WxFisch

This was posted here yesterday by the dev. Overall the reaction seems positive.

A quick look through the repo it looks pretty legit, it’s a lot of effort to create something that works, with all the documentation (including a lot of planning docs) just to collect data on you. Traffic to various IPs, foreign or otherwise, wouldn’t really be odd for an app like this either. You could try and run it through something like virustotal though to look for malicious code (there are more than a few docker scanning tools on GitHub that use virustotal).

I use cloudflare mostly because I buy my domains through them as they offer at cost domain names for many TLDs. Internally I use PiHole and then just point what I need externally to cloudflare trough a reverse proxy and a DMZ box.

It wasn’t standard previously, and if you have TV service I think it’s still inconsistent but the past ~5 years it seems to be more common that they are setup that way from the start. If you have internet only service, and a newer ONT (like less than 10 years old) it is the standard configuration and is how the self install guide tell you to hook up the “quantum gateway” router from Verizon.

You can always call and ask to have your ONT converted to Ethernet output if it isn’t already and as long as it supports it I haven’t heard reports of much trouble there. The very early ONTs though don’t support it though IIRC but those should be being replaced at this point anyways.

I mean you can, an ONT is not a router, it’s essentially a media converter. I use my own router (and have for many years) and had no issues. The FiOS tech even ran a long Ethernet run in my basement to connect the ONT and my router in my rack when they installed service.

It depends, and without knowing your ISP I’m not sure there is a way to tell you for sure. I know for example Comcast gigabit Pro has been known to directly connect to an ISP SPF module in your firewall/router, but Verizon FiOS (and most FTTP that I know of) provide an ONT that converts the fiber to Ethernet which you would then connect directly to your hardware.

I would verify if the ISP router you refer to is not really an ONT in which case you are directly connected to the ISP functionally and there isn’t really an advantage to getting an SPF and getting the fiber directly connected if you even can.

I’m curious how everyone documents their core/critical configs to allow the non-technical in our homes work with it if needed. For instance if I’m on work travel and the Pi-hole goes down for whatever reason my wife wouldn’t be able to use pretty much anything online. I can remote in and fix it but that could be hours/a day or two later. Same then for the proxmox stack that everything runs on.

Along the same lines, how are folks documenting for EOL? It may not be a happy thought but we are all going to go someday, so what is your plan and how have you ensured loved ones can access/save important data?

Agree 100%. Most of the former Plex users turned Jellyfin users I have come across did so better Plex was broken in some way for them. For me it was the general lack of care in creating/maintaining a good Apple TV app. Over the past few years it’s just gotten buggier and buggier with a lot of complaints on the Plex forums where devs would essentially stop by to say they weren’t working on any fixes.

Jellyfin doesn’t fix 100% of the issues, but at least there is active development on Swiftfin that showed a desire to fully support all devices.

So paperless works as a service that ties into your storage. I point mine at an NFS share on my Synology and just backup that share. The documents are all stored as PDFs still so worst case I still have “dumb” copies without all the tagging available if my paperless instance goes offline for some reason.

I use Backblaze B2 through my Synology NAS to offsite my important data. Most things though I just backup locally and accept the risk of needing to rebuild certain things (like most of my movie/TV media files since I can just re-rip my physical media, and the storage costs are not worth the couple of days of time in that unlikely case).

I really think this is key when thinking about your backup strategy that is specific to self hosting compared to enterprise operations. The costs come out of our pockets with no revenue to back it up. Managing backups for self hosting IMO is just as much about understanding your risk appetite and then choosing a strategy to match that. For example I keep just single copy in B2, since the failure mode I’m looking to protect against is catastrophic failure of my NAS which holds my main backups and media. I then use Proton Drive and OneDrive to backup secrets for my 2FA setups and encryption for my B2 bucket. This isn’t how I would do it at work (we have a fair more robust, but much more expensive setup). But my costs for B2 are around $15/mo which I am fine with. When I tried keeping multiple copies it had grown to over $50/mo before I cared enough to really rethink things (the cost of the hobby I told myself).

I misunderstood what you were saying, I wasn’t sure if protect required a UniFi hardware console or could be self hosted like the network application can be. It looks like it does require at least a Cloudkey gen 2 (or the plus which is what they currently sell) or one of their integrated consoles like a UDM.

It’s supported natively in the UI to configure: https://help.ui.com/hc/en-us/articles/26301104828439-Third-Party-Cameras-in-UniFi-Protect

It was added in EA in mid September and should be GA now as far as I know.

I use UniFi Protect and record to my UDM, though you should be able to install it all on your own hardware if you’d prefer. Their cameras are pretty decent but a bit pricy in a lot of cases. Though they do support 3rd party cameras now.

I’ve also heard a lot of good things about frigate, but I’ve not really looked into it since I already have UniFi gear.

I would recommend prowlarr instead of jackett for indexer management, and pihole as at least an additional blocking service but in reality it’s really all you need for use at home. I’d also strongly encourage use of a VPN on your *arr download services. I use a separate box to run Plex and then have my *arrs all running on their own VM inside if it to provide separation and allow be to more easily segregate the network traffic (as someone that doesn’t really know docker that well it “just works” for me. Also probably worth looking at how to store your media on an external target, it’s easy to quickly accumulate 10s of TBs of media and trying to store that all on the server locally is asking for trouble. Better to set everything up on a NAS to start.

Asking broadly like this is akin to asking for a guide on how to cook, it’s generally too broad for there to be a single guide. You first need to figure out what your goals are (you state one already, you’d like it to be externally accessible), determine what services you want to host, and then start looking at how to do so.

The advice I’d give is to start with a solid base, you’ll need something to self host on and it really shouldn’t be the PC you use for other things. Get it setup to run a virtualization OS such as proxmox and use that as your starting point. Then do a lot of reading. I spend probably three to four times as much time reading about the service I’m planning to deploy compared to actually doing the work to deploy it. Lastly, plan. You should have a solid plan in the beginning of how you want your service to work (what will be external vice internal only, how will you setup the networking stack to do that, are you going to have a domain, and will you use subdomains or folders to divide services, what does your IP space look like, will you host your own firewall to make the networking more controlled or fight with your ISPs router, do you want to use docker, kubernetes, or maybe full VMs for each service, do you want/need a UI to manage things from or are you comfortable with CLI, etc). These answers will lead you to guides for various services as well as service specific forums where help is more focused.

I use protonmail with their family plan, it’s not terribly priced when you consider it comes with calendar, vpn, and drive storage as well. The biggest annoyance is probably that you have to use their mobile apps due to the encryption and they are not the greatest, but it does encrypt everything which I find outweighs the forced use of just their app.

Curious about the ears you have on your 8 port POE switch; I’d love to rack mount mine and get it off my “other stuff” shelf. Are they from UI? Or did you repurpose some from something else?

So you never apply patches or updates, that seems like an odd thing to be proud of but different strokes for different folks I guess.

Backblaze B2. Any software that is S3 compatible can use B2 as the target and it’s reasonably priced for the service. I backup all the PCs and services to a Synology NAS and then backup that to B2 (everything except my Plex media, that would be pricy and it’s easy enough to re-rip from disc if needed).

The problem I have is there is no way to playback live tv on AppleTV which is what we use throughout our home. Plex just works and has wife approved first party apps for pretty much everything.

This is pretty much it, Plex offers far more client apps that are full featured and they make it super easy to setup and use both as an admin and a user. Especially for things like OTA TV where they provide the guide data once it’s setup (which is why it’s a paid option). I’d move to JellyFin in a heartbeat if they’d support OTA and DVR playback on AppleTV.