Just be aware of the risks involved with running your own CA.
Yes, LetsEncrypt with DNS-01 challenge is the easiest way to go. Be it a single wildcard for all hosts or not.
Running a CA is cool however, just be aware of the risks involved with running your own CA.
You’re adding a root certificate to your systems that will effectively accept any certificate issued with your CA’s key. If your PK gets stolen somehow and you don’t notice it, someone might be issuing certificates that are valid for those machines. Also real CA’s also have ways to revoke certificates that are checked by browsers (OCSP and CRLs), they may employ other techniques such as cross signing and chains of trust. All those make it so a compromised certificate is revoked and not trusted by anyone after the fact.
I want the WAN coming in from the router from the Pi’s Ethernet port, and the LAN coming out as Wi-Fi. I may also stick an additional Ethernet adapter to it in the future.
Can you try to explain this a bit more?
Anything with GNOME is visually appealing but unfortunately the usability is pure garbage. KDE is the exact opposite and Xfce is quick but sits on an awkward place.
Two things I've noticed about American politics: first, the most left-wing American politician would be seen as borderline far right in Europe. Second, in the US there's no left, because left would imply socialism that eventually lead to communism and that goes against the ideia of America, the American dream, the constitution etc. The entire country was built and maintained on the ideia of being against any form of communism.
Define "negative way"... GNOME changes in negative ways in a weekly basis so... Notification DDoS? :P
No, Matrix is just a privacy disaster that is run by a for profit company.
Link wasn't there when the original post was made.
Well, it's a container, in most situations you would be running as root because the root inside the container is an unprivileged user outside it. So in effect the root inside the container will only be able to act as root inside that container and nowhere else. Most people simply do it that way and don't bother with it.
If you really want there are ways to specify the user... but again there's little to no point there.
lxc exec container-name --user 1000 bash
lxc exec container-name -- su --shell /bin/bash --login user-name
For your convenience you can alias that in your host's ~/.bashrc
with something like:
lxcbash() { lxc exec "$1" -- sudo --login --user "$2"; }
And then run like:
lxcbash container-name user-name
When your device requests an IP it sends over a significant amount of data.
Like...?
Just be aware of the risks involved with running your own CA.
You’re adding a root certificate to your systems that will effectively accept any certificate issued with your CA’s key. If your PK gets stolen somehow and you don’t notice it, someone might be issuing certificates that are valid for those machines. Also real CA’s also have ways to revoke certificates that are checked by browsers (OCSP and CRLs), they may employ other techniques such as cross signing and chains of trust. All those make it so a compromised certificate is revoked and not trusted by anyone after the fact.
For what's worth, LetsEncrypt with DNS-01 challenge is way easier to deploy and maintain in your internal hosts than adding a CA and dealing with all the devices that might not like custom CAs. Also more secure.