Steamymoomilk

So those who know me IRL or cyber stock me. Know that in my free time i do have a very small laser cutting business, i started off with a really crap diode laser and eventually made enough to purchase a full size C02 Laser. Now one of the most important thing that machining has thought me. Is that WORK HOLDING IS BASED. Why indicate a shitty piece of bar stock each time when you can just make a jig/fixture and run thousands with minimal work. So i very much took this to heart and instead of spending 20 minutes to frame a coaster in my laser cutter to make sure it is 100% straight. I took a ratty piece of sheet metal (that i paid WAAAAY to much for $90USD) and made my "ghetto bed". now it was handcrafted the same way a child makes a macaroni picture. Very imprecise, and not flat at all i tried my best at making it flat but well, im a machinist not a metal worker. which truly shows my 1/1 piccaso's masterpiece. So i hear you WHERE IS THIS GOING!! this "ghetto bed" worked very well for small stuff, when family and friends would order something i would quickly throw in my jig load up my file and BAM its ready to go. This bed was purely a proof of concept, from the post i saw on light-burns forum of a guy doing something similar with sheet metal. So fast foward 3 years later and i bought plate 3/4 plate stock (which i paid out the ass for) order it to size and draw up a CAD model. a few thing i learned from the original "ghetto bed" was that the exhaust is underneath the bed and needed some way to quickly slurp up the smoke, for this i have a snorkel i am 3d printing and running downward (still work in progress as we speak) and secondly and most importantly! I wanted threading, i originally drilled 7/16 holes to which i just vaguely threaded bolts and nuts through. But now i have 1/4-20 spaces 1.30 inches across the bed, which will make setting up fixtures more solid and repeatable unlike the original bed. i did go with 1/4-20 for a few reasons, first off its standardized and very cheap for bolts, second and most importantly its a small hole. Which then allows me to drill and re-tap if i strip a thread and it also gives me alot of mounting holes. However having tons of holes were also a nightmare to hand tap and debur the backside.

The keen eyed among you may notice slots on the edges of the bed, i decided to go with slots purely because the original mounting holes are not concentric or symmetrical. So F it slots!

im very happy with the bed, i plan to paint it black to make it not reflective and have played around with the idea of open sourcing/selling bed like this, if people are intreasted of course!

Summer is here and with that comes garage sales! I went looking around and found this beauty, for $10!!! When i went to go purchase it, the very nice 60ish year old man, Boldly said and proclaimed "it doesnt run windows, well it cant because it only has 2gb of ram. but its still a usable machine" So he then said the phrase that every nerd begs to hear, "do you know what linux is?" Me and this man talked for almost and hour about linux and the enshitfaction of windows. He did install antix a lightweight debian based distribution GNU/Linux/SystemDeeznuts distribution on it. and said he ran Antix on his main computer for daily use, I sadly did not ask what his main computer is :(. But i just thought it was so cool and sureal to meet a linux user at a garage sale, like you go to foss conventions and you expect to see some the the nerdiest people that have roamed this planet. But this guy was just so cool, i beckon all the time about windows is a inflated rotting corpse. although i still need it for fusion 360 sadly :(, it was really fun to talk another person so passionate about linux IRL.

  but anyway enough blabbering about this totally rad Linux user,

he had a user account setup to auto login and user named antix which was also the sudo password. I have personally never used Antix but it has alot to offer for lower end computers, some light weight web browsing and some text editing. Obviously there were some thing you could not do or the computer struggled. Playing youtube was the quite the benchmark for this billet of a computer.

But i got quickly board with debian/Antix and i knew from the moment i saw this computer there was 1/2 things i wanted to do with it! the first thing was install FreeBSD. I have always been intrigued by it, a UNIX like OS that was by design meant to replace UNIX and if were not for Linux may have been the windows alternative OS that linux is today. So i grabbed by CD burner and started burn'n! the install went pretty smooth, minus a few small hiccups. first off when it boots, it loads then goes to a blackscreen and stops displaying, i found another person with this computer and wanting to install FreeBSD on it on the FreeBSD forum. I had to punch in a few commands that made it TTY only, i then followed the Handbook and install intel's video drivers. After that i have a fully functioning FreeBSD install!!!! Now for the Fun part installing the window manager! and programs, after installing sway and enabling some system settings. everything clicked together and i had to see how much the CPU struggled with playing video from youtube to compare BSD vs linux . The CPU works very hard for them frames!

