I test installed it in Proxmox in a Debian 12 LXC for the sever part, it was fairly easy, just run three commands. The client was as well, but failed to do something with the email during registration. It has a while longer to go I think. But I put it in my bookmarks to visit every so often as well. :)

I use Technitium DNS as both my DHCP and DNS Server on my network. I then have my ISP Router’s DHCP turned off, and point the primary DNS IP To Technitium’s on my network. I have roughly 66-67 network devices at a given time on my network, mostly wireless. (Think wiFi locks, Lights, Outlets etc) then I have my phones and gaming systems an any given thing.

To manage my IP’s I use an Airtable type of database via BaseRow, also self hosted. Through my router’s records, I copied/pasted every single MAC address I found, into a column in my BaseRow table there, and then added the device name or friendly name to another with an assigned IP I want to use. I have a more organized system of ranges 192.168.1.1-10 is mobile devices, 192.168.1.11-30 is IoT etc…

By having my network setup in this fashion, I accomplish a few things, all new devices which power on or connect to the router to get their IP assignment fail to get it since it’s turned off there, and they search the network for an available DHCP Server which lands squarely on the TechnitiumDNS server and are assigned it through there. I also have adblocking enabled through the same server so I have a more home wide adblock which works. (You’d be amazed at how much Telemetry a TV Sends out for every single remote keypress!) I have been able to block those with the adblock enabled. With the DNS server, you can also assign DHCP ranges address, it is really an overly complex server and probably overkill for a home network. I’ve only scratched the surface of what it can do.

If you don’t want to fuss with TechnitiumDNS, there’s AdguardHome, or even PiHole you can use if you want to block Ads (or you can simply disable that function) and those also act as a DHCP Server.

Or, if you are wanting to spend a few hours configuring it, you could run your own DHCP Server in a VM or dedicated device such as a Raspberry Pi.

With all of these settings, it’s important to set your DHCP lease offer long enough that if you have to reboot the DHCP Server for kernel update, or it crashes, you won’t have any devices fail as some do regular polling to check for connectivity (My Linux computer does this a lot). I don’t remember if it’s KDE or Arch. Anyway, running the DNS Server also allows you to custom build your own “domain” system if you will. So could assign maybe your self hosted Calendar for example to http://calendar.local or http://calendar.internal.

By setting up a dedicated DHCP Server, using the manual method or one of the different AdBlock systems, you can also turn off DHCP registration for ‘foreign’ devices or those which aren’t in your DHCP table. This offers a small element of extra security for your WiFi, but it’s not 100% secure if someone knows your IP ranges and Subnet Mask. Also, this will make it easier in the future for you if you upgrade your router or replace it as there’s just two settings to change. (DCHP Server off and the optional self hosted DNS).

Why not use a different DDNS service? There are plenty out there. :) I think this may solve your issue. I’ve been using freemyip.com’'s for a while and have had no problem in the past issusing LetsEncrypt SSL’s. At the moment, I’m on Cloudflare tunnels so it’s automatic with them, which I know is a huge trust issue for a lot of people, but I don’t mind it for my stuff. But I do like to have my DDNS as a backup service from time to time.

I have been using Tailscale, connected it to my domain, I use Authentik for my OIDC/SSO Sign in and tied it that way for the MFA OIDC Login Tailscale let’s you use. All I needed to do is setup a webfinger for it and once it verified my domain, I was able to give them my OIDC settings for them. Tailscale so far for me in the last year or so has been quite simple to use. Plus, being able to log into my admin console and any devices I enroll through Authentik’s front end, has given me peace of mind knowing it’s quite secure. (All of this on a Proxmox server BTW).

One may argue about self hosting Wireguard and I agree, it’s quite easy to do if you use something like wg-easy which makes it simple to add phones to your network. My concern with it though was having to poke a hole into my firewall for the WG traffic to hit the server, once I got into Tailscale, it’s made it easier and I don’t have any open ports on the router now. I think this is primarily why the Jupiter Broadcasting guys push it so much on their podcasts, not to mention one of the hosts on his podcast is an employee for Tailscale as well, so that probably helps a bit.

As for funding for both Nebula, or Tailscale, they do cater to enterprise customers so you have the assurance that they do have to answer to them if they revoke a service or ruin it. :)

For Tailscale, it’s just a matter of them allowing you to add 100 devices for free and it’s simple command to install it on any client via the cli including Apple TV for example. For phones, I have Tailscale on my phone connected 24/7 to my exit node which is my Proxmox server which acts as one, and as a backup, my Raspberry Pi which acts as one as well. So, even if I’m on the road or away from home, I’m always on my home network (unless blocked by overzealous sysadmins on their public WiFi networks). There’s not much to manage via the phone, but I like to think it’s ‘set and forget’ really, once you have it all configured, it just runs in the background and they do not decrypt your traffic much less care what goes through it.

I took a quick read of the comments and I apologize in advance if this has been suggested already.

