It shouldn’t mess with your current routing but if you’re running other VPNs you may run into issues.

After you join the machines to the tailnet, each machine gets a new IP address ( only visible to other machines in the tailnet), by default it’s a 100.x.y.z you can check the tailnet for the device IP.

Now you can keep the port closed on your router and it will still be accessible over the usual lan ip and port. But when you want to access remotely, turn on tailscale and connect using the tailnet IP.

Another cool thing you can do with this setup is turn your home server into an exit node. By default it will only route things that are in the tailnet (100.x.y.z subnet). But if you turn your home server into an exit node you can funnel all your traffic back through the exit node. Instant free VPN back home!

Here you go friend, enjoy! 😁

https://tailscale.com/blog/how-tailscale-works

Unencrypted HTTP can mean that anyone can see your traffic as it passes through their network. Your ISP will see that traffic. If you’re streaming pirated music and you’re in a country that cares about those things, might not go very well. From a security stand point though, you still wouldn’t want to trust the authentication on the open port. A vulnerability may exist that you don’t know about. It’s always better to keep them closed and add another layer or two between your home computer and the public.

Tailscale let’s you tunnel into your home network without opening any ports, and it encrypts the traffic. Much safer way of doing it.

Go on…

Another tip, please be very careful when exposing ports to the public. With docker you’re already mitigating your attack surfaces but an open port allows anyone to make a connection and there are lots of bots out there looking for open ports and vulnerabilities. A good alternative would be to setup wireguard and instead then connect through that or if you like simplicity check out Tailscale.

Use nix repl! That stands for Read Eval Print Loop. You can evaluate a nix expression and see all the attributes inside. For example, on a non-flake system, use :l <nixpkgs/nixos> inside the repl to load the current system. Then you can hit the tab key to show whats inside of the current attribute set, make sure you have a . at the end. Then you can press enter to evaluate and see the declaration. For example when you set networking.hostName in configuration.nix you can actually find it under options.networking.hostName.value evaluating that in the repl.

Imo the worst part of nix is how it turns into this chicken or the egg scenario. Let me explain, nix is very good at reproducing things. It ensures that all things are the same when installing a piece of software. Once someone writes a nix module, generally speaking, it “just works”. You can always take that nix file and get it to run the same way on another machine. But since most gamers/musicians don’t give two shits about reproducible software, it doesn’t get packaged. And with no packages they will never be interested to get into nix.

As I write this though I realize, many open source projects have struggled with getting contributions from the community. Personally, I just think nix solves the issue of “idk, it works on my machine” better than anything I’ve seen. Being able to reproduce software and stop dependency issues is a very valuble thing, just not for everyone.

Hey this is a great web server example! Instead of commenting it out to enable or disable you can actually turn it into a full module. Check out this example of a nix module. Basically, you can take your code you pasted and put it under the config set. Then create an option to enable that set of code. Now you can always have this nix file imported, but enable the option only when you need it with another declaration. Really, that’s how all the declarations work you’re just getting the nix files from github and nixpkgs.

Wow, this must be the craziest case of post nut clarity in recorded history.

Is there a thing between swiftys and Jake Gyllenhaal?

Check out this guide to get started with exposing your services via proxy. I started with v1 and migrated to v2. Until I dug this link out for you, I had no idea about v3; but if it’s as good as the first two I can only imagine how good it is now.

https://www.smarthomebeginner.com/traefik-v3-docker-compose-guide-2024/

Ohhh come on now, you’ve got too see the irony here. Don’t you get tired of repeatedly adding that license? No, of course not. You just like the attention, it’s okay lol I won’t tell anyone your secret ;)

Servarr is a stack of applications that sets up a media suite. Radarr and Sonarr handle the managing of movies and TV shows, respectively. Prowlarr searches for the media through either Torrenting or Usenet. Then you’d need a downloader like SABnzbd or Deluge. Ombi is another application to handle requests and finally you’d need a streaming app like Plex, Emby or Jellyfin.

Think of it like a marionette; you’re making a bunch of services work together for one goal. Most people use docker and create a docker compose file to manage all the services. Typically the flow goes like this, a person makes a request to Ombi for something to watch. That request goes to Radarr or Sonarr, which creates a folder and populates the Metadata from IMDB. Then a request is sent to Prowlarr to find the media. Once found its sent to the downloader, like Deluge, to actually grab the media. After it’s done, Radarr / Sonarr will import the media into the correct folder. Now you’ve got a perfect collection for Plex / Emby / Jellyfish to start streaming your media. Really awesome suite once you get it up and running.

I believe media hosting is only against their ToS if you try and use the proxy service. In the DNS page you would want to make sure the clouds are not orange. Fair warning though now your IP is exposed to the public.

What is this from?

I bet you it’s because of the intel RST settings in the UEFI. If RAID is turned on the RST driver is needed. Ive ran into this exact same issue, not being able to see my drives when installing windows. Swap over to AHCI and the windows installer should see the drives.

Note that changing that setting can cause problems for existing OS installations. Make a backup and do your research before changing that.

https://www.linuxserver.io/blog/advanced-wireguard-container-routing

I think what you’re looking to do is route using IPTables. I’ve achieved a similar setup with this guide, just not using a mail server. With this setup the DNS can actually be taken care of by docker. With my phone on wireguard I can resolve by the container name on my VPS, internal server docker container, internal lan, and everything else goes out to Mullvad (direct too thanks to split tunneling). Very slick setup.