mara

I still reserve the right to be astounded. One of my beta readers said I needed to add a disclaimer that this talk is satire, so I went through a few rounds to make the warning right. I guess we didn't expect someone to get caught up in the title!

I'm astounded, I would have thought that putting an explanation that the article was satire would like...work. Should I have made it giant screaming red text?

I can use Plex on my PS5 and share it with my friends without having to do DevOps work.

Wasn't that intended to fix an issue where other players in your multiplayer session could cause your console to execute arbitrary code? Imagine the fallout if it became "play Mario Kart and then have your console refuse to boot again"

No prob! If you run into any problems, feel free to DM me or /u/[email protected]. We're more than happy to help.

Note my bias as I work for Big VPN (Tailscale), but I don't think that teaching people to ignore security warnings is a good thing to do. The CA system is kind of a scam in general, but I think that at least in its current implementation it's better for us to encourage people are aware of those errors and what they mean.

As the sacred texts say: self-signed certificates beget the use of curl -k beget the use of self-signed certificates.

Tailscalar here. Use tailscale serve. It is a reverse proxy inside tailscaled. It will handle HTTPS certificates for you too. As an example, here's a sample HTTP server proxied to both my tailnet via tailscale serve and to the world with Funnel.

Also as far as I know you need to use Serve in order to use Funnel.

This is true with ARM in general. There's no "standard Linux" to boot because every board needs its own device tree and set of core kernel modules for detecting important things like local storage. It's fairly intractable due to how different the hardware is.

Yo ho ho and a bottle of rum for me!

Carefully.

I personally shove Transmission into Docker:

services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Stockholm
    ports:
      - 9091:9091/tcp
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
  transmission:
    image: ghcr.io/linuxserver/transmission
    container_name: transmission
    ulimits:
      nofile: 1048576
    environment:
      - PUID=1000
      - PGID=996
      - TZ=Europe/Stockholm
      - USER=azurediamond
      - PASS=hunter2
    volumes:
      - ./config:/config
      - /data:/data
      - /data/Torrents/dl:/downloads
      - /data/Torrents/inbox/start:/watch
    network_mode: "service:wireguard"
    depends_on: [ "wireguard" ]
    restart: unless-stopped

Make sure your mullvad config is called wg0.conf in ./config.

For the record, I'm pretty sure using Mullvad for XDCC is super overkill, but I wanted to have an excuse to break out userspace wireguard in a project and writing it all in Go made it so damn easy: https://github.com/Xe/x/commit/3d0647e946014516df33de0b18d2a16eec835bed