There can be a period after graceful shutdown where the UPS is still running and the server will not restart if mains power comes back on. Not a likely scenario, but for apps you can’t afford to have down it’s something to consider.

Every wifi device we own that’s connected to wifi and the Internet can be precisely located by the companies involved even when using a VPN.

If you have an Android phone you’ve probably noticed a prompt at some point asking for your permission to transmit precise location information and enable wifi scanning. Those wifi SSIDs and MAC addresses along with its GPS location is sent back to Google. The combination of all that information is almost as unique as a fingerprint. They can use that along with signal strength of each AP in the area to determine your device’s location with precision. (Google used to allow apps like Maps to be used with wifi scanning turned off, but no more.)

Your Google stick can’t tell it’s on a VPN directly, but even without GPS Google can still pinpoint its physical location using their database of SSIDs and MAC addresses, and if they want to they can determine you’re using a VPN by comparing that to the expected location of your IP address. There probably aren’t enough people doing this right now to make it worth the trouble to detect your VPN, but IMO it’s just a matter of time before they decide it is.

I also expect that Google sells that information to every company willing to pay for it, so almost every single wifi enabled device can be precisely located if it can transmit data to the Internet.

We live in a scary time.

Thanks for that list. No need here for more advanced hardware so I’ll have to put off networking upgrades until I can come up with a reason to justify it.

As a home user, what additional features have you found useful on enterprise networking equipment? Just because what I’m doing is already ridiculously complex doesn’t mean it can’t be more so.

OpenWRT is amazingly flexible and would be a great place to start.

I switched from DD-WRT last year and have been amazed how good OpenWRT is. There are thousands of software packages that allow you to do pretty much anything you can think of on inexpensive hardware. Used Netgear R7800s are available for less than $50 on ebay or there are plenty of newer hardware options if you want to spend more. Those thousands of downloadable software packages include Wireguard and Adguard Home, plus there are OpenWRT integrations for Home Assistant. The forum is full of people who are happy to help newcomers.

I started by running OpenWRT in a virtual machine to get familiar with the UI and moved on to a live installation. Highly recommended, especially if you enjoy learning.

4gb isn’t much ram, but it can be surprisingly useful if you configure Zswap. Lots of guides out there. Here’s one of them.

A single Opteron 6272 is somewhat faster than the N200, but the Opteron’s TDP is 115 watts while the N200’s is only 6 watts. OP’s server with 2 processors is more than 2x as fast as my single processor laptop, but can require nearly 40x the electricity. For a home server it’s major overkill.

Sounds like my laptop will be plenty fast for some time to come.

This platform doesn’t use much power to begin with, but I do run TLP using a battery profile despite the fact it’s always plugged in. My intent is to lower the power consumption a bit further and extend battery run time if the power fails. There’s no noticeable impact on application performance. If you’re running Linux maybe it will work on your hardware.

Tangential question: What kind of server apps require that kind of processing power? I run a server on an Intel N200 laptop with multiple apps and services and it rarely uses more than 12% CPU and 15 watts. I’m wondering if I’m going to eventually run into something that needs a more powerful platform.

How long do you need the battery to last? My personal experience limiting a Dell convertible tablet to an 80% charge and keeping it plugged almost all the time was the tablet failed before the battery did. After 7 years the Dell battery utility still showed very little degradation and the battery hadn’t swelled at all.

I have multiple laptops (a couple used as servers) and mostly keep them at a 75% charge.

You have a number of options…

Your Lenovo is supposed to have charge limiting capabilities that are configurable in the UEFI. If it’s not configurable through the UEFI interface, the Thinkpad Vantage Windows app has the ability to set charge limits on most of Lenovo’s laptops and settings made there will likely persist when running Linux.

There are also charge limiting capabilities built into TLP that may work, as well as a specialized Thinkpad kernel .

If all else fails you can protect the battery using an inexpensive smart plug that’s controlled by the OS. I have an HP laptop that lacks any kind of battery management capabilities and I’ve set it up so it maintains the battery charge at 80%. Linux controls the plug with HTTP commands that are triggered by configurable charge levels. It works well.

If I’m understanding what you want to do, I have this set up on an OpenWRT router with multiple remote endpoints used for different devices. Our phones go to a hosted Wireguard server in one city, PCs to an OpenWRT router in a different location, and IOT devices that aren’t blocked and guest devices exit access the Internet locally. With some additional work you should also be able to have remote devices connected via WG exit wherever you like.

Policy Based Routing on OpenWRT makes this possible and it should be doable as long as the devices you want to allow to exit the remote server are included in that server’s “Allowed IPs” setting. (Maybe there’s a way around that, but I haven’t had to deal with it.)

As others have said, get something that works with OpenWRT. It’s unbelievably flexible and the OpenWRT forum can be really helpful, both for finding ways to implement things and for solving problems.

Debian 12, Mint, Pi OS, Windows 11, Android. Works perfectly on all of them.

Also check out Syncthing. I have it running on my Pi5, PCs and my Android phone. The phone’s photos directory and lots of other files are automatically synced to my server and computers. No open firewall port is needed, everything is encrypted in transit and it supports trusted and untrusted hosts. Syncthing supports pretty much any topology, but I’ve found using star topology is easiest to manage.

I have everything route through the tunnel and my router. Along with allowing instant access to everything I self-host and my home server through VNC, it allows me to use Adguard Home for phone DNS lookups no matter where I am. Theoretically my cell carrier should no longer be able to see any of my Internet traffic which I consider an added bonus. I’ve found no downside except some weirdness from Google if I’m out of the country for an extended period.

I self-host various applications and have been really happy with Wireguard. After watching just how hard my firewall gets hammered when I have any detectable open ports I finally shut down everything else. The WG protocol is designed to be as silent as possible and doesn’t respond to remote traffic unless it receives the correct key, and the open WG port is difficult to detect when the firewall is configured correctly.

Everything - SSH, HTTP, VNC and any other protocol it must first go through my WG tunnel and running it on an OpenWRT router instead of a server means if the router is working, WG is working. Using Tasker on Android automatically brings the tunnel up whenever I leave my house and makes everything in my home instantly accessible no matter what I’m doing.

Another thing to consider is there’s no corporation involved with WG use. So many companies have suddenly decided to start charging for “free for personal use” products and services, IMO it has made anything requiring an account worth avoiding.

AtariDump@lemmy.world wrote:

Great; how do I get my Mother to do that over the phone?

That’s not going to scale as I share out my server.

Are you incapable of recognizing that in this context my comment was a joke? What the fuck is wrong with you?

That’s not going to scale…

How many mothers do you have?

It’s not a cake walk, but I’ve something similar for a friend who can barely turn on his PC.

The OpenWRT router was fully configured before shipping it to him and the existing router’s needed Wireguard port was opened by me using the Comcast Android app. All he had to do was connect his TV to a new wifi network. That wasn’t easy, but he ultimately succeeded.