All in all, its actually pretty usable. granted not for the average user, i often read hackaday and browse the web via links web browser. and i part of me likes it a little more than my 2020 E14 thinkpad, not spec wise but design wise. this computer is built thiccccccc and has a latch for the screen and inductive buttons for wifi and other functions. and believe it or not the battery life is 4 hours. its a genuine HP with a lithium cell battery, its only a 10watt cpu but to me thats crazy for a 2007 computer!.

And the weirdest thing about this computer, which me and my friend were torn whither if the original owner swapped the HDD for an SSD, because it is relatively quite, however after i opened the bottom covers. It made me very surprised

Its a friggin ipod classic style mini drive!!!!

I recently have been playing around with GPG (its pretty fun!) And decided to make a hat with my public key on it!

Its a fun conversation starter at walmart, when somebody asks what it is? It activates my tism, and i get to talk about computer science! Its also important to teach others the importants of encryption especially as of one day ago the EFF made a post talking about yet another bill trying to go after encryption.

The keen eyed among you see i have blocked out certain parts of my key, this is because i have a key for this hat exclusively and would like to see if anybody i talk to about encryption in real life bothers to email me. I know its not much but i enjoy it!

I laser etched the leather, and hand stitched it to the hat.

I know this is more kinda clothing stuff, but it just didnt feel right posting a hat with a gpg key on a fasion/clothing community.

Hope you enjoy My little project >:) hehe

I dont mean to be a bother, but recently i got wiregaurd setup so myself and my friends can access resources such as my server. i have it setup for the client and the server to only allow 192.168.8.170. To be tunneled, so for example my friends can google and resolve DNS just fine and its all in there network, then when they want to access the server it will be at 192.168.8.170 and the docker services will run on ports for example 8080:80. and to be honest it works great for me and friend 1. but for friend 2 DNS doesnt resolve???

he can ping 9.9.9.9 he can acess the services on 192.168.8.170 but he cant resolve DNS when wiregaurded in.

his network has ipv6 and ipv4, my network only has ip4 and friend 1's network is ipv4 only. do you smart people on the internet think ipv6 could be an issue? friend 2 is running linux mint if that matters. I know a little about networking but by no means am an network engineer.

its a slight issue friend 2 really wants to be able to google and play command and conquer pvp at the same time. any help would be greatly appreciated as im kinda stumped!

-edit SOLVED i had a DNS for the client config and i just had to remove it client side.

cross-posted from: https://sh.itjust.works/post/32918493

cross-posted from: https://sh.itjust.works/post/32918427

Hello,

Recently, I've been interested in self-hosting various services after coming across Futo's "How to Self Host Your Life Guide" on their Wiki. They recommend using OpenVPN, but I opted for WireGuard instead as I wanted to learn more about it. After investing many hours into setting up my WireGuard configuration in my Nix config, I planned to replace Tailscale with WireGuard and make the setup declarative.

For context, this computer is located at my residence, and I want to be able to VPN into my home network and access my services. Initially, it was quite straightforward; I forwarded a UDP port on my router to my computer, which responded correctly when using the correct WireGuard keys and established a VPN connection. Everywhere online suggests forwarding only UDP as WireGuard doesn't respond unless the correct key is used.

The Networking Complexity

At first, this setup would be for personal use only, but I soon realized that I had created a Docker stack for me and my friends to play on a Minecraft server running on my LAN using Tailscale as the network host. This allowed them to VPN in and join the server seamlessly. However, I grew tired of having to log in to various accounts (e.g., GitHub, Microsoft, Apple) and dealing with frequent sign-outs due to timeouts or playing around with container stacks.

To manage access to my services, I set up ACLs using Tailscale, allowing only specific IP addresses on my network (192.168.8.170) to access HigherGround, nothing else. Recently, I implemented WireGuard and learned two key things: Firstly, when friends VPN into the server, they have full access to everything, which isn't ideal by no means. not that i dont trust my friends but, i would like to fix that :P. I then tried to set allowed IPs in the WireGuard config to 192.168.8.170, but realized that this means they can only access 192.168.8.170 explicitly, not being able to browse the internet or communicate via Signal until I added their specific IP addresses (10.0.0.2 and 10.0.0.3) to their WireGuard configs.

However, I still face a significant issue: every search they perform goes through my IP address instead of theirs.

The Research

I've researched this problem extensively and believe that split tunneling is the solution: I need to configure the setup so that only 192.168.8.170 gets routed through the VPN, while all other traffic is handled by their local router instead of mine. Ideally, my device should be able to access everything on the LAN and automatically route certain traffic through a VPS (like accessing HigherGround), but when performing general internet tasks (e.g., searching for "how to make a sandwich"), it gets routed from my router to ProtonVPN.

