No, if you are batted, you will need a vps or some kind of real public address and tunnel to it for external to internal access. A VPN with port forwarding will also work.

Agreed, but still, its a serious loss for matrix, which is already a bit of ashitshow.

Is this shit true? I have been using conduwuit for quite some time with total satisfaction (as far as matrix goes OFC) and woulduch likely delete my matrix presente than sricking back to that shit show of synapse.

I read the link, and feel like i want to know the other side of the story.

But, honestly, don’t care for the stupidity of people and the toxicity. I care for the technical side and conduwuit is just the best out there. Losing it, it is a big loss for matrix globally.

Another point: 8gbps is mostly pointless. I would stay at 1gbps inside home and don’t bother to rewire and replace all my home equipment. That’s a long con game over the years slowly when each device has to be replaced anyway.

Maybe plan for 2.5gbps inside for the time being of you can do that a zero cost like reusing wiring.

I wouldn’t count on WiFi in any case, at best it’s a jimnick at that speed.

Get a nice hardware capable of running opnSense and use that immediately after your new ISP device. Just ignore their WiFi router, it will be crap whatever it is, unless you cat reflash with OpenWRT.

Be prepared that the new ISP will .most probably have CG-NAT.

Note: opnSense is based on *BSD so make sure the hardware you buy has supported 10gb network cards, at least two.

Radicale is an amazing light and efficient CardDAV/CalDAV server. Pair with Dav5x on android and you are fully setup.

Thanks you, i didn’t know… Interesting!

1gb swap is way too small…

I usually setup swap to be 2x the total ram size. So, 32gb swap in your case.

Nothing wrong here, seems normal. With such little swap.

Actually Linux kernel works better with swap, the more the better. It will lalso perform better than zero swap. Counterintuitive indeed, but that’s how it works.

If you don’t want swap, use zram.

Luci? What is that? You mean OpenWRT?

Thanks for the clarification, it make sense indeed, specially if you don’t come from a long term Unix background.

Today Linux world feels more and more unnecessarily complicated somehow. I am getting old.

I see that containers get lot of love, but really setting up wireguard is writing a text config file, why would you need containers for that?

Wire guard + some nft tables or ip tables rules is a much better solution.

Ssh on itself can do the port forward part but for the routing you still need the above mentioned rules. In addition, ssh will not autoreconnect if anything happens and you need to add autossh or some other solution to keep it rolling.

LFS is great, I started with it 25 years ago (not joking, it was GCC 2.9 time)

But quickly discovered Gentoo and been there since that time. LFS is not maintainable, Gentoo is the good of LFS plus perfect maintainability.

I could upgrade my requirements to server grade, but not the budget, so I would say the driving factor is budget :)

Hand me a bunch of server grade ssds for the price of consumer and I would gladly install them.

I usually pick the cheapest of a brand I trust. Kingston atm for my ssds.

Don’t care, even the crappiest is way faster than what I need plus less energy hungry than mechanicals.

I focus on size, buy the biggest I can afford according to the raid level I need. Currently have 4 x 4Tb Kingston ssds in RAID5.

Edit: don’t buy ssds on aliexpress, don’t go that cheap… Go cheap like buy consumer level stuff not server grade stuff, but still from reputable sellers and brands.

Yeah, would be great to buy server grade stuff, but I don’t have a server grade budget.

Bad example, you picked a reserved range that confused me :)

You can with srv DNS records. I never tested if browser do honor that or just go to port 443 anyway.

Create the subdomains and have them all point to your PUBLIC IP (10.172… But keep in mind 10… Are -not- public ip)

You will need to setup redirect from your router/gateway to your internal ip.

Unless you are on cg-nat (that would explain a 10… class ip) in that case, you will definitely need a real public static ip

To “match” the various ports all to 443, you will need a reverse proxy, since those ports are not standard. This could be mitigated with srv DNS records, but I really strongly suggest not to go public without https and reverse proxy.

This, but I prefer nginx.

And no real need for tailscale or cloudflare. If you do not like to depend on a third party service, either port forward and ddns or an external vps+wire guard if you have gcnat

The idea rocks… Love it!

… Something that added to a Gentoo distribution would be amazing …