Not selling me on those downsides. Sounds like a much better world without those.

Try selling this idea to the rest of your country’s population.

PTSD from early 2000s

I will agree that my advice is bad.

I myself run all my services over wireguard. But I run ssh natively though but with extra hardening (fail2ban/sshkey/no default port/max retries, etc). Plus my IP changes every 24 hours. However, I did learn how to setup online services and this can be a stepping stone.

If one is experimenting, exposing the port is fine (temporarily). But if someone is running a service 24/7 over the internet, and the person does not have any cyber security acumen, wireguard is the clear winner.

If you tell me what kind of hardware you have, i can direct you to the correct resource. I have done it for my TPLink router, which has support for noip.com. OpenWRT/OPNSense has dedicated plugins or it’s baked-in.

For external access though, I don’t have a domain name registered, and I’d rather not have one. I’d be happy to access this just using my external IP address. But I don’t know how “static” the IP address from my ISP is. (My router gets it via DHCP, but I don’t know how long those leases are, or if it re-uses the same IP when renewing.)

Some routers have integration with dyndns or noip. You can get a free (disposable) domain. If you do the correct port forwarding to your camera’s application server, you can access your camera from outside. However, ensure you are using HTTPS, a strong password, and the server on a non-standard port.

Pro-tip = Run wireguard to access everything securely.

I was checking the feature list of Technitium and it’s a bit … overwhelming. I may shift to it one day but I need to study it first :P

Pihole is fine for the time being.

but it would bypass the DNS tampering by your ISP at the least

I doubt it because I could see that my ISP is doing a MITM attack on my DNS queries. Encryption is the only way.

I have seen this project popping up quite a bit. It seems like this natively supports a lot of encrypted DNS protocols, unlike Pihole. Looks very nice.

dnsproxy seems really good.

I’m checking their docker release (https://github.com/axeleroy/dnsproxy-docker/)

I’ll assume you’re looking for a self hosted alternative

I self-host the cloudflaredwhich is used by my Pihole as the upstream provider.

I shall check out Hickory DNS. Thanks!

Edit: Okay, the application is still in alpha-stage. I’m afraid I can’t use it, but I will be keeping an eye out for it.

If it’s a custom TLD (.lan, etc.) then you need to do self-signed

Can you share some resources on this?

Nothing dies in Linux. But it might lose support from the mainline kernel (for xorg, it may take another 50 years).

Time to rewrite systemd in rust. I don’t have time to hate them individually /s

Can someone put the “forgiveness stops by Jesus” meme here?

⚡Keep yourself safe ⚡

“Guys! I’ve found another one over here”

You can really feel the dilemma from his expressions

“They are paying me money. Should be legit”

Shit shorts, ShitTok?

You will still to track adhoc changes to different services or configurations that would then need to also be applied and executed in a NiX config in the proper place to ensure proper order of execution.

Do you mean to say that I can run random systemctl commands to make changes to the system, but in order to make them persistent, I need to add them to the config? If yes, this model is fine by me. As long as the changes are documented in files maintained by me, it’s good.

In mutable distros, the issue I face is that some changes are present in .config, /etc, ~.local which slowly becomes painful to keep track of.