mistborn VS Nebula

Guys, anyone has experience with Mistborn ?

There is a github project that rolls a Nextcloud instance and Jellyfin together in a docker install. It also rolls a bunch more stuff as well. https://gitlab.com/cyber5k/mistborn

try mistborn: https://gitlab.com/cyber5k/mistborn

https://gitlab.com/cyber5k/mistborn has wireguard and valtwarden built-in

So there is one other option you can run with - mistborn. Now, fair warning - if you want to run this on a pi....flash at least 100GB of storage space on a microssd and then for the OS I recommend a Ubuntu flavor of your choice. Ideally the latest one he has listed as successful on his table of distros that he successfully installed it on.

I find the fundamental problem with this sort of server setup script/config management is that they inevitably get quite personal. Nobody really wants to use another devs and when you try to allow for a lot of customisation they tend get byzantine and complex.

That said I still think it's worth sharing. If nothing else we can all usually cherry pick nice ideas from each other.

I had an entirely private set of Ansible roles I'd cobbled together that I started to put in a more shareable state a couple of years ago. It has little overlap with what you're putting together, but I do think you might find the way it separates personal Ansible config and the main project roles into separate directories (and thus different git repos) useful.

I really need to dust off my project and get it to a releasable state this year [momod](https://github.com/adrinux/momod).

I assume you've come across the many similar projects like [Sovereign](https://github.com/sovereign/sovereign), [Mistborn](https://gitlab.com/cyber5k/mistborn)

https://gitlab.com/cyber5k/mistborn on my endpoint but route my traffic thru another another WG server first thus creating a multihop VPN in the interests of security

I've been using selfhosted Nextcloud with OnlyOffice for years. I've yet to encounter something it can't handle. In fact I opened up my setup at the beginning of the pandemic so others could host their own: https://gitlab.com/cyber5k/mistborn

(I am a Nebula maintainer.) We recently merged support for gVisor-based services, although it's very new, and I don't know of much experimentation that's been done with it yet: https://github.com/slackhq/nebula/pull/965

Nebula, originally from Slack[0].

Wireguard rightly gets a lot of attention, but Nebula is a really simple and easy to deploy mesh network that is often overlooked.

It does lack a management GUI and that stuff is very much DIY.

[0] https://github.com/slackhq/nebula

Fair enough about the android mobile client... My use case only involves meshing linux appliances across various networks so we only need the nebula core binaries which are under MIT license

https://github.com/slackhq/nebula/blob/master/LICENSE

That's not at all confusing with Slack's Nebula. https://github.com/slackhq/nebula

Sounds like a bunch of your pain points are just related to needing an online CA or ICA. But, looking through the Nebula docs I don't know that it supports things like CRL addresses where you could host the CRL, or OCSP responders. Someone got support for an OCSP responder but never submitted a PR with completed code: https://github.com/slackhq/nebula/issues/72

Nebula is a scalable, cross-platform overlay networking tool focused on performance, simplicity, and security. This portable tool is equally adapted for linking a small number of computers or scaling to connect tens of thousands. It integrates encryption, security groups, certificates, and tunneling into a powerful, cohesive connectivity solution. Thanks for the recommendation go to jmeador42.

Replying to my own comment as I can no longer edit it:

The folks over at Slack had an interesting discussion regarding the the "battle of the VPNs" article published by Netmaker I sourced in my parent comment:

https://github.com/slackhq/nebula/discussions/911

Interesting. I thought recognized the logo, apparently seems to be a commercial support offering of https://github.com/slackhq/nebula and they support the "nebula" iOS app. I had been using for nebula/defined in the past.

Nebula: Is super easy to get running. It uses an interesting angle, working on the service and not just the device level. Unfortunately their NAT support seems to be still quite problematic and I am not going to maintain all those forwarded ports manually. There is a PR to support PCP but even if that ever gets applied I am not sure how well that will play with older routers. While it should be battle proven at slack, the community seems to be not that active. It still has the in-house tool that just got released.

The catch is that I want this to be reliable and fault tolerant, so if some of the game servers in the network go down, the remaining online servers should still always be able to receive broadcasts from any other online server. The servers can also be in multiple geographic locations and I am planning on using a mesh overlay network like Nebula to connect them. Essentially each pair of online servers will likely have a secure link between them that goes directly through the underlying network.