K3can

should it be in NAND or NOR??

Why not both? My initial idea was to flash to NOR and then configure openwrt to a sort of "minimal usable state". That is, I'd have the basic functions required run my home network: basic routing between local networks and WAN. Then I'd copy that image to NAND and that would be when I installed the "extras", like SQM and whatnot. That way, if I ever broke it beyond repair, I could just flip the switches and copy the NOR back to NAND and start over with that minimal usable config.
I sort of followed my plan, but I think things have changed enough that it would not be the simple restart that I hoped it would.
I still think it's a good idea, though.

The Nest ones? I haven't seen anything online of folks successfully flashing one. The first steps would probably be to solder on a USBC port and see what kind of access you can get over serial. There's a picture of a Nest board (not the Pro) here, as well as info on what appears to be the correct usb connector. The OP also mentions that the Nest is lacking the developer button, but my guess would be that the function is still accessible by shorting the correct TPs. It doesn't seem like that OP ever went through with the project, though, so maybe you'll be the first!

Interesting. Looks like he's actually using an R4. I've got an R3, myself, though. I use mine as my gateway router and it certainly seems under utilized. I've got SQM, adblocking, DDNS, DoH proxying, multiple VPN interfaces, and it's a 'router on a stick' for my home networks (at 2.5gbe). Despite all of that, the CPU load never seems to budge and I'm only using a tenth of the RAM. I'm personally a bit torn on the device; on one hand, it certainly seems like it can do a lot more. It even has a m.2 slot for SATA/nvme, so it could definitely provide NAS or even some bigger applications. On the other hand though, I feel like it's such a critical piece of infrastructure that I don't want to introduce a bunch of non-router-related functions and risk one of those extra functions crashing the system and bringing down my whole network.

I'm not able to watch the video right now; is this actually using the gopher protocol?

It's running!

https://social.k3can.us/@me/statuses/01KAE0DRJN1S20A3P18V4GWHS3

It's not really "zero trust", though, right?

Isn't CF still terminating TLS?

Trying to run a fediverse server on a decade-old Wi-Fi router and encountering some ~~un~~expected issues. Making progress, though.

Eh, I agree.

I have root access to the server and can directly interact with the backend DB. Forcing email for a password reset doesn't protect me from me.

Python's webserver is meant to be a quick option for testing, and shouldn't be used for a publicly accessible website. You'll want a proper webserver for that.

You would need access to the router for the port forwarding, so if you can't access it, you'll need an alternative option. The next best option is a commercial reverse proxy, most commonly that's Cloudflare's "tunnel" product. Essentially, Cloudflare acts as a man-in-the-middle, forwarding from a public address directly to your local server. It's pretty easy to set up and it takes advantage of common router settings to open ports from the inside, where the router's firewall rules are typically quite lenient. This also works with CGNAT, so no need to figure that out. The downside is that Cloudflare gets access to all the data that passes through them, even passwords. So if your website happens to have a lot of sensitive data, you'll need to decide whether you trust them with that data. They do not get access to your normal web browsing or anything, just the data passing between the public address and your local server. Another potential downside is that they prohibit media streaming, so if your website serves a lot of videos, you'll want a different option.

Google Cloudflare tunnels homelab and cloudflared for more info. There's a bunch of YouTube videos and tutorials on setting it up. It's not perfect, but it's a free and easy way to selfhost from a limited network environment.

I'm guessing you want to selfhost, rather than use a hosting service?

When you say you have your site already, do you mean it's hosted on a local webserver, or just that you have the files?

If it's just the files, you'll need to choose a webserver. I like NGINX myself, but lighttpd is another option (there's quite a few options, really, but sticking to a well known option is generally more secure).

Configuration will depend on the server you choose, but then you'll put the files into three "root folder" used by the webserver. This isn't the system root ( '/' ), but a different folder specified as the root of your web page, usually '/var/www/html or /srv/www/html'.

Once the files are in place, you can test the site by using the web browser on another PC and entering the local IP address of the server. If everything looks good, you can set up port forwarding on your router to forward public port 80 to port 80 on the local server.

Lastly, you will need a DNS provider which will point your domain to the IP address of your router. Assuming you have residential service, you will need to determine whether your IP address is static or dynamic, or if your ISP is utilizing CGNAT. Depending on those factors, you may need to do some additional setup.

Once it is working, your next step will likely be to set up SSL and port forwarding on 443. That will allow your website to be accessed over https, which is the standard for the modern Internet.

I have hosted my own website and a blog for a while, and there are definitely some additional steps I would recommend to take, but the above is your basic starting point.

It's not. It's just a GUI for a server.

It's a modular GUI, though. The base install allows basic server management: system stats, upgrades, and a couple other bits. However, you can install additional modules to expand the GUI to allow for storage management, ZFS management, container management, file sharing (NFS, SMB), a file browser, VM management, user management, and so on.

My go-to "NAS system" is just standard Debian with Cockpit and a handful of supporting modules. It gives a nice GUI like OMV, but with all the flexibility and control of a normal Debian install.