If you know your VPN’s DNS server, you can change your local DNS so that it redirects your specified domains/subdomains to the appropriate, local IP address and all other requests would then use your VPN’s DNS.

If you don’t know your VPN provider’s DNS server information, you may be able to still do something similar to the above depending on your setup. Otherwise, you could run your own DNS resolver or use a different DNS provider. I guess doing so could potentially be used to further fingerprint you, but the concern about “DNS fingerprinting” is moreso DNS leaks where your DNS queries are accessible to unintended parties due to improper configuration.

I believe the only other option would be to change your hosts file on each device you want to use to connect to your services, which is probably not the best approach and may be challenging/impossible for certain devices.

Also, unless you setup the self signed certs to be trusted on a network/domain level (or again on each individual device), you will likely get a warning/error about the self signed certs when accessing your services. You may need to work through this process each time the certs renew.

I recommend buying a domain if you do not already have one and finding a service that provides wildcard certification challenges. This would allow you to setup a valid, trusted certificate that you could reuse for all of your services. The only thing that you would need to provide is an email address (can be any email address) and your domain name (in addition to other information that may be required to setup an account at the cert provider, but you may already have an account there as it could be the domain name registrar or other services like VPS providers, Cloudflare, etc.). Since it is a wildcard cert, each subdomain does not need to be set publicly and if you only use the domain within your network, the domain does not need to be publicly associated with any IP address.

If you do go forward with that approach, you could use the wildcard cert directly within NginxProxyManager or other reverse proxies. They will also automatically update/maintain the cert for you.

Take a look at QuickWeather if you want a map.

I think there may be an issue where F-Droid is not properly recognizing the 64-bit version of Findroid. Maybe Droid-ify and/or the version of Android you are using won’t allow 32-bit apps to be installed.

Just to clarify - this is just an update that (I believe) is only available on IzzyOnDroid’s F-Droid Repo, which previously had prior Findroid versions available. This new v0.15.0 is not available on the main F-Droid Repo.

Is anyone only able to download the 32-bit version of this app via F-Droid? It looks like a 64-bit version has been made available starting with v0.3.0 and is also available on this new version.

Yes, I am using PersistentVolumes. I have played around with different tools that have backup/snapshot abilities, but I haven’t seen a way to integrate that functionality with a CD tool. I’m sure if I spent enough time working through things, I may be able to put together something that allows the CD tool to take a snapshot. However, I think that having it handle rollbacks would be a bit too much for me to handle without assistance.

Thanks for the reply! I am currently looking to do this for a Kubernetes cluster running various services to more reliably (and frequently) perform upgrades with automated rollbacks when necessary. At some point in the future, it may include services I am developing, but at the moment that is not the intended use case.

I am not currently familiar enough with the CI/CD pipeline (currently Renovatebot and ArgoCD) to reliably accomplish automated rollbacks, but I believe I can get everything working with the exception of rolling back a data backup (especially for upgrades that contain backwards incompatible database changes). In terms of storage, I am open to using various selfhosted services/platforms even if it means drastically changing the setup (eg - moving from TrueNAS to Longhorn, moving from Ceph to Proxmox, etc.) if it means I can accomplish this without a noticeable performance degradation to any of the services.

I understand that it can be challenging (or maybe impossible) to reliably generate backups while the services are running. I also understand that the best way to do this for databases would be to stop the service and perform a database dump. However, I’m not too concerned with losing <10 seconds of data (or however long the backup jobs take) if the backups can be performed in a way that does not result in corrupted data. Realistically, the most common use cases for the rollbacks would be invalid Kubernetes resources/application configuration as a result of the upgrade or the removal/change of a feature that I depend on.

There are several proprietary options (many/most of which you cannot host). Looking for Amazon Wishlist alternatives should help in putting together a list of potential options. Some additional projects which are open source and selfhostable that you could also start with include:

• Christmas-Community
• Gifthunter
• Listidge
• Listslist
• PHP Gift Registry
• Pønskelisten
• Wishlist App

Everything I mentioned works for LAN services as long as you have a domain name. You shouldn’t even need to point the domain name to any IP addresses to get it working. As long as you use a domain registrar that respects your privacy appropriately, you should be able to set things up with a good amount of privacy.

