Why is there a dunkin donuts app?

https://wiki.openstreetmap.org/wiki/Editors#Choice_of_editors

Something like these?

You could self host a web client

Well the internet down scenario has only happened once, and I returned home to no internet, booted up my laptop, and could not connect to any of my services since I couldn’t reach my control server. I haven’t forced the issue to occur by disconnecting my internet and testing connectivity. I just did the lazy thing and connected to the services I wanted via their IPv4 address

you’re almost certainly routing local network traffic over NetBird instead of using local routes

That’s precisely the functionality I want, though. Secure, encrypted, mutually identified traffic should be the only traffic in a zero trust network.

I’m simply trying to create an ingress point into this network for outside access.

Thanks for your response! I’m completely self-taught, so I’ll go ahead and acknowledge knowledge gaps on my end, but how would putting all the nodes in a network cause routing problems or ARP poisoning?

I recognize that what I’m trying to accomplish is a bit overkill for the average home network, and a lot of my reasoning behind my design is purely for learning. My reasoning for putting everything on a mesh network is 2-fold:

• Providing encrypted, secure, and mutually identified networking between all nodes
• Creating a centralized source of truth and control – NetBird runs its own DNS system behind the scenes, which allows all nodes to be addressed by name regardless of location, which interests me because it creates a single point of administration for ACLs, routing, etc. I’m also able to access any node I want across the mesh network as long as I’m connected to it.

I have successfully run this setup previously with the NetBird management console hosted in a VPS, however the issue I ran into was that if internet went down at home, I could no longer access my locally hosted services through the mesh network. I could still access them via IP, since I was on the same LAN, but that defeats my goal of centralized control, mDNS, and a central source of truth that I got via the mesh network.

I have also successfully ran this setup completely local, however I am unable to access it from outside my homelab. For my use case, I think having all components of the mesh network hosted within my homelab is the best design. However now I have to figure out the best way to allow external connections to my management interface. Thus my original question should I use a cloudflare tunnel to my management interface, set up a wireguard tunnel from an externally accessible VPS service pointed to my management interface, or something different?

Ahh gotcha, that makes sense, so like the difference between a self signed SSL certificate and something like LetsEncrypt.

Re 2: I was thinking in the scenario to allow auto discovery of your certificate, so someone who is emailing you for the first time could look up your public key automatically and use it to encrypt their email.

Also, great writeup and thank you!

Question 1: What’s the point of using Actalis? Can’t you generate your own certificate?

Question 2: Is there a way to get your email.server to automatically publish your public key?

Just trying to keep abreast of the latest ornithological news

They happen to be running Fedora Kionite on their desktop since I got sock of troubleshooting windows 😂

I laughed, then had to explain the joke to my parents, which meant I had to explain what Linux was, what daemons were, and why I was giggling

Good point, I like the ability to choose between VMs and containers. If I had TrueNAS in one VM and Nextcloud in another, how would you link Nextcloud to TrueNAS? SMB share?

Would you use something other than TrueNAS, then?

From the brief research I just did, this does seem like a good direction to take. However I’m doing a lot of learning right now and I’m trying to stick with just one or two technologies at a time and adding in Kubernetes and Helm is a little beyond me right now.

Mostly mental, and ensuring separation between my real life work identity and my online/whatever identity. I’m sure that’s mostly in my head but peace of mind is peace of mind.

Well I run GrapheneOS on a Pixel 5, and I use Shelter to isolate my work apps from my personal apps. I have sandboxes google play within shelter, the apps I have in my work profile are:

• MS Outlook
• MS Teams
• MS Azure
• WhatsApp
• Word
• Excel
• Adobe Scan

I dont use my phone very much for myactual job, but its good for maintaining connectivity and checking/responding to emails and calling into meetings as needed.