Ideally, sure use a password generator - but I wouldn’t worry about the security of a password generator like the one I linked.

1. There’s no linking of the password you generated to whichever account you are creating.
2. There’s no guarantee from the web operator’s perspective that you are actually using the generated passwords for anything at all.

Again, use bitwarden’s generator - or equivalent - for passphrases, but in the absence of that correcthorsebatterystaple.com is good enough for a non-shared password.

The other thing to keep in mind with PiHole - some things are just going to break with it’s default blocking, namely the Google suggested results.

i know, I know - just don’t use google, but android phones/parents have a hard time not just braindead going to Google for results.

It’s not the end of the world - I’ve trained myself to just keep scrolling to actual results.

Another feature for PiHole is local DNS - if you want, you can set up custom dnsmasq entries for self hosted/internal services.

The brand/type of wifi router is more of a technical requirements discussion than privacy discussion.

For instance, I live in a two story townhome rental with the modem in the basement - so I picked up an Orbi mesh system to bounce wifi up to the second floor. I also have a fairly complex network with IoT VLAN, DMZ (for remote VPN) and other network segments - again the orbi doing different VLANs per SSID was a deciding factor.

I’ve also only used the Orbi as an access point, relying on a dedicated firewall/router for that stuff.

If you’re looking at a flat network (e.g. everything on one segment - the typical home user setup), pretty much any WiFi router from Best Buy or equivalent will do the job. Check your current devices to see if you can take advantage of WiFi 7 technology - otherwise save a few bucks and go WiFi 6.

For security purposes, change the default SSID (the wireless name) to something unique - and change the password to something from correcthorsebatterystaple.net. You don’t need the default jumble of letters and numbers to be secure.

Lastly, getting to your privacy concerns, look at the DHCP settings - that’s what hands out IP addresses to your devices so they can reach the internet. Change the DNS servers to something other than your ISP. This looks like a good starting point.

The big things are to make sure you don’t expose your router management to the Internet (the default shouldn’t do that) and to make sure you periodically check for firmware updates.

If you want to up your game, you could look at spinning up a self-hosted DNS server like Pi-Hole - but that can be a bit more advanced to get setup and troubleshoot if something goes wrong.

This is the correct answer. Private IPs are less concerning (on noes now someone knows a network in my homelab is 10.0.0.1/24!) - but absolutely change public IPs in logs.

If it’s necessary to reference external users/systems in multiple log files, I’ll change the names to user1, user2, server1, db2, etc

Does it have Discovery as a normal app store? You might be able to use that.

Honestly, give the terminal a shot - it’s not as complicated as you may think.

I would consider using your Synology for what it’s good at - storage.

My homelab has a Synology DS1618 and servers are Lenovo M90q systems. They have enough compute to get the job done, and use the Synology NFS mount for storage.

• Step 1: download deb
• Step 2: open a terminal
• Step 3: sudo dpkg -i /path/to/yourde.deb

Now whether or not all the packages are fubared at this point is unknown, but that’s how to install a deb file.

Yeah, for the integrated CI/CD, give GitLab a shot - it saves on spinning up a Jenkins or ConcourseCI server.

CI/CD can be useful for triggering automation after merge requests are approved, building infrastructure from code, etc.

I’ll come out with an anti-recommendation: Don’t do GitLab.

They used to be quite good, but lately (as in the past two years or so) they’ve been putting things behind a licensing paywall.

Now if your company wants to pay for GitLab, then maybe consider it? But I’d probably look at some of the other options people have mentioned in this thread.

I’m a big fan of the Ubiquiti security cameras - all local data, decent quality. The downside is the price and availability, but if you can swing it - they’re pretty great.

As someone who used Latinx in a Lemmy post and then was down voted to oblivion, just go Latino or Latina. But good on you for asking people how they’d like to be called.

We’ll my reading comprehension is quite shitty in the morning. Carry on with the down votes.

I don’t know if it’s even possible anymore (heck it’s hard for me at 40), but try to put something in retirement funds. If your work as a 401k, try and contribute. If you leave the job, your money can then go to an IRA. How do you do that? Beats me - I have five or six requirement accounts, each topping out at around between $2-5k.

Also, brush your teeth and if you grind them in your sleep - get a dentist to fit you for a mouth guard.

Edit: wow, down votes for teeth health.

Edit edit: reading comprehension isn’t my strong suite.

Plus oh-my-zsh and the powerline 10k theme - this is my go-to shell.

Oh snap, are you the developer of Viewtube? If so, first off - great job. I do the infrastructure side of IT for my day job but aside from some basic go, I couldn’t code something like this to save my life.

I wish I had the chops to contribute to the project.

Heck, you could do a pre-stage play where you delegate to localhost an ansible.builtin.get_url to download the compose file before doing the rest.

I think that mitigation requires two things for it to work.

1. You need to use a a Type 2 hypervisor (like Virtualbox, VMware Workstation/Fusion).
2. That VM needs to be configured in NAT mode.

The two primary ways you can configure a network for a local virtual machine are NAT and Bridged.

Bridged mode places your VM effectively on the same network as your host OS, meaning that any DHCP server that exists on your network (rogue or otherwise) will give your virtual machine and IP.

In NAT mode, the virtualization platform itself includes a DHCP server to dole out IPs, and handle the routing between your virtual machine and your host OS’s network.

The thought process is that if you trust your laptop, the DHCP address handed out for NAT mode will not have the VPN breaking DHCP option and your VPN inside the VM will not have it’s route table screwed with.

It’s anonymous bulk text posting - great for sharing logs, but don’t discount the more grey side of the internet. If you browse recent public posts there’s often some fun things like scam links, credentials, etc.

It’s definitely fallen out of favor for password dumps though.

Oh, in that case you have a much easier job ahead of you, haha.

All of our Linux servers are running Ubuntu, except the FreeIPA system that runs a Redhat derivative.

Are you looking for a Windows, server, replacement or desktop replacement? Your experience will differ depending on which one you’re trying to replace.

For instance, if you’re trying to replace Windows active directory services with a single Linux server, might have a bad time. I’m in the process of migrating from AD to FreeIPA, PowerDNS, and isc-dhcp (or something similar for DHCP).