FreeIPA and Keycloak will give you directory management (LDAP and Kerberos), identity management, and single-sign on (OIDC and SAML) which if all your computers are running Linux as well, will give you centralized management of users.

You can then set other FOSS business management/productivity applications like NextCloud, Oodoo, Seafile, OnlyOffice, LibreOffice, CryptPad, etc. To use Keycloak as its authentication mechanism.

A lot of this will depend on what kind of work the business does.

You’ll also want to look into log management and SEIM for security monitoring, Wazuh, Graylog, and others. This is especially true if the business has any data compliancy responsibilities in the country this is in.

I think the general consensus for homelabbers is a mesh network – Tailscale and Netbird are the two most popular options

I just wish I had done something absurd like sport a bright pink mohawk at some point before going bald 😂

Lol “Ukraine’s war against Russia” get the fuck out of here you punk ass shill

The Homelab Show was a good one, though they haven’t posted a new podcast in almost a year. Lawrence Systems and Learn Linux TV are the makers of it and have their own content as well

Correct, the hard disk in the laptop can not be read. This is where having a good backup strategy is important. Similar to how if your hard disk dies you’re no longer able to access the material on the hard disk. For me, the downsides of encryption do not outweigh the benefits of having my data secure.

I enabled full disk encryption during OS installation, set up a secure passphrase, and then set up automated encrypted backups to my home server, which are automatically backed up to a remote server.

I gain peace of mind in knowing that if my laptop is stolen I’m only out the cost of the laptop, the data within is still safe and secure.

• harddrives can be corrupted, too. That’s where backups come in
• True, though one could use a security key or password manager to overcome that, or setup secure boot/TPM to where a password isn’t actually needed. If all else fails, again, backups.

What are the downsides to encryption? Though you may have negligible benefits, if there are also negligible downsides then the more secure option should be chosen.

What’s your solution? PiHole? The thing I don’t like about the PiHole is the lack of wildcard domain rewrites. I’ve been playing with AdGuard Home and Unbound, not sure what my final solution will be, though.

Yeah I’ve been toying with FreeIPA for IdM, Keycloak for SSO, and Netbird to create a zero trust internal network. DNS is the hurdle I’m currently figuring my way over

I’m a big fan of vim/neovim with nerdtree and airline added in.

I’ve also been tryingourt Zed recently, it natively supports vim keybindings, so my workflow hasn’t changed, but its lightning fast (programmed in rust) compared to vs-codium (an electron app)

Yeah as @Nick mentioned, if it was just filling forms that would be fine, but its arranging documents and adding files together that he does most

This would totally work if it was for me, but the constant complaint from my dad is, “This was easier on Windows, why did you switch me to Linux?” So it has to be 70 year old man easy. Thank you, though!

Whoa I had no idea OnlyOffice had a PDF editor, I’ll be checking that out this week, thanks!

Thanks! I’m going to check this out!

I’ve been playing with Stalwart-Email as a combined SMTP/IMAP server. Its open source and written in rust, still pretty early in development and I haven’t played with it enough to give any real opinion on the pluses or minuses compared to other software, but its worth taking a look at.

Which eventually leads to the Dark Side

You could self host a web client

Well the internet down scenario has only happened once, and I returned home to no internet, booted up my laptop, and could not connect to any of my services since I couldn’t reach my control server. I haven’t forced the issue to occur by disconnecting my internet and testing connectivity. I just did the lazy thing and connected to the services I wanted via their IPv4 address

you’re almost certainly routing local network traffic over NetBird instead of using local routes

That’s precisely the functionality I want, though. Secure, encrypted, mutually identified traffic should be the only traffic in a zero trust network.

I’m simply trying to create an ingress point into this network for outside access.