Yes, you can do wildcard certificates through Let’s Encrypt. If you use one of the reverse proxies I mentioned, the reverse proxy will create the wildcard certificates and maintain them for you. However, you will likely need to use a DNS challenge. Doing so isn’t necessarily difficult. You will likely need to generate an API key or something similar at the domain registrar or DNS service you’re using. The process will likely vary depending on what DNS service/company you are using.

Congrats on getting everything working - it looks great!

One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you’re running your services behind Wireguard so there isn’t too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you’re more likely to run into issues with services not running on HTTPS.

The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won’t know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).

Raspberry Pi + PiHole + PiVPN = Network Gateway Drug

Although, PiVPN is winding down so you might want to find something different instead. Setting up a regular Wireguard VPN isn’t so bad, but it may be simpler to setup a Tailscale Tailnet.

https://changedetection.io/

Change Detection can be used for several use cases. One of them is monitoring price changes.

Some additional ideas for the Protectli device:

• backup/redundant OPNsense instance for high availability
• backup NAS/storage
  • set it up at a family/friend’s house
• a test/QA device for new services or architecture changes
• travel router/firewall
• home theater PC
• Proxmox/virtualization host
  • Kubernetes cluster
• Tor, I2P, cryptocurrency, etc. node
• Home Assistant
  • dedicated local STT/TTS/conversation agent
• NVR
• low powered desktop PC

There are so many options. It really depends on what you want, your other devices, the Protectli’s specs, your budget, etc.

Could you explain further? Wouldn’t this just need to be setup once per server that OP wants to connect?

Could you use symlinks? Not sure what the “gotchas” or downside to this approach is though.

I found what I was looking for - Renovate. I was wrong about it making branches (just makes pull requests). Looking into it a little further though, it seems people use Renovate (to automate updates) in conjunction with something like Argo (to automate deployments).

I think Keel does both of those tasks? I still need to research the similarities/differences of Keel and Renovate a bit further. Thanks again for the recommendation!

Agreed. It would also be nice if they provided the source code, especially since its just a fork of an opensource project. Hopefully Beeper is at least up-streaming new features, bug fixes, etc.

Yes, there is a Linux desktop Electron app. Beeper provides the below links to download Beeper clients on Beeper’s Download page.

• Mac
• Windows
• Linux
• ChromeOS
• App Store
• Google Play Store

The source code for the above clients are not available though. Beeper’s self-host repo claims that the clients are closed-forks of Element’s Android, iOS, Desktop, and Web apps.

However, Beeper’s self-host Github repo outlines the steps required to self-host Beeper’s web service, which is essentially a Synapse Matrix server, Mautrix bridges, and other bridges/bots/services to help run the Matrix Server and connect the Matrix Server to other services.

Keel looks nearly identical to what I’m looking for. I can’t quite recall how the functionality worked in what I watched, but I believe (one of the ways that) it worked was by creating a new git branch for each update. I see Keel has approval functionality, but I don’t see anything about git integration.

If you use Keel, do you just rely on Kubernetes deployment versions for update history and other tools for config backups?

Is this the Quadlet you mentioned? The repo states it was merged into Podman. It seems pretty similar to the podman-auto-update from the article.

I wasn’t aware of this functionality, but I don’t think it provides the functionality I’m looking for. I might have missed it in the documentation, but it doesn’t seem to look for new version tag updates.

For example, Forgejo’s image registry on Codeberg doesn’t have tags like latest, stable, etc. and instead just has semantic versions like 1.19.1, 1.19.2, 1.19.3, 1.20.1, etc. From what I’m seeing, the images wouldn’t auto update unless the tags that omit the bugfix version like 1.19 or 1.20 are used. However, Podman still wouldn’t update across those minor version updates.

What do you mean by “defaults to off”? The links for Jitsi were just to how it’s set for recording. However, closed captions seem to be turned on by default already. I think that may be more what you are looking for?