alt Hacker NewsSomething that is starting to concern me with the flood of cyber chaos in the past couple of months is my homelab. Currently I do not have it set up to be accessible outside the local network and then add it and all my other devices to my tailnet to facilitate remote access (via an exit node on my local network). On top of that TrueNAS doesn't seem to have the best update cadence so I'm worried about having a system with known vulnerabilities only protected by not being accessible remotely in theory.
definitely don't expose any management interfaces to the open internet.
personally, i manage my homelab through ssh via the commandline, and key-based ssh auth is secure enough for my threat model (i am considering switching the entrypoint machine to a BSD though, to avoid the kind of bugs distros sometimes introduce).
but a webserver and a few containerized services seem pretty low risk to me, so i do have a few of them exposed via reverse proxy. The more sensitive one behind Authelia via the forward-auth pattern, which i feel like is a really good fit for homelabs.