I'm not sure anyone shares the same glee I feel when I view all the blocked IPs scrolling by in my pFsense firewall. Suricata does a lot of heavy lifting for sure.

What's your selfhosting guilty pleasure or pleasures?

I posted this over at https://discuss.tchncs.de/c/navidrome, but I thought I'd post it here, maybe someone has had experience with this.

I've been noticing demo.navidrome.org showing up in my firewall:

pFsense:

abuseipdb.com:

As with anything entering or exiting my network, I am cautious and curious why my instance of Navidrome has the need to contact demo.navidrome.org.

I am running Navidrome as a Docker Instance. I have combed my compose file and can find nothing in that itself that would trigger Navidrome to 'call home'.

Is this for stats, or other? As of right now, I have demo.navidrome.org blocked until I've gathered some information.

BTW, sweet piece of opensource software. I tip my hat to the dev team(s).

From time to time I like to review my network to see where I can tighten up. Review logs, check out the landscape, and make sure there are no gaps. Today, I have some downtime, so I figured it'd be a good for it. Since I am not a certified IT professional, this is what I have cobbled together reading, and seeing what others have done. I'd like to bounce this off you guys who are more experienced than I and get your impressions. If you have any recommendations, I'm always down to be schooled.

So if you'd like to participate in my audit, I have a home network as follows:

• Modem receiving IP from ISP. Modem to router. Router to stand alone pfsense firewall. Router has a 54 character complex password for WiFi. There are no guest provisions for WiFi.
• Pfsense firewall with pfblockerng & suricata running on both lan and wan, both with a full array of rules/feeds updated daily. pfsense has tailscale as an overlay vpn. Server traffic and PC traffic have their own VLAN provided by pfsense. My approach is to deny all until something complains and address that on a case by case basis. Additionally ntopng is utilized for traffic analysis. IPv6 is disabled.
• Server running Tailscale as an overlay VPN, UFW deny all posture, and fail2ban with an aggressive posture. Server has been hardened against Lynis spec where applicable. Not all recommendations apply to my server. Server is utilizing host deny/host allow and SSH keys.
• Server is utilizing containers for services.
• Server is using Cloudflare tunnel/zero trust.
• Server and pfsense communicate via Tailscale encrypted tunnel. PC/Phone/mobile device can communicate with pfsense via Tailscale.
• Server services are accessed via https.
• PC connected to pfsense firewall with same rules as server. PC is using a VPN with Cloudflare 1.1.1.1/1.0.0.1 for DNS queries. Firefox is using 1.1.1.1/1.0.0.1. Settings for Firefox are the strictest for Enhanced Tracking Protection, and DOH. HTTPS-Only mode enabled. PC is also running a soft firewall.
• All other devices such as phones, laptops, and tablets run a VPN with Cloudflare 1.1.1.1/1.0.0.1 for DNS queries.
• IoT devices are isolated. Phones are isolated. Smart TVs are isolated.

How secure would you say this network is and give any recommendations to further harden the network besides keeping up with current updates, monitoring and auditing logs.

Thanks

https://www.youtube.com/watch?v=Dc433VhZwvY

Every morning, I do a multiple DNS Leak test just as a precaution. Today, I did the leak test and all my IPs were different. They were the same IP block, just different. This made me suspicious and I set about trying to track the problem down. Turns out, there was a misconfiguration in the VPS. Worked yesterday, different today. I guess it was ghosts or gremlins in the machinery.

I got to thinking, for you guys who download a lot of Linux ISOs, might be a good idea to check daily. Even though you are setting behind a VPN, it's still worth the minute it takes to fire off multiple DNS Leak checks just for a sanity check.

Every morning, I do a multiple DNS Leak test just as a precaution. Today, I did the leak test and all my IPs were different. They were the same IP block, just different. This made me suspicious and I set about trying to track the problem down. Turns out, there was a misconfiguration in the VPS. Worked yesterday, different today. I guess it was ghosts or gremlins in the machinery.

I got to thinking, for you guys who download a lot of Linux ISOs, might be a good idea to check daily. Even though you are setting behind a VPN, it's still worth the minute it takes to fire off multiple DNS Leak checks just for a sanity check.

Occasionally, I will hear someone from my age bracket bemoaning the 'state of modern music' and 'filthy lyrics'. So I have to haul this one out and tell them this was 1935. We old heads tend to look back at history with thick, rose colored glasses.

The interesting thing to me is that if you flash forward to the late 60's, a band named Rolling Stones lifted Lucille Bogan's phrase 'make a dead man cum', and used it in the final refrains of 'Can't Get No Satisfaction'.

I can't find any evidence of the song getting any kind of radio play, and certainly wouldn't get air play on 'white' radio. I'm sure tho it was played in juke joints and dance halls.

https://www.youtube.com/watch?v=ln4MPdvnkC0

Do any Indie or even Hobbyist musicians post here? I'm always down to listen to new stuff.

Just found this community.

I'm not sure if any of you kids are into Blues, but one of my favorite songs by Byther Smith is 'I Don't Know Where You Go'. I have tried for years to copy the tone of his guitar. I've come close, but I'm no Byther Smith. This song is one of the more violent blues songs that I know and it's slow, soulful pace belies a dark undertone.

Byther Smith - I Don't Know Where You Go (YouTube link - hopefully you are using Invidious or similar)

I don't know if this is the right place, but I figured the Hoarder Community would have a good idea on software.

I'm looking for an app that will scan an audio library and pick out duplicates. It has to do this by some other means than a mere filename, file size or audio tags. Ideally it would use all of those criteria, and do an audio analysis. I do have all my music sorted, collated, and tagged correctly tho. Opensource would be awesome. Baring that, Free is also acceptable. LOL

'presh

In an effort to make the homelab more environmentally friendly, I have started to explore ways to conserve energy consumption. I always see a lot of considerations for choosing equipment that sips power, but other than avoiding enterprise power hogs and very old equipment, I don't see a lot of advice in how to tame the server(s) you may already have.

So far I've looked at:

• TLP: Adjusts CPU frequency scaling, PCI‑e ASPM, SATA link power‑management
• Powertop: Used to profile power consumption and has a tune feature sudo powertop --auto-tune
• cpufrequtils: Used to manage the CPU governor directly
• logind.conf: Can be used to put the whole server to sleep when idle

Since I am the only user of my network, and since a lot of times the server sits unused until I want to engage maybe listening to my audio collection via Navidrome, or perhaps I'm working on some automation in n8n, et al, there's no need to be at max power 24/7.

So besides just powering off and on the server, which would work but not be quite as elegant of a solution, are there other ways you have come across, read about, deployed on your own server?

ETA: Thanks for everyone's input. I realize that the ideal scenario is to have more energy effecient equipment. Sometimes tho, this is not a ready made solution due to many constraints. The exercise was to try to squeeze out every last little power saving option I could, without obviously replacing equipment.

Many thanks.

I've read 'The Home Lab Handbook: Building and Managing Your Own IT Lab from Scratch' which I would recommend to anyone just starting out in selfhosting and homelabing. Relative to that, I found a 'course' online (https://linuxupskillchallenge.org/#table-of-contents) that would also be useful for new arrivals.

Anyone reading any good HomeLab & Selfhosting books lately?