I read the old thread and now this one.

As I understand it, you want to create connection between clients on your lan, but you don’t trust your lan, so it’s like having a raspberry pi server and some client both on the coffee shop network and you want them to communicate securely?

Tailscale is what you want. Easy setup, free, and allows exactly this to happen.

Do you have port 80 to nginx open? Certbot dry run will give you some diagnostics, but that is the most common issue (port 80 being closed).

I also run LE on nginx and afraid DNS.

The effect is similar to sticky ports, but sticky ports is just filtering based on Mac address, which can be spoofed.

802.11x allows traffic from a device only if they also have the correct EAP certificate.

https://en.m.wikipedia.org/wiki/IEEE_802.1X

802.1x are a set of protocols that allow port access to be locked to specific devices, which would preclude your need for multiple subnets. You would likely need a few extra physical ports on your white box router, the unmanaged switch could later become overwhelmed passing traffic in a more complicated setup, and you would still need to keep trusted and untrusted traffic separate at the gateway subnet.

Your use case is exactly why vlans were invented.

However, I suspect from your other answers that you are actually looking for an open source managed switch so your entire networking stack is auditable.

There are a few solutions like opx, but hardware supporting opx is prohibitively expensive and it is almost always cheaper to build a beige box and use Linux or get a 2nd hand supported device and use openwrt.

For simple cases you might be able to use 802.1x authentication if “trust” is the issue. This doesnt scale well as a solution on a larger network though.

Op specified they have a dumb switch

Kind of a vague question, but I take it you mean OS-level hardening, which should be fine with CIS hardening.

In a virtualized environment, there are many security layers to take care of: network access, storage, api control, identity access, cluster config, backups, etc.

I use eleventy. Similar to other static site generators.

Oh yeah, sorry. There is some vendor lock-in with all bookstores, but kobo looks the other way.

I have calibre-web setup with kobo sync, so calibre-web pretends to be part of the kobo store to my reader and I’m able to add non-drm books to my reader while still using the kobo store if I like.

Kobo does not block non-drm. Calibre is used as a server all the time, see calibre-web.

These projects are poorly maintained and abandoned because the industry of email has been reduced to a very few players, and they don’t care about IMAP standards, dmarc, dkim or any of it.

You’re running head on into the primary reason no one self-hosts email anymore; it has gone from being a nuisance to being adversarial.

So I went to the demo and I have a few questions:

• Couldn’t figure out how to use 3d in demo (not critical)
• developer discord link on github is expired
• distinction between “public” and “shared” trails isn’t clear
• “Completion Status” for trails… what does this mean?
• Couldn’t import a trail in demo:

haystack-mountain-101522-105940.gpx
{"message":"TypeError: Cannot read properties of null (reading 'id')"}

I am actually really impressed with what you have so far, and I’d love to start using this!

Ok, I think I can deal with recording on an OSM client. I’ll give Wanderer a try.

I want to try this. I’m one of the unfortunate victims of Gaia GPS turning to trash.

However, I can’t seem to find in the docs how tracks can be recorded…

Is there an app?

Do I need to be in contact with the server to record a track?

Do I need to ask my friends to send me gpx exports if they aren’t on strava?

Do you envision an integration with opentrailmap so in can share trails without having to expose Wanderer to public?