Andreas Happe: tech
Homeserver: Services Pt. 1
I am running a home server for a while now. I have been using it to host some services that I use regularly. In this post, I will share my experience with some of the services I have set up on my home server. This initial post will go over local git hosting using gitea, audiobook streaming using audiobookshelf and a self-hosted RSS reader using tt-rss.
Using tailscale on Fedora Silverblue
I am using Fedora Silverblue as one of my main desktops. Recently, I’ve been moving some services to a server behind tailscale but was still using its local IP address when at home at my Silverblue desktop. While doable, using an IP-address with an invalid HTTPS certificate wasn’t that pretty — so why not just access it through tailscale even within the same network, it’s an overlay network overall (so it should do a direct connection between my desktop and the home-server).
Building a little home-server with Linux, TailScale, ProtonVPN, Docker Compose and VM support
I’ve been using a mini-computer as home-server for the last couple of years. Originally, I used it to share files between my computers, but over time more and more services (like RSS-readers, media-libraries, home automation, etc.) were moved on that surprisingly capable mini-server. I’ve grown up using Linux (well, I was already 16 when Linux became available around here, but you get the gist) so it always felt natural to me to just just use a minimal Linux installation (debian) instead of using some NAS that supports add-on third-party software.
Building a 4G/LTE router+accesspoint using hostapd, network-manager and modemmanager
So I’ve been using a Raspberry Pi 4b+ together with a WaveShare LTE Modem as 4G router/access-point for my home network setup. I do like my hardware to be quiet and thus fan-less, alas the Raspberry Pi 4b+ gets a tad on the warm side. So this was a perfect opportunitiy to play around with an older Raspberry Pi 3b+ which should use approx. 20-25% less power (both, during idle and load) and with “new” software.
Running OWASP Juice Shop with Root-the-Box on Google Cloud Platform
So I am back at teaching web application security. This time I wanted to setup a CTF challenge for my students. To not reinvent the wheel, or rather, to stand on the shoulders of giants I am reusing the OWASP Juice Shop vulnerable web app in its CTF mode. Normally I would teach at a (physical) lab which would make the setup easy: all students are situated in the same physical room, I can setup the game server on my laptop and distribute virtual machines containing the vulnerable web app over the local network.
Create a new Ubuntu 20.10 Desktop without too much Ubuntiness.
After I’ve bought a new and fast 1TB SSD, it’s time to setup my aging Desktop again. Last time I went with Fedora Core, this time I will try to reduce some of the ubuntu-iness of a Ubuntu 20.10 Desktop for that. After preliminary tests Ubuntu seems to be more resource efficient than Fedora Silverblue and I should be able to remove most of Ubuntu’s problematic packages. Given that my Notebook still runs Fedora Core, I’m also keeping in touch with both the Ubuntu/Debian as well as with the Redhat/Fedora world through that.
Building a simple VPN with WireGuard with a Raspberry Pi as Server
Now that wireguard will be part of the upcoming Linux 5.6 Kernel it’s time to see how to best integrate it with my Raspberry Pi based LTE-Router/Access Point Setup. What is my scenario? Raspberry Pi 3 with a LTE hat, using a public IP address. This will be the VPN server (called edgewalker in this post) An Android Phone that should use the VPN for all communication when connected An Linux Laptop that should use the VPN only accessing network services that are exposed to the VPN Each device connected to the VPN should be able to connect to all other devices, e.
Adding advertisement-filtering and spotify support to a Linux-based Access Point/Router
The last weeks I’ve tried to improve upon my Raspberry Pi based LTE-Router/Access Point. Normally I would heave tons of software on it, try it out and let it simmer on. I did that this time too: the ELK-Stack (too little memory) and HomeAssistant (too little SmartHome-devices in my flat) only had a short intermezzo on this hardware. What stuck? Before that a small note: originally I was using a IKEA USB charger; its spec should be sufficient but I kept getting “Undervoltage detected” error messages in dmesg/syslog.
Building a secure torrent download station by combining Private Internet Access (PIA), OpenVPN and transmission through docker
Sometimes I want to work on client assignments (penetration-tests) from home, if I do that I am using my company VPN so that all traffic is routed thorugh their public IP address (which is white-listed by the client). I do not want for traffic to ever leave that VPN as that would look like as if I’d be performing cyber attacks from my private home IP address. The same requirements arise for different use-cases, e.
How to create a (good-looking) PDF and Kindle eBook from LaTeX
So I held a lecture on “Web Application Security” for the FH/Technikum Wien last spring and wrote a small booklet for my students (partially because I wanted to avoid discussions during the final exam). I did volunteer for a anonymous feedback round which turned out very positive for me, the booklet was repeatatly mentioned positively. So I distilled and refined it, tried to improve its focus. As I will do the same lecture next year, I am in dire need of feedback so that I can improve it, so I went to dark places and published it on reddit.