This is a decent writeup on applying “Zero Tust” principles to a home lab using mostly open source tools. I’m not the author, but thought it was worth sharing.

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    Yeah, I practice some ZeroTrust principles w/o using any of the above. I use Docker networks to associate services and their data and restrict them from accessing services/data they don’t need. I use HAProxy at the edge to route requests to specific nodes in my network, and all of that operates over my own WireGuard VPN. I’m working on creating VLANs for my network to further segment things, so I can dictate which devices can access which resources. For continuous monitoring and alerting, any separate device connected to my VPN would work (haven’t yet configured that); I personally don’t bother because my SO/kids will tell me if something they use goes down, and knowing a few minutes earlier wouldn’t matter.

    You really don’t need AWS, Cloudflare, or Telegram for any of this. That said, it is interesting to read through when crafting your own solution, if only to check which parts you have and what parts you may have forgotten.