RFC: VPN and hidden services by default
The headline of HomelabOS says
privacy-centric. Yet, by default:
- HTTP is allowed as well as HTTPS
- The VPN is deactivated
- some services are directly exposed (not through Traefik)
This can be fixed with the right set of MRs but it would also make the whole user experience very different from what it is now.
I have been working lately on hiding as much as I can from the public internet by having every service only available when connected to the VPN.
I had to use more than HomelabOS though, but that's another story. I'm sure the users (especially those for whom security and/or legal is involved) can benefit from having a "behind closed doors" default strategy.
Considering the amount of work it would require, your feedback is necessary here, @NickBusey . What do you think?