There are very few places on earth that are capable of producing the silicon wafers used in RAM. These factories are still producing at the same rate as before but buyers who pay more (large companies with data centers) are buying them so there are fewer left over for normal consumers (hence the high prices). So why not scale up by making the factories bigger or faster? They are, it will take decades to do that because the process is so advanced. Why not just scale out by building more factories for producing the parts? They are, but that too will take decades.

I deployed Technitium with docker, but generally this got me heading in the right direction with the initial setup. It’s more of an overview and quickstart than an in depth guide though.

I was doing basically this with a different sync tool, but I had a couple issues with it:

• If I needed to toggle ad blocking I had to go toggle it on both pihole instances
• When troubleshooting an issue I had to check two log sources, or disable one and then reproduce the issue again
• Sync was one directional so I could only make configuration changes from the primary instance

I’ve been a very happy Pihole user for years and years and Pihole 6 is the best yet, but once you’re dealing with multiple pihole instances, Nebula Sync and Unbound, then Technitium is actually simpler to manage since it does all that natively.

DNSWeaver has support for caddy labels too! Specifically for use with caddy-docker-proxy. So yeah, really good fit for your architecture.

Oh do I have a treat for you, check out DNSWeaver.

It’s designed to do exactly that, to automate creation of DNS records for container services. I use it with Traefik. It reads from the same labels that Traefik already uses to proxy services but if you already use another reverse proxy and don’t want to switch it supports dnsweaver-specific labels as well which are easy to add to your current deploys.

I used it both with pihole and technitium and actually used it to make the migration easier. Great tool.

Switching SSH to a non-standard port can cut down on log noise but it doesn’t really help with security. It’s trivial to identify ssh running on any port and attackers typically do full port scans anyway.

I’d put that effort towards allowlisting only trusted public ips or setting up wireguard/tailscale for ssh access instead.

I migrated from pihole to technitium a few weeks ago and it was so smooth.

Native support for clustering is huge. I didn’t even realize how complex managing the pihole had gotten trying to get it to sync to multiple instances.

Flashing the same version of the BIOS just to feel something, anything.

True but it does put me in a good position to maximize my kill/death ratio.

I avoided tailscale for so long because I was already using wireguard and I didn’t know you could self-host with headscale. But once I started using it with headscale the mesh design really is a big improvement to usability. I don’t miss having to carefully manage my config files and ip route rules.

I need to get setup with app connectors and then I think it’ll finally be a high enough wife-usability factor for me to remove some things I still have exposed over the internet.

DERP is the service that actually relays packets between tailscale connected devices when they are crossing a NAT (leaving one private network and going across the internet to another private network).

If you host headscale (the self-hosted community version of the tailscale control plane) and use it with tailscale, by default it will still use the public Tailscale DERP servers. Your traffic is still encrypted and not visible to them, but it does still rely on part of their centralized architecture even though you are hosting the control plane yourself.

That being said, you can just use the embedded DERP that ships with headscale, although there are some other considerations when doing that because it will need to be publicly on the internet, probably with a proper domain name and publicly trusted certificate.

Headscale includes an embedded DERP server but you need to enable it. Their example yaml has it disabled by default, which I assume is because it needs to be publicly available on the internet, requires HTTPS, and thus a certificate and other network/security considerations.

You can self host the control plane for Tailscale using a community project called Headscale. I use that along with Headplane which gives you a nice admin web UI.

Then you just use the tailscale client on devices like normal but you authenticate new clients with your endpoint instead of the centralized one.

I assume it’s because they are using performance capture for all the facial animations.

I played the demo and it was pretty fun. I’ll have to check this out.

This used to work for me but unfortunately at least two places I haven’t been able to figure out any button combination that mutes them which has been infuriating.

The gas pumps that blast ads at you are driving me insane. All of the places in between my house and my work have them now.

What do you mean by ‘desyncing’ issues. I use Syncthing very heavily across my servers and workstations and I don’t have any trouble. I run my own Syncthing relay server for NAT traversal.

The Haves and the Have Nots have always been at war. Occasionally there are agreements struck, but the Haves always come back for more.

This exactly. I’d use rsync to sync a directory to a location to then be backed up by kopia, but I wouldn’t use rsync exclusively for backups.