plateee

Yeah, there’s no alternative on that link for Google pay. Google Wallet is kind of necessary for me - at least for my HSA card because they won’t issue it with anything other than a mag stripe. At least with tap to pay there’s some additional security.

Not that it matters if fucking Google can just slurp up all those transactions. 🫠

It’s a monument to the brave American police officers who stood strong in the face of adversity.

/s

Yeah, in that case, I’d probably split my DNS duties. I started with internal resolution by having Pihole do hard coded DNS entries for internal systems, but my current setup seems to be much more resilient.

I have two PowerDNS servers (main and replica) with recursors to Open DNS internet servers and resolvers for my lab network. It plays very nicely with Terraform or (crucially lately) Kubernetes.

Could you do a subdomain for internal? Using Nginx host base routing to get to the same port would let you have a valid cert for both service.lan.your.fqdn and service.your.fqdn.

Let’s Encrypt wildcard certs for the *.lan.your.fqdn would simplify things.

Your DNA server could then resolve the lan fqdns to your internal network and the non-lan to your Internet exposed?

Yup, shared storage is a requirement. I’m using a combination of Ceph and NFS at the moment, but I wouldn’t recommend Ceph unless you’ve got a 10gb connection between nodes.

Here’s a guide to set up high availability with Proxmox: https://kiwicloud.ninja/2024/02/improved-high-availability-ha-for-vms-on-proxmox-ve-pve/

For me, I have three proxmox nodes that are configured to restart VMs and LXC containers if a host goes offline. There’s a Palo Alto pa-440 for my fw/router and a brocade switch (they were something work gave me for practicing for a network exam).

The nodes, Palo, brocade, and AT&T modem are all on two UPS 1500va systems along with my wifi ap. Run time in case of power loss is around an hour.

I’m this close to getting a comprehensive shutdown script working from a raspberry pi that is triggered if there’s power loss (most UPS systems have some capability to trigger scripts on a host that’s connected to the UPS’s console port).

If I can get that script working, the battery backup will run a PI for several days.

Back on the redundancy side, I host two PowerDNS systems in the proxmox cluster along with a 3 node/LXC container Vault.

If you want to know more, 99% Invisible did a podcast episode on the history of the building:

https://99percentinvisible.org/episode/622-the-great-american-pyramid/

Evidently a gubernatorial candidate for Florida?

https://en.wikipedia.org/wiki/James_Fishback

I tried terraform for my three node proxmox cluster and all the providers were shit (and one was written by a for-profit prison company).

I ended up just deploying manually, but I do heavily use ansible for things like let’s encrypt wild card cert renewal/installation and patch management.

I love terraform when the providers are good - my #dayjob is predominantly spinning up hybrid cloud/global AWS environments and we could not do what we do without tools like Cruft, Terraform, and Ansible.

Oh you want this cool terminal experience? Just run:

curl https://totally-normal-website.io/installer.sh | sudo bash

Maybe it’s this? https://en.philocoffea.com/blogs/blog/coffee-brewing-method

My homelab runs off three Lenovo M920q systems - they have an optional PCIe riser in which I’ve installed a 10Gbe fibre card to handle storage. I grabbed them from an electronics recycling/reseller company - EpcGlobal.

If you’re in the States, I highly recommend them, although their stock changes frequently - https://epcglobal.shop/

Not only never go on holiday or see your family ever again, but crucially “you better be loyal/work harder than citizens lest we fire you and your visa expires.”

Maybe a controversial take, but I like pihole for blocking only - I have a pair of powerDNS servers set up for my internal name resolution. They recurse to Pihole, but can fall back to internet DNS servers if Pihole isn’t responsive.

I tried pihole for local resolution and found it to be a fairly large pain to automate. Plus kubes has PDNS hooks for auto-updating DNS entries.

If those pesky illegals want to come here, they need to do it the right way.

NO, NOT LIKE THAT!

I have dyndns. I don’t recommend them, unless a coworker just gave you their lifetime pro account for free.

Thanks Roody, wherever you are!

Unifi Protect is what runs on the CloudKey/NVR physical device - you don’t need to have it go through to the Internet.

Remember, for better or worse Ubiquiti is positioning themselves as SMB Enterprise security - some companies won’t want their footage to be accessible outside their network.

You have to remember, conservatives somehow can wildly object to multiple things in the GOP platform but still vote R up and down the ticket as long as they agree with just one thing.

Pro-life? Better vote for the pro-life people who are all about zero gun control, mandatory death sentences, and no government supported prenatal care - not to mention fucking over immigrant kids/splitting up families!

Love hunting with guns? Better vote for the gun loving people who also want to sell off our national forests, remove all environmental protections, and privatize our parks.

This is maybe controversial, but I love the Ubiquiti security stuff. Cameras (interior and exterior) doorbells, etc, it’s all great. Pricey, but you get what you pay for.

And the data can stay local or be accessible via their services.

I chose to go local only, grabbed their UNVR and populated it with 4x 2TB drives and it has enough space to handle 7 cameras HD history for about a month.

When he said that, I instantly felt jealous.