Skip to main content

329

·3 mins
  • I have a lot of time on my hands these days because my family is traveling to India. As usual, a lot of that goes unaccounted for!
  • Work is light. I do have a big project on hand but progress is slow because folks, that I need to talk to to progress, are busy with AWS’s Reinvent conference.
    • I joined my current team recently, so don’t have any deliverables for the conference. If I had, life would have been pretty hectic right now.
  • I spent some time on improving my home server setup.
    • The biggest driver was how one service that I depended on a lot - Tailscale, to access my home services outside my home network - ate my phone battery crazy, something like 20-25% on a 10 day average.
    • I tried replacing Tailscale with Cloudflare Zero Trust. It worked but then I realized some problems, after running it for couple of weeks, so went searching again.
      • It too used 7-9% battery on average.
      • It would see all our internet traffic, so not a great choice privacy-wise.
      • It only uses its own DNS and doesn’t support Pihole level ad blocking customizations. I couldn’t even use the Pihole instance I have running at my home.
      • All the setup was UI-heavy and their UI had too many options. I prefer IAAC, i.e. infrastructure as code, and, while that was possible through Terraform, I’d have to learn a whole new thing and how to move my existing resources into the config.
    • I realized that running a background app all the time will eat battery, no matter what. The app could also improve or degrade over time, outside my control. So, I figured the best course of action would be to expose my services to the public internet, scary though it may be.
    • I then put an authentication service between the internet and my services - it is called Authelia.
      • Its basic use case is to add authentication in front of applications that don’t have any.
      • But I thought of making it sit in front of all my self-hosted applications by default, so that it becomes one place where I need to ensure strong passwords etc. and let it handle bruce-force password attacks (for e.g., it blocks callers for X minutes if they fail Y attempts).
    • I also setup DNS over TCP on my home server.
      • Earlier, I used to rely on Tailscale to relay DNS queries from my phone to Pihole on my home server when I was away from home. However, as part of moving away from Tailscale, I exposed Pihole over DoT. Turned out to be a fun exercise.
      • I couldn’t do regular DNS over port 53 or whatever because that has security implications.
  • I watched a TV show called Bodyguard. I chose it because it was a mini-series, so no long term time commitment.