I want to preface this with the fact that I am definitely NOT a networking expert so… don’t trust anything I say.

My situation is a bit different because I am using Tailscale, though I have it on the list to be replaced in the future.

When you Wireguard to your LAN, do subsequent DNS requests go through the VPN? Sounds like you’re looking into that route based on your third point above. If so, can you just add a static DNS resolution to your LAN router that points to your Caddy SSL terminator/reverse proxy? This assumes a static IP for your host.

That’s what I’ve done. On my router I’ve set a static DNS entry of silverbullet.mydomain.com -> 10.0.0.101 (where *.101 is the static IP of my internal host/Caddy). This allows everything to resolve correctly when I’m physically attached to my LAN but also when connecting remotely via Tailscale.

It may not be elegant, but it avoids the hassle / extra config of a local DNS server as well as the need to manage host routes on each device.

EDIT: My router is running OpenWRT but I think most consumer grade routers support static DNS routes… but I could be wrong.

I’ve been doing the SSL with Caddy and Let’s Encrypt via CertBot. Extra work but not too bad once you figure it out (and take notes since I forget by the time the renewal comes around :)

I still need to find time to set up auto renewal… One day

Yeah, the smart ones do it from a road at night with a spotlight… no camo required there either.

… I honestly can’t decide if I should tag this with an /s or not because it is 100% a thing that happens (also 100% illegal, especially when off-season, no license, and you throw in the case of natty ice, but when has that stopped a determined redneck)

I haven’t heard of this one! Thanks for the link, I’ll check it out.

I’ll stick with FOSS instead… Silverbullet.md in this use case.

My work will cover public transit costs for commutes but not gas.

About 75% of us are in the US so… No public transit to cover. Coincidence?

They actually may only cover that cost for US employees… I need to ask my EU colleagues. That’d be a real “fuck you” if so.

One of the first things I say when non tech people ask me about ““AI”” is :

“The term AI here is just marketing wank”

Tan suit

Mic drop

/s … Which is hopefully obvious

That has the secondary effect of shutting off the electricity, water, air, oil, or whatever else … It just takes a little longer.

Well this is awesome… pulling it now.

checks if I made this comment while drunk

No, not me… Unless my drunk self has an alt I’m not aware of.

Exactly the same situation here on every part of your comment.

Elite hax.

When I saw the default configured repos were hosted by Huawei I did a double take, then installed Armbian too : D

Similar setup here. Orangepi zero that starts kiwix server at boot and switches the wifi to AP mode. Just plug it in, connect to kiwix WiFi, access kiwix.local via phone browser, and shazam.

Doh : (

At least we have a valid excuse for not adopting fingerprint biometrics… Minor bright side, I guess.

I;m thinking about thos Beans

That’s the one. Are you a fellow lizard person that sheds your skin regularly like me?

Every time work pushes to use 100% biometrics I have to argue and get an exception.

I’ve got form of eczema where two to four times a year all the skin on my hands flakes and falls off… There are weeks when I have no fingerprints.

They’ve only brought up facial recognition once and I said it didn’t work reliably due to my skin color and facial hair. I have no idea if that’s true, never tried it, never will, but they didn’t pursue it any further.

I always enjoy throwing out the “if you force that, there will be about two months a year where I won’t be able to login… That’s up to you, but you have to document it so I can forward it to my manager and make them aware”. Unfortunately they haven’t forced it yet.

“Stephen, what are you doing?”

Thanks for the heads up!

For some reason I can’t get into audio books so text it is :)