Can relate. When I get to going on something, I have to force myself to pause, write the shit down, and proceed on. Then after the session, I’ll review my notes and insert any addenda that needs to clarify a certain point or problem I had that I fixed. It’s a process for sure, but for the most part, I can stand up a Linux server, with firewalls, defenses, docker containers, et al and be ready for production in about a solid day’s work. So, notes are paramount and I lean on them heavily. Then, after everything is buttoned up, I save the raw notes in a labeled sub-folder that gets backed up to multiple stores such as /projects/takeovertheworldproject/. Finally I transfer that to Trillium, which is searchable, and it too gets backed up.

NetVisor looks interesting

meh, probably smoked a bowl and got chatty. Happens.

I mean, at one time I went a bit overboard, but now, not so much, With newer technology happening, you don’t really need a lot to accomplish a lot.

Probably about the time BBS became more popular. I guess there was arpnet, and all these nets, mostly for science, academics, or governmental. Then they essentially rolled it all into one and viola! The internet was born. (It’s a bit more involved) I’ve hosted BBS, forums, chats, irc, a fully licensed/automated internet radio station with live shows with requests et al, <deep breath> services, websites, you name it.

Unfortunately, my brain is shit now, and I’ve forgotten so much. So, sometimes I have to re-learn on a cyclical basis. Plus, the technology is moving now at such a blinding speed, what I did even 5 years ago is old school. Needless to say, I keep copious notes. Somebody is gonna go through all my stuff when I’m gone and think ‘What the devil? This looks like some weird kind of manifesto in some sort of long forgotten code.’ LOL

Do you have any tutorials or guides on this handy?

Now that’s a deeeeep rabbit hole. I tend to go overboard on hardening and security, however, one good place to start is installing Lynis and run a scan. Lynis will spit out a rather extensive list of areas you need to harden or adjust and a score for your server. It will also give links where you can go and read up on the specific item in question. Now, not every one of the bullets in the list will apply, but you should give each careful consideration. Lynis is Free and Open Source Software (FOSS).

• Site: https://cisofy.com/lynis/
• Install: apt-get install lynis
• Run: lynis audit system

I ran a scan just for demonstration purposes so you can see what the end results are. This is just a snippet:

  * Configure minimum password age in /etc/login.defs [AUTH-9286]
      https://cisofy.com/lynis/controls/AUTH-9286/

  * Configure maximum password age in /etc/login.defs [AUTH-9286]
      https://cisofy.com/lynis/controls/AUTH-9286/

  * Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328]
      https://cisofy.com/lynis/controls/AUTH-9328/

  * To decrease the impact of a full /home file system, place /home on a separate partition [FILE-6310]
      https://cisofy.com/lynis/controls/FILE-6310/

  * To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310]
      https://cisofy.com/lynis/controls/FILE-6310/

  * To decrease the impact of a full /var file system, place /var on a separate partition [FILE-6310]
      https://cisofy.com/lynis/controls/FILE-6310/

Be mindful of where you get your hardening tutorials. There are hundreds of thousands out there. I would stick with authoritative sources.

ETA: I would also recommend reading up on Cloudflare Tunnels/ZeroTrust. I know some people are iffy about Cloudflare and I see their points. It’s worth a read in my opinion.

which crontab

Should’ve included that. My bad.

~# which crontab

/usr/bin/crontab

if that makes sense

I’m always down to learn from those more knowledgeable than I.

crontab

Hmmmm…

systemctl status cron

● cron.service - Regular background program processing daemon
     Loaded: loaded (/lib/systemd/system/cron.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2025-11-12 17:09:55 UTC; 1 day 2h ago
       Docs: man:cron(8)
   Main PID: 996 (cron)
      Tasks: 1 (limit: 47901)
     Memory: 358.5M
        CPU: 59.110s
     CGroup: /system.slice/cron.service
             └─996 /usr/sbin/cron -f -P

I’ll dick around with it some more. I don’t want to hammer you right in the middle of your promo.

