Thanks for the suggestion

What would you suggest instead?

Install fresh tomato to this and you’ll get a much better AP with very good firewall and QOS and traffic inspection. Also good SNMP for monitoring

https://www.ebay.com/itm/256808892926

https://www.freshtomato.org/

I’m one of those people with an overkill setup.

Do you have experience with kubernetes or kubectl and DR or ASICs? Not everything should be a container or can do what an ASIC is built/designed for.

If I want a three node cluster for redundancy and speed I’ll need three baremetal machines. Or one hypervisor hosting 3 VMs that run my cluster nodes. I think there is a knowlege gap. Check out these links if you have more questions.

https://kubernetes.io/docs/concepts/architecture/

https://www.redhat.com/en/blog/kubespray-deploy-kubernetes

https://rudimartinsen.com/2023/12/29/kubernetes-cluster-on-vms-2024/

Also some things cannot run as a container due to having architectural differences. These are specifically designed chips for prototyping and software development.

https://www.ijert.org/asic-design-for-a-32-bit-risc-v-processor

Lastly we all have different needs for our home labs. I have to research new tech and processes for my job. It’s a lot of political overhead to get some stuff working on company hardware. I’m very lucky to have a good relationship with systems and storage so that I can buy older retired hardware to run at home. This is not everyone’s usecase and that’s fine.

I run a cluster of VMs that run kubernetes and manage those VMs with containers that run Terraform and ansible. Along with baremetal RISC-V workflows and ASICs.

A tool is a tool and one should pick what works for them.

https://www.smartprix.com/bytes/how-to-run-deepseek-ai-locally-on-your-phone-2-methods/

Proton has a business model where they want the user to put their eggs all in one basket. If you want that kind of userbase you need to leave your personal politics out of it. The problem isn’t that the CEO is right wing. It’s that he is very publicly right wing. Supports a known huckster. And lastly could be vying for a role in the administration. All of this calls into question just for how long Proton will be secure before they are selling user info to the state.

Politics are very fucking important in terms of security when you’re a whistleblower or dissident.

https://tpo.pages.torproject.net/core/arti/

Lighter weight and more performant. Should be a drop in replacement

https://gitlab.torproject.org/tpo/core/arti/-/blob/main/README.md#hidden-service-onion-service-client-support

Simplest way would be to mount the nfs share natively on the proxmox host and then backup to that file location in storage.

Here’s a good thread on it

https://forum.proxmox.com/threads/how-to-setup-nfs-for-proxmox-backups.20525/

If you’re thinking of encryption you need to think about how that could impact data recovery.

Cloudflare tunnels are cheap(free if it’s just a couple), simple, and really great.

https://caddy.community/t/caddy-cloudflare-tunnel/15929

You’re using something in front of caddy right?

Atleast refuse basic headers and close connections

add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";

server {
    listen      80 default_server;
    listen      [::]:80 default_server;
    listen      443 default_server;
    listen      [::]:443 default_server;
    ssl_certificate certs/server.cert;
    ssl_certificate_key certs/server.key;
    server_name _;
    return      444; #CONNECTION CLOSED WITHOUT RESPONSE
}

Ports, any NAT, internal IPs. The first part of an organized attack is getting environment enumeration down. If a bad actor can map your network they can more efficiently direct their attack.

https://lemmy.world/comment/14512485

I wouldn’t say they’re moderate.

It’s a custom nginx proxy to the kube api. Too long to get into it. I was hired to move this giant cluster that started as a lab and make it production ready.

Thanks for the feedback

Coredns and an nginx reverse proxy are handling DNS, failover, and some other redirect. However it’s not ideal as it’s a custom implementation a previous engineer setup.

We’re thinking of moving to it from a custom coredns and flannel inplementation in a k3s 33 node cluster.

Tangentially what’s your opinion on Traefik?

https://traefik.io/

If they can’t do that, they can go take a five and come back after. It’s the same thing we teach children.

Is the definition of paternal.

You’re asking for a rational response from an irrational act. People don’t say “Oh I seem to have stubbed my toe and it pains me” they say FUCK THAT HURT.

You sound like you’re trying to manage someone’s emotions with your language and posturing. Which is the exact opposite of what will deescalate a situation.

I think we’re misunderstanding each other. You’re using combative and defensive language and then assuming that I’m allowing someone to berate me. That’s different than what happens. There needs to be open communication about how your partner makes you feel and what language they use. But coming at this from a punitive or paternal angle is just ick.

oh say “what’s wrong?” makes the situation worse? Guess i should paid more attention in Mind Reading at Hogwarts…

I don’t think this is a productive way to think of your partner. I also don’t think you’ve read my comment replies.

If you’re having trouble communicating with your partner, and you get defensive about it, you’re going to have bigger problems than just “mind reading” as you call it.