Thanks, I’ll muse over this when I next get the chance!

Yes please, I might revisit it with a fresh pair of eyes.

Thanks for the suggestion. I spent a good hour or two trying to make Wireguard work for me last night but failed. If I set it to only apply to Immich, nothing else would have Internet access at all. Likewise if I set the peer IP range to just my LAN subnet.

After pulling my hair out for a while I gave up and uninstalled.

Hmm I must be doing something wrong then because it doesn’t work for me.

If it was just me, or if Tailscale wasn’t such an insatiable battery leech then I’d absolutely do that but the wife (and kids) acceptance factor plays a big role, and they’re never going to accept having to toggle a separate service on and off to get to their photos.

Maybe I’m being overly paranoid but I work in IT and see the daily, near constant barrage of port scans and login attempts to our VPN service and it has an effect!

Very useful insights, thanks.

I do currently have external stuff running via a Cloudflare tunnel (which is why I need DNS based LE certs for the internal proxy) but I don’t know if it’s setup correctly (beyond doing basic reverse proxying) and the admin backend for it feels like massive overkill for a home setup. Plus with Immich I run into the issue of a) dire warnings about it being in active dev and potentially insecure and b) filesize limits making away-from-home backups difficult.

I could well be over thinking the whole thing.

Yeah I’m running a Cloudflare tunnel for external access (which is why I need DNS based LE certs), but that’s another thing that I don’t really know what it’s doing beyond basic reverse proxying.

I have a country-based whitelist for where my Immich instance can be accessed from but I find the Zero Trust admin backend to be massive overkill for my needs, and it doesn’t help that they’ve recently moved everything around so none of the guides out there point to the right places anymore!

Ah, that’s useful thanks!

it will either be underpowered or power hungry.

Or both!

My inner monologue is an asshole that literally never shuts up unless I’m asleep. If I’m not actively thinking about something and conversing with him or keeping him otherwise distracted, he’s singing a snippet of the last catchy song he heard, over and over, until a new one takes its place. Sometimes it’s the same song for days on end.

This looks neat, will definitely give it a go, cheers!

I was hoping to see “Oh Jesus Christ!” as the top comment but this is close enough.

I’ve watched BB a few times but I can’t say I recognise the reference. Still, if you’re sure that’s the line he says, try searching on yarn.co. It generates gifs from movie and TV quotes so it might help to narrow things down.

Good call. That album is dirty, visceral perfection from start to finish.

Regular Urban Survivors by Terrorvision. Most people probably know them by way of their subsequent album, Shaving Peaches, but RUS is far superior.

I was of the same mindset for a long time; SmartThings, Hue and Google Home all worked well enough together to do what I wanted. But holy shit, Home Assistant is on another level and I only wish I’d installed it sooner.

The only real downside is that it makes home automation somewhat addictive and, by extension, expensive. I spend quite a lot of my time thinking about how to automate more of the things, and have a never ending list of stuff that I want to add to my setup.

Oh goddammit.

What’s the problem with Asterisk? FreePBX uses it and as far as I can tell, it’s the only way to get Lenny working.

Short answer: figure out how much of that is actually irreplaceable and then find a friend or friends who’d be willing to set aside some of their storage space for your backups in exchange for you doing the same.

Tailscale makes the networking logistics incredibly simple and then you can do the actual backups however you see fit.

Unless you’re using the horribly outdated and insecure v1, there’s nothing wrong with Samba at all. For serving media it’s just as fast as NFS and is often plain easier to get going. Use what works for you.