I don’t use Home Assistant personally as I also use Apple products, if you read into Homebridge it’s a piece of software that turns smart devices that are not HomeKit enabled devices into HomeKit enabled devices, and enables new functionality to devices that are already HomeKit enabled. Definitely worth considering.

This was significantly cheaper than converting all my Apple products into android products.

You will have time find applications that support the Invidious APi, I don’t personally use android/android-TV but on iOS/TvOS I use Yattee.

Given that I host my own instance and don’t typically use the public ones l can just visit my domain an get it with ease.

Invidious has existed for many years, I would also suggest Piped but I’m pretty sure their development cycle is a lot slower.

Finamp certainly needs some work but it’s far better than the native Jellyfin application, at least for iOS/iPadOS, I can now listen to music in the background.

Hell the Finamp contributors took my suggestion on a way to sort playlists and actually implemented it so I gotta say much props to them.

Thought you had to pay for that? Recently I’ve been eyeing Go Away as a potential alternative.

I just geo-restrict my server to my country, certain services I’ll run an ip-blacklist and only whitelist the known few networks.

Works okay I suppose, kills the need for a WAF, haven’t had any issues with it.

Tried to setup a personal matrix server last night, got it to federate, next step is Matrix’s Element Call, spent too many hours trying to block the /_synapse endpoint with Traefik because it is recommended by Matrix, no luck unfortunately.

All this in hopes I can add a Music Bot to my instance or something similar.

No surprise given they support the KDE an Ubuntu projects, which coincidentally are making waves in the mobile OS market.

This was a while ago so the details are fuzzy, I gave it Traefiks docker labels on port :5380 but that didn’t seem to work then I read an a bug report saying give Traefik :8053 so I tried that and again didn’t work so I went back to :5380 and all of a sudden it reverse proxied but my login wouldn’t work even though it worked when going to the LAN IP+Port didn’t find much in terms of troubleshooting and documentation so I eventually gave up on it.

I have had terrible experiences with recursive DNS resolvers, PiHole+Unbound worked for maybe an hour then would completely kill my internet access, the same essentially went with OpenSense, I had hope for Technitium but alas didn’t feel the need to spend hours troubleshooting something that PiHole alone did with ease.

If only reverse proxying Technitium wasn’t a pain in the ass to do I would actually use it. Maybe one day they’ll fix the login issues until then PiHole works.

This just in:

Looks like someone took the liberty of uploading copyrighted shows and 3D printable gun parts to his file server.

Pro-Tip: You can reverse proxy any service on your network but if the IP of your reverse proxy does not match the IP of your A record, aka your server is behind a VPN, the public will not be able to access your server.

Http/s is neat that way, if the IP’s don’t match then it’s technically considered an insecure or misconfigured setup but it works great to prevent unauthorized access to one’s server.

I must agree with other users here, hosting a public file hosting server is a bad idea, at the bare minimum Authentik or Keycloak should be in front of it but I digress, https://catbox.moe/ already endures this pain for us.

Not sure what reverse proxy you’re using but alternatively Traefik’s middleware IPAllowList works great for blacklisting all IP’s and only whitelisting the known few.

Windows:

Someone else potentially has this file open, would you like to open a read only copy?

Linux:

Someone else potentially has this file open and they may have a newer version than you, would you like to save anyways?

Such a small difference but enough to make Linux superior.

PM = Project Manager?

With regards to the backup key, Yubikey recommends to save (screenshot) the QR code that is generated during 2FA setup to setup the backup key later on. Maybe that is also a workaround for services that only allow a single 2FA device. https://support.yubico.com/hc/en-us/articles/360021919459-How-to-register-your-spare-key

Just looking back at my purchase history, I got my Yubikey’s back in January 2020, it appears that I never read this doc about scanning the QR code for the backup key, or maybe I did? I don’t really remember it all too well. Regardless In certain circumstances my keys do the exact same thing and I’m quite sure I followed some guide to create one primary and one secondary key but it’s possible that guide has gone outdated.