I've managed to get ProtonVPN working, but still struggle with integrating WireGuard on my phone to work with ProtonVPN on the server. From what I've read, using iptables and creating specific rules might be necessary to allow only certain devices to access 192.168.8.170 (HigherGround) while keeping their local internet traffic separate.

My long-term goal is to configure this setup so that my friends' local traffic remains on their network, but for HigherGround services, it routes through the VPN tunnel or ProtonVPN if necessary.

My nix Config for wiregaurd (please let me know if im being stoopid with somthing networking is HARRRD)

#WIREGAURD connect to higher ground networking.wg-quick.interfaces = { # "wg0" is the network interface name. You can name the interface arbitrarily. caveout0 = { #Goes to ProtonVPN address = [ "10.2.0.2/32" ]; dns = [ "10.2.0.1" ]; privateKeyFile = "/root/wiregaurd/privatekey"; peers = [ { #From HigherGround to Proton publicKey = "magic numbers and letters"; allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "magic numbers"; persistentKeepalive = 25; } ]; };

cavein0 = { # Determines the IP/IPv6 address and subnet of the client's end of the tunnel interface address = [ "10.0.0.1/24" ]; dns = [ "192.168.8.1" "9.9.9.9" ]; # The port that WireGuard listens to - recommended that this be changed from default listenPort = 51820; # Path to the server's private key privateKeyFile = "magic numbers and letters";

  # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
  postUp = ''
    ${pkgs.iptables}/bin/iptables -A FORWARD -i cavein0 -j ACCEPT
    ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE
  '';

  # Undo the above
  preDown = ''
    ${pkgs.iptables}/bin/iptables -D FORWARD -i cavein0 -j ACCEPT
    ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE
  '';

  peers = [
    { #friend1 
     publicKey = "magic numbers and letters";
     allowedIPs = [ "10.0.0.3/32" "192.168.8.170/24" ];
     endpoint = "magic numbers and letters";
     presharedKey = "magic numbers and letters";
     persistentKeepalive = 25;
    }
    { # My phone
      publicKey = "magic numbers and letters";
      allowedIPs = [ "10.0.0.2/32" ];
      endpoint = "magic numbers and letters";
      presharedKey = "magic numbers and letters";
      persistentKeepalive = 25;
    }
    {# friend 2
      publicKey = "magic numbers and letters";
      allowedIPs = [ "10.0.0.4/32" "192.168.8.170/24" ];
      endpoint = "magic numbers and letters";
      presharedKey = "magic numbers and letters";
      persistentKeepalive = 25;
    }
    {# friend 3
     publicKey = "magic numbers and letters";
     allowedIPs = [ "10.0.0.5/32" ];
     endpoint = "magic numbers and letters";
     presharedKey = "magic numbers and letters";
     persistentKeepalive = 25;
    }
    
    # More peers can be added here.
  ];
};

};

#Enable NAT networking.nat = { enable = true; enableIPv6 = false; externalInterface = "enp5s0"; internalInterfaces = [ "cavein0" ]; };

services.dnsmasq.settings = { enable = true; extraConfig = '' interface=cavein0 ''; };

Any help would be appreciated thanks

References: Futo Wiki: https://wiki.futo.org/index.php/Introduction_to_a_Self_Managed_Life:_a_13_hour_%26_28_minute_presentation_by_FUTO_software

NixOS Wireguard: https://wiki.nixos.org/w/index.php?title=WireGuard&mobileaction=toggle_view_desktop

Just a FYI, the main portion of the paragraph was put into llama3.1 with the prompt "take the following prompt and fix the grammer, spelling and spacing to make it more readable" Because im bad at english and didnt want to pain people with my choppy sentences and poor grammer

cross-posted from: https://sh.itjust.works/post/32918427

Hello,

Recently, I've been interested in self-hosting various services after coming across Futo's "How to Self Host Your Life Guide" on their Wiki. They recommend using OpenVPN, but I opted for WireGuard instead as I wanted to learn more about it. After investing many hours into setting up my WireGuard configuration in my Nix config, I planned to replace Tailscale with WireGuard and make the setup declarative.

For context, this computer is located at my residence, and I want to be able to VPN into my home network and access my services. Initially, it was quite straightforward; I forwarded a UDP port on my router to my computer, which responded correctly when using the correct WireGuard keys and established a VPN connection. Everywhere online suggests forwarding only UDP as WireGuard doesn't respond unless the correct key is used.

