Yes. The fearmongering of the security freaks is not necessarily true. We selfhosters are not big targets and nobody cares about our files or our devices.
Of course, until you get hacked.
But beside SMTP and ssh and known services like WordPress or PrestaShop there is little actual brute force bots trying hard.
Thank you! This is exactly why I do my wiki, so that people can use and benefit from the work I did before.
Mmm as for the admin console, I will add that, it had slipped from my wiki it seems!
My personal experience with conduwuit is very positive.
Everything worked including sliding sync for Element X.
Bridges works fine. Threads too (limited to client support ofc), session verification works fine, element call never tried, you need to install a dedicated server anyway, but that’s true also for synapse.
I was replying to the links post, must have got it wrong :)
So yes, I ended up thanking myself. Well, I always thanks myself anyway for not having screwed up too badly anyway so… ;)
Currently just setup conduwuit, tuwunel will require some more time to be up and ready, but they promised full compatibility upgrade.
See my wiki https://wiki.gardiol.org/doku.php?id=matrix%3Aconduwuit
There are also instructions for all main bridges.
Synapse is meant for heavy duty and is a pretty resource intensive python implementation.
Conduwuit and derivate is in rust and blazing fast on small footprint.
Tuwunel, the sequel of conduwuit.
Go with conduwuit today, then upgrade to tuwunel as soon as they release.
There is a post about that in this community.
Why synapse?
Its a good choice for max stability, but its by far the heaviest and most resource intense server out there, and probably overkill for a few user installation.
Well, wow. That feels mentally broken somehow. Probably also brilliant.
Thanks, very informative.
No, if you are batted, you will need a vps or some kind of real public address and tunnel to it for external to internal access. A VPN with port forwarding will also work.
Agreed, but still, its a serious loss for matrix, which is already a bit of ashitshow.
Is this shit true? I have been using conduwuit for quite some time with total satisfaction (as far as matrix goes OFC) and woulduch likely delete my matrix presente than sricking back to that shit show of synapse.
I read the link, and feel like i want to know the other side of the story.
But, honestly, don’t care for the stupidity of people and the toxicity. I care for the technical side and conduwuit is just the best out there. Losing it, it is a big loss for matrix globally.
Another point: 8gbps is mostly pointless. I would stay at 1gbps inside home and don’t bother to rewire and replace all my home equipment. That’s a long con game over the years slowly when each device has to be replaced anyway.
Maybe plan for 2.5gbps inside for the time being of you can do that a zero cost like reusing wiring.
I wouldn’t count on WiFi in any case, at best it’s a jimnick at that speed.
Get a nice hardware capable of running opnSense and use that immediately after your new ISP device. Just ignore their WiFi router, it will be crap whatever it is, unless you cat reflash with OpenWRT.
Be prepared that the new ISP will .most probably have CG-NAT.
Note: opnSense is based on *BSD so make sure the hardware you buy has supported 10gb network cards, at least two.
Radicale is an amazing light and efficient CardDAV/CalDAV server. Pair with Dav5x on android and you are fully setup.
1gb swap is way too small…
I usually setup swap to be 2x the total ram size. So, 32gb swap in your case.
Nothing wrong here, seems normal. With such little swap.
Actually Linux kernel works better with swap, the more the better. It will lalso perform better than zero swap. Counterintuitive indeed, but that’s how it works.
If you don’t want swap, use zram.
Luci? What is that? You mean OpenWRT?
It is, but you are free to switch at any time provider, there is no technological lock in like with cloudflare or tailscale (i know there is a free self hostable version, not talking about that).
So just rent a new one and switch your wireguard there.
100% agree.
One point: use an SSO like authelia or authentic. Way better than basic auth and you get the fancy login form too preserving all the benefits, and you can also use OIDC with those services that require more complex setup for proper auth