For webapp stuff for sure, but when you want to login as the same user with the same perms across all your VMS and baremetal servers at the os, it’s nice.

I use virtualization over containerization because i have the hardware resource so I might as well take advantage of improved isolation and security VMS provide. Plus I use Linux on my desktop/laptop, and have a separate dedicated storage host.

Its nice to have everything managed by one service with global accounts and permissions.

Looking at authentik it seems to provide some but not all of that. Def something to keep an eye on if freeipa decides to stop being so free.

If you’re running a docker-based environment, and especially if your personal workstation/laptop doesn’t run Linux, I totally get it.

I think freeIPA could use an openid provider packed in for sure. I also kinda trust api keys more than creating the service accounts for software that needs to auth.

Outta curiosity how do you handle SSO and File Storage? I like being able to make samba shares that require SSO authentication over something like nextcloud because I can directly mount the disk. Not sure if theres a good option there.

deleted by creator

Your router is an important security device that you should own and control your self if you want any semblence of ownership over your network.

Your modem is remotely controlled by the ISP even if you own it, and is mostly there to demodulate from the medium installed by your ISP (usually cable, or fiber but those are called ont’s not modems) to a standard cat. 6 Ethernet connection you can plug into most routers.

The main benefit of owning your own modem is not having one with a router built in and not having to pay an equipment fee.

Haven’t touched HA yet but I run FreeIPA, is there an LDAP option or will I have to get an open I’d solution go sit in front of it?

For inside the lan/lab, I have my pem chain looks like:

cold storage root-ca -> offline vault qubes VM ca -> pfsense ca -> freeipa ca

I use letsencrypt for externally facing services.

Its a little bit more effort than getting things just workin’ but its worth the whole lotta security you get in return. Plus it feels nice looking at a shiny green lock.

The XMPP ecosystem is a mess and matrix has a ton of security and metadata issues.

We shouldn’t be using discord-likes anymore, it was a bad idea the first time.

Personal IM/VoIP should be separate from game party chat should be separate from communitt IRC/forums

Matrix has lots of metadata issues and signal requires a phone number which is a non-starter.

Self host what makes sense for communities, use simplex for one-to-one IM/VoIP.

Also discord acted as like six different services and we shouldn’t continue letting anything do that.

Personal IM, party chat/VoIP, meeting software, inter-office communication, wiki software, and forum software are all different things for a good fucking reason.

Alternatively if you’re tired of manual DNS configuration:

FreeIPA, like AD but fer ur *Nix boxes

Configures users, sudoer group, ssh keys, and DNS in one go.

Also lotta services can be integrated using LDAP auth too.

So far I’ve got proxmox, jellyfin, zoneminder, mediawiki, and forgejo authing against freeipa in top of my samba shares.

Ansible works too just because its uses ssh, but I’ve yet to figure out how to build ansible inventories dynamically off of freeIPA host groups. Seen a coupla old scripts but that’s about it.

Current freeipa plugin for it seems more about automagic deployment of new domains.

Can I just type ‘roxorz boxorz’ and be done with it.

Been running my own storage boxes off of rocky w/ zfs, samba and nfs for years simply for the ease of integration of samba + freeipa.

Especially being able to use ipasam.so to allow password authentication for shares on machines that aren’t easy/reasonable to use kerberos keytabs from (think android clients, and off domain boxes)

Plus last time I tried truenas you couldn’t use a keyfile to encrypt drives unless it was stored on the root dataset which for some reason couldn’t be encrypted. Meaning each array had to have its own password instead.

I won’t lie I had to write several wiki articles to document this lol.

I mean my boyfriend calls me good kitty but like you should like warm up to that lmao.

I mean I’ve faked one or two conversations because I always thought chatbots where cute toys as a dev.

Treating it like a humie is a no go.

Lemme know when fairphone has a re-lockable bootloader to allow for choice of OS.

Not even dirty 30 yet baybee!

If you ever need information on development, the best place to check first will always be official docs, Good luck on your project!

https://docs.godotengine.org/en/stable/tutorials/networking/high_level_multiplayer.html

https://docs.godotengine.org/en/stable/tutorials/export/exporting_for_ios.html

https://docs.godotengine.org/en/stable/tutorials/export/exporting_for_android.html

Yeah but if you make it an open format other hobbyists could make their own hardware/software about it.

Mostly a fantasy medium, but if people start using it for art, then hey neat.

No that’s the idea, it would be to make a piece of software which if thrown on a sbc with a DVD drive becomes a player.

Which really isn’t too far off of DVD and most bluray players.

Though I wouldn’t be shocked if the super cheap DVD players have some sorta all-in-one integrated asic for most of the job.

Would mostly be used by hobbiest making their own burned discs and small artists releasing stuff.

Was thinking you know its bad when Linus thinks you’re too toxic…

I’ve always kinda thought about implementing a software and standard for 1080p av1 on DVD. Would be neat as a project, obviously no commercial use would exist.

Either way you can get some really impressive encodes out of av1, really neat tech.

You telling me we wouldn’t also find a good use for collaborative spreadsheets?