Post APwYtqUIk4vhAkYmA4 by projectdp@infosec.exchange
(DIR) More posts by projectdp@infosec.exchange
(DIR) Post #APwYtqUIk4vhAkYmA4 by projectdp@infosec.exchange
2022-11-24T22:03:47Z
0 likes, 0 repeats
I wanted to share my #homelab current goals with the community here. I'm hoping to see what others are looking to #selfhost and learn with their lab.I would like to learn the ins and outs of Zero Trust deployments including #SSO, various #IdPs, LDAP, #FIDO2 to replace #TOTP, Cert based Auth options, and LB/Proxying. I want to have a solid and secure load balancing / proxying portal to access my lab assets. Hopefully in a way that could be authenticated properly on each request. I know this can be cut many ways but I would like to determine my preference by testing many combinations to deeply learn the different approaches and limitations.AI/ML - Looking to do a few things here. I want to run a variant of #StableDiffusion so I no longer have a cap on renderings like with #OpenAI. I want to run a #selfhosted equivalent of #Github #Copilot. Also would like to run something like #GPT-3 text generation and summarization in the lab. Lastly I want to containerize #Tesseract with a light frontend for image #OCR for general use.Cluster capabilities: I have a long term plan of comparing the features of #Proxmox against #vCenter for lab use. I used to run standalone #ESXi for my lab and that worked fine except for the obvious limits of a single host lab. I wanted to learn to better deploy clusters and see how affordably you can utilize more advanced features. I have been happy with Proxmox but still have some things to work out. Eventually I will rebuild as a #vCenter cluster.#IaC #scripting #programming - Looking to get more mature about my #CICD approach and understanding. Currently running #Terraform to deploy Prox VMs, have #Gitea, and post-deployment I use #Ansible. Looking to have a much more advanced build and test process.I'll post more in another goals thread: Re: #Storage #NAS #Backup #OS #Networking #Containers #Kubernetes #AWSI'd really like to hear what you're doing, big or small to use your lab to learn and experiment.
(DIR) Post #APwYtqxiygSue0KH1U by y3mz@mastodon.tech
2022-11-24T23:09:32.566774Z
0 likes, 0 repeats
let’s evaluate:idm/p sso f2: for this i would recommend a deployment of of a proxy that easily can inject middleware or intercept layer to throw to #keycloak it’s not difficult to configure and plugs in well with #traefik #caddy #nginx with the proxy gulping ingress requests you can be assured with keycloak (or maybe #authentik #authelia) that any system that’s being access can be challenged by idm + mfa/totp/hw tokenstablediffusion: you can do standalone machine or do pass-through with #proxmox. if you find that you need cpu-bound workloads, you can resize your vm/lxc in a minute or so. even use #terraform to do it via the apihypervisor: proxmox will still serve you well. with an exposed api there’s lots of things you can do. also, you can setup cluster and do hot-swings like vsphere or whatever vmware uses now. note, the proxmox theme…iac: plugin #drone or #woodpecker. you can create simple infra pipelines with multi-build steps (even parallelism if you so choose). both solutions are free-dollar and work well.as for what i have setup, that changes each week. i do have proxmox box as hypervisor layer but all vms are #nixos 💪 many machines across the globe running large-scale darknet mesh (no, not the cocaine darknet shvt, just closed network/dark) that allows a service network anywhere any time.workloads are scheduled wherever they should go, ie based on workload type (stateful || stateless), cpu-bound, gpu-bound, ad infinitumeverything is #gitops flow with git (#gitea) being the source of truthif you have specifics, reach out.