Similar to something like Keepass, the database is local and you are in charge of making backups and such.

I can totally respect the folks who opted to self host, I’m horrible when it comes to backing up data and such and self hosting wasn’t really my thing back in 2020 so it never really was on my radar.

In the end this comes always down to an optimization problem between security and convenience that everyone has to decided for themself.

Couldn’t agree with you more, everybody has that dial between convenience and security and should adjust accordingly.

Doesn’t cover Traefik, plus the docker-compose.yml contains 4 separate images and researching into them didn’t provide much info. snicket_proxy, snikket_certs, snikket_portal and snikket_server. All four of these images bind to the host but if I am supplying my own reverse proxy then both snikket_proxy and snikket_certs are redundant right? Or do they serve another purpose? And if I wanted to take them off the host network, follow their firewall guide and expose the necessary ports manually behind a docker bridge network what images do I bind those ports to? When I tried binding them all to snikket_server that’s when my docker service crashed and I gave up.

Snikket locked my docker service up, their documentation sucks for when you want to use your own reverse proxy or bind it behind a docker network and not the host.

Can you explain a little more how you handle them in your daily life? I always liked the idea if Yubikeys, but I am a bit worried that I just would switch back to my phone (Aegis) for convenience.

I have two Yubikey 5 NFC’s, one I keep majority of my 2Fa auth codes on and keep on my keychain the other I leave at home mainly for backup 2Fa setups or desktop/WebAUTH/Single Sign-On logins, most websites won’t let you setup 2 2Fa keys so the second one mostly handles the plug-in and touch key portion of my setup.

Are they inconvenient? Yes, the amount of times where I got annoyed because I’ve had to grab my keychain to sign in has gotten annoying but not enough to switch back to online providers. I prioritized security over convenience in this circumstance. The Yubikey that I keep on my keychain also handles my work 2Fa codes, doesn’t feel necessary to have a dedicated key for that unless my company is willing to pay for it.

Do you just have it on your keychain a plug it in whenever you need it? Because always plugged in keys in your phone or laptop doesn’t really make sense.

It actually works out quite nice having it plugged in all the time, especially if you’re doing multiple 2Fa authentications, the keys won’t authenticate until you enter the password of the key (if you set one up) and touch the key, so even if your computer is compromised they still need to physically touch the key to generate the authentication codes.

As far as I know you can’t just clone a key.

So no you cannot clone a Yubikey to another Yubikey, which I think is dumb, but they have their security reasoning behind it I believe. Like I mentioned earlier all my 2Fa codes/keys are on my keychain so if I break that key I am in a horrible position as I lose access to a lot of accounts that I couldn’t setup multiple 2Fa’s for.

How easy is it to setup a backup key?

While Yubico does recommend having two keys as I mentioned certain services only let you setup 2Fa once and not multiple times. However, Linux (and I want to assume Windows as well) let you setup as many 2Fa keys as you want, so both the Yubikey on my keychain and the one I leave at home both grant Root access to my desktop and server.

I try to not use my phone for critical stuff, but there are times I have to just check an account. Do you use your phone with Yubikeys?

So I don’t have a USB C Yubikey ironically both my iPhone and iPad are USB C so I have the option to use a dongle or NFC, both have worked great, I have had a couple scares where the app will error and say “No response from key” but it seems that error is due to bad contact/connection. I’ve attached a few images of the iOS app to help get an idea of the layout.

Yubikey for 2Fa codes also works well for sudo and su (2Fa) or if you still use Windows I think it supports single sign on there. Absolutely worth the purchase have had my keys for years.

If you can make your own like I did I would highly recommend it.

Honestly I could, metal fabrication comes in handy, get it shop issued and laser or water cut send it through the machinists, I would have to supply the material myself which would be difficult but certainly doable.

I’ll have to consider this! By chance do you have drawings or dimensions of your rack as a starting point, looks like you’re using Aluminum HSS for the frame? Completely understandable if you rather not share the details,