a very weeny construct 💀

@pho4cexa@tiny.tilde.website
491 Followers
327 Following
19K Posts
40s   atheist đŸ–Ĩī¸ parent
  đŸŗī¸â€đŸŒˆ
i love the craft of software;
i loathe the software industry.
agpl3+ forever but not an rms fan.
pronounsxe/xem/xyr
:tilde: webhttps://tilde.town/~pho4cexa

Announcing FOKS, the Federated Open Key Service | The FOKS Blog

https://blog.foks.pub/posts/introducing/

Announcing FOKS, the Federated Open Key Service | The FOKS Blog

possible workarounds:

  • put all the clients i care about doing video calls with (my immediate family) on tailscale, which also performs the function of nat traversal
  • talk to my provider about installing coturn on the ipv4 proxy box? but the cost in bandwidth and maintenance might be too high, especially if i'm the only customer using it
  • maybe stun/turn as-a-service exists?
  • admit defeat and just pay $1/mo for an ipv4 address

🤔 turn and stun are mechanisms to help ipv4 clients behind nats talk to each other directly, or failing that, proxy their traffic to each other

nats are pretty much only for ipv4 clients. if they have an ipv6 address is probably isn't nat'd

so it probably doesn't make sense to imagine how to run a stun/turn server on an ipv6-only vm

the appropriate place for it to live is probably alongside the sniproxy doing ip4->ip6 reverse proxying

but with this figured out, i now have an ipv6 vm that can still serve up its websites to people stuck on ipv4-only networks! without paying for an ipv4 address allocation! đŸĨŗ

next, to see if a prosody xmpp server and a coturn turn/stun server will work just as happily as the webserver does within this setup

today i learned that if you are reverse-proxying :80 and :443 with PROXY protocol to a caddy set up like this...

{
servers {
listener_wrappers {
proxy_protocol {
allow ...
}
tls
}
}
}

then, in addition to your https site definitions, you also have to toss this line in there to make proxy_protocol apply to the automatic http->https redirect that caddy sets up

:80 { }

https://caddyserver.com/docs/caddyfile/options#:~:text=unless%20you%20explicitly%20declare

Global options (Caddyfile) - Caddy Documentation

Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go

New album cover dropped
@pho4cexa UTM is qemu in a trenchcoat, but it's a nice trenchcoat, and i think it also has the Apple virt stuff in there too. look for a checkbox to use it when you create a VM.

i don't know how wrong that analysis is, that's just my takeaway from attempting to research the subject with one hand clutching my temples to keep my brains in

i went with utm for now, 2gb download will finish in another 2 hours or so

so if you're stuck on a m2 mac and you want to just pop open a linux vm to do your work comfortably, there are a few avenues

  • parallels ($ after a "trial")
  • qemu (install with "homebrew")
  • utm ($ unless you get it from the website)
  • many scary rando app store apps that offer "in-app purchases"
  • open xcode, create a project, call functions, and the virtualization stuff built in to macos will do it with no additional "apps" needed ???🙃
Running GUI Linux in a virtual machine on a Mac | Apple Developer Documentation

Install and run GUI Linux in a virtual machine using the Virtualization framework.

Apple Developer Documentation
GatchaOps tiem