than 4 nodes. https://grafana.com/grafana/dashboards/11756-hpc-node-exporter-server-metrics-v2/
Interesting, because Tailacale doesn’t use any special ports. How would that be detected? And could you maybe use Headscale on a dynamic port to circumvent that?
How can something like Tailscale be blocked?
Headscale is pretty straight forward to set up and easy to use. And there are multiple WebGUIs available to choose from, if you need. If you have any questions, let me know.
Yes I’m running it on Docker and therefore have the docker0 interface.
deleted by creator
Are you sure Tailscale in Docker is creating a wg0 interface? Because I got a working connection between my smartphone and my home server and the home server is not showing any interface related to Tailscale?
default via 192.168.178.1 dev ens18 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 192.168.178.0/24 dev ens18 proto kernel scope link src 192.168.178.178
I’m not sure the Docker container is even using a
tailscaleinterface, because there is none on my VPS or my home server.And how do I see whether I have a device at
/dev/net/tun?
There is no
tailscale0, but also not on my home server which also runs Tailscale and which I can access remotely using my Android. Could my existing Wireguard setup interfere with Tailscale?
So to confirm your behavior, you can tailscale ping each other fine and tailscale ping to the internal network. You cannot however ping from the OS to the remote internal network?
Exactly.
Have you checked your routing tables to make sure the tailscale client added the route properly?
How do I do this? I use Headscale and
headscale routes listshows the following:ID | Machine | Prefix | Advertised | Enabled | Primary 1 | server | 0.0.0.0/0 | false | false | - 2 | server | ::/0 | false | false | - 3 | server | 192.168.178.0/24 | true | true | trueAlso have you checked your firewall rules? If you’re using ipfw or something, try just turning off iptables briefly and see if that lets you ping through.
I’m not using a firewall, but the VPS is hosted on Hetzner, which has a firewall. But I already allowed UDP port 41641 and 41641. The wg0 rule is from the Wireguard setup I want to replace using Tailscale.
# iptables --list-rules -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -N DOCKER -N DOCKER-ISOLATION-STAGE-1 -N DOCKER-ISOLATION-STAGE-2 -N DOCKER-USER -A INPUT -s 100.64.0.0/10 -j ACCEPT -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION-STAGE-1 -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 81 -j ACCEPT -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT -A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9090 -j ACCEPT -A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT -A DOCKER -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9001 -j ACCEPT -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -j RETURN -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP -A DOCKER-ISOLATION-STAGE-2 -j RETURN -A DOCKER-USER -j RETURN
Yes, both clients can tailscale ping each other and after doing so the status shows active; relay “ams”.
Using tailcale ping 192.168.178.178 also works for some reason.
Not sure what to do with the output of netmap.
No, I’m not using ACLs.
Isn’t this using a lot of computing power?