For me something key is to rebalance channels using the script from C-otto: rebalance-lnd
If you ever read this C-Otto. Thanks for your work🙏
reply
Thanks! cc @C_Otto
reply
Thank you for the warm words and thank you for tagging me :)
reply
I can expose any web application on my Raspberry Pi to the Internet via Tailscale + Caddy/Nginx on a VPS.
e.g. Let us assume I have BTCPay Server, LNBits or Wordpress exposed on port 8080 on my Raspberry Pi. Then,
  • I buy the cheapest VPS and give it a DNS name.
  • I install Tailscale on both the VPS and Raspberry Pi. I disable Tailscale key renewal to make both the VPS and Raspberry Pi stay on the same virtual private LAN for long periods without disruption.
  • Then I install Caddy/Nginx and create a reverse proxy to the Raspberry Pi, for a virtual host.
This way I can expose just my LNBits plugins e.g. point of sale plugin to the Internet, and leave all my other apps safely unexposed to the Internet inside my home.
I can even use many virtual hosts to have the same DNS entry point to different apps. This way I only need to buy one VPS. Example:
  • lnbits.example.com points to LNBits inside my home
  • git.example.com points to GitTea inside my home
  • blog.example.com points to Wordpress inside my home
  • btcpay.example.com points to BTCPay server inside my home.
So even if the VPS gets DDoSed I can just put the VPS behind DDoS protection. If my VPS gets hacked, they still have to hack my Raspberry Pi from there, because there is nothing stored on the VPS. The VPS is probably running Alpine Linux with very low attack surface area.
reply
I did something similar but used CloudFlare tunnels.
I ran an umbrel node with LnBits and BTCPay exposed to the clearnet.
The major benefit is that you don't need a VPS, costs are none and DDoS protection from CloudFlare.
The downside is that you have to trust CloudFlare.
reply
Thanks! I've been trying to setup something like this for a while, but could never find the right way. Will try Tailscale Caddy/Nginx.
reply
Nevermind, I was about to try this but tailscale starts with Login with Google/Microsoft/Github. No thanks.
reply
This is a self-hosted alternative to tailscale which does not require Github login https://github.com/gravitl/netmaker
I have not tried it. If you try let me know of your experience.
reply
Transferring off exchanges to a lightning wallet then using Boltz to swap to cold storage is the best way to stack nicely consolidated utxos.
reply
Thanks for the idea! Does this help break the on-chain footprint and improve privacy?
reply
Probably does help with privacy too, although I’m not an expert on lightning privacy. As I understand it it’s “better but not perfect”.
reply
If you use Boltz through Tor, it is almost impossible to make a link between you and the new UTXO IMO
What I do for the few purchases I still do on CEX, is I withdraw from Kraken with Lightning (free withdrawal) to a mobile Wallet. This allow me to add a step for potential regulator who'd try to track me, and avoid a direct doxxing of my node.
Then I send funds from the mobile wallet to my own node (running behind Tor). Finally I use Tor Browser to reach Boltz of Deezy and perform a reverse submarine swap from my node. I assume the UTXO received on my cold wallet is now pretty "anonymous"
reply