Pete Keen

RE: https://hachyderm.io/@zrail/116053772428911398

So I think I solved... half(?) the problem. It dawned on me that I can use any machine on a given network to announce an #ipv6 prefix and as long as it has the router lifetime set to 0 no clients will try to use it as a gateway.

Thus, I'm announcing a /64 slice of the /48 I leased from a tiny lxc running on my N100 "critical stuff" machine.

I think for DNS I'm going to just put these addresses in public DNS. The whole point is that they're static and one fewer moving piece is nice. This doesn't solve the "but what if internet is down" problem but I don't think that's super realistic.

Oh one other thing worth mentioning: this /64 is not routed. From the outside it'll hit the blackhole route on my router VPS.

@homelab #selfhosting

Feb 15 at 10:46pmWeb
Show threadNogweii SFeb 16
@zrail I'm curious, what do you run that's considered "critical stuff" on that
N100?
Show threadPete KeenFeb 16

@nogweii I define that as "stuff that my family would be upset is not working even if they don't know what it is". Here's the docker compose stacks that are running in a VM:

- acme-challenge-responder[1]
- adguard-kids[2]
- auth[3]
- caddy
- certificate-builder[4]
- gatus
- genmon
- home-assistant
- homer
- mosquitto
- omada-controller
- zigbee2mqtt
- zwave-js-ui
- subspace-dns[5]
- smtp-relay
- victoriametrics
- waterfurnace

I also have an LXC on that machine running unbound with the OISD block list, and as of yesterday is also running radvd.

[1]: https://git.keen.land/pete/fly-dns/src/branch/main/apps/acme-challenge-responder

[2]: AdGuard Home set up for kids' vlan

[3]: TinyAuth + LLDAP

[4]: Cron job that builds certs for everything else

[5]: https://git.keen.land/pete/fly-dns/src/branch/main/apps/ddns-app

fly-dns

fly-dns

Forgejo: Beyond coding. We Forge.
Show threadPete KeenFeb 16
@nogweii oh also, not that it makes any difference, but I mistyped. It's an N150.