Everything I mentioned works for LAN services as long as you have a domain name. You shouldn’t even need to point the domain name to any IP addresses to get it working. As long as you use a domain registrar that respects your privacy appropriately, you should be able to set things up with a good amount of privacy.

Yes, you can do wildcard certificates through Let’s Encrypt. If you use one of the reverse proxies I mentioned, the reverse proxy will create the wildcard certificates and maintain them for you. However, you will likely need to use a DNS challenge. Doing so isn’t necessarily difficult. You will likely need to generate an API key or something similar at the domain registrar or DNS service you’re using. The process will likely vary depending on what DNS service/company you are using.

Congrats on getting everything working - it looks great!

One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you’re running your services behind Wireguard so there isn’t too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you’re more likely to run into issues with services not running on HTTPS.

The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won’t know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).

Calls made from speakers and Smart Displays will not show up with a caller ID unless you’re using Duo.

Is it possible to use Duo still? Google knows it discontinued/merged Duo with Google Meet nearly 18 months ago, right?

https://changedetection.io/

Change Detection can be used for several use cases. One of them is monitoring price changes.

Some additional ideas for the Protectli device:

• backup/redundant OPNsense instance for high availability
• backup NAS/storage
  • set it up at a family/friend’s house
• a test/QA device for new services or architecture changes
• travel router/firewall
• home theater PC
• Proxmox/virtualization host
  • Kubernetes cluster
• Tor, I2P, cryptocurrency, etc. node
• Home Assistant
  • dedicated local STT/TTS/conversation agent
• NVR
• low powered desktop PC

There are so many options. It really depends on what you want, your other devices, the Protectli’s specs, your budget, etc.

tl;dr: A notable marketshare of multiple browser components and browsers must exist in order to properly ensure/maintain truly open web standards.

It is important that Firefox and its components like Gecko and Spidermonkey to exist as well as maintain a notable marketshare. Likewise, it is important for WebKit and its components to exist and maintain a notable marketshare. The same is true for any other browser/rendering/JavaScript engines.

While it is great that we have so many non-Google Chrome alternatives like Chromium, Edge, Vivaldi, etc., they all use the same or very similar engines. This means that they all display and interact with websites nearly identically.

When Google decides certain implementation/interpretation of web standards, formats, behavior, etc. should be included in Google Chrome (and consequently all Chromium based browsers), then the majority marketshare of web browsers will behave that way. If the Chrome/Chromium based browsers reaches a nearly unanimous browser marketshare, then Google can either ignore any/all open web standards, force their will in deciding/implementing new open web standards, or even become the defacto open web standard.

When any one entity has that much control over the open web standards, then the web standards are no longer truly “open” and in this case becomes “Google’s web standards”. In some (or maybe even many) cases, this may be fine. However, we saw with Internet Explorer in the past this is not something that the market should allow. We are seeing evidence that we shouldn’t allow Google to have this much influence with things like the adoption of JPEG XL or implementation of FLoC.

With three or more browser engines, rendering engines, and browsers with notable marketshares, web developers are forced to develop in adherence to the accepted open web standards. With enough marketshare spread across those engines/browsers, the various engines/browsers are incentivized to maintain compatibility with open web standards. As long as the open web standards are designed and maintained without overt influence by a single or few entities and the open standards are actively used, then the best interest of the collective of all internet users is best served.

Otherwise, the best interest of a few entities (in this case Google) is best served.

Alerts, notifications, person recognition, object recognition, motion detection, two way audio, automated lights, event based video storage, 24/7 video storage, automated deletion of stale recorded video, and more can all be accomplished 100% locally.

Granted, much of this functionality is not easily accomplished without some technical knowledge and additional hardware. However, these posts typically are made by people who state to at least have an interest in making that a reality (as this one does).

What security benefits does a cloud service provide?

Your options will depend on how much effort you are willing to put in and what other services you have access to (or are willing to run).

For example, do you have a Network Video Recorder (NVR) or something like Home Assistant that can consume a Real-Time Messaging Protocol (RTMP) or Real Time Streaming Protocol (RTSP) video feed? Can you modify your network to block all internet traffic to/from the doorbell? Are you comfortable using a closed source, proprietary app to setup the doorbell? Is creating your own doorbell feasible?

