There is anonymity and pseudonymity.

Do you need your opsec to be resistant to state-level actors (oppressive regime, censorship, illegal activities)? Well then you need to make sure you don’t introduce anything that will deanonomize you.

Are you trying to be resistant to mass data collection efforts used for profit? Being on the pseudonymity spectrum is a good step.

Dealing with the latter is like dealing with a bully. Make it not worth their time. They just want to put you in bucket X so they can estimate the most likely way to influence you for reason Y. Pseudonymity is about having multiple aliases that get put into different buckets so their privacy invasive efforts are less effective.

I’m both experienced and know jack shit because there is just too much to learn. I just started using it (1998ish) to make cool looking UIs. Its been my daily driver for 15 years now.

You will never learn it all. Over time you may become more familiar with the terminal or you may not. Doesn’t matter. You do you.

Its pretty easy to test drive. Grab a distros “Live CD” version, put in on a thumb drive, reboot and play around. This wont be persistent. When you’re ready, install it on an external SSD. Play around some more now that your edits will be persistent. You’ll mess up. Take notes. Start again once you’ve hosed your system.

For the networking I found some repos with Nix and Gluetun (OCI containers). I don’t see them in my bookmarks, so it was probably a day project when I set up and didn’t keep the references.

That part is still in docker / podman. So any docker network guide just needs to be translated to nix.

Best resource I’ve found is searching GitHub.

My setup closely follows https://github.com/Misterio77/nix-config.

For servarr I just translated someone else’s docker compose setup to nix. There are some ready made nix ones you can look at like https://github.com/rasmus-kirk/nixarr/tree/main/nixarr.

The complex networking I just picked up over time once I knew my way around a little bit.

GitHub is your best resource. lang:nix search terms.

I wouldn’t run NixOS in a container. With native nix containers I’m pretty sure they share the store. For docker I’d use images built with nix (doesn’t run nix itself) or pull from docker hub.

OS: NixOS (high learning curve but its been worth it). Nix (the config language) is a functional programming language, so it can be difficult to grok. Documentation is shit as its evolved while maintaining backwards compatibility. If you use the new stuff (Nix Flakes) you have to figure what’s old and likely not applicable (channels or w/e).

BYOD: Just using LVM. All volumes are mirrored across several drives of different sizes. Some HDD volumes have an SSD cache layer on top (e.g., monero node). Some are just on an SSD (e.g., main system). No drive failures yet so can’t speak to how complex restoring is. All managed through NixOS with https://github.com/nix-community/disko.

I run stuff on a mix of OCI containers (podman or docker, default is podman which is what I use) and native NixOS containers which use systemd-nspawn.

The OS itself I don’t back up outside of mirroring. I run an immutable OS (every reboot is like a fresh install). I can redeploy from git so no need to backup. I have some persistent BTRFS volumes mounted where logs, caches, and state go. Don’t backup, but I swap the volume every boot and keep the last 30 days of volumes or a min of at least 10 for debugging.

I just use rclone for backups with some bash scripts. Devices back up to home lab which backs up to cloud (encrypted with my keys) all using rclone (RoundSync for phone).

Runs Arrs, Jellyfin, Monero node, Tor entry node, wireguard VPN (to get into network from remote), I2C, Mullvad VPN (default), Proton VPN (torrents with port forwarding use this), DNS (forced over VPN using DoT), PiHole in front of that, three of my WiFi vlans route through either Mulvad, I2C, or Tor. I’ll use TailsOS for anything sensitive. WiFi is just to get to I2C or Onion sites where I’m not worried about my device possibly leaking identity.

Its pretty low level. Everything is configured in NixOS. No GUIs. If its not configured in nix its wiped next reboot since the OS is immutable. All tracked in git including secrets using SOPS. Every device has its own master key setup on first install. I have a personal master key should I need to reinstall which is tracked outside of git in a password manager.

Took a solid month to get the initial setup done while learning NixOS. I had a very specific setup of LVM > LUKS encryption /w Secure Boot and Hardware Key > BTRFS. Overkill on security but I geek out on that stuff. Been stable but still tinkering with it a year later.

The DNS is cheap. Something like a penny a day for privacy. I typically paid like $50 every 2-3 years for both renewal and DNS on a couple domains.

Was kind of a PITA to be honest as I remember their login process was a little weird. I eventually moved on when they were slow to adopt some of the newer TLDs.

The registrar owns the domain then, not you. I made a root comment about Njalla which offers this service.

edit: Well you could use fake data. Still risk losing claim to it. I tried doing this with name cheap and they figured it out somehow that the info I gave wasn’t real. Was years ago so I don’t remember what I put in. My guess is it was one of those soft credit lookups (where did you live between X and Y?). Could also be misremembering.

One of the pirate bay founders created https://njal.la/#home but with the caveat:

For instance, when you register a domain name in our system, we can register with our own data. We will be the actual registrant of the domain – it’s not an ownership by proxy as found with all other providers. However, you will still have the full control over the domain name. You can either use our information (and our nameservers) or you can go with your custom data. And you can move at any time. Simple, flexible.

