3·
1 year agoI second Heimdall! Best one I’ve found so far.
What I do is, I have all the public-accessible services listed in the guest account (plex, tautulli, ubooquity etc) , and the private ones in the admin account (sonarr ,radarr, etc)
- 0 Posts
- 4 Comments
Joined 1 year ago
Cake day: June 9th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
looks like the lamp’s reflection to me
My personal ones:
- Euro Truck Simulator 2, with some heavy country music blasting on the radio
- Gnome Mahjongg
- Dorfromantik
- On my arcade machine lately VS Dr Mario and Tapper
I keep all my services in one docker-compose yml, and run it from a normal user account added to the docker group.
I am really conscious of what I expose to the internet though, since I already almost had a security incident.
I used to run non-standard ssh port to my machine with password authentication enabled.
Turns out I didn’t know the sonarr/radarr containers came with default users, and a bruteforce attack managed to login to one of them (or something like that anyway,it’s been awhile). Fortunately they have a default home of /sbin/nologin so crisis averted there, but it definitely was a big lesson for me.
Years later, the current setup is only plex, tautulli, and ombi open to the internet, and to reach everything else I use tailscale. And of course,only key-based authentication.
Oh and for updates, I run apt upgrade once in a while on the box (Ubuntu server 18.04 LTS) and for the containers, I use watchtower.