I’m not aware of a doorbell that you can buy which meets all of your requirements without at least one of the items I mentioned above. Additionally, I believe the only doorbell that meets all your requirements is building your own doorbell. However, some other brands that will get close to meeting your requirements are Reolink and Amcrest.

I found what I was looking for - Renovate. I was wrong about it making branches (just makes pull requests). Looking into it a little further though, it seems people use Renovate (to automate updates) in conjunction with something like Argo (to automate deployments).

I think Keel does both of those tasks? I still need to research the similarities/differences of Keel and Renovate a bit further. Thanks again for the recommendation!

Sorry, just want to make sure others read this properly. I think you meant

The clients aren’t closed open source.

They are closed source forks of Element’s desktop/mobile/web apps.

I believe the features you’re referring to (Raise Wrist and/or Shake Wake within the Wake Up settings) don’t keep the watch screen on. Instead, I think they just trigger the watch screen to turn on and it stays on for however long the Display timeout setting is set to.

The only way I’m aware of to extend the Display timeout is to touch the watch screen while its on, a notification to come through, or certain apps like the stopwatch to be active. I also experienced issues with apps closing due to notifications coming through so relying on an app to keep the screen on may not be reliable.

If the screen turns off (even for a split second to allow one of the Wake Up settings to trigger the display back on), the watch will stop recording the heart rate and take another 5+ seconds to start recording the heart rate again.

The only way to suppress the Wake Up settings is to either manually disable them or turn on the “night mode” you mentioned.

Sorry if I’m wrong in any of this. I’m not certain how it all works. This has just been my experience with it.

There are a few recommendations for the PineTime in this thread. It is a great privacy focused smartwatch, but I don’t think you would be happy with it based on your requirements. It is not a device that allows you to go for a run and keep your phone at home.

The storage on the device is extremely limited, which prevents you from playing any audio (eg songs, podcasts, etc) directly. The device does not have any wireless connectivity (outside of Bluetooth) so it cannot stream any audio either. I’m not certain if you can even connect it to wireless headphones. It does not have any speakers either.

The watch has some apps, but there are no apps that are well suited for fitness. It does count steps well, but it does not directly calculate distance, pace, etc. It also does heart rate, but, currently, the watch screen must be on for it to record the heart rate. I think the longest the watch screen will stay on for is 30 minutes without any interaction, which may be too short for long runs or bike rides. Additionally, I’m not aware of any GPS/location tracking functionality.

Lastly, since the apps are limited and there is no advanced wireless functionality, you can’t use it for things that you may be used to for on the go activities. For example, you won’t be able to use it to pay for a drink half way through a run or call someone if you hurt your ankle a few miles from your destination.

With all that said, I still highly recommend the PineTime as a privacy focused, FLOSS, smartphone companion, smart watch. I don’t think you’ll find these features in any other device, particularly at this price point. However, you will be extremely disappointed with it if you’re getting it so you can take it on runs while leaving your phone at home.

Keel looks nearly identical to what I’m looking for. I can’t quite recall how the functionality worked in what I watched, but I believe (one of the ways that) it worked was by creating a new git branch for each update. I see Keel has approval functionality, but I don’t see anything about git integration.

If you use Keel, do you just rely on Kubernetes deployment versions for update history and other tools for config backups?

Is this the Quadlet you mentioned? The repo states it was merged into Podman. It seems pretty similar to the podman-auto-update from the article.

I wasn’t aware of this functionality, but I don’t think it provides the functionality I’m looking for. I might have missed it in the documentation, but it doesn’t seem to look for new version tag updates.

For example, Forgejo’s image registry on Codeberg doesn’t have tags like latest, stable, etc. and instead just has semantic versions like 1.19.1, 1.19.2, 1.19.3, 1.20.1, etc. From what I’m seeing, the images wouldn’t auto update unless the tags that omit the bugfix version like 1.19 or 1.20 are used. However, Podman still wouldn’t update across those minor version updates.

I’m not privy to what is going on, who the users from the screenshot are, or what this is all in reference to, but saying they “actively setup RSS feeds” for this is a bit disingenuous. The ability to consume Reddit users’ RSS feeds has existed for longer than GrapheneOS has been around. Anyone posting on Reddit (especially on public subs) or any other public site should have the expectation that their posts/comments can be monitored/tracked/followed, searched, recorded/copied, etc. This should just be viewed as a reminder of that.