I believe it is required (ICANN?) to have a real entity attached to every domain, even with a proxy for the public whois. They simply offer to be that identity to avoid giving any identifying information, but they will have all claim on it if it came to a legal dispute.

In the same boat as the other poster, its been like 10 years.

I used GNS3 and Cisco VIRL way back in the day.

Depending on your use case, you can pretty far with just docker and some Linux packages. I’ve done GRE, BGP, OSPF, ISIS, Open vSwitch. That’s Linux networking though. If you’re trying to prep for a specific vendor’s cert, it might not meet your needs.

Does look like someone had success running virtual devices in docker that might be of interest: https://github.com/vrnetlab/vrnetlab

Something like vim-table-mode work as an improvement? You got me there though, tables can be a real pain in a terminal.

For the second, I setup an on save hook or watch script to build a PDF and open it. Its been a minute, but I think I had to find a PDF viewer that would refresh if already open and keep the current position on subsequent opens.

Best of luck finding something that works for you!

Need more info.

The answer will still and always be, just use nvim.

What features do these dedicated tools have that make you want to use something other than nvim?

I haven’t made a keyboard in awhile but anything that supports QMK (or whatever is new and shiny today) should be able to support this.

QMK and the like are custom firmware so you can pretty much code up whatever feature you need.

If you are looking for a pre-built, I know my Tofu65 supports QMK from https://kbdfans.com/.

QMK is written in C but they do have a no code tool I used for my Tofu65: https://config.qmk.fm/#/.

If the tool doesn’t cover your use case and you are able to do a little C, these sections are good starting points for layers (what you call modes) and cursor keys.

https://docs.qmk.fm/feature_layers

https://docs.qmk.fm/features/mouse_keys

I open the conversation with “Jmp.chat bot” in Cheogram. That particular conversation has two tabs, conversation or commands. On the commands tab I have “Buy account credit by…”.

They can modify the DNS packets still. They aren’t encrypted or signed so the authenticity of a response packet cannot be verified. Parental controls from ISP relay on being able to snoop and modify your DNS (and SNI from TLS ClientHello packets).

Immutable Nixos. My entire server deployment from partitioning to config is stored in git on all my machines.

Every time I boot all runtime changes are “wiped”, which is really just BTRFS subvolume swapping.

Persistence is possible, but I’m forced to deal with it otherwise it will get wiped on boot.

I use LVM for mirrored volumes for local redundancy.

My persisted volumes are backed up automatically to B2 Backblaze using rclone. I don’t backup everything. Stuff I can download again are skipped for example. I don’t have anything currently that requires putting a process in “maint mode” like a database getting corrupt if I backup while its being written to. When I did, I’d either script gracefully shutting down the process or use any export functionality if the process supported it.

Has not worked for me in ages on Graphene. Same issue. It quits right away. Even tried messing with the hardened malloc and it was no go. Been a pain trying to use Zelle or deposit checks. Other than a handful of core apps I just use the web mostly at this point.

Oh nice! I’ll have to dig into that. Wonder if its an implementation issue across vendors. I was always under the impression that DHCPv6 was the common convention if not static.

Ok. So a device didn’t get a dhcp address? No problem… It creates it’s open IP address and starts talking and try to get out on internet on its own…

Its not that different from a conceptual point of view. Your router is still the gate keeper.

Home router to ISP will usually use DHCPv6 to get a prefix. Sizes vary by ISP but its usually like a /64. This is done with Prefix Delegation.

Client to Home Router will use either SLACC, DHCPv6, or both.

SLACC uses ICMPv6 where the client asks for the prefix (Router Solicitation) and the router advertises the prefix (Router Advertisement) and the client picks an address in it. There is some duplication protection for clients picking the same IP, but its nothing you have to configure. Conceptually its not that different from DHCP Request/Offer. The clients cannot just get to the internet on their own.

SLACC doesn’t support sending stuff like DNS servers. So DHCPv6 may still be used to get that information, but not an assigned IP.

Just DHCPv6 can also be used, but SLACC has the feature of being stateless. No leases or anything.

The only other nuance worth calling out is interfaces will pick a link local address so it can talk to the devices its directly connected to over layer 3 instead of just layer 2. This is no different than configuring 169.254.1.10/31 on one side and 169.254.1.11/31 on the other. These are not routed, its just for two connected devices to send packets to each other. This with Neighbor Discovery fills the role of ARP.

There is a whole bunch more to IPv6, but for a typical home network these analogies pretty much cover what you’d use.

Very happy. My two daily drivers (Desktop and Laptop) are on Ubuntu but user space is managed with Nix.

All other machines are Nixos proper. Only thing keeping me back from moving to Nixos fully is I decided to piecemeal my own DE and I’ve just lacked the time to debug some issues related to gnome-keyring, computer locking, and coding up some system setting widgets.