The Networking Complexity

At first, this setup would be for personal use only, but I soon realized that I had created a Docker stack for me and my friends to play on a Minecraft server running on my LAN using Tailscale as the network host. This allowed them to VPN in and join the server seamlessly. However, I grew tired of having to log in to various accounts (e.g., GitHub, Microsoft, Apple) and dealing with frequent sign-outs due to timeouts or playing around with container stacks.

To manage access to my services, I set up ACLs using Tailscale, allowing only specific IP addresses on my network (192.168.8.170) to access HigherGround, nothing else. Recently, I implemented WireGuard and learned two key things: Firstly, when friends VPN into the server, they have full access to everything, which isn't ideal by no means. not that i dont trust my friends but, i would like to fix that :P. I then tried to set allowed IPs in the WireGuard config to 192.168.8.170, but realized that this means they can only access 192.168.8.170 explicitly, not being able to browse the internet or communicate via Signal until I added their specific IP addresses (10.0.0.2 and 10.0.0.3) to their WireGuard configs.

However, I still face a significant issue: every search they perform goes through my IP address instead of theirs.

The Research

I've researched this problem extensively and believe that split tunneling is the solution: I need to configure the setup so that only 192.168.8.170 gets routed through the VPN, while all other traffic is handled by their local router instead of mine. Ideally, my device should be able to access everything on the LAN and automatically route certain traffic through a VPS (like accessing HigherGround), but when performing general internet tasks (e.g., searching for "how to make a sandwich"), it gets routed from my router to ProtonVPN.

I've managed to get ProtonVPN working, but still struggle with integrating WireGuard on my phone to work with ProtonVPN on the server. From what I've read, using iptables and creating specific rules might be necessary to allow only certain devices to access 192.168.8.170 (HigherGround) while keeping their local internet traffic separate.

My long-term goal is to configure this setup so that my friends' local traffic remains on their network, but for HigherGround services, it routes through the VPN tunnel or ProtonVPN if necessary.

My nix Config for wiregaurd (please let me know if im being stoopid with somthing networking is HARRRD)

#WIREGAURD connect to higher ground networking.wg-quick.interfaces = { # "wg0" is the network interface name. You can name the interface arbitrarily. caveout0 = { #Goes to ProtonVPN address = [ "10.2.0.2/32" ]; dns = [ "10.2.0.1" ]; privateKeyFile = "/root/wiregaurd/privatekey"; peers = [ { #From HigherGround to Proton publicKey = "magic numbers and letters"; allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "79.135.104.37:51820"; persistentKeepalive = 25; } ]; };

cavein0 = { # Determines the IP/IPv6 address and subnet of the client's end of the tunnel interface address = [ "10.0.0.1/24" ]; dns = [ "192.168.8.1" "9.9.9.9" ]; # The port that WireGuard listens to - recommended that this be changed from default listenPort = 51820; # Path to the server's private key privateKeyFile = "magic numbers and letters";

  # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
  postUp = ''
    ${pkgs.iptables}/bin/iptables -A FORWARD -i cavein0 -j ACCEPT
    ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE
  '';

  # Undo the above
  preDown = ''
    ${pkgs.iptables}/bin/iptables -D FORWARD -i cavein0 -j ACCEPT
    ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE
  '';

  peers = [
    { #friend1 
     publicKey = "magic numbers and letters";
     allowedIPs = [ "10.0.0.3/32" "192.168.8.170/24" ];
     endpoint = "magic numbers and letters";
     presharedKey = "magic numbers and letters";
     persistentKeepalive = 25;
    }
    { # My phone
      publicKey = "magic numbers and letters";
      allowedIPs = [ "10.0.0.2/32" ];
      endpoint = "magic numbers and letters";
      presharedKey = "magic numbers and letters";
      persistentKeepalive = 25;
    }
    {# friend 2
      publicKey = "magic numbers and letters";
      allowedIPs = [ "10.0.0.4/32" "192.168.8.170/24" ];
      endpoint = "magic numbers and letters";
      presharedKey = "magic numbers and letters";
      persistentKeepalive = 25;
    }
    {# friend 3
     publicKey = "magic numbers and letters";
     allowedIPs = [ "10.0.0.5/32" ];
     endpoint = "magic numbers and letters";
     presharedKey = "magic numbers and letters";
     persistentKeepalive = 25;
    }
    
