VMs can also be live migrated to another server in the cluster with no downtime and backups don’t need to take the VM down to do their thing. If in the future you want to move to physical hardware, you can use something like Clonezilla to back it up (not needed often, but still, something to consider).
Both have their places, but those factors are the main ones that come into play of when I want to use a VM or LXC.
“I’m just not a tech person! ::most annoying giggle imaginable::”
You don’t have to be a tech person to know how to use basic features on your damn phone! You’re not a mechanic because you know how to use the radio!
Yeah, nothing says “I just don’t like that scent” quite like “I ain’t no bitch”
Especially when they put the price as free and then say make me an offer!
At least put $1 so I don’t have to see your bullshit at all if I filter correctly.
Sorry, I didn’t mean to insinuate you were being insulting!
“Don’t feel crazy/bad/dumb, I’ve had the same thing happen to me!” is a pretty common phrasing in my region to show sympathy and understanding and I thought that’s what you had meant (and it sounds like for your area, ‘pregnant’ serves the same general purpose!).
It’s always crazy how that happens sometimes and after weeks of banging your head, everything just ‘clicks’ when you’re exposed to the information in the way that works best for you!
Dude, don’t feel pregnant.
Context clues, I assumed this autocorrect was some variation of crazy/bad/dumb? :-D
Weirdness: My Authentik instance had a PostgreSQL upgrade prerequisite in order to update it.
I’d followed instructions 3-4 times completely unsuccessfully and had to keep reverting to backup.
So, I gave up for a couple weeks and left it be in order to get over my frustration.
Yesterday, I followed the instructions again. As far as I can tell, I did nothing different than I’d tried previously and it worked first try and then I was also able to upgrade Authentik.
NOTE: The instructions aren’t exactly difficult! So, I don’t see how I’d have gotten it wrong!
My AmazFit Bip could do a month when it was new (it’s down to ~10 days now after a few years), so I would think a month from Pebble would be feasible.
I don’t understand using a watch that you can’t use for AT LEAST a weekend without power … as it is, I’m pissed off that I’m down to 10 days (it’s stayed steady here for 6 months or so, so, I’m hoping it won’t degrade too much more before the new Pebble comes out).
@[email protected] already took care of what SMART means and is good for, so, I’ll address what the spirit of your message instead.
For me, _almost _nothing in my house phones back anywhere with telemetry. Sure, anything that uses WiFi needs the network to run, but almost nothing has access to the actual internet because it’s on a VLAN that specifically blocks internet access.
If you plan out the equipment you buy, you can ensure it’s safe (the absolute easiest way to do that would be to only buy z-wave or zigbee equipment since by design that’s a completely offline ecosystem, unless you buy a controller for it that requires the internet). With WiFi, I basically only buy stuff that can be flashed to ESPHOME, which removes its online requirements and puts a completely different firmware on the devices … this is more work than most people would want to do though, but you can always buy devices that were already flashed by someone else. IIRC, there are even some devices that come that way from the factory and use ESPHOME as an option. Or, they’re devices where I bought the sensors and microcontrollers and wired them up myself and put ESPHOME on the microcontroller.
For me, I love walking into a room and the lights turning on. If it’s night, the lights are red to not jolt me awake. Later in the night, they’re dim and a bit more orangey rather than bright white. These are QOL improvements that I would not want to go back to not having.
My garage doesn’t have any of the standard RF “clickers”/4-digit-code-panels connected because they’re garbage, but I have a relay sitting on it that I can remotely trigger and open the garage. I have motion sensors so that if no one has been in the garage for the last 5 minutes and the door is open, it’ll close the garage door (this was because people kept forgetting it was open.) I have sensors to let me know when the windows are open at the same time as the heating/air conditioning to try and prevent burning money. None of this is internet enabled, but it is controllable over my network and my network is accessible over my VPN.
If the humidity is high in the bathrooms, it assumes someone is taking a shower and turns on the exhaust fans if they’re not already on. This can help prevent mold from growing. There are some real benefits to things being smart and I do 100% agree with you that apps that send data to companies on when we’re home/away and all that are BAD, but, if you plan ahead you can have your cake and eat it too, but the number of choices for equipment you’ll have will be lower, but at least your stuff will keep working regardless of internet access and regardless of whether the company that made the equipment is still around or not.
I have my bathroom fan turn on if the lid has been open more than 45 seconds … some things you just don’t (yet) know you need to be smart :-D
For me, all of our lights are smart (some bulbs with smart switches that talk to the smart bulbs and some just smart switches), but, everything needs to be able to function like it’s dumb … nothing needs an app to function. The wall switches will function as expected … home assistant adds additional functionality, voice commands add extra functionality, but, it all works as you’d reasonably expect it to if you just go and hit the wall switch.
