I don’t use Home Assistant personally as I also use Apple products, if you read into Homebridge it’s a piece of software that turns smart devices that are not HomeKit enabled devices into HomeKit enabled devices, and enables new functionality to devices that are already HomeKit enabled. Definitely worth considering.

This was significantly cheaper than converting all my Apple products into android products.

To quickly spin it up I would suggest reading into Docker and Docker compose, docker takes applications and containerizes them and lets them run over your network with little configuration.

Finamp certainly needs some work but it’s far better than the native Jellyfin application, at least for iOS/iPadOS, I can now listen to music in the background.

Hell the Finamp contributors took my suggestion on a way to sort playlists and actually implemented it so I gotta say much props to them.

Thought you had to pay for that with Anubis? Recently I’ve been eyeing Go Away as a potential alternative.

I just geo-restrict my server to my country, certain services I’ll run an ip-blacklist and only whitelist the known few networks.

Works okay I suppose, kills the need for a WAF, haven’t had any issues with it.

you have some kind of hardware issue or corruption / incongruities in your OS deployment.

Windows, windows is the corruption you’re looking for.

Tried to setup a personal matrix server last night, got it to federate, next step is Matrix’s Element Call, spent too many hours trying to block the /_synapse endpoint with Traefik because it is recommended by Matrix, no luck unfortunately.

All this in hopes I can add a Music Bot to my instance or something similar.

This was a while ago so the details are fuzzy, I gave it Traefiks docker labels on port :5380 but that didn’t seem to work then I read an a bug report saying give Traefik :8053 so I tried that and again didn’t work so I went back to :5380 and all of a sudden it reverse proxied but my login wouldn’t work even though it worked when going to the LAN IP+Port didn’t find much in terms of troubleshooting and documentation so I eventually gave up on it.

I have had terrible experiences with recursive DNS resolvers, PiHole+Unbound worked for maybe an hour then would completely kill my internet access, the same essentially went with OpenSense, I had hope for Technitium but alas didn’t feel the need to spend hours troubleshooting something that PiHole alone did with ease.

If only reverse proxying Technitium wasn’t a pain in the ass to do I would actually use it. Maybe one day they’ll fix the login issues until then PiHole works.

I mean technically I am right, they are worth at least 1 billion dollars, didn’t feel like looking up their gross/net earnings.

Maybe one day they’ll fix applications on the task bar not focusing when you click on them, don’t get confused here, these are applications already open and in the background but clicking the icon on the taskbar occasionally does nothing until you manually bring it to the foreground.

Wild this is a billion dollar company.

I would rather they have funny language in their privacy policy opposed to mandatory logging, they have to cover themselves legally as well so they got to utilize legal-ise so they aren’t sued into the dirt.

I’m sure Gmail tracks the IP of your rectum.

I bet Google predicted you would say that!

Why is this a surprise? IP Logging is pretty normal for any service.

2.5 IP logging: by default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our Terms of Service (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against non-compliant or fraudulent activities. If you enable authentication logging for your Account or voluntarily participate in Proton’s advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.

Source: Their privacy policy.

This just in:

Looks like someone took the liberty of uploading copyrighted shows and 3D printable gun parts to his file server.

Pro-Tip: You can reverse proxy any service on your network but if the IP of your reverse proxy does not match the IP of your A record, aka your server is behind a VPN, the public will not be able to access your server.

Http/s is neat that way, if the IP’s don’t match then it’s technically considered an insecure or misconfigured setup but it works great to prevent unauthorized access to one’s server.

I must agree with other users here, hosting a public file hosting server is a bad idea, at the bare minimum Authentik or Keycloak should be in front of it but I digress, https://catbox.moe/ already endures this pain for us.

Not sure what reverse proxy you’re using but alternatively Traefik’s middleware IPAllowList works great for blacklisting all IP’s and only whitelisting the known few.

Did a little digging, not sure if you’re someone who self hosts (or owns Homekit enabled devices) but Homebridge appears to offer plugins for Xiaomi smart vacuums this will give you more “smart” functionality without the cost of exposing it to the internet.

Shame they don’t offer that flexibility natively.

I’m unfamiliar with Xiaomi “smart” products, I assume there is an app to control the vacuum, if it does have an app does it still work for you strictly behind your LAN network?

There are many ways, a popular choice would be managing your own recursive DNS resolver and then blocking the endpoint it contacts.

PiHole - Non recursive but offers blocking capabilities, can make it recursive with Unbound.

Technitium - Recursive but not nearly as user friendly as PiHole, also lacks the fancy Ui.

With regards to the backup key, Yubikey recommends to save (screenshot) the QR code that is generated during 2FA setup to setup the backup key later on. Maybe that is also a workaround for services that only allow a single 2FA device. https://support.yubico.com/hc/en-us/articles/360021919459-How-to-register-your-spare-key

Just looking back at my purchase history, I got my Yubikey’s back in January 2020, it appears that I never read this doc about scanning the QR code for the backup key, or maybe I did? I don’t really remember it all too well. Regardless In certain circumstances my keys do the exact same thing and I’m quite sure I followed some guide to create one primary and one secondary key but it’s possible that guide has gone outdated.

Similar to something like Keepass, the database is local and you are in charge of making backups and such.

I can totally respect the folks who opted to self host, I’m horrible when it comes to backing up data and such and self hosting wasn’t really my thing back in 2020 so it never really was on my radar.

In the end this comes always down to an optimization problem between security and convenience that everyone has to decided for themself.

Couldn’t agree with you more, everybody has that dial between convenience and security and should adjust accordingly.

Doesn’t cover Traefik, plus the docker-compose.yml contains 4 separate images and researching into them didn’t provide much info. snicket_proxy, snikket_certs, snikket_portal and snikket_server. All four of these images bind to the host but if I am supplying my own reverse proxy then both snikket_proxy and snikket_certs are redundant right? Or do they serve another purpose? And if I wanted to take them off the host network, follow their firewall guide and expose the necessary ports manually behind a docker bridge network what images do I bind those ports to? When I tried binding them all to snikket_server that’s when my docker service crashed and I gave up.

Snikket locked my docker service up, their documentation sucks for when you want to use your own reverse proxy or bind it behind a docker network and not the host.