Hugo 🧙‍♂️ @hugo@melb.social

Check out this super cute melb.social #mastodon #mascot by @ohyran!

Check them out on Mastodon or on their website: https://www.ohyran.se/

The pitch I gave was "Melbourne Hipster" and I think this is pretty spot on! 👌

@JPEG wow you’ve really outdone yourself with this latest release of Mast, it feels so nice! ☺️

There's still some fluctuation in network, but it's low

Just resolved this by removing 0.0.0.0/0 from AllowedIPs on clients, so I can safely split tunnel and only use the VPN for stuff in my home network, rather than all traffic!

Terraform, more like terrorform

(Just kidding, I love terraform)

I guess I could some real server hardware, maybe some Ubiquiti networking gear.. 💰

Should I get a pi 4, an Intel NUC, an Odroid, or something else?

Maybe it’s time to get a Raspberry Pi 4?

My only issue now is that the throughput on the pi is miserably slow..

Left: speedtest on the rpi
Right: speedtest on my iPad

To be fair, this pi is 7 years old, it’s one of the first generation models...

I'm so proud I figured this out, but it was so painful.. This is at least 5 hours of work 😂

7. Configure dnsmasq to route requests to int.my.domain to the cluster IP of the private ingress running in Kubernetes
8. Peer Wireguard client to Raspberry Pi (on Macbook, phone, etc), and set DNS to Raspberry Pi Wireguard IP
9. Hit `some-service.int.my.domain` and it should resolve!

Alrighty, I just got this working, here's roughly how I did it:

1. Deploy private nginx ingress on Kubernetes, with its own ingress class
2. Wireguard server running on Raspberry Pi
3. Wireguard client running on Intel NUC (Kubernetes)
4. Peer Intel NUC to Raspberry Pi via Wireguard
5. Configure Wireguard on Raspberry Pi to route all traffic to Intel NUC
6. Disable systemd DNS resolution on Raspberry Pi and install dnsmasq

I've put metallb in front of nginx ingress, so I get the public IP, but I can't whitelist off that because my home IP is always changing.. And if I'm on the same network, nginx doesn't seem to receive a special header from metallb relating to it..

I have wireguard running on my pi, and I'm open to the idea of setting up a tunnel between that and the node so I can hit internal IPs, but it's not the solution I want

Does anyone know how I could make my home cluster differentiate between clients on the local network, and external clients? I feel like I must be missing something...

I want to expose some services internally (also via a VPN into my network), but I'm just hitting a dead end. I'm at the point where I think there's some piece of vocabulary that I'm missing 🤔

Adding Kotlin syntax highlighting to Sublime Merge: https://hugo.md/post/adding-kotlin-syntax-highlighting-to-sublime-merge/

I really need to blog more. But first, I need to move back over to GitHub and stop paying so much for my self hosted GitLab instance

The code's already mirrored over, I just need to get Kubernetes deployments working from GitHub Actions (should be pretty easy!)

I do this with every drink.. My delicious hot coffee quickly becomes an iced coffee

Almost left my tea for too long - it's just right

Setup wireguard on a raspberry pi on my home network, so I no longer have to expose as much as I do right now

Should have done this ages ago!