Pangolin with an Authentik login required. Jellyfin’s set up with OIDC too but that’s more for convenience than security (especially since password auth doesn’t seem possible to disable, so it’s just hidden with CSS which does jack shit for security).

I’m paranoid so I only expose 3 services total without Pangolin/Authentik in front of them: Authentik itself, headscale, and navidrome’s rest endpoint (the last one skeeves me a bit but it’s mandatory for it to work remotely in the situations I want it, like a web player on work machines). Anything else I personally need remote access to, I can get through tailscale - Pangolin for me covers friends and family usage and a few niche situations.

It’s always hit or miss depending on the system. I upgraded one machine to Proxmox 9 and a VM and my VPS to Debian 13, the only one that gave me some trouble was my VM and that’s because I had an older package installed that was being a pain to remove because of dependency issues.

I’ve mostly got this working but no matter what I do I can’t get UDP and direct connections working if the embedded derp server is enabled (and the only accessible relay).

Speeds were slow at first but it’s been fine lately so I’m not sweating over it too much, but it’d be nice to get that last piece working.

It’s better than it used to be but sunshine/moonlight still blows it out of the water

This is what I ran into when I first decided to try a linux system desktop after ten years. I wasn’t familiar with the new distros around these days, so decided to try Bazzite first. Immediately ran into a driver issue that was apparently not fixable until the (already released) fix made its way into their official repo or something.

Shelved that and gave CachyOS a try (made more sense anyway since I used arch in college and had a steam deck since day 1), and it’s been my daily driver for 6 months now.

Everything mainstream is a black box corporate ecosystem these days. Kids learn how to use specific programs and mobile apps, but don’t learn anything about the OS or machine itself because everything is isolated and “just works”.

It’s a really weird spot to be in. We’re used to the older generations being bad with tech, but now it’s also the younger ones too.

I ran a dual boot back in college to dabble with Linux a bit but gaming support back then was literally nonexistent. The Deck and Proton really reinvigorated that drive nearly a decade later.

This past winter I started a huge degoogling push and trying to replace big tech platforms in general, and I’d also recently quit the only the game I regularly played that didn’t run on Linux due to anticheat bullshit, so I said fuck it and set up a CachyOS dual boot and I haven’t looked back since.

The dual boot is just there in case I ever need it for some odds or ends, or in case I break Cachy, but so far I’ve booted windows maybe 4 times since January.

This works since it feels grounded enough and really does help move the story forward - the anonymity in particular really drives this plot point. It’s also not a real cameo or anything of the sort.

DS2’s cameo is fine, it’s a game full of bizarre cameos and weird shit as-is, I had no idea at first that they were a real person and not just made for the game lmao. It fits in that universe, especially with the uncanny animations.

But what else can you really do aside from those two options? It’ll be incredibly difficult for this to not feel like a forced trend if it keeps happening.

I switched to it this past winter, same time I moved from Windows to CachyOS on my desktop, and I haven’t looked back on either device since.

Debloats the hell out of the thing, and personally I love how deeply documented everything is. Reasons and justifications are given for every design decision, but it’s also not an extremely opinionated ecosystem - if you need a google app or w/e for any reason, the option is there. there are some limitations like the integrity API dogshit, but for the most part, it’s a near flawless experience.

Getting it up and running was pretty easy but admittedly I’m starting to hit some snags with split DNS and Authentik. Totally doable but taking a lot of work for sure.

In the process I’m also moving my entire domain to a different name and got timed out by letsencrypt lmao so I guess I’ll try some more tomorrow.

I went with a Racknerd debian 12 box, DigitalOcean is a bit overpriced for what you get. There’s a whole list of recommendations in Pangolin’s wiki iirc

The variant version of number 2, which is more work to set up of course, is Pangolin on a VPS. Basically serves the same purpose but skips Cloudflare entirely.

I’m in the process of setting up Pangolin and Headscale on a VPS to expose a small handful of services and to replace my wg-easy setup. Currently chaining wg-easy through a gluetun container, so with a single VPN connection I get LAN access and protect my outbound traffic, but I can’t for the life of me get the same setup working on wg-easy v15, so I’m going to give tailscale/headscale a try with a gluetun exit node.

Depends on how much you use it. Since I don’t use mine for media, mostly for configs and service data folders, I barely scratch 120GB and I’m literally paying under a dollar a month for it right now.

This scenario is why my offsite backup is primarily a backblaze b2 bucket, while also running a large media backup to an external HDD once a month which I keep in a storage unit. Janky but effective

Realistically I could coordinate with my brother to set up a backup system at my family’s place but it feels like a hassle

Not sure about other options but Backrest has worked wonderfully for me since day 1. Basically just a GUI for Restic. My only complaints are that jobs can’t be assigned to multiple repos and you can’t edit a job’s name or repo once created. Aside from those quirks, it works fine - I have daily, weekly, monthly, and manual jobs set up across both servers and my desktop, basically just set it and forget it.

I just recently started routing mine through a gluetun container, but now I’m hitting timeouts pretty consistently. Not sure if there’s a solution to that or just deal with it.

Yeah I’d consider blocking out both the bots and AI-users a win-win lmao

On the peripheral end, ElGato. You can usually get their stuff to work but they provide little to no support, usually have issues to work out, and you’ll always be relying on third party replacements for their software.

I got a stream deck plus with the xlr dock, since even though I quit content creation I like what it provides and have no reason to downgrade my mic, but the thing has been a headache and a half ever since I switched to cachyOS.

I started my homelab with a couple exposed services, but frankly the security upkeep and networking headaches weren’t worth the effort when 99% of this server’s usage is at home anyway.

I’ve considered going the Pangolin route to expose a handful of things for family but even that’s just way too much effort for very little added value (plus moving my reverse proxy to a VPS doesn’t sound ideal in case the internet here goes down).

Getting 2 or 3 extra folks on to wireguard as necessary is just much easier.

Yeah this is why it’s so offputting seeing so much praise for him here. I don’t believe he’s ever outright apologized and owned up to what he’s said and done in the past (I could be wrong though?). Last I checked the dude was literally a neo nazi.