I myself run all my services over wireguard. But I run ssh natively though but with extra hardening (fail2ban/sshkey/no default port/max retries, etc). Plus my IP changes every 24 hours. However, I did learn how to setup online services and this can be a stepping stone.
If one is experimenting, exposing the port is fine (temporarily). But if someone is running a service 24/7 over the internet, and the person does not have any cyber security acumen, wireguard is the clear winner.
If you tell me what kind of hardware you have, i can direct you to the correct resource. I have done it for my TPLink router, which has support for noip.com. OpenWRT/OPNSense has dedicated plugins or it's baked-in.
For external access though, I don’t have a domain name registered, and I’d rather not have one. I’d be happy to access this just using my external IP address. But I don’t know how “static” the IP address from my ISP is. (My router gets it via DHCP, but I don’t know how long those leases are, or if it re-uses the same IP when renewing.)
Some routers have integration with dyndns or noip. You can get a free (disposable) domain. If you do the correct port forwarding to your camera's application server, you can access your camera from outside. However, ensure you are using HTTPS, a strong password, and the server on a non-standard port.
Pro-tip = Run wireguard to access everything securely.
I have seen this project popping up quite a bit. It seems like this natively supports a lot of encrypted DNS protocols, unlike Pihole. Looks very nice.
You will still to track adhoc changes to different services or configurations that would then need to also be applied and executed in a NiX config in the proper place to ensure proper order of execution.
Do you mean to say that I can run random systemctl commands to make changes to the system, but in order to make them persistent, I need to add them to the config? If yes, this model is fine by me. As long as the changes are documented in files maintained by me, it's good.
In mutable distros, the issue I face is that some changes are present in .config, /etc, ~.local which slowly becomes painful to keep track of.
We’ll need a way to confirm that your government ID and PII is actually deleted on Age Verifier’s platform.
IMO this is the hardest part to ensure in a transparent manner.
And I can also see an issue where one guy who keeps creating different Age Verifier accounts, verifying that the account is an adult, and then selling that account to people.
The token needs to be time and device sensitive. Should be possible via a hash
I will agree that my advice is bad.
I myself run all my services over wireguard. But I run ssh natively though but with extra hardening (fail2ban/sshkey/no default port/max retries, etc). Plus my IP changes every 24 hours. However, I did learn how to setup online services and this can be a stepping stone.
If one is experimenting, exposing the port is fine (temporarily). But if someone is running a service 24/7 over the internet, and the person does not have any cyber security acumen, wireguard is the clear winner.