Reminds me of project Silica. Media historically was more durable (stone/ ink and cloth paper, etc) but had a low data density. As density increased, so did fragility

So sad, I remember seeing his YT vid announcing his health updates and mentioning he was getting things in order to make his network more manageable for his family :(

He seemed like a great dude.

Ah, I guess I might need to add my RootCA to my phone, laptop, pc huh? That would get rid of the untrusted warnings. Yes, please feel free to share if you have documentation!

Update: I setup my own local CA and got it working. Thanks for the tip!

Gotcha, that matches my assumptions. Yes everything is internal. It’s accessible remotely via Wireguard, but I mostly wanted to get some practice with NGINX/ TLS certs (also way easier to refer to things around the house with <service>.homelab isntead of IP:port, haha.

So if I did want this to be fully encrypted, I would essentially need to configure each service (jellyfin, home assistant, etc) to have SSL on them with this self-signed cert/ key that I used on NGINX (or perhaps new cert/ key) and then I would be all set?

I haven’t. I created this custom cert and uploaded in in NGINX (NGINX itself isn’t using SSL) and applied it to each proxy client, then when I visit one of them it appears to be HTTPS, but I feel that it probably isn’t actually giving me the protections I imagine.

Just a heads up that I found another way to get this working. Have a good weekend!

Bingo! I missed a spot in the hidden .env file. After that I’m able to hit it and Caddy is able to generate the cert for me (I am using docker).

Thanks again!

Gave it a shot, it’s been working pretty well so far. Only issue is that Firefox seems to want to use https://localhost/ instead of the IP address when I make it a default search engine.

Are you using the Docker image or the stand alone? Pretty straight forward setup?

Luckily rebooting the host solved it :) the regularly scheduled 3 AM backups went off this morning without issue.

Yes, just tried that. Failed as before :(

Is keeping everything inside of a local “walled garden”, then exposing the minimum amount of services needed to a WireGuard VPN not sufficient?

There would be be no attack surface from WAN other than the port opened to WireGuard

Ah, IIRC Element X was the only client that supported sliding sync previously; That makes sense

Will synapse have these changes soon?

Ah got it. I was looking at the UDM Pro. Is that a router and a controller? If so, I should be able to access locally I’d hope

Oh interesting. So you can’t manage Ubiquiti devices without an Internet connection? TIL

Would you use it at home over PF/OPNsense?

StandardNotes for me

I try to balance things between what I find enjoyable/ worth the effort, and what ends up becoming more of a recurring headache

Just SSH dropping. Everything on the VM side is ok.

And yes, the computer I’m using is on .6.X (LAN VLAN) and the VM is on .1.X (MGMT VLAN).

The management VLAN is only accessible by a couple devices and this is one of them. To get PiAlert to be able to see devices on the LAN VLAN, it has to have an interface to be able to ARP from.