To me, that’s the purpose of a “homelab” not the purpose of self hosting. There’s a lot of overlap, but they’re not quite the same. Homelab has a goal of learning, but just self hosting doesn’t need to.
Yeah, I bought the 3100 to support them and regretted that decision, unfortunately, when it came time to replace I was in a time crunch like you and wasn’t able to run my backups though a translation and it was taking way too long to do it manually so I had to just load pfSense and load the backup.
If I ever buy new hardware and the old isn’t dead though, I’m definitely going to try and make the shift away from it.
I just installed it and it’s working pretty well.
OIDC/SSO was easy to configure and I was able to do so before even signing in. I was able to proxy it with NPM quite easily too without needing to do anything special.
The only real problem I’m seeing so far is that if you have OIDC set up, there aren’t prompts to actually use it in the Android app and Firefox extensions and it still prompts for username and password instead. I got around that by creating an API key instead, but you wouldn’t think that’d be necessary.
I even imported all my Firefox bookmarks just to see how it’d handle it and it’s struggling, haha, but I think that’s likely going to be the AI auto tagging and my poor little Ollama server that’s only got a 1060 rather than it being a Hoarder issue, but linking it to the existing Ollama server was also quite easy!
Thanks for the share OP, I’ve tried putzing with Wallabag (didn’t like that they didn’t have SSO) and Linkwarden (couldn’t get it to work with NGINX or NPM), so this was refreshing with how easy it was to get up and running!
ETA: My primary usecase for this is going to just be shoving things I want to remember to look at on it rather than sending myself links to things constantly.
Things I think could be improved, but am not (yet?) annoyed enough by to even open an issue:
Thats how I’ve done mine.
pfSense has an updater built in so that’s handled my home.mydomain.com entry for me for a long time and has handled updating duckdns too, even though it’s basically only a backup at this point.
If you’ve got a domain, no real reason to not just handle it yourself and avoid the headaches.
That sounds accurate. I have all my devices assigned a specific IP address, based on their MAC address, but that’s only per-interface. The other interfaces aren’t aware of my assignments for each other.
If I connect my phone to my LAN SSID, it’ll get its assigned IP, but if I connect it to the NOT [network of things, no internet access] SSID, it’ll get assigned a new address out of the DHCP pool because I haven’t assigned it an IP on that interface, until I assign it an IP. But, which VLAN it’s connected to will determine which IP its getting, and it still requires me to know the passwords for each SSID.
I believe where you’re getting confused is that a some businesses (or homelabs) might use a RADIUS server which will be more like this: ONE_SINGLE_SSID-Broadcast -> Device connects -> RADIUS Server detects account/certificate/MAC -> RADIUS Server assigns interface -> Device connects to VLAN the RADIUS server granted it access to
So, in that scenario, if the ONLY thing that’s being used to validate the access is the devices MAC address, just changing the MAC address will effectively grant a completely different level of access with nothing else changing. Most people in a homelab (and even plenty of larger businesses) aren’t running the infrastructure to do this though, they’re just effectively connecting a VLAN to a port and then that port can only be used to connect to that VLAN. They’re doing the same with the WiFi SSIDs where each SSID connects directly to the VLAN.
Usually though, for places that are implementing the RADIUS server, they’ll also install a certificate on their devices and the certificate needs to be in place in order to get certain access otherwise the RADIUS server will authorize less permissive access or just won’t allow access at all. Or, it’ll also need a user to log in to gain additional access.
For wired, the company may also implement port locking where the port will only allow a certain amount of MAC addresses to connect (presumably one unless there is also a VOICE VLAN with a phone being used, in which case it’d be two) where if you change your MAC address (or connect a different device), the port will lock and won’t power POE devices and won’t allow connectivity until an admin clears the lock. It’s possible that they may have multiple VLANs allowed on the port and client side you can change VLANs, but, this isn’t typically done on all ports, usually only on trusted ports or ports that need the multiple VLANs (my VM server for instance has access to a port that’ll allow multiple VLANs and I just enter the tag I need when I create the VM). This would be similar to your WiFi scenario, the port with the WAP connected to it will have access to multiple VLANs and then those WLANs just connect to the VLAN that they’re assigned to.
TL;DR - Typically one wireless SSID connects to one VLAN and if you want to jump to the other VLAN you’d need to connect to the other SSID, so you still have the individual passwords protecting you. On wired, typically VLANs are assigned per port and you can’t jump between then, but where they aren’t, it should be in a planned way and not just every port having access to every VLAN. Bad implementations exist though, so, anything is possible.