The only "hard" thing is that wireguard doesn't port forward automatically, you have to add an iptables rule. Took me 10 minutes to figure out how and now whenever I add a service I simply copypaste previous rules and add relevant ports...
Edit: plus once you set it up you also get to use it as a VPN for your devices.
The main reason to use something other than WireGuard today is that it requires root to run, in order to change the network configuration, so you can't use it to tunnel out on machines where you don't have elevated privileges.
Now I imagined wireguard would be perfect for this, but alas its only UDP which will never work on this network, sadly.
Also my cell proider somehow makes wireguard impossible, not sure if they block UDP too.
I was also sad when zerotier wouldn't work through the proxies.
I know, I know, busting proxies is wrong. But for me using it between linux boxes on permanent connections works fine, but its a very small portion of what I want from my VPN.
In the end it turns out Home Assistant on a dyndns HTTPs site solves most of my access problems. Even ssh can be solved using it!
Get "http://localhost:36169/": dial tcp 127.0.0.1:36169: connect: connection refused
I didn't see it on your list. It isn't clearnet again, but so are others, such as Zeronet :)
A lot has happened in the SBC market since - with (for example) Odroid C4 you'll get significantly more bang for not much more buck.
Just an idea if anyoine feels inspired: Organize with Pine64 to make an upgraded version based on their new architecture slated for release this year. With their strong focus on openness it seems like a perfect match to me.
I don't think it's a good idea to install a dozen plus web apps directly on a server, such that a bug in one can compromise the entire server.
For non-technical users I could see freedombox (or sandstorm.io) being useful, but if you have enough knowledge to manage a vm + use docker-compose, the flexibility is much better.
Wont more apps be supported in freedombox? maybe it does not allow plugins?
I can support any app that I have either the source for, or a binary. I just write my own docker images  if one doesn't exist already on dockerhub, or install the binary directly on a VM or LXC as needed. For example, I set up Jellyfin on its own LXC.
For me, stuff like freedombox/sandstorm directly limit me as I would have to spend time learning their GUI, etc, for no gain. All I need is an ssh session into my docker VM and I can set up pretty much anything I need exactly how I want. This lets me be very particular about services accessing files, networking, versioning, and so on.
None of these services are useful apparently, because I manage them myself instead of relying on something like sandstorm/freedombox.
I also have a VPS running a DNS server for ad and distraction filtering (AdGuard Home, I prefer it over Pi-hole for downstream DNS over TLS), another WireGuard VPN server (for more permanent use of the aforementioned DNS server), Etesync for E2EE contacts/calendar syncing, and a Signal TLS proxy for helping users connect to Signal. These services are all specified in Docker Compose files for easier management, although I should adopt an online management tool so I don't need to login over SSH every time.
Really just depends on how much work you want to put into it. Pretty much any service you use online you can self-host a version of it.
That's not to say I don't pay for any online services. I still use Google Drive, Netflix, and Spotify, but self-hosting is getting me closer to "cutting the cord" with some of these.
After that it a GPU gaming server that will train ML models for me too. The NAS will store datasets.
Finally, maybe next cloud.
The talk at its origin is now a classic: https://www.youtube.com/watch?v=QOEMv0S8AcA
Dozens of actively maintained deployments of (mostly) popular open source apps, a functional multi-user system with app SSO and ACS where possible, an integrated email server, multiple app instances, easy encrypted backup configuration to off-site s3/b2/nas/etc, simple automatic backup and retention policies, restore/clone down to a per-app basis, broad and deep documentation, complete published api, active forum
There is a recent thread on the forum where a few users espoused their reasons: https://forum.cloudron.io/topic/4372/what-are-you-favourite-...
However, when you need to install a more complex app like Taiga, it's often simpler to use the free Cloudron account to do it rather than install it by hand.
For sake of our vision we surely would like to make it more cost-effective in the long run, however we are bootstrapped and thus walk a thin line with a focus more on long-term sustainability not just blind growth. (10x cheaper though would realistically even pose an accounting problem with micro-payments or plain transaction fees taking large chunks)
All tools around it and more importantly app packages are open source (MIT mostly)
To access away from home, it is running a Tor hidden service. Wireguard is also provided, so I'm thinking of trying that out as well. It snapshots, so if I get into trouble with a new app... I roll back. I keep all my syncthing data on an attached usb drive. I realize the SD card won't last indefinitely.
What makes it feasible for me is that installation, configuration, and backup is handled by its web interface. I haven't needed to edit config files.
Wireguard is very light (cf: OpenVPN) and easy to setup/use- highly recommend using it.
While I understand why people are doing this, I believe it's not the right way to deal with the problem - basically we're handing over e-mail (as a service) to a few big corps. Each time I have this problem I go through the long and painstaking process of whitelisting the IP and fight to make it work. Usually having it work with Gmail, Yahoo and Microsoft is enough - many smaller orgs don't use balcklisting by default because they have enough problems with mail deliverability already.
At least we have a decent amount of competition and choice in the email provider space.
Dealing with mail servers is the only thing I don't miss from my classic sysadmin days. Although it should be noted popular MTA software nowadays are really solid software.
https://tailscale.com and https://cloudflare.com/cloudflare-one come to mind, though there are likely to be several implementations at this point.
Just curious, how did you go out of your way by saving money?
"going out of your way" is usually associated with being inconvenienced. but saving money is hardly an inconvenience.
Just thinking about it (it was 10+ years ago), it would have been much easier to just sign contract extension with Telstra, no management involvement, no additional research, no putting my reputation in danger.
That's what Telstra relies on.
Nice, I was wondering if/how they handle tunneling.