• 0 Posts
  • 142 Comments
Joined 1 year ago
cake
Cake day: January 27th, 2025

help-circle

  • Matrix has lots of metadata issues and signal requires a phone number which is a non-starter.

    Self host what makes sense for communities, use simplex for one-to-one IM/VoIP.

    Also discord acted as like six different services and we shouldn’t continue letting anything do that.

    Personal IM, party chat/VoIP, meeting software, inter-office communication, wiki software, and forum software are all different things for a good fucking reason.


  • Alternatively if you’re tired of manual DNS configuration:

    FreeIPA, like AD but fer ur *Nix boxes

    Configures users, sudoer group, ssh keys, and DNS in one go.

    Also lotta services can be integrated using LDAP auth too.

    So far I’ve got proxmox, jellyfin, zoneminder, mediawiki, and forgejo authing against freeipa in top of my samba shares.

    Ansible works too just because its uses ssh, but I’ve yet to figure out how to build ansible inventories dynamically off of freeIPA host groups. Seen a coupla old scripts but that’s about it.

    Current freeipa plugin for it seems more about automagic deployment of new domains.



  • Been running my own storage boxes off of rocky w/ zfs, samba and nfs for years simply for the ease of integration of samba + freeipa.

    Especially being able to use ipasam.so to allow password authentication for shares on machines that aren’t easy/reasonable to use kerberos keytabs from (think android clients, and off domain boxes)

    Plus last time I tried truenas you couldn’t use a keyfile to encrypt drives unless it was stored on the root dataset which for some reason couldn’t be encrypted. Meaning each array had to have its own password instead.

    I won’t lie I had to write several wiki articles to document this lol.