Sajberspejs

Hello nerds!

How do you go about accessing your self-hosted resources when you're away from home?

I've used portforwarding, VPN, Tailscale and Headscale in that order but recently switched to Nebula.

Tailscale/Headscale was probably better than Nebula, but I just couldn't stand trusting either Tailscale or the VPS used to host Headscale.

With Nebula I don't need to trust the lighthouses, because they can't access my network even if compromised. I also really like the built-in firewall that's looking at node certs when filtering traffic.

I have a personal domain name. I got it because my first name was available with my country tld.

I use it for email, which I will most likely keep forever, but how about my self-hosted stuff?

I use Slack's Nebula to access my self-hosted resources externally.

Would you mind exposing your VPS:es IP:s to the world by adding them as subdomains? In my case lighthouse1.myname.tld and lighthouse2.myname.tld?

I feel much more secure using DuckDNS for those IP:s as it should make it much harder to identify my attack surface.

Does it make sense or am I just paranoid?

I really don't like the idea of my attack surface being easily identifiable just by my email or first name.