Never gonna happen because Google will stop developing it any day now.
avidamoeba
joined 1 year ago
Did you dare to say something positive about Electron? Blasphemy!
Does this help in any way with turning VSync off in Wayland environments? I'm guessing no.
And probably a bunch of Linux ISOs.
Agreed. This is why I looked at Headscale before relying extensively on Tailscale.
Yes, Headscale would run anywhere. For the highest versatility you would run it in the cloud but it's not necessary. If all you'd want to connect to is your server and it's mostly up. If you had other machines that you might want to talk to even if your server is down, then having it in the cloud makes that possible. Personally I tried it on the smallest DO droplet.
It is but by default it operates as a "split-tunnel." That is, only traffic directed to a machine on your Tailscale network is routed over the underlying WG tunnel. In practice it creates "an overlay network." It will require installing a client on every end point. If you want a setup-free solution, then you have to do some sort of authentication that you trust to be secure. E.g. rely on each app's authentication, front all apps with an http proxy that has authentication. Personally I wouldn't trust that. I'd probably use ssh which also requires some setup on the client. And that brings me back to Tailscale. 😂
You could theoretically have a firewall rule that only allows the IP address from which you're currently originating. You'll have to figure out a way to reconfigure the firewall as you move from one place to another. I've done this using ipsets and dynamic DNS. It works fine for static locations. It wouldn't work as well for a moving target as DNS records can be slow to update. I'm not using that method anymore because Tailscale is simpler and allows for more uses cases and I have no problems installing it on my machines and devices.
Finally you could probably setup Tailscale on a small router outside the device you're using then connect the device through that router. It might be possible to access your tailnet this way without setting up a Tailscale client on the device. I haven't done this but it's probably possible.
For the disks, I'd use ZFS because it's easier to use and it's got data integrity checking. Choose how many disks you want to be able to lose and use raidzX where X is that number. E.g. raidz2 will allow you to have the same space as your raid10 but any 2 drives can fail and you'd still have your data. Dropping it down to raidz1 will give you the space of 3 drives at the expense of having only 1 redundant drive.
If you decide to stay ZFS-free, LVM has a built-in function to create raid. Look up the LVMRAID man page. It allows you to setup an LVM-managed mdraid and use volumes on it in one go.
For outside access, Tailscale is probably the easiest option. It has a fully open source upgrade path. Tailscale's clients are open source. The server infrastructure isn't, but there's an open source project called Headscale which can replace Tailscale's server. I've tested it briefly and while not as convenient to setup, it seems to work about as well.
Sure. It's certainly legal in NA and widely used. Any VPN can do that too. A corpo can install anything on their hardware and the hardware should be considered to be spying by default.
Oh and MITM proxying has been a fact of every corpo I've worked in. It's the only way to reliably prevent people from accessing the list of sites the corpo doesn't want accessed.
Did you say you're running docker in LXC? So container in a container? If yes, that's generally an anti pattern.
There's Zscaler for Linux. We're using it in our corpo.
You have to run your software mirror no matter what. Even if it's a proxy mirror where you don't actually store most of the packages.
SELinux/AppArmor for more granular access policies.
SSSD connects local auth with AD.
You should look into what your vendor has on offer, e.g. Landscape if you're on Ubuntu.
As others have said config-as-code would probably be part of the equation too.
I use config-as-code for some stuff but in reality there are many manual steps that aren't covered. This is why I run an LVM mirror (RAID1) with two SSDs and I keep a full backup. The system hasn't been reinstalled in 10 years.
If you feel the way you do, you should probably just do a full disk backup with clonezilla or dd every X days and be done with it. If X is large, e.g. months, you should also run home dir backup more often. The Ubuntu built-in tool is great for that. Then when something dies, restore the whole OS from the clonezilla/dd backup, boot, then restore the most recent home dir backup, reboot, and you're back. Minimal effort.
Yeah I kinda doubt it too. However there's a real possibility for them to eventually replace it with Android, once they get the desktop mode finished up. Especially given how they've started caring about costs lately, maintaining two OSes with a lot of overlap might trigger some axing.