As long as they continue to maintain the github repository and keep it free without any hidden ads/spyware or restrictions, I will continue to use their service.

Okay, thank you :)) too bad it looked liked a simple and elegant way…

Heyha ! Read about dd on makeuseof after reading your post, to see how it works.

Restoring from an image seems exactly what I was looking for as a full backup restore.

However this kind of 1 command backup isn’t going to work on databases (mariadb, mysql…). How should I procede with my home directory where all my containers live and most of them having running databases?

Does it work with logical volumes? Is it possible to copy evrything except /home of the logical volumes?

This post was about browsers but my feelings when I wrote It was a more general “conclusion”. I only found out recently about some “hidden” privacy concerns with browsers (WebRTC leaking your real ip, fonts fingreprinting…) But when I found out about android’s default keyboard sending samples, IOT weaknesses, smart devices data hoarding… It really feels like a losing battle while being connected to the world…

Do not overthink they want to know about you everything.

That’s true, they probably already have everything they need… It’s not only about my personal data, and my example only points out to the web technology, but everywhere around us are some data hoarding devices that are either used to targeted ads, campaign, profiling, IA dataset feeding… whatever !

It feels like we already lost our right to privacy and how personal data, telemetry is used as a whole in our society…

Rethinkdns is probably your best bet! Right now they are missing an important feature where It takes wireguard’s DNS configuration into account, making it obsolete for those who have private dns in a local environnement with an upstream dns !

Can’t wait for version 0.5.6 😄

If you want to run your own pki with self-signed certificate in your homelab I really encourage you to read through this tutorial. There is a lot to process and read and it will take you some time to set everything up and understand every terminology but after that:

• Own self-signed certificate with SAN wildcards (https://*.home.lab)
• Certificate chain of trust
• CSR with your own configuration
• CRL and certificate revocation
• X509 extensions

After everything is in place, you can write your own script that revoks, write and generates your certificate, but that is another story !

Put everything behind your reverse proxy of choice (traefik in my case) and serve all your docker services with your own self-signed wildcard certificates ! It’s complex but if you have spare time and are willing to learn something new, it’s worth the effort !

Keep in mind to never expose such certificates on the wild wild west ! Keep those certificate in a closed homelab you access through a secure tunnel on your LAN !

edit

Always take notes, to keep track of what you did and how you solved some issues and always make some visuals to have a better understanding on how things work !

Step CA is really nice if you want to learn more about how a real CA works. Had some fun playing with it but yeah it’s a bit overkill for home lab xD.

You can achieve the same result with openssl with less complexity !

Then, I tried ownCloud for the first time. Wow, it was fast! Uploading an 8GB folder took just 3 minutes compared to the 25 minutes it took with Nextcloud. Plus, everything was lightning quick on the same machine. I really loved using it. Unfortunately, there’s currently a vulnerability affecting it, which led me to uninstall it.

I have no idea on how you access your self-hosted services but wireguard could help you out to access all your service from all your devices, with less security risks and only one point of failure (the wireguard port). Also this takes away most of the vulnerabilities you could be exposed to, because you access all your home services through a secure tunnel without directly exposing the api ports on your router !

I personally run all my services with docker-compose + traefik + self signed CA certificats + adguardhome dns rewrite. And access all my services through https://service.home.lab on all my devices ! It took me some time to set everything up nicely but right now I’m pretty happy how everything works !

About the current ownCloud vulnerability, they already took some measure and the new docker image has the phpinfo fix (uhhg). Also while I wouldn’t take their word for granted:

"The importance of ownCloud’s open source in the enterprise and public-sector markets is embraced by both organizations.”

That’s way exposing your home services to the internet is a bad idea. Accessing it through a secure tunnel is the way to go.

Also, they already “fixed” the docker image with an update, something todo with phpinfo…

Thank you very much for your enlighten answer :D !

Removing emacs-gtk itself will work as you expect

Yes that’s what I found out with apt show emacs-gtk, it shows all the dependencies but I found it quiet odd behavior (lack of knowledge).

I wasn’t aware of metapackages, something new to put into my knowledge database.

Edit: While writing my replay and searching through the web and my console, even though I wouldn’t have had understood it while reading it… It actually tells me in the description that emacs is a metapackage… Bad reading skills :/ sorry about that !

Description: GNU Emacs editor (metapackage) GNU Emacs is the extensible self-documenting text editor. This is a metapackage that will always depend on the latest recommended Emacs variant (currently emacs-gtk).

If you don’t mind I have a last question. Imagine I want to remove docker-ce, which depends on iptables among others, if I sudo apt remove --purge --autoremove docker-ce, this isn’t going to remove iptables and break my system right? Because it’s used by other packages, system… I guess, no?

I think a more general question would be how can I be sure I not going to fuck my system while removing packages? Maybe I’m to paranoïd and today it’s relatively safe to do so, compared to years ago??

Thank you :)

Hi thanks for your quick response !

I already checked with apt show emacs and the output clearly shows emacs-gtk as depends on. And while installing the emacs package with: sudo apt-get install emacs it installed a ~400Mo package and all dependencies.

So why doesn’t sudo apt remove --purge --autoremove emacs removes everything ? I thought this command would be the exact opposite of sudo apt install package-name

I tried it 3 months ago. It looked nice had some cool features, but It didn’t fit into my personal selfhosted Home server.

This is more or like to help less-tech savy people to secure their infrastructure, which is a good point, but can’t replace a complex wireguard, VPN, opnsense, 2FA , self-signed CA, docker installation.

It’s a bit like Nginx proxy manager, it’s good enough, does what it is suposed to do with minimal user inputs. Less prone to error, security issues…

You’re not weird ! Quite the contrary, we are on the right path to fight those greedy corporation !! To bad we’re the minority ://!