First, thank you so much for including screenshots on your github. I am a visual kind of guy, and knowing what the WUI looks like really helps sell the app. I am immeasurably disappointed when devs do not include, at the very least, a screen shot of the WUI. Then I have to do a image search, and sometimes there just aren’t any. It just seems like a menial task to snap a few shots and upload them. But then again, I’m not a published dev. Just my two cents.

Anyways, I have this on my dashboard. I am sure I have something misconfiguration or something missing permissions. To do a quick test run:

I am using the provided docker compose. Full Docker logs are full of errors. LOL:

at genericNodeError (node:internal/errors:984:15)
at wrappedFn (node:internal/errors:538:14)
at ChildProcess.exithandler (node:child_process:422:12)
at ChildProcess.emit (node:events:524:28)
at maybeClose (node:internal/child_process:1104:16)
at ChildProcess._handle.onexit (node:internal/child_process:304:5)
at Process.callbackTrampoline (node:internal/async_hooks:130:17) {

Like I said, I’m sure I’ve misconfigured something, not taken into account something, or otherwise, as is my modus operandi, just screwed everything up and need to restart the deployment process a few more times to get it right. I’ll keep whacking away at it. Looks like a solid cron scheduler with a very pleasing WUI.

ETA: In regards to all the info and stats in the left hand column, everything there looks right

Awesome. Thanks

Alright! Alright! More ways to skin a cat. Thanks.

This isn’t a solution to your issue, but a suggestion:

Since you are already using Cloudflare for your domain name, and I assume they gave you some nameservers to use, why not explore the Cloudflare Tunnels/ZeroTrust? Cloudflare Tunnels don’t care if you are behind a dynamic IP, or cgnat. Cloudflare is unconcerned with what ports you open on your router/firewall. You don’t even have to adjust your UFW firewall settings. Cloudflare punches through all that with a tunnel in to your server and tunnel out to the internet.

Admittedly, it did take me a couple tries to get everything worked out, but once I did, it’s easy peasy from there. If you decide this route, I’d be more than happy to clean up some of my notes and share them with you. Might help…might not. LOL

These things get hella filthy inside.

LOL Reminds me of when my Jack Russel was a pup, training him to poop outside. Well, one day early in his training, he decided to poop under the dinning room table and I didn’t see it. Turned the vaccum loose, and sure enough, it found the poop, smeared it all over the floors and made a complete mess of the guts. I spent the day with a toothbrush and some cleaner. So, yeah…can confirm they do get filthy.

add an override for the docker.service file

Can you elaborate? I made the post hoping to save someone a couple hours banging their head on the keyboard like I did. LOL

So something like :

sudo nano /usr/lib/systemd/system/docker.service

What was the format of your entry to specify a minimum api version 1.24? I’m curious and always down to learn new tricks.

'presh

Valetudo is not a 3rd party firmware - it’s a cloud replacement that’s hosted on the robot itself, and also runs a webserver which gives you access to the actual controls and relevant firmware options.

Yeah but can it run Doom? That’s the burning question

And then it dawned on me - I now have a completely autonomous robot roaming my house, not attached to any cloud services

I have one of the older model rumba’s. It does have wifi capabilities, but I’ve never connected it. Do the newer models require you to connect to wifi? Valetudo looks interesting tho.

Another worth while consideration is heat generation.

Indeed. I put my rack in the closet. Cut in a 500 cfm inline exhaust fan to the attic. Then I wired it to a thermostat. That way it’s not constantly sucking 500 cfm of AC into the attic in the summer and heat in the winter. Then sound bat and insulation to keep the drone of the fans to zero with the door closed. Seems to work nicely. But yeah, when you step up to enterprise equipment and legacy at that, associated cost are worth considering.

I used Drawio.com and there is Excalidraw.

No no no…I tracked you down. LOL No harm no foul. So, this is some kind of P2P or maybe filesharing like Funkwhale? I gotcha bookmarked for now to read this evening.

Pangolin is pretty awesome as well and combines a lot of services all in one package such as reverse proxy, SSO, Crowdsec waf, etc.