I'm going to set up a WireGuard server on my router. I want my mom to be able to use it but she lives very far away so setup will need to be done remotely. What's the best way to go about this? I need to share the WG config somehow.

She's not great at computers either, so any tips on how to easily install and set things up on her computer would be appreciated.

I've been trying to avoid Tailscale or Netbird, but maybe that would be the best solution in the end. I'm not interested in self-hosting a relay or management service though, I feel like I'm way too inexperienced to secure such an important system. Should anyone compromise the VPS, both me and my mom's devices would also be compromised (I assume).

Thanks!

Is it possible to do this? It may be silly but the automatic profile picture with the initials bother me.

What do you use for syncing your password manager between your Android phone and your PC? Apparently Nextcloud doesn't support two-way syncing on Android for some reason, and Syncthing-Fork is still untrustworthy since the disastrous handover. The AI generated profile picture of researchxxl doesn't exactly inspire confidence either, neither does his GitHub bio:

Hi! My name is Jonas and I like to use my coding skills from games and modding to continue work on the Syncthing for Android wrapper.

Everything about this person screams vibe coder.

Bitwarden is an alternative, but I don't like how non-standard it is. It's cumbersome to manage and backup, meanwhile the KeePass format is just a file that I can backup wherever and however I want and there are many frontends to choose from.

Have you solved this?

Hello!

I've spent a lot of time struggling with Hetzner's KVM console, there are a lot of problems causing severe issues with setting up passwords and passphrases. I just thought I'd create this "guide" to get things rolling, for everyone who faces the same issues I've faced.

Step 1 - Firewall

Set up a firewall and only open port 22 with your IP (you can look it up using ip.me).

Step 2 - Installation

Perform the installation procedure as normal, setting very simple passwords and passphrases for the user accounts and the disk encryption. Set them to something like 123. These will be changed later!

I'm using Debian 13, the steps may or may not be the same for your choice of distribution.

Step 3 - SSH access

Unmount the ISO and reboot. Enter the console again, log in as root with your simple password. Now, if you have the same problem as me, keys like /, CTRL etc. won't work, so I used tab completion and vi to to modify the config file.

# cd ../etc/ssh/
# vi sshd<TAB>

Inside vi, press o to create a new line and enter insert mode. Add:

PermitRootLogin yes
PasswordAuthentication yes

Press ESC and then <SHIFT>-yy (so holding shift and pressing y twice). This will save the file and exit vi. Restart the SSH services:

# systemctl restart ssh sshd

Step 4 - Dropbear

ssh into your VPS. Now you have full keyboard access like usual. Install dropbear-initramfs, which is an SSH server that's placed in the initial RAM filesystem so that you can ssh into your VPS during start up so you can easily enter your encryption passphrase.

Generate a new key pair and add the public key to /etc/dropbear/initramfs/authorized_keys

Run update-initramfs -u and reboot. You should now be able to ssh into your VPS using the key you just generated. The following command lets you unlock the encrypted disk:

cryptroot-unlock

This will probably disconnect you from the tunnel, simply re-establish the SSH tunnel again.

Step 5 - Changing passwords and passphrases

To change the encryption passphrase:

# cryptsetup luksAddKey /dev/sdXY
# cryptsetup luksRemoveKey

Lock the root user and change the password of your user (don't forget to add the user to the sudo group!):

# passwd -l root
# passwd user

Done!

At this point you might want to use some other means to access the server, such as Netbird or Tailscale or Wireguard. Regardless of how you decide to access the server, you should revert the changes to sshd_config.

P.S.

I have no idea if this is a secure or good way to do this. Use at your own risk!

Hello!

I've been playing around with self-hosting for a while now and I've started moving over to a VPS. At home I have a PC that's on more or less 24/7 with an *arr stack, jellyfin and some other services. They can only be accessed through Netbird. The services aren't that important, the data doesn't really need to be backed up since it's not very important. On the VPS, however, I would like to host some more critical services, such as:

• Vaultwarden
• Immich
• Gitea
• Overleaf

I want them available 24/7, even if I decide to distrohop and wipe my PC at home. The problem is how to structure all this. My current idea is to run Gitea and Overleaf out in the open behind some reverse proxy without authentication (Nginx or Nginx Proxy Manager). I'd like Vaultwarden and Immich to be on the same VPS, but, I don't want those services to be accessible to anyone but me, so I'd need some form of ACL or authentication system. I'm thinking of using Netbird for this, since I already use it on all of my devices.

So I would set up DNS records from within Netbird that would point immich.domain.tld and vaultwarden.domain.tld to the internal Netbird IP of the VPS. In the reverse proxy, I'd set up access control such that it only redirects the Netbird IP range to those services. On Cloudflare, I'd point git.domain.tld to the external IP of the VPS with proxy enabled.

Everything would receive HTTPS certificates, and I'd block incoming traffic on every port except for 80 and 443.

Is this a good setup? Any tips or recommendations? Any pitfalls?

Thanks!