Don’t remember the tool, maybe someone here does, but there’s some web service out there that boasts a “no storage” approach. You provide some URI and some other value (maybe username) and it makes a password for you, but it’s always the same for a given combination. Basically it’s a purely functional generator.

Downside would be forgetting a minor detail (Did it end with a slash or not? What was the username?) or the site going down. You can achieve the same thing yourself with a hash calculator but those passwords are a bitch to type in.

tl;dr just use KeePass

Never tried Authelia or Authentik but I’ve heard good things about them. I’m sure one of them will integrate with a reverse proxy.

Agreed, OpenWRT is for something with limited resources like an OTS router.

I didn’t for the longest time but now I use Traefik for this. It can automatically add services (i.e. containers) to it’s routing list so the overhead is low and since I also run openwrt on my router I setup *. localhost to point to 127.0.0.1 so I don’t have to remember what ports I’m using for which service (e.g. jellyfin.localhost). You can also setup DNS entries using something like PiHole.

I put the sample template (https://yacht.sh/docs/Templates/Templates/) into a file named docker-compose.yml and Docker said the syntax was invalid. Are you saying I can give Yacht a compose file and it’s cool with it?

Used it for a bit but I didn’t like how you have to deploy things from templates which are basically compose files that don’t look like compose files.

This is the kind of AI stuff that really annoys me. Looking at one of the mutation examples I didn’t see anything that wouldn’t normally be tested by a typical mutation tool. You took a simple, idempotent process and you got an llm to do it slower, less accurately, and using more resources.

If you wanted to marry the two in a new and possibly useful fashion I would say use an llm to analyze the results of a standard mutation test and give guidance on what issues should be acted upon first. An off-by-one calculation could mean somebody loses a million dollars or it could mean a button is grayed out. Standard mutation tools don’t give you that context.

Other than the low chance of you being targeted I would say only expose your services through something like Wireguard. Other than the port being open attackers won’t know what it’s for. Wireguard doesn’t respond if you don’t immediately authenticate.

There’s a little overlap with things like Terraform but it’s not as bad as if they bought the companies that owned Chef or Puppet.

Can’t believe that’s gone through. They took JBoss when they bought RedHat so now it doesn’t have to compete with Websphere and when they bought HashiCorp Openshift doesn’t have to compete with Nomad. At this rate they’ll buy CyberArk and then that’s no more competition with Vault.

I think KeePass can do HOTP.

I do use syncthing to sync between clients but if I’m not diligent about syncing before saving and right afterwards I will get missing entries. I wish KeePass had a one-way sync option (e.g. pull changes from another DB but don’t push). Then I could say each client has their own copy and syncthing would never find conflicts.

I’ve used KeePass for ages but I’m open to change. Anyone have any good comparison of these, esp personal experience? My biggest issue with KP is syncing between computers and avoiding conflicts.

If OP has a thrift store nearby it’s pretty likely they can get both for under $30.

DebOps my dude.

In a similar situation. I was using Open Media Vault but it has some networking bug that I just can’t nail down or work around. I have to manually fix the networking every time it breaks. Otherwise I barely used OMV features and did most things through Docker. I’ll be switching to Diet Pi and probably Ansible unless I feel like learning Puppet.

They’re very similar so you pretty much can’t go wrong. Podman, I believe, is more secure by default (or aims to be) so might run into more roadblocks with its use.

The n100 and n200 have quite low TDP values for much better performance than a Pi.

As a long-time user, not at all simple.

Reading a post on the LE forum it sounds like smallstep might be closer to what I need.

Is this only for public facing services then? I have little desire to expose my services except through tailscale or something like that.