Sort of. If you’re using wg-quick then it serves two purposes, one, as you say, is to indicate what is routed over the link, and the second (and only if you’re setting up the connection directly) is to limit what incoming packets are accepted.
It definitely can be a bit confusing as most people are using the wg-quick script to manage their connections and so the terminology isn’t obvious, but it makes more sense if you’re configuring the connection directly with wg.
The allowed IP ranges on the server indicate what private addresses the clients can use, so you should have a separate one for each client. They can be /32 addresses as each client only needs one address and, I’m assuming, doesn’t route traffic for anything else.
The allowed IP range on each client indicates what private address the server can use, but as the server is also routing traffic for other machines (the other client for example) it should cover those too.
Apologies that this isn’t better formatted, but I’m away from my machine. For example, on your setup you might use:
On home server: AllowedIPs 192.168.178.0/24 Address 192.168.178.2
On phone: AllowedIPs 192.168.178.0/24 Address 192.168.178.3
On VPS: Address 192.168.178.1 Home server peer: AllowedIPs 192.168.178.2/32
Phone peer: AllowedIPs 192.168.178.3/32
That’s what comes of late night posting, I’d meant to link you to PHPLDAPAdmin, not LDAPAdmin! It’s written in PHP, which isn’t lovely, but it does it’s job.
I confess I normally work from the command line, but I have set up LDAPAdmim for projects where others needed to manage the directory, and it worked pretty well.
I use an LDAP server, as it’s pretty much designed for exactly this task. You can tell PAM to authenticate and authorise from it to manage logins to the physical machines, and web apps typically either have a straightforward way to use LDAP, or support ‘external’ auth, with your web server handling the authentication and authorisation for it.
OpenLDAP is a solid, easily self hosted server. If you like working from the shell it has everything you need. If you prefer a GUI there are a variety of desktop and web based management frontends available.
Fair point about reminders, that’s not something I use it for, so I didn’t think of it. Canvas seems to be working now, and there are regularly push updates, so one of those might have fixed it.
Have a look at Obsidian. It runs on a variety of devices, you can sync either with their system, or pretty much anything else, as it just stores your notes as markdown files, and you can arrange notes like that with the canvas system.
You really shouldn’t have something kike SSHD open to the world, that’s just an unnecessary atrack surface. Instead, run a VPN on the server (or even one for a network if you have several servers on one subnet), connect to that then ssh to your server. The advantage is that a well setup VPN simply won’t respond to an invalid connection, and to an attacker, looks just like the firewall dropping the packet. Wireguard is good for this, and easy to configure. OpenVPN is pretty solid too.
Ah, ok. You’ll want to specify two allowedip ranges on the clients, 192.168.178.0/24 for your network, and 10.0.0.0/24 for the other clients. Then your going to need to add a couple of routes:
You’ll also need to ensure IP forwarding is enabled on both the VPS and your home machine.