Mullvad any day. I used to use Proton but made the jump after the CEO made certain comments and the company supported said comments.

If you go with Mullvad look for the gift cards out there that are for 6 or 12 months of service. I grabbed one off Amazon.ca for 12 months at $75. Works out to be cheaper than paying per month with the ever changing exchange rates.

I also like the fact that Mullvad has servers in the city I live in where as Proton has them on the west coast or east coast. Not the greatest for those in the middle of the country.

I use Proxmox PBS for all my backups. Datastore is on my file server at home. I sync the datastore daily to a little NAS at a family members house and to a super cheap storage VPS on the other side of the country. I also do a manual sync to an external drive that keep offline at home.

Any super important documents such as tax records, health related files, backup of the data volume from vaultwarden, or anything related to wills & estates get backed up as well to 2 USB thumb drives that are LUKS encrypted. I keep 1 in my go bag and another is hidden somewhere… Thumb drives get updated once a month, or sooner if anything major changes.

No problem. It’s a great piece of software. I have it monitoring logs for nextcloud, vaultwarden, mailcow(postfix & dovecot), basic nginx proxies (just to be safe and for rate limiting). I have 4 OPNsense and 1 Debian bouncers.

I had an issue with so a note about setting up the bouncer on OPNsense. If you have the LAPI on a different machine you can currently only connect OPNsense to it using the command line. The LAPI options in the web interface are for defining the interface to bind to and run the LAPI on OPNsense itself. Which isn’t an issue, I just wanted it on a VM so it’s easier to keep online instead of it going down if the OPNsense it’s on fails. Plus I like to keep SSH disabled on my OPNsense devices and spend a bit of time using cscli on the LAPI VM from time to time.

I’ve been thinking about going this route. What size subnet are you banning? /24?

Only thing stopping me is I selfhost email and don’t want to ban say a whole subnet from Microsoft/Azure and end up blocking the outgoing servers for O365. I’m sure I can dig around and look at the prefixes to see which are used for which of their services just haven’t had the time yet.

Crowdsec with a central LAPI server. You should install it on the servers themselves to monitor the application logs directly. Then every bouncer(firewall, router, edge device) connected to the LAPI will all block the same IPs. I got sick of repeat offenders and upped the ban time to 1 year in hours.

Not since my provider(Koodo) started offering Call Control. When humans call my number they get a recording that they have to enter a number that is randomly selected with each incoming call.

Where I live in Canada traffic moves for anything EMS related with lights(other than a tow truck unless of course they have an EMS escort). We pull up on to sidewalks, curbs, and anything really to clear a path. Heck I’ve seen people put their vehicle into a snow bank pr a ditch to get out of the way. I guess we’re of the mindset that others will do the same for us should we be the ones awaiting EMS to arrive or deliver us to an ER.

https://github.com/jellyfin/jellyfin/issues/5415

https://github.com/jellyfin/jellyfin/issues/5415

No worries. Better than reading that someone got hacked because they left Jellyfin wide open

You could even run a travel router, mini PC or Raspberry Pi, run the VPN on it, connect the Roku to it over the onboard WiFi adapter. On the PC/Pi you’d force all the traffic from the Roku towards Jellyfin over the tunnel. You could even define the Jellyfin in DNS (/etc/hosts) so the internet will never even know you’re running Jellyfin. Something like https://raspap.com/ or even a openwrt travel router from the likes of GL.iNet would work.

Do not. I repeat do not expose Jellyfin to the internet. It has too many security issues to be directly accessible from the internet.

I use Jellyfin and only access it over WireGuard. I have a mesh setup between the routers at a few family members houses.

If you have absolutely no other way then to expose it to the internet you need to make sure that you whitelist only the approved IPs in your VPS firewall and block everything else.

https://www.recompile.se/mandos

I use this to get wireguard in intramfs. I just skip the dropbear related stuff. https://github.com/r-pufky/wireguard-initramfs

I use LUKS on my systems. I use mandos and wireguard in intramfs to connect to a mandos server to unlock LUKS during boot.

Nope. I’ll stick with OPNsense which is open source.

Thats unfortunate. I simply shared my experience. Been a customer for over 5 years so maybe they’ve changed their on boarding of new customers and the emails that are sent out.

No upselling. Yes they might have something in the order process. Like when ordering a VPS you can add windows os or some control panel type software. I didn’t pay anything extra and my domains all have private whois details when lookups are done. The one thing they did offer in the order process for domain transfer was something to do with anycast DNS, but it was just a box on the page and wasn’t in your face or annoying.

No annoying emails either. I only get emails from them related to services I purchased from them which include changes to whois contacts(also usually get a email from CIRA for my .ca domains), bill PDF being ready for download, or additional IP is available and ready for use etc.

Canuck here. I’ve been moving all my domains from porkbun over to OVH. I still use desec.io for the DNS since they’re based in Germany and like to keep it separate from the registrar.

If OVH plays its cards right they’re going to be getting a lot more business from those looking to dump GCS, AWS, and Azure.