this post was submitted on 01 Oct 2024
93 points (93.5% liked)

Selfhosted

40152 readers
505 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

cross-posted from: https://lemmy.ca/post/30126699

I created this guide on how to install Jellyfin as a Podman Quadlet on your server. Enjoy.

you are viewing a single comment's thread
view the rest of the comments
[–] barsquid@lemmy.world 1 points 1 month ago (4 children)

What do you have set up for mesh VPN?

[–] exu@feditown.com 1 points 1 month ago (3 children)

I use Yggdrasil now with a whitelist of public keys. Though I'm thinking about redoing my architecture in general to make key distribution easier, have more automated DNS entries and also use the tunnel for any node to node communication.

Before that I tried Tailscale with Headscale, but I didn't want to have a single node responsible for the network and discovery.

[–] barsquid@lemmy.world 1 points 1 month ago (2 children)

That's very interesting. Once you connect something to your mesh you can access the rest of the mesh by IP? What is the gateway in that case?

[–] exu@feditown.com 2 points 1 month ago (1 children)

Apologies for the late response

I can access every node by IP (IPv6 to be precise).
Discovery within a local network happens through regular broadcasts. For connecting different networks, you need to set peering addresses that are reachable and configure the other side to listen.
You only need one node per network though, the others will automatically discover the path and connect on the best route to their target. If your node in the middle falls over, any other node that's reachable can be used instead. The Yggdrasil Blog posts have some explainations of the algorithms used.

There's no explicit gateway, but you can use standard routing and firewall tools to do whatever you want. I only use it for accessing internal stuff, not as a full VPN for my client devices, but you could probably make that work by setting one node as router and configure its Yggdrasil ip as you gateway (excluding the traffic you need to connect to the VPN).

One downside is that everything's still in progress and most versions change significant parts of the routing scheme, meaning it doesn't work with the previous version. It is primarily a research tool for internet scale mesh networks, but releases are also infrequent enough where you shouldn't worry too much.

[–] barsquid@lemmy.world 1 points 1 month ago

Thank you! It sounds like a really interesting tool. I'd like to have a VPC sort of setup for my devices that I can connect to externally. I don't think I need the mesh aspect of it, I'd likely just have one VPN act as a hub. But I'll definitely look into this more. If it does routing for IPs a bit more conveniently that'd be worth it to me.