Kai’s Sick Intranet

Home Sweet Home

Hey! Trying to access the intranet dashboard but got redirected? Make sure your VPN connection is working and try again.

Welcome to the intranet! (Have a look around)

You’re probably here because I sent you this page. Welcome! If you just ended up here, I’m not sure what to tell you other than none of this information will be in any way helpful.

What’s an intranet?

You probably know what the internet is; An intranet is basically just a contained or private internet.

The basic idea here is that there are a bunch of computers out there doing things on “the cloud,” but you don’t own these computers or the data on them. Most of them pretty ruthlessly profiteer off the idea that their services are the only way of doing things, but this is not the case.

I’ve set up this intranet to provide these services for the people that I care about, for free.

Neato, what can it do?

Pretty much anything! Right now, I have

• a search engine (like duck duck go or old google),
• a git server (like github),
• a live multiplayer text editor (like google docs),
• a media server (with a bunch of music and TTRPG PDFs on there!),
• a hosted youtube downloader (no more going to shady websites!),
• file syncing (between devices!),
• an automation service (like IFTTT),
• an RSS feed agreggator (News and feeds for cool people! We can share sources too!),
• and more!

It can also run up pretty much any kind of service as well. Check out this list for inspiration, if you want to request a new service!

Game Servers!

I’m also planning on using it to run dedicated game servers for the community, including games that I, or others have made so that we can playtest them together! Suggestions for specific dedicated game servers are, of course, welcome as well.

Why?

I like computers. I like sysadmin. (I think) And I like people. I want to share this stuff with people! I want to provide a neat little service for the people I care about and hopefully create a little community in the process. I’m pretty bad at socializing and keeping up with people, so I figured I’d try to use what I’m actually good at to maybe lure in a friend or two and stay in touch with the people that I care about.

Can I help?

Technical people, if you want to help maintain the servers, please reach out! I’m comfortable giving a couple people I trust keyed, remote SSH access over the VPN tunnel so they can help me keep everything up to date and healthy.

Everyone else, feel free to get creative and reach out to me with ideas! If you have any media for the media library, or any requests for it, definitely let me know and send them my way, so I can get them hosted!

How do I get access?

Well, given that this is a private intranet (not widely accessible to the open internet), I’ve elected to hide it behind a VPN. This also allows me to run it comfortably off an old laptop, or soon a series of old laptops, in my living room, without worrying about getting hacked. Or at least less so than if I was just exposing ports to the open internet.

VPNs for noobs

VPNs are notorious for being completely misunderstood by the layperson. Basically you can think of a VPN connection as a “tunnel” between two computers. In this context, one will be your computer/ phone, and the other will be my router. The router will only let you connect if you have the proper authorization, as I’ll get into later; Any unauthorized connection is immediately rejected. In simple terms, this is basically the key to my digital house.

Once you’re authorized, you can access any of the hosted services as if they were just websites through your web browser. The landing page can be found here: https://dash.fireye.coffee

Critically, this means that you can’t “just connect” to the intranet, as you will not be authorized.

Authorization

There are two main auth elements I’m using here:

• a username/password combination (these can be saved by your VPN client meaning you should only need to enter them the first time)
• a CA Certificate, in the form of a .ovpn file (read: A file with a lot of cryptography mumbo jumbo in it)

These should be kept off the internet wherever possible. If you can, I would like to handle these in-person, verbally and via usb drive. If this is not possible, we will need to establish a secure e2ee communication channel so the objects uploaded to the internet are at least encrypted. I recommend Signal, but Matrix, or another (ideally FOSS) e2ee platform is also acceptable.

However it is done, you will need to provide me with a username and password, and I will provide you with your CA Certificate.

I will reiterate: Do not let this information off your computer. Windows users, do not let Microsoft store these in one drive, regardless of how many dark patterns they throw at you.

If the file does get uploaded somewhere by accident, or you think it may have been accidentally, let me know immediately so I may void it and issue you a new one.

Connection

The landing page can be found here once you’re done: https://dash.fireye.coffee

Linux

For linux users, the networkmanager-openvpn package will fully integrate openVPN connections into your networking stack. From there, nm-connection-editor and nm-applet will allow you to register new connections and connect; It’s as easy as clicking “Import Saved VPN Config,” selecting your .ovpn file and typing in your username and password.

Other

Check out the openvpn client for your desired platform (including mobile), and follow the instructions.

Etiquette

• Do not let .ovpn files off your local computer, except by physical media (eg: USB drive).

• Always let me know if you think you may have leaked your .ovpn file or username/password.

• The above rules also apply for any other intranet-related authentication keys or certificates.

• Do not pirate content while connected to my VPN.

  • Use of cobalt is allowed.
  • Prowlarr use is allowed, provided searches are limited to one per ~5 minutes.
  • Torrenting is not allowed; please disconnect your VPN connection before running your stream.

• Do not DDOS my servers.

• Do not DDOS other servers while connected to my VPN.

• Do not do illegal things while connected to my VPN.

• Do not pen test my servers without permission (It would be sick to do a CTF though holy hell)

• Be respectful of others.

I reserve the right to remove anyone from the intranet for any reason. If I’ve invited you in the first place, this means that I trust you. I don’t want to remove people, and I would rather warn someone or assume ignorance than just knee-jerk ban someone.

Home Sweet Home

Footer (if you couldn't tell)

The website's code is open source and licensed under the MIT License.

And of course, this website's Codeberg Page, if you want to check it out. If you find any issues with the site I would really appreciate if you could open up an issue!