Some updates

Matrix migration

Switching from Synapse to Dendrite was always inevitable. I had dragged my feet on it largely due to an if it ain’t broke, don’t fix it mentality. The challenge was that eventually it did break. Somewhere between Synapse 1.8 and 1.9 I was unable to update without getting DB errors. I had tried a query based off someone having similar issues, but when the issue reappeared, it was for a different relation in the synapse db. This was when I decided to throw the towel and start fresh. Up until this time, my matrix instance has really only been for me and immediate family, and this was bound to happen because at the time of writing, you can’t migrate to dendrite and keep your messages.

No shade intended on the matrix or synapse team. This instance was running for quite a few years and it served me very well. I’m looking forward to the performance upgrades of running dendrite.

Should have backed-up contact handles & my e2e keys! Oops!

PeerTube is the greatest

Libre Solutions Network now has 200 views on the PeerTube channel! Not a huge number, but it’s a great start! I think the best thing about it is that PeerTube instances themselves can follow others. For now, when I upload a new video it shows up on a wide variety of other instances in their “recent items” feed. This is almost the exact opposite of youtube alternatives just becoming their own echo chambers.

I’d argue that PeerTube is one of the most important projects that currently exists. It sounds like hyperbole, but it really has the ability to be a huge game-changer. With features like webtorrent, remote transcoding, I’d argue the only thing that’s missing is support for multiple domains (like Tor & I2P addresses.).

If you agree with me on this, please consider supporting the project

Don’t erase your Arch Linux install just yet!

I’ve noticed something that may not be great for new linux users trying out Arch Linux. I wish I knew exactly what triggered this, but sometimes when you reboot it will fail to boot waiting on a particular disk UUID, despite no disks being changed. I remember in my distro-hopping days, this would be the moment I’d just grab the home directory and switch to another distro.

Oddly enough, I had noticed a long time ago that a very fast and efficient way to fix this issue pacman -S linux. Reinstalling linux, which triggers a bunch of other changes seems to resolve the issue. This is where it’s handy to boot from your installation media then chroot back into your installation.
Essentially, the process is:

1. Boot up the installation media

2. mount your partitions to /mnt

   After mounting your root partition taking a look at /mnt/etc/fstab can help give some insight on how/where things should be mounted.

3. chroot into the system with arch-chroot /mnt

4. Reinstall your kernel with pacman -S linux

Wireguard is pretty neat

It was recommended to me to replace ssh tunnels with a VPN connection. In hindsight, it takes about the same amount of time to configure either solution. I would still recommend SSH tunneling for temporary or one-off configurations, but I can see why a VPN is a preferable solution. Wireguard is pretty simple and straightforward to setup, and all-in-all is painless to keep running.

Gotchas

When actually running services from behind a VPN to a VPS (or other machine) there are things you may want to keep in mind:

• Ensure that your VPN server is actually able to forward traffic

  At minimum you’ll need

  net.ipv4.ip_forward=1
  net.ipv6.conf.all.forwarding=1
  

  In your /etc/sysctl.conf file

• Correct iptables configuration on both hosts

  PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Add forwarding when VPN is started
  PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D 
  
  POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE # Remove forwarding when VPN is shutdown
  

  Is used by this config file to turn the rules on-and-off with the VPN.

• If you’re hoping to forward outbound traffic, ensure that you’ve set the allowedIPs to 0.0.0.0/0 and ::/0 for IPv4 and/or IPv6.

  I have noticed that doing this really makes life difficult for docker. I’m not entirely sure why. Setting dns settings in /etc/docker/daemon.json didn’t seem to really improve things. If I wasn’t already hosting many services through docker I would consider moving to VMs / “bare metal” installation due to this.

• Since you’re now using more than just the default network interface, make sure your services are binding to all interfaces "0.0.0.0"

Gnome & Kde NetworkManager GUIs can also be configured with wireguard. I found this link helpful for someone trying it out for the first time.

As someone who doesn’t have IPv6 on my own internet, it’s good to know that I can access it through wireguard from a VPS.

I think tailscale is built on top of wireguard. It essentially marries the VPN with SS0 and dns as well, I believe. There is a self-hostable server in development but I’m starting to worker if it may be easy for one to create their own mesh of these ideas. I think for self-hosters, families, and communities it would be a very valuable tool to leverage. Something like a digital hearth to gather around.