Looks good to me. Interface to Dest Ports are your match conditions. NAT IP/Port are the translations performed on each packet matched inbound and the Dest.

Traffic going the other way reverses this operation on the Src instead of destination.

That’s an over simplification of NAT, but for basic port forwarding the general principal holds.

Immutable Nixos. My entire server deployment from partitioning to config is stored in git on all my machines.

Every time I boot all runtime changes are “wiped”, which is really just BTRFS subvolume swapping.

Persistence is possible, but I’m forced to deal with it otherwise it will get wiped on boot.

I use LVM for mirrored volumes for local redundancy.

My persisted volumes are backed up automatically to B2 Backblaze using rclone. I don’t backup everything. Stuff I can download again are skipped for example. I don’t have anything currently that requires putting a process in “maint mode” like a database getting corrupt if I backup while its being written to. When I did, I’d either script gracefully shutting down the process or use any export functionality if the process supported it.

I haven’t tested in Windows, but this is my setup Linux to Linux using rclone which the docs say works with Windows.

Server

• LUKS
• LVM
• Volgroup with a mishmash of drives in a mirror configuration
• Cache volume with SSD
• BTRFS /w Snapshots (or ZFS or any other snapshotting FS)
• (optional) Rclone local “remote” with Crypt if you want runtime encryption at rest and the ability to decrypt files on the server. You can skip this and do client side only if you don’t want the decryption key on the server.
• SFTP (or any other self-hosted protocol from https://rclone.org/docs/)

Client

• Rclone Config /w SFTP (or chosen protocol)
• (optional) Rclone Config /w Crypt
• Rclone mount with VFS.

I use this setup for my local files and a similar setup to my Backblaze B2 off site backups.

The VFS implementation has been pretty good. You can also manually sync. Their bisync I don’t fully trust though.

I can access everything through android using https://github.com/newhinton/Round-Sync. Not great for photos though as thumbnails weren’t loading without pulling the whole file last I tested a year ago.

Hotline for the MacOS warez scene to get games in high school (circa 1999ish).

I accidentally pirate crap I have legitimate access to because I can’t be bothered to figure out which damn platform its on. I have access to quite a few through work due to my industry at no out of pocket costs.

The times I try to actually search for something, it’ll be listed on multiple platforms but 0 to 1 of those platforms will actually have what I’m looking for included with the subscription forcing me to manually check each one.

It is easier to just pirate.

“High five” instead of “paw” for two dogs which wasn’t the accident. The accident is they learned to associate high five with wanting something. When they want pets, food, bones, or toys they obsessively high five at you.

My cat does it now too. Maybe they learned it from the cat who saw they got treats for high fives. My wife hates it. I think its hilarious.

One method depends on your storage provider. Rsync may have incremental snapshots, but I haven’t looked because my storage provider has it.

Sometimes a separate tool like rsnapshot (but probably not rsnapshot itself as I dont think its hard links interact well with rsync) might be used to manage snapshots locally that are then rsynced.

On to storage providers or back ends. I use B2 Backblaze configured to never delete. When a file changes it uploads the new version and renames the old version with a timestamp and hides it. Rsync has tools to recover the old file versions or delete any history. Again, it only uploads the changed files so its not full snapshots.

Yes. You compose a crypted vault over your storage vault. I pay about $1/mo for B2 Backblaze. Around 150G last I checked.

Important stuff (about 150G) is synced to all my machines and a b2 Backblaze bucket.

I have a rented seed box for those low seeder torrents.

The stuff I can download again is only on a mirrored lvm pool with an lvmcache. I don’t have any redundancy for my monerod data which is on an nvme.

I’m moving towards an immutable OS with 30 days of snapshots. While not the main reason, it does push one to practicing better sync habits.

I believe you will see OOM errors in journalctl. Also considered a systemd service or something to restart the process?

Glad you figured it out though!

I use EteSync to sync my contacts. It can do calendars also and has a self-hosted option. Personally I just use Proton for my calendar at the moment.

I haven’t tested any desktop syncing with EteSync, but maybe it will work for you.

I use DavMail to proxy an Exchange account so I don’t have to install Outlook on my phone.

If the curriculum format teaches students to be test takers, I’d give them extra points for working smarter.

If my job gave me work while on my vacation, I’d be talking to the labor board if they didn’t pay me at my consultation rates.

Disk encryption, computer login, and password manager are pass phrase + random characters stored on a pin protected OnlyKey and/or Mooltipass.

Regular passwords are just random characters up to min(max_len, 128).

Not op but I’ve moved on to nixos, or I use nix for managing the home folder on Ubuntu / Darwin machines.

Disclaimer: I’m a software dev not a sys admin, though I manage a number of machines for dev and home lab stuff.

After the high learning curve, its so much easier keeping my systems in sync.

Super easy to rollback on a bad upgrade.

With UBI, its assumed to be part of a surplus economy is my understanding? Use some of the remaining surplus to pay workers who want a marginally improved quality of life (no billionaires to limit wealth hoarding).

Offer child care to those who wish to have a career, maintain a community garden, teach part time, etc.

Optionally or additionally, provide enough funding to allow for passion projects.

Fund open projects for those who want to work together to push the limits of humanity.

If I didn’t have to slog and worry about keeping a roof over my family’s head and food on the table, I’d be dedicating all my spare time to space exploration instead of making APIs for some company.

Overly simple and likely impossible to implement, but there are ways to enable finding a purpose outside of art and culture.

Grew up in a religious household with 8 years of private school operated by a religious institution in the states.

Never really believed and went full atheist around 13 years old.

Good feelings about something not on the bad list (usually something sexual) they take as a message from god. In other words, if they want something that benefits them, those feelings are used to justify their shit behavior because its some divine touch making them feel that way.

At least that’s been my experience. I wouldn’t trust them either.

Can try installing Avahi on the RPi (may come on the default image). It will advertise .local over mDNS / DNS-SD. I believe Avahi will advertise on link local if there is no default route to the internet.

Your system may automatically resolve the domain if its able to pickup the mDNS records to SSH in. Been a couple years since I’ve done it, so I could be forgetting a nuanced detail, but I vaguely remember just ‘plug and play’ if internet for the RPi wasn’t required.

Roughly 4 out of 5 companies I’ve seen that have received investments in my industry in the past 5 years have been Israel R&D startup companies.

Not my wheel house, but if I had to guess, the ruling class in the states has a lot of investments tied up in Israel.

Take with a grain of salt, as this is just an anecdotal observation.

That’s a rite of passage for anyone working on Cisco’s shit TUI. At least its gotten better with some of the newer stuff. IOS-XR supported commits and diffing.