Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)J

johntash

@ johntash @eviltoast.org

Posts
10
Comments
190
Joined
3 yr. ago

  • Nextcloud zero day security

    Jump

  • Make sure your backups are solid and can't be deleted or altered.

    In addition to normal backups, something like zfs snapshots also help and make it easier to restore if needed.

    I think I remember seeing a nextcloud plugin that detects mass changes to a lot of files (like ransomware would cause). Maybe something like that would help?

    Also enforce good passwords.

    Do you have anything exposed to the internet that also has access to either nextcloud or the server it's running on? If so, lock that down as much as possible too.

    Fail2ban or similar would help against brute force attacks.

    The VM you're running nextcloud on should be as isolated as you can comfortably make it. E.g. if you have a camera/iot vlan, don't let the VM talk to it. Don't let it initiate outbound connections to any of your devices, etc

    You can't entirely protect against zero day vulnerabilities, but you can do a lot to limit the risk and blast radius.

  • Nextcloud zero day security

    Jump

  • Iirc crowdsec is like fail2ban but blocks ips reported by other servers, not just ones attacking your server. Kinda like a distributed fail2ban I guess?

  • Nextcloud Performance Improvements

    Jump

  • I only recently started using nix and NixOS. How's the update process for nextcloud? Can you use the self updater?

  • What's your favorite note-taking application?

    Jump

  • Were you downloading master or the latest release? If you're interested in using it, post the issue you have on their GitHub. The main dev is super helpful

  • Fed Up with DigitalOcean

    Jump

  • I'm not 100% sure, but wasn't ssdnodes one of the companies that offers really cheap deals without actually giving you the specs they say?

    E.g. they say 64gb ram, but you actually get a VM with memory ballooning enabled and then your account gets suspended if you consistently use that much ram

  • Fed Up with DigitalOcean

    Jump

  • For backups, consider using rsync.net. for a server, have you looked at dedicated servers before? OVH has some cheap servers every once in a while that should be better in theory than most VPS.

  • What's your favorite note-taking application?

    Jump

  • I've tried lot of different apps, but I think I've settled on Trilium for now.

    It doesn't have a great mobile experience, but the web app works fine on mobile. The app in general is super customizable and way easier to write scripts / plugins for.

  • Any recommendations for monitoring my servers?

    Jump

  • I didnt see it recommended yet, UptimeKuma is really simple if you just want to monitor the basics like if a url works or ping, tcp, etc without an agent.

    It doesn't do CPU/memory style metrics, but I find myself checking it more often because of how simple it is.

  • Any simple alternatives to smoke ping?

    Jump

  • Uptime Kuma can have a monitor that pings your gateway or google.com or something else on the Internet.

    I'm not sure if it's simpler than smoke ping or not though, it's been too long since I used it

  • What are your must-have selfhosted services?

    Jump

  • Do you like any of them more than others?