    # More peers can be added here.
  ];
};

};

#Enable NAT networking.nat = { enable = true; enableIPv6 = false; externalInterface = "enp5s0"; internalInterfaces = [ "cavein0" ]; };

services.dnsmasq.settings = { enable = true; extraConfig = '' interface=cavein0 ''; };

Any help would be appreciated thanks

References: Futo Wiki: https://wiki.futo.org/index.php/Introduction_to_a_Self_Managed_Life:_a_13_hour_%26_28_minute_presentation_by_FUTO_software

NixOS Wireguard: https://wiki.nixos.org/w/index.php?title=WireGuard&mobileaction=toggle_view_desktop

Just a FYI, the main portion of the paragraph was put into llama3.1 with the prompt "take the following prompt and fix the grammer, spelling and spacing to make it more readable" Because im bad at english and didnt want to pain people with my choppy sentences and poor grammer

Hello,

Recently, I've been interested in self-hosting various services after coming across Futo's "How to Self Host Your Life Guide" on their Wiki. They recommend using OpenVPN, but I opted for WireGuard instead as I wanted to learn more about it. After investing many hours into setting up my WireGuard configuration in my Nix config, I planned to replace Tailscale with WireGuard and make the setup declarative.

For context, this computer is located at my residence, and I want to be able to VPN into my home network and access my services. Initially, it was quite straightforward; I forwarded a UDP port on my router to my computer, which responded correctly when using the correct WireGuard keys and established a VPN connection. Everywhere online suggests forwarding only UDP as WireGuard doesn't respond unless the correct key is used.

The Networking Complexity

At first, this setup would be for personal use only, but I soon realized that I had created a Docker stack for me and my friends to play on a Minecraft server running on my LAN using Tailscale as the network host. This allowed them to VPN in and join the server seamlessly. However, I grew tired of having to log in to various accounts (e.g., GitHub, Microsoft, Apple) and dealing with frequent sign-outs due to timeouts or playing around with container stacks.

To manage access to my services, I set up ACLs using Tailscale, allowing only specific IP addresses on my network (192.168.8.170) to access HigherGround, nothing else. Recently, I implemented WireGuard and learned two key things: Firstly, when friends VPN into the server, they have full access to everything, which isn't ideal by no means. not that i dont trust my friends but, i would like to fix that :P. I then tried to set allowed IPs in the WireGuard config to 192.168.8.170, but realized that this means they can only access 192.168.8.170 explicitly, not being able to browse the internet or communicate via Signal until I added their specific IP addresses (10.0.0.2 and 10.0.0.3) to their WireGuard configs.

However, I still face a significant issue: every search they perform goes through my IP address instead of theirs.

The Research

I've researched this problem extensively and believe that split tunneling is the solution: I need to configure the setup so that only 192.168.8.170 gets routed through the VPN, while all other traffic is handled by their local router instead of mine. Ideally, my device should be able to access everything on the LAN and automatically route certain traffic through a VPS (like accessing HigherGround), but when performing general internet tasks (e.g., searching for "how to make a sandwich"), it gets routed from my router to ProtonVPN.

I've managed to get ProtonVPN working, but still struggle with integrating WireGuard on my phone to work with ProtonVPN on the server. From what I've read, using iptables and creating specific rules might be necessary to allow only certain devices to access 192.168.8.170 (HigherGround) while keeping their local internet traffic separate.

My long-term goal is to configure this setup so that my friends' local traffic remains on their network, but for HigherGround services, it routes through the VPN tunnel or ProtonVPN if necessary.

My nix Config for wiregaurd (please let me know if im being stoopid with somthing networking is HARRRD)

#WIREGAURD connect to higher ground networking.wg-quick.interfaces = { # "wg0" is the network interface name. You can name the interface arbitrarily. caveout0 = { #Goes to ProtonVPN address = [ "10.2.0.2/32" ]; dns = [ "10.2.0.1" ]; privateKeyFile = "/root/wiregaurd/privatekey"; peers = [ { #From HigherGround to Proton publicKey = "magic numbers and letters"; allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "79.135.104.37:51820"; persistentKeepalive = 25; } ]; };

cavein0 = { # Determines the IP/IPv6 address and subnet of the client's end of the tunnel interface address = [ "10.0.0.1/24" ]; dns = [ "192.168.8.1" "9.9.9.9" ]; # The port that WireGuard listens to - recommended that this be changed from default listenPort = 51820; # Path to the server's private key privateKeyFile = "magic numbers and letters";

  # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
  postUp = ''
    ${pkgs.iptables}/bin/iptables -A FORWARD -i cavein0 -j ACCEPT
    ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE
  '';

  # Undo the above
  preDown = ''
    ${pkgs.iptables}/bin/iptables -D FORWARD -i cavein0 -j ACCEPT
    ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE
  '';

  peers = [
    { #friend1 
     publicKey = "magic numbers and letters";
     allowedIPs = [ "10.0.0.3/32" "192.168.8.170/24" ];
     endpoint = "magic numbers and letters";
     presharedKey = "magic numbers and letters";
     persistentKeepalive = 25;
    }
    { # My phone
      publicKey = "magic numbers and letters";
      allowedIPs = [ "10.0.0.2/32" ];
      endpoint = "magic numbers and letters";
      presharedKey = "magic numbers and letters";
      persistentKeepalive = 25;
    }
    {# friend 2
      publicKey = "magic numbers and letters";
      allowedIPs = [ "10.0.0.4/32" "192.168.8.170/24" ];
      endpoint = "magic numbers and letters";
      presharedKey = "magic numbers and letters";
      persistentKeepalive = 25;
    }
    {# friend 3
     publicKey = "magic numbers and letters";
     allowedIPs = [ "10.0.0.5/32" ];
     endpoint = "magic numbers and letters";
     presharedKey = "magic numbers and letters";
     persistentKeepalive = 25;
    }
    
    # More peers can be added here.
  ];
};

};

#Enable NAT networking.nat = { enable = true; enableIPv6 = false; externalInterface = "enp5s0"; internalInterfaces = [ "cavein0" ]; };

services.dnsmasq.settings = { enable = true; extraConfig = '' interface=cavein0 ''; };

Any help would be appreciated thanks

References: Futo Wiki: https://wiki.futo.org/index.php/Introduction_to_a_Self_Managed_Life:_a_13_hour_%26_28_minute_presentation_by_FUTO_software

NixOS Wireguard: https://wiki.nixos.org/w/index.php?title=WireGuard&mobileaction=toggle_view_desktop

Just a FYI, the main portion of the paragraph was put into llama3.1 with the prompt "take the following prompt and fix the grammer, spelling and spacing to make it more readable" Because im bad at english and didnt want to pain people with my choppy sentences and poor grammer

Old Client Config

Solution somewhat found! so i didnt understand what wireguard allowIPS really did, well i did but it was confusing. So what i did before was have 10.0.0.2/32 only, this allowed users of the VPS to have acess to my local network. i swapped it to where there was only 192.168.8.170 only and that made it to where i could ONLY acess the service and no other webpage or dns. the solution was to set on the server side, for peers allowed ip adresses to be "192.168.8.170/24" and "10.0.0.2/32, this allows each user to have there own IP adress within the server. so for example my phone has 10.0.0.2/32 and 192.168.8.170. THE CLIENT SIDE MUST MATCH!!! Which is what i missed before, my guess on why this is important is so your network manager on whatever your client os is running, knows that it can only acess 192.168.8.170 and anything within the 10.0.0.2/32 subnet. The reason why you NEED 10.0.0.2/32 is so the client can have an ip adress to talk to the server internally. at least i think im just a guy who dicks around with pc's in his free time :P.

so having 192.168.8.170/24 and 10.0.0.2/32 on both the wireguard client config and the server enforces that the client cannot acess anything but those adresses and subnets.

i still would like to setup split tunneling, because on my server if i wanna VPN from my server to protonVPN my wiregaurd server doesnt connect. but im glad i got it to this state, thanks for helping out everybody :)

I recently learned about a great search engine called SearxNG. it can be self hosted and is a metaseach engine, AKA it uses everyone else's search engine and puts the top results out of all of them in your search results. I instantly loved this because it gave me AD free/ Sponsored free search results, aswell as the added benefit of keeping my search query's on my local machine. However i then realized, it asks other search engines like google and bing for querys. I did not like that, so i setup Gluetun as a network host in docker, which then takes all searx querys and tunnels them through the VPN. making it harder to figure out what im searching compared to my raw IP adress. i have the DockerFile and thought i would share. anything with $$$ needs to be changed.

https://pastebin.com/NfHcUWLs link to dockerfile

Was watching this and thought id share. It is very intreasting. this video topics cover, recommended mobile operating systems. chat apps, smart TV's and modern cars.

all of which like to track and spy on the end user, and what some good alternatives are.