a_fancy_kiwi @ a_fancy_kiwi @lemmy.world

Posts

5

Comments

158

Joined

2 yr. ago

will do, thanks

If it were only me using the apps, I'd be using a VPN. Over the years, I've used OpenVPN, Wireguard, and now Tailscale. In my experience, they work like 99% of the time. That last 1% though is weird connection issues; usually when switching between WiFi and cellular (or vice versa) but sometimes it's my server or ISP and I have to turn the VPN off and back on to troubleshoot. During those rare times, my partner will either turn off the VPN and forget to turn it back on or they will forget about the VPN completely and not be able to use their phone. Ideally, I'd like to set something up that doesn't require any potential troubleshooting on their part so I can avoid hearing "why can't we just use Google photos?" or "what's wrong with Google home?" 😓

that's awesome. thanks!

oh, my mistake. tbh, I don't know enough about it but I'm interested. Why set up a TLS cert for AI at home? How is that benefiting you and your setup?

I've seen some people set up SSL certs for self hosted services and not make them publicly available but I didn't get around to seeing why they were doing it

Have also set it up so they get banned on Cloudflare’s side, so before another malicious request ever reaches me.

How did you end up setting that up?

Most definitely does not need a public URL for Assist in HA. Not sure where you read that.

You're probably right. At one point, I had a subscription to homeassistant cloud a few years back to use a google nest speaker at the time. I was just going off that I guess. I'll do some testing and will probably put it back behind tailscale. thanks for the heads up

It sounds like you need a VPN to your internal services if you’re concerned about security.

I'm more so concerned that I set something up incorrectly and would like to be made aware of it in the event someone else noticed

I feel weird about having those apps on the internet and basically being blind to threats. I mean yeah, I'm not a target on anyone's list and most IPs visiting the site are bots but I would still like to know what's going on.

I don't work in tech for a living, this is just a hobby for me so I have limited time to work on this stuff and do research. It's very possible I fucked something up and don't know it. I figured if I at least got an alert that said "hey, your immich server db was dumped and sent to

<insert IP>

If you have access to all devices, why not just use your own self signed certificates to encrypt everything and require the certificate for all connections?

Sounds like you are describing a VPN. I was using that setup before but small stuff like immich album sharing via a link won't work properly. Also, having to ensure a vpn is on and connected is a little to much to ask of my partner; they would turn it off and forget about it and then ask why their app wasn't working :/

I've been playing around with the voice assistant stuff in homeassistant and it seemingly needs a public url to get all the features. I could be wrong about that though?

I put authentik in front of immich to handle authentication so that I would need need a 2FA code

SerpentOS is it's own thing. It's from the same guy who made Solus which was also it's own thing.

Look up Ikey Doherty if you want to know more.

From my experience with Solus, I don't have high hopes for SerpentOS but I'd love to be wrong about that

What monitoring solution do you use? I need to set something up for my own projects but haven't gotten around to it. Any experience with Nagios?

Like they said, no one knows what's real anymore. Instead of sharing this letter and getting my pitchfork out, I'm just going to wait and see where it goes. Even if it's true, it's too late

I got an Odroid H4+ and have been extremely happy with it. I'm sure Beelink or GMKtec mini PCs on Amazon would also be fine but I wanted SATA ports for harddrives.

If you end up going with the Odroid, let me know and I'll send you the links to the few things you'll need to get going

tldr: keep your smart home seperate from your services and avoid RPI unless you need it specifically for a project

If I were in your shoes, starting from scratch, with the knowledge I have now, I would avoid a raspberry pi and get 2 computers with an Intel N100 (or N97 or N300). Sips electricity and more powerful than a rasberry pi.

A raspberry pi is fine for lights, switches, sensors, a few cameras etc. But if you are at all interested in one day using the voice assistant stuff, the Raspberry pi just isn't powerful enough.

I suggest 2 computers because once you have home assistant set up, you'll want to treat it like an appliance. You don't want to take down your entire smart home because you broke Pixelfed or another service you get into and have to troubleshoot. Speaking from experience, your family won't appreciate the smart home not working 😓.

I hope it's alright that I add to this a little.

What draws me to podcasts are the topics that are talked about but what gets me to stay is the host(s). I heard in your first episode that you do masonry and landscaping. I'd love to hear more about who you are and how you ended up selfhosting. How did a masonry worker find themselves this deep in tech? Thats super interesting. (Please don't take that the wrong way, I work in construction yet here I am)

The 3 episodes you have could totally be split up into multiple episodes if you slow down and thoroughly talk about each topic and how they related to your situation.

You tend to give some hypothetical problems that your listeners might be trying to solve with a few solutions but I want to know what problems you had, how you solved it, and how you might have iterated on that solution and made it better. And in the next episode, what did you tackle next? I want to hear your journey episodically 🙂

Anyway, I'm subscribed. Good luck

I get where the original commenter is coming from. A VPN is easy to use, why not have my partner just use the VPN? But like, try adding something to your routine that you don't care about or aren't interested in. It's an uphill battle and not every hill is worth dying on.

All that to say, I appreciate your comment.

i guess you were able to install the os ok? are you using proxmox or regular servers?

I was. It was learning the Nix way of doing things that was just taking more time than i had anticipated. I'll get around to it eventually though

I tried out proxmox years ago but besides the web interface, I didn't understand why I should use it over Debian or Ubuntu. At the moment, I'm just using Ubuntu and docker containers. In previous setups, I was using KVMs too.

Correct me if I'm wrong, but don't you have to reboot every time you change your Nix config? That was what was painful. Once it's set up the way you want, it seemed great but getting to that point for a beginner was what put me off.

I would be interested to see the config though

Oh, I wasn't sure what platform you needed. For iOS, yeah I have no idea. For anyone else that comes across this though, Grayjay also has a desktop app now

Grayjay by FUTO has been working well for me

A few reasons

1. My partner has plenty of hobbies but sys-admin isn't one of them. I know I'll show them how to turn off wireguard to troubleshoot why "the internet isn't working" but eventually they would forget. Shit happens, sometimes servers go down and sometimes turning off wireguard would allow the internet to work lol
2. I'm a worrier. If there was an emergency, my partner needed to access the internet but couldn't because my DNS server went down, my wireguard server went down, my ISP shit the bed, our home power went out, etc., and they forgot about the VPN, I'd feel terrible.
3. I was a little too ambitious when I first got into self hosting. I set up services and shared them before I was ready and ended up resetting them constantly for various reasons. For example, my Plex server is on it's 12th iteration. My partner is understandably weary to try stuff I've set up. I'm at a point where I don't introduce them to a service I set up unless accessing it is no different than using an app (like the Homeassistant app) or visiting a website. That intermediary step of ensuring the VPN is on and functional before accessing the service is more than I'd prefer to ask of them

Telling my partner to visit a website seems easy, they visit websites every day, but they don't use a VPN everyday and they don't care to.