๐Ÿ’พ Archived View for laniakea.rodoste.de โ€บ journal โ€บ 2023-01-26-flu.gmi captured on 2023-11-04 at 11:27:50. Gemini links have been rewritten to link to archived content

View Raw

More Information

โฌ…๏ธ Previous capture (2023-05-24)

๐Ÿšง View Differences

-=-=-=-=-=-=-

๐Ÿ  home

The flu

2023-01-26

Oh the joys. I felt the first symptoms of coming down with something on Monday. Somehow I coughed and struggled through a four hour workshop that had already been postponed a few times and pretty much collapsed into bed immediately after dinner. You know, man-flu.

Seriously though, this is the third time in a couple of months that I have fallen sick. I do think that generally speaking I do take care of myself, but the situation at work is getting to me more and more. I neglected the first two outbreaks and went back to work relatively fast. This time hopefully I'm smart enough to take some rest.

So far I'm proud of myself. I sleep _a lot_.

I've spent my waking hours reading โ€œThe Ecotechnic Futureโ€ by John Michael Greer. Good read, but depressing. Which is why it is important I read it. The book discusses visions for how our industrial civilization will change in a world after peak-oil. It is scary, but it also highlights very well how the current system is unsustainable.

Is anyone else also tired of the common misuse of this word, "sustainable"? Well there is no helping it, actual sustainability is non-negotiable.

I'll bring the book up again in a later post. Today I'm about a third through and it feels premature to talk about it.

What else have I been up toโ€ฆ mostly bashing my head against IPTABLES. :(

In my selfhosting setup I'm providing a few apps to myself and my wife: A wiki, a taskboard, RSS reader, data synchronization, ad-blocker. They're all accessible from within our appartment. But I want to be able to access them from anywhere, but without exposing them to the internet.

I'm already hosting a VPN network for us which is working well. So the idea is to provide the selfhosted apps on the VPN by means of clever routing and a reverse proxy.

The task for now is to forward DNS requests to our adblocker: From the wireguard VPN network to the adguard instance which shares a docker network with the wireguard client on our gateway machine that provides the single access point from the outside world into our LAN.

    โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”“          โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”“
    โ”ƒ LAN client          โ”ƒ          โ”ƒ mobile client      โ”ƒ
    โ”ƒ eth0: 192.168.0.238 โ”ƒ          โ”ƒ eth0: *            โ”ƒ
    โ”ƒ wg0 : 10.42.78.100  โ” โ”„โ”„โ”„โ•ฎ  โ•ญโ”„โ”„โ”„โ”จ wg0 : 10.42.78.150 โ”ƒ
    โ”ƒ DNS : 10.42.78.200  โ”ƒ   โ”Š  โ”Š   โ”ƒ DNS : 10.42.78.200 โ”ƒ
    โ”—โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”›   โ”Š  โ”Š   โ”—โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”›
                              โ”Š  โ”Š
                  โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ทโ”โ”โ”ทโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”“
                  โ”ƒ VPS / wireguard server โ”ƒ
                  โ”ƒ eth0: (VPS)            โ”ƒ
                  โ”ƒ wg0 : 10.42.78.1       โ”ƒ
                  โ”—โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ฏโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”›
                                 โ”Š
    โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”“  โ”Š
    โ”ƒ machine A               โ”ƒ  โ”Š
    โ”ƒ eth0: 192.168.0.45      โ”ƒ  โ”Š
    โ”ƒ wg0 : -                 โ”ƒ  โ”Š
    โ”ƒ dn-wg: 172.20.0.0/24    โ”ƒ  โ”Š
    โ”ƒ                         โ”ƒ  โ”Š
    โ”ƒ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”   โ”ƒ  โ”Š
    โ”ƒ โ”‚ docker wireguard  โ”‚   โ”ƒ  โ”Š
    โ”ƒ โ”‚ wg0: 10.42.78.200 โ”œโ”„โ”„โ”„โ•‚โ”„โ”„โ•ฏ
    โ”ƒ โ”‚ eth0: 172.20.0.2  โ”œโ”„โ•ฎ โ”ƒ
    โ”ƒ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”Š โ”ƒ
    โ”ƒ                       โ”Š โ”ƒ
    โ”ƒ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Š โ”ƒ
    โ”ƒ โ”‚ docker adguard    โ”‚ โ”Š โ”ƒ
    โ”ƒ โ”‚ eth0: 172.20.0.3  โ”œโ”„โ•ฏ โ”ƒ
    โ”ƒ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜   โ”ƒ
    โ”—โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”›

by the way, UTF-8 border characters are awesome

But man, IPTABLES are hard. I know only very little about networking itself so writing these rules is more guesswork than anything else. I've been reading loads of documentation and asked for help on reddit but so far I'm not really making progress. It is frustrating. I've been at this for a couple of weeks now. Granted, usually I have an hour of consecutive time and a complex subject like this isn't really suitable for that. Now that I'm down with the flu I do have more time but my brain is in power saving mode so it's not any easier.

---

see all my articles