When you’re an Atreides they just let you do it.

WAF has consistently held me down to earth. “What will that enable you to acheive that you can’t do already?” With a couple mini pcs and a rpi I’m good. I’d love shiny things, but beyond LLMs there’s not much it would enable me to achieve that I can’t already.

That, and other hobbies. I don’t want to be an amateur system admin during the summer. So all winter long, while I’m tinkering, I’m adding up how much it adds to my maintenance schedule.

Honestly, I wouldn’t.

I only run it this way because a VPS had 0 WAF, and I’m terrified of opening ports. VPS is the well trodden ground, there’s tonnes of guides. Mine’s a hack job borne of necessity, it works though, and I am proud of what I cobbled together.

It was my first time solving my own problems. I had my meager skill set, a basic idea of what I wanted, some vague notion of how I was going to achieve it, and a thick forehead to smash against the problem till it gave way for me.

I am going to keep running it this way though. To access my server you need to HAVE a relay rPi, and you need to KNOW a password. That’s two authentication factors right there, just built in.

I use tailscale for my non-tech family.

I run a rPi with tailscale, pihole and nginx on it in their house. They connect to the their WiFi, get adblocking for free. They go to “http://homarr.sever/” pihole captures the request, sends it to nginx which reverse proxies to a homarr LXC on my server. From there they can click links to the services which are at “https://service/######.xyz”. Again, pihole captures the request, sends it to nginx which reverse proxies it over Tailscale to the appropriate LXC.

One poor soul runs a mini pc with 2 mirrored ssds attached, it runs everything above plus Syncthing. They have the privilege of running the remote back up for the server.

For apps on their phone, I intend to set their phone up with Tailscale and then just have the app go to “http://dockge:1337/”… Just as soon as I learn to write the access controls to allow admins to access everything, users to access services, and services to access nothing. I just looked and there’s a gui now so I could maybe do it this winter.

There should be both. Minimal config + gui options for people just getting into the hobby, or just want the thing. And a more open option for people who hit the limits of the first, or to do interesting shit, or to repeatably build a thing.

I go back and forth on my server. During summer I wish it was all Docker YAMLs so I can press “update” in Dockge and then enjoy the weather.

But, I also do non-typical things. Users have a rPi in their house that captures requests and routes them through Tailscale to my server for remote access without a VPS or opening ports.

I’m not too technical so I often struggle setting things up, and documentation can be less than helpful at times, sometimes I really wished there was a gui or wizard, but it’s doable.

I know it’s a meme, but it’s funny how often isitdns.com is right.

If you have even half a thought it could maybe be DNS, it’s probably DNS. Even if I’m sure it probably isn’t DNS, it’s DNS.

I call it beginner butt stuff friendly, thank you very much