Hugo 🧙‍♂️ @hugo@melb.social

@JPEG wow you’ve really outdone yourself with this latest release of Mast, it feels so nice! ☺️

@quad That sounds like a bargain!

There's still some fluctuation in network, but it's low

Just resolved this by removing 0.0.0.0/0 from AllowedIPs on clients, so I can safely split tunnel and only use the VPN for stuff in my home network, rather than all traffic!

Terraform, more like terrorform

(Just kidding, I love terraform)

@shlee seems to be significantly more expensive than a pi 4, like $100 more

@shlee I was looking at an Odroid N2, but I haven’t done much research

@m4iler I love the NUC I’m using to run right now, but they’re pretty expensive

@shlee good price/performance ratio?

@shlee nothing like a hardware button 💆‍♂️

I guess I could some real server hardware, maybe some Ubiquiti networking gear.. 💰

Should I get a pi 4, an Intel NUC, an Odroid, or something else?

@shlee oh that looks really neat! How much did it run you?

Looks like it can bridge you to a WiFi network as well, not just 4G, that’s very cool if so!

I was looking at one of their portable routers awhile ago but never pulled the trigger

Maybe it’s time to get a Raspberry Pi 4?

My only issue now is that the throughput on the pi is miserably slow..

Left: speedtest on the rpi
Right: speedtest on my iPad

To be fair, this pi is 7 years old, it’s one of the first generation models...

I'm so proud I figured this out, but it was so painful.. This is at least 5 hours of work 😂

7. Configure dnsmasq to route requests to int.my.domain to the cluster IP of the private ingress running in Kubernetes
8. Peer Wireguard client to Raspberry Pi (on Macbook, phone, etc), and set DNS to Raspberry Pi Wireguard IP
9. Hit `some-service.int.my.domain` and it should resolve!

Alrighty, I just got this working, here's roughly how I did it:

1. Deploy private nginx ingress on Kubernetes, with its own ingress class
2. Wireguard server running on Raspberry Pi
3. Wireguard client running on Intel NUC (Kubernetes)
4. Peer Intel NUC to Raspberry Pi via Wireguard
5. Configure Wireguard on Raspberry Pi to route all traffic to Intel NUC
6. Disable systemd DNS resolution on Raspberry Pi and install dnsmasq

I've put metallb in front of nginx ingress, so I get the public IP, but I can't whitelist off that because my home IP is always changing.. And if I'm on the same network, nginx doesn't seem to receive a special header from metallb relating to it..

I have wireguard running on my pi, and I'm open to the idea of setting up a tunnel between that and the node so I can hit internal IPs, but it's not the solution I want