Oh, Synology. What’s up with them? I heard they’re experimenting with vendor lock-in for their hard drives.

https://www.youtube.com/watch?v=RscBZAiwGkA

What about connectivity? I’m currently using Tailscale cuz it’s so easy. Maybe I should look into WireGuard? Also, how does Headscale fit into this?

Does anyone have a good guide for installing Seafile? I tried installing it a few months ago, but it’s so damn complicated with load balancers behind load balancers and a bunch of services tied together.

I gotta try again.

simple boilerplate stuff pretty well

1. It does not. My coworkers did some demos on this and it generated random, unnecessary, bloated, shitty, boilerplate. And worse, “because AI told me to” is now used to cement bad practices at my company. Just because it generates 1000s of LoC doesn’t mean you actually need that.

2. If you really need “standard boilerplate”, we’ve had tools to generate deterministic code for a long time now. They’re called snippets or templates. Just setup a company git repo template for your ideal project or whatever and have people clone that. Plus, this template repo would be reproducible, fixable, and debuggable, instead of rolling the dice with AI.

AI tooling producing some things fast

This isn’t necessarily a good thing. Yeah, maybe AI wrote a new microservice and generated 100s of new files and 1000s of lines of new code… but… there’s a big assumption there that you actually needed 100s of new files and 1000s of lines of new code. What it tends to generate is tech debt. That’s also ignoring the benefits of your workforce upskilling by learning more about the system, where things are, how they’re pieced together, why they’re like that, etc.

AI just adds tech debt in a blackbox. It’s gonna lower velocity in the long term.

How the heck did you install Seafile!? I spent a whole day trying to get it to work, but there are so many moving parts and proxies behind proxies behind proxies. I managed to get the UI to load, but other parts of the app didn’t work. I want to like it, but it seems pretty complicated to install… 😢

Interesting! I didn’t know about: https://sonoff.tech/en-us/products/sonoff-dongle-max-zigbee-thread-poe-dongle-dongle-m

I currently have my ZBT-1 connected to my server way off in the corner of the house, which is obviously not great. I was hoping one day to move to a more central location… Maybe the Sonoff dongle would help with that? 🤔

Frigate + Reolink (or actually Frigate-approved cams)

You know. mTLS might be an option. I have a tiny number of clients. Laptops and Android phones, seems easy to install a client cert. The part I’m not sure about is TVs… Does Nvidia Shield or Firestick allow installing client certs?..

Oh, wait and also: https://github.com/jellyfin/jellyfin-meta/discussions/96

Harden your server first

Do you have any tutorials or guides on this handy?

Use your router/server to block some counties using geoip

Yeah, definitely all my users are in the same town/region/country as me. So this could be doable.

Configure rate limits in Nginx

Hm, currently using Caddy as my reverse proxy. I guess there’s some module for this.

only open ports in your firewall you really want to open

The only port I need open is 443 for accessing Jellyfin and Immich. I can definitely block 22 from the public internet. And fuck it no automatic redirects from 80 to 443. TLS or bust.

GAAH! OK! I’M NOT CRAZY!

The exact same thing is happening to my wife’s phone. We’re both on Pixel 8s, have the same VPN settings, but for some magic reason Tailscale breaks only her phone. She has to turn off Tailscale and reboot her phone to regain connectivity.

These shenanigans is why I’m considering just exposing things to the public internet. I’m using Tailscale on several device types and Tailscale adds friction to all of my devices (except Arch where everything always works).

I understand the friction is there for a good reason, but my family doesn’t. They just see that Jellyfin doesn’t work and that all of this is buggy and maybe they just should sign up for Netflix instead of dealing with all of these bugs.

“roaming” device is always connected to their “home” network by VPN

Ah, right. Well, currently I do have my wife’s and my phone on the Tailscale VPN. The issue I’m trying to solve is that the VPN app on Android (and other environments) isn’t 100% bug-free. For some unknown reason, my wife frequently has issues with Tailscale. It’ll break her entire networking on her phone. The only way to fix it is by rebooting her phone. I have no idea why because we have the same phone and the same settings and it works fine on my phone. I’ve tried turning off Tailscale, logging out, and back in, and the network won’t recover. Sometimes the Tailscale app won’t even trigger the SSO page to sign in. So it just stays permanently logged off.

The Nvidia Shield also has similar issues where I have to fuss around with the VPN.

So at this point, I feel like I’m done debugging VPN apps and maybe it would be easier for users if I expose stuff to the public internet. Obviously, it makes management for me harder, but that’s ok if everything Just Works for everyone without extra steps or without having to reboot your phone every week.

site-to-site VPN configurations between routers at each location … the router itself handle routing of specific traffic over the VPN connection, instead of needing each device to connect to the VPN individually.

Interesting. This could help with my home network and my parent’s, but I also need to handle cases where I don’t control the network. I have clients that are phones. My family would expect that the services keep working even if they’re in a different city on cellular or at a friend’s house.

What kinds of things are you planning to expose?

Primarily Jellyfin and Immich.

What I expose I hide behind a reverse proxy with IP whitelists.

Do all your clients have fixed IPs? I have some clients that are phones or laptops, but I would imagine those change as people drive around to different cities or connect to different coffee shop WiFi.

I am kinda interested in WireGuard, but how does it work with multiple non-PC devices on different networks? Tailscale runs seamlessly on my Arch laptop, but Android, TVs, and streaming sticks have hiccups from time to time.

I have services that I want to share with my non-techie family. If a service stops working, they suck at debugging and fixing the issue on their own.

Oh, damn! Nice! You got the WiFi doorbell! I read Frigate doesn’t recommend WiFi cameras, but seems like you got it working decently enough?

Looks like there are 4 “black ones”. Did you get one of these black ones?

• Home Hub with Video Doorbell (Battery)
• Reolink Video Doorbell (Battery)
• Reolink Video Doorbell PoE
• Reolink Video Doorbell WiFi

What camera/doorbell did you end up ordering?

I’m still new to HA, but it seems like since Config is an event I can’t check if the previous state was from “unknown”. That only works for things that have values? I think?

Uh, don’t think so. Here’s what the whole automation looks like.

alias: Inovelli switch 
description: ""
triggers:
  - trigger: state
    entity_id:
      - event.inovelli_on_off_switch_config
conditions:
  - condition: state
    entity_id: switch.inovelli_on_off_switch_load_control
    state:
      - "on"
      - "off"
    for:
      hours: 0
      minutes: 3
      seconds: 0
actions:
  - choose:
      - conditions:
          - condition: state
            entity_id: event.inovelli_on_off_switch_config
            attribute: event_type
            state: multi_press_1
        sequence:
          - action: script.inovelli_switch_turn_on
            metadata: {}
            data: {}
mode: single

• Wait for a Config button press (different than on/off rocker button)
• Check if main rocker button has been in “on” or “off” state for at least 3 minutes
• If yes, then run script

The main on/off switch is unaffected by this automation. (Double checked to make sure I could turn on and off the fan quickly.)