JustEnoughDucks

joined 1 year ago
sorted by: new top controversial old
what's your fav recipe manager? in c/selfhosted@lemmy.world
[–] JustEnoughDucks@feddit.nl 5 points 7 months ago* (last edited 7 months ago)

Mealie is absolutely the best

  • Home Assistant integration

  • SSO through OIDC (though mine is broken and I need to file a bug)

  • meal planning functionality with shopping checklists

  • equipment checklists

  • advanced grouping through tagging, cookbooks, and categories. Everything can be beautifully sorted

  • then the holy grail: recipe parsing through URL. I haven't found recipe parsing this good since the discontinued ChefTap app

Should I or should I not use a VLAN? I have trouble understanding the benefits for home use in c/selfhosted@lemmy.world
[–] JustEnoughDucks@feddit.nl 2 points 7 months ago (2 children)

Yeah, for that threat model, a VLAN is not needed in my opinion:

  • esphome devices are for sure not data collecting and pihole will block most of the phone homes with a good block list, where possible (like simple smart devices) they are flashed with a local open source version. Still the vast majority are KNX and Zwave which are local only

  • video cameras are local-only always and have completely blocked internet access via the router

  • This is probably the biggest threat unpreventable in other ways. Though definitely citation needed for them actually being caught recording conversations lol. People think phones do that too, but it is simply a lot easier (and more importantly, cheaper with a much higher ROI) to make a complete data picture through search/watch history + proximity to other devices.

Should I or should I not use a VLAN? I have trouble understanding the benefits for home use in c/selfhosted@lemmy.world
[–] JustEnoughDucks@feddit.nl 3 points 7 months ago (4 children)

Yes, that is why I gave an example of how i thought it worked, but i have a single physical server with *arr suite, HA, reverse proxy, and all of my other services.

If it is a near physical separation of traffic, how can 1 device with 1 MAC and 1 IP be isolated on multiple parts of the VLAN?

The little smart home platform that could in c/technology@lemmy.world
[–] JustEnoughDucks@feddit.nl 1 points 7 months ago

There are a few add-ons that are very handy that don't have a docker equivalent. Namely the google cloud backup.

I also agree that you generally don't need add-ons and hopefully if someone is running HA on docker, they don't need them, but for a few select ones, it is "needed"

The little smart home platform that could in c/technology@lemmy.world
[–] JustEnoughDucks@feddit.nl 5 points 7 months ago (2 children)

I think the wording is off.

Many or most add-ons need their own docker containers, that is what the add-ons are.

Every integration does not need its own docker container.

What are common practice's for hardening/securing your server? in c/selfhosted@lemmy.world
[–] JustEnoughDucks@feddit.nl 0 points 7 months ago

Just don't port forward ssh. There is 0 reason to in 99.99% of home cases

Authelia + Bitwarden + other selfhosted stuff in c/selfhosted@lemmy.world
[–] JustEnoughDucks@feddit.nl 1 points 7 months ago (3 children)

If you are looking for user management and registration, then Authelia is the wrong software for you.

Authelia is a very light weight security layer (and more recently SSO) that is only meant for few users precisely because it doesn't have an onboarding process, dynamic access control, and more advanced features. Everything is done through config files and secrets. The admin has to manually create a file or plaintext lines with the user and password for each new user and restart the container.

Authentik is what you want if you want a bunch of users and new user sign up.

As for bitwarden/SSO, they should be fully separate. Otherwise you will likely break Bitwarden app and browser integration functionality.

You also do not want to run into the case where you don't know your SSO password so you can't get into bitwarden to find the password and you are screwed.

Bitwarden, TOTP method, and SSO should ideally be separate and you should be able to access your passwords and TOTP without requiring any password that is exclusively in the Bitwarden database.

Do you encrypt your data drives? in c/selfhosted@lemmy.world
[–] JustEnoughDucks@feddit.nl 7 points 7 months ago

I think he is saying that his physical attack surface is very small since he is remote, so maybe he doesn't bother?

Either way, encrypting drives is simply always good if you ever resell the computer or upgrade drives.

Migrate from nextcloud photo backups to immich? in c/selfhosted@lemmy.world
[–] JustEnoughDucks@feddit.nl 1 points 7 months ago (1 children)

The only problem there is that, at least a whole ago, you will get duplicate images. Between the external library and your app upload

Pause alerts during the night in c/selfhosted@lemmy.world
[–] JustEnoughDucks@feddit.nl 1 points 7 months ago (1 children)

Maybe that is a new android thing or a Samsung thing? That phrase doesn't show up in my settings.

2 years ago, my mother and I tested it extensively when I moved trying all of the "allowing app" settings combined with starred people and it never worked for whatsapp, only stock dialer and texts.

What VPN should I get for Linux? in c/piracy@lemmy.dbzer0.com
[–] JustEnoughDucks@feddit.nl 1 points 7 months ago

Also lesser known PrivateVPN has no ties to marketing companies. Supports port forwarding, Wireguard, decent price, and is no log.

Been using them for years without complaints.

Pause alerts during the night in c/selfhosted@lemmy.world
[–] JustEnoughDucks@feddit.nl 2 points 7 months ago (3 children)

True, but if you are not from America, many many people use VOIP calling on apps like WhatsApp to call.

DnD priority overrides don't work for that.

view more: ‹ prev next ›