Yeah, I was typing that on the phone… thanks for the link:

As the node runs as the root user in order to run plugins as any needed user, it now only listens on localhost as a security measure. You have to edit munin-node.conf in order to listen to the network, and add the master’s IP on the authorized list.

So, I guess the best approach is to just run it inside a management network / internal VPN to avoid exposing the port to the internet.

Looks cool, what about security? Since you’re experienced with it, how does it access the information of the nodes and how secure or insecure that may be? At the end of the day I don’t want to open a port on all nodes just to have it be used as root access to those machines…

“The fascists have taken over” yet were the non-fascists that decided to cut episodes and scenes from old tv shows and movies because they were offensive thus destroying culture in the process. Interesting.

What happened to covergalaxy anyways? Why did they remove all the forum content? Thanks for the help.

The problem is that the only decent resolution version was the one from cover galaxy and that’s no longer available on the link you provided :(

That one you’re talking about is from the vinyl soundtrack and not quite the same thing.

Sorry here’s a better tutorial. I might write one, it is interesting that they all suck in different ways.

https://starbeamrainbowlabs.com/blog/article.php?article=posts/237-WebDav-Nginx-Setup.html

The folder is defined by the “root” directive. Like with any other nginx setup.

Cam be anything you want, just have to install nginx and configure it: https://medium.com/learn-or-die/build-a-webdav-server-with-nginx-8660a7a7311

The funny part is that they sell it as modern yet they use Java like if it was a banking software from the 90’s. Thanks for the tip.

Nextcloud Music (…) Downside: it is Nextcloud.

It’s so hard to have a SMB share with one folder per game. The solution is obviously to run 4000 docker containers.

Yes, I’m aware… however there’s nothing making it so we can’t port the directory listing from caddy (most likely just HTML/JS) into nginx. Or, someone might already have done it, I guess will have a look.

Yeah I would totally use that for nginx.

What software are you using on the server to list the directories?

Yeah because apparently it is too hard to double click on setup.exe but using a docker is okay.

So, looks like tons of HTTP services and SSH.

Great, but what services are you hosting ? What ports you need?

Yeah, those may work. Since you’ve one how does it look like? Are there blocked ports line SMTP? Are the IP good / aren’t blacklisted everywhere already? Thanks.

This means I don’t need to mess around with QBT’s “proxy” settings?

No, you don’t. In short, trackers will look at the source address of the incoming connection on their side, that means you VPS IP because you’re doing NAT on the VPS.

Just make sure qBittorrent is restricted to the WG interface and nothing else.

but without nix it’s a pita to maintain through restores/rebuilds.

No it isn’t. You can even define those routing polices in your systemd network unit alongside the network interface config and it will manage it all for you.

If you aren’t comfortable with systemd, you can also use simple “ip” and “route” commands to accomplish that, add everything to a startup script and done.

major benefit to using a contained VPN or gluetun is that you can be selective on what apps use the VPN.

Systemd can do that for you as well, you can tell that a certain service only has access to the wg network interface while others can use eth0 or wtv.

More classic ip/route can also be used for that, you can create a routing table for programs that you want to force to be on the VPN and other for the ones you want to use your LAN directly. Set those to bind to the respective interface and the routing tables will take place and send the traffic to the right place.

You’re using docker or similar, to make things simpler you can also create a network bridge for containers that you want to restrict to the VPN and another for everything else. Then you set the container to use one or the other bridge.

There are multiple ways to get this done, throwing more containers, like gluetun and dragging xyz dependencies and opinionated configurations from somewhere isn’t the only one, nor the most performant for sure. Linux is designed to handle this cases.

In terms of homelab stuff, I know a lot of people appreciate the containerized approach.

What I said applies to containerized setups as well. Same logic, just managed in a slightly different way.