I messed up - and got called on it. 

100%

I appreciate it, and I see this as an opportunity to learn for us all.

I appreciate you.

Yes it does!

I think it's more like a kind stranger jumped in harms way and shoved me aside, but indeed!

Me too, my friend.

When I mess up, I own it. It's not bad to admit we are flawed.

@@AwesomeOpenSource You said it.

I actually am gett that setup with netbird, but indeed.

I appreciate that!

My community is awesome, and it renews my faith in humankind every dat.

100%

I really do need to start looking into tools like this. Especially for my series on MSP building.

@@AwesomeOpenSource I'd be happy to share with you some of things I'm doing. Ansible for local machine things, usually VMs atop proxmox, which in turn run immutable docker containers. No docker volumes, rather mount directories from /root/data/containername/volumename, which can then be easily backed up or restored, etc. Terraform for cloud things (gcp presently), again with immutable docker containers running atop GCP CoOS and a mounted drive for storing data long term. With these things, any part of a docker container or VM can be given up, rebooted, deleted, etc, and just a restore of the /root/data (if relevant) or remounting the data volume and we're up and running again. Using nginx or traefik for web proxy, SSL, etc, which is keyed to listen for docker labels if/how to provide http/s services. My own internal software is also packaged into docker containers for their runtimes. Nothing beyond base packages is usually installed on the host, and everything config wise is in git. Reboot, reinstall, docker image changes are almost always safe, or can be rolled back to earlier versions. TechnoTim and Jeff Geerling both have some resources on ansible, however, I don't know of anyone doing immutable containers this way (and sharing it publicly). This is an outgrowth of skills picked up at former employer(s), I think it'd make a revolution if it were widely adopted. Avoids a great many problems with docker, docker compose, etc (they are great for testing something out, but generally less than ideal for running/managing things long term IMO). Again, happy to share more detail. I don't have anything out on git publicly for this at the moment, but that's possible if there's interest. lmk if I can help in any way.

I need to do an updated video about how that stuff works together. And, yes, thank goodness my community is so awesome!

Fun fact: In cybersecurity, this is what we call Ethical Hacking, specifically Vulnerabiliy Testing and Analysis + Pentesting thats part of the offensive security site of things

Also, perhaps a video on setting up a headscale/tailscale + maybe a vps from scratch?

Definitely. I actually toyed with becoming a white-hat hacker (ethical hacker) as a job, but not sure I've got the right skill set for it, and it takes a ton of work to really learn about it.

I have a headscale / tailscale client video out already, but might be good to do another.

What an amazing idea! Absolutely.

Always happy to get tips from anyone willing to share, my friend.

Absolutely, the person who left me a simple message was Awesome about how they did it.

You're welcome.

Yep. I try to maintain that as well. The ACL was a huge miss by me.

Indeed, a 100% kind person.

100% this. Never expose anything to the internet that isn’t meant to be public.

Indeed, though I'll probabaly use Netbird, but 100% agree, and it's they way I should have gone to start with after the move, just got behind on things and it all just bubbled over on me.

You bet.

Sounds like a great plan!

Not sure. It might be a good request as an added feature though.

Yeah, just trying not to depend too much on a 3rd party fo that. There are great tools out there, I just need to take my time and get them setup properly first.

Indeed. VPNs are a great option. Working up my netbird setup as we speak.

I use Netbird, just hadn't seteverything back up yet. I prefer the open source tools whenever possible.

Good plan all around.

He got hacked basically. And it was his fault.

The dashboard is Dashy, and I left one of my services that I run from my homelab exposed without any authentication around it.Someone who noticed got on and showed me by changing my dashboard config just a bit.

​@AwesomeOpenSource there are still a few decent people out there 😀

The dashboard itself runs on Dashy. Here's a video on it. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-QsQUzutGarA.htmlsi=7YRJHoWotadxQgyO

@@AwesomeOpenSource I like it. Thank you so much.

That's a good thing. Take it slow. Learn the basics. Learn about Docker. I have a video that will help a bit I think. It's a bit older, but still valid. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-cjJVmAI1Do4.htmlsi=x_Guk4KTqSfzNmus

Well, not exactly. The only service that was open was the access to my Dashy. They were able to modify my Dashy conifg, which I did check as well. They could have linked to some of my other public services from there, but those were all protected with logins and 2FA. There was really nowhere else to go from there. And, if they wanted to do something nefarious, why even tell me they did it in such a nice way. Your thoughts are completely valid though. Fortunately, I've been reworking a ton of stuff anyway, so it's all been "redone" twice by now.