…more

A Captain Planet villain in the flesh and blood.

I don’t speak Spanish, but I heard some of these country names in the breakroom today amongst the Latino employees that work with us, with a lot of piss and vinegar in their attitudes about it.

Buried? Ok, moneybags.

I have time, but the will is,… eh, meh, nah.

I’ve done everything in gaming, sometimes ten times over and I’m extremely bored with it. Modern games look nicer but nothing has really changed since 8th gen other than roguelikes, game worlds getting bigger and animation quality.

Not just a new album, their first off of Epic records, following a pop-prog album. This shit is going to be nuts.

It’s Alchemy, same label as Puscifer, Serj Tankian and The Black Queen(Greg Puciato’s band).

Yes, sir!

Most conservatives will never hear about any of this, or anything, really. My mom had no idea that LA had any riots. Every four years she votes and then goes back to sleep on politics entirely. “I won, the end!”

There is a subsection of mp3 players that have enough power to drive high impedance headphones, Hifi players, some call them. They still make decent sales to their customer base of particular people.

I think they do a good job of choosing when to turn the heat up on that budget and when to dial it back.

I don’t think they had that as well dialed in during Season 2, but I couldn’t complain much about the Conquest fight. It could be miles and miles better, sure.

side-eyes Invincible

…almost everything. Kinda bummed we didn’t get a Spawn cameo but, I get it.

the VPS uses the pi-hole through the tunnel

The VPS is Pihole, the dns for the server side is 127.0.0.1. 127.0.0.1 is also 10.x.x.1 for the clients, so they connect to that as the dns address.

server dns - itself

client dns - the server’s wg address

On the local side, the pi-hole is the DNS for all the services on that subnet and each service automatically populate their host name on pi-hole. I can configure the DNS server in my router/firewall (OPNSense in my case)

Only if your router/firewall can directly connect to wg tunnels, but I went for every machine individually. My router isn’t aware I host anything at all.

So when I ping service.example.com, it goes through the VPS, which queries the pi-hole through the tunnel and translates the address to the local subnet IP if applicable.

Pihole (in my case) can’t see 192.x.x.x hosts. Use 10.x.x.x across every system for continuity.

So when I have the wg connection active and my pi-hole is the DNS, every web request will go through the pi-hole. If the IP address is inside the range of AllowedIPs, the connection will go through the tunnel to the service, otherwise, the connection will go through outside the wg tunnel.

Allowed ips = 10.x.x.0/24 - only connects the clients and server together

Allowed ips = 0.0.0.0/0 - sends everything through the VPN, and connects the clients and server together.

Do the top one, that’s how TS works.

My entire setup might not be your entire setup, I have the basic functionality of connecting multiple systems into one mesh network. That’s all I needed so it’s all I did.

The vps is the wg server and my home server is a client and it uses pihole as the dns server. Once your clients hang around for a minute, their hostnames will populate on pihole and become available just like TS.

You do have to set available ips to wg’s subnet so your clients don’t all exit node from the server, so you’ll be able to use 192.168.0.0 at home still for speed.

As for NPM, run it on the proxy, aim (for example) Jellyfin at 10.243.21.4 on the wg network and bam.

Pihole and pivpn get along like peas and carrots.

Make the “available ips” your pivpn subnet and ta-da, the mesh functionality of tailscale without the entire connection.

Want to exit node from the server? Just change the value back to 0.0.0.0/0.

Pivpn is really easy, and since pivpn is just scripts, it always installs current wireguard even if they lax on updating pivpn that often.

Same, my Hetzner proxy running NPM, with pivpn and pihole is doing all it needs to do for $3 and some change.

My only open ports on anything I own are 80, 443 and the wg port I changed on that system. Love it.

I think there’s room in the world for a selfhosted, foss version of their software, even if a little simplified.

deleted by creator

I just replaced my entire setup with base wireguard as a challenge, easier than I expected it to be, and not hard to mimic tailscale.