I use a self hosted DNS server (AdGuardHome) I was using TechnitiumDNS for a long while, but moved over to the other recently so I could do some more blocking as needed (adult special needs house dweller sometimes needs limited internet). It also acts as a DHCP Server so it takes the role of both the DHCP assignments away from the router. As it so happens, this week, I got to experience the benefit of having this setup live when my main router also went down, I was able to switch to a spare router (My ISP provided one) and all I had to do was turn the DHCP off and optionally point the DNS To my AdGuardHome address, set the SSID’s up and I was in business. All of my devices happily reconnected and grabbed their assigned IP’s.

In short, if you have a spare computer, SBC such as a raspberry PI or whatnot, you can easily host something like that and not have to worry about setting those again.

I also use Stealth for my Reddit experience. It also doesn’t support comments or logging in. :) https://f-droid.org/packages/com.cosmos.unreddit/

Cyberchef, I’ve looked at but honestly for me, IT Tools works best for my needs so it’s all good on my end.

Dozzle is just log viewing plain and simple. Dockge shows more that’s all I know. I tested Dockge earlier on in development and haven’t been back since, I know it’s grown a lot more since.

I’ve seen a few mentions of PiHole and AdguardHome, I started on PiHole, then moved to AdguardHome for adblocking. Then I heard about and have been using TechnitiumDNS server which is sort of overkill for our needs, but with the right ad-lists, it is fantastic at blocking advertisements on my home network. Super fast install too, even on a Raspberry Pi 2 :) I run that along with Proxmox-VE (Protected behind OIDC Login) and several other containers on my cranky old Dell Desktop server.

Mostly Vaultwarden, and a few other services for home private use such as PairDrop for inter system sharing and a self destructing file sharing server for when we need to send documents to our Attorney’s (rarely but sometimes we need to) office via Pingvin.

I also run:

• Home Assistant
• Transmission Dockerized so I can help contribute to the Linux community and share the ISO’s.
• For some of my externalized sites, I run Authentik It acts sort of like a Reverse Proxy if you configure it to do so. I love that I can simply identify myself with my WebAuthn device skipping any passwords. :)

With Authentik setup, I can login to things like my Fresh Tomato Router TechnitiumDNS (Both use HTTP Auth headers) and Memos which uses OIDC/SSO. It’s meant to replace our Google Keep notes.

• Tailscale is installed and I connect to it from my phone when away from home to always stay on my network. Sometimes, hotspots block it so I generally avoid those as much as possible.
• Wallos to help keep track of our re-occuring subscriptions.
• Grafana and Promethus - both are staged and ready for configuration and one of those I will get around to eventually.
• InfluxDB - I plan on moving Home Assistsant logging soon to that which should tie nicely into Grafana later.
• Ben Phelps’ Homepage - it’s my main server dashboard my wife and I use to access our server. Quite simply one of the best dashboards IMHO.
• Wyze Cam Bridge - One of the better services in which you can log into your Wyze cams and convert their streams to RTSP, RTMP or HLS streams easily. I have that feed to my Home Assistant Security Dashboard.
• Baserow It’s a good Airtable alternative and I use it to keep track of my Static IP assignments, Sleep tracker (I suffer from insomnia), and other data points. It’s pretty amazing. I even created a pain logging for for my wife so she just accesses it and answers basic questions about her pain levels and it pushes it to the database for later retrieval.
• Joplin Server - Sorry, I don’t have the link, but it’s installed via compose. I use Joplin Notes on my phone and computer for keeping my code snippets. I’ve tried Obsidian and it didn’t really meet my needs and Also Anytype, but that’s not self-hosted. Joplin server is for me and that’s become handy a time or two when on the road.
• Bookstack - my grand plan for that is to build a Wiki for my family to use in the event something should happen to me, they can know how to manage the server with nice screenshots and instructional steps. I have that protected behind Authentik’s OIDC logins.
• IT-Tools - hands down one of the coolest self hosted tool sets you can use.
• Webcheck - All-in-one OSINT tool for analyzing any website https://web-check.xyz/ is their demo site. :)
• Stirling PDF - Kind of like a Swiss-army knife for PDF’s. :)
• Dozzle - For those times with you really need to see what your Docker logs and too lazy do run a docker logs -follow command.

I still use Portainer-CE and am happy there, I may try Dockage or the others, but it’s fine for what I need it for (It’s also protected by OIDC)

I’m sure I may have missed a few, but this post has gone on long enough. :)

What about bad actors which swipe the phone, and it’s behind the biometric lock? Too many failed attempts may or may not be a sign of it not working well, so if it bases part of it on the failed attempts, it would lower the chances of being further protected. I know they would ask for the pattern/pin or password to re-enroll the biometric, but let’s assume that’s already known, then game over.

For terminal, the first thing I install is Midnight Commander - dual pane file manager. https://midnight-commander.org/

For all of my physical Linux machines - Cockpit and Cockpit-File Sharing plugin.

Desktop

• Thunderbird

• Firefox

• Vivaldi

• Gnome

• Chromium I use Firefox, wife uses Chromium and My WFH job I use Chrome. Vivaldi is a backup browser, I’ve been messing around with.

• QEMU/LibVirtd - So I can run a Windows VM for my old Canon Lide 60 scanner which scans clearly there, otherwise in Linux, it’s contrasted super grey for some reason.

• Kopia-UI - Backup system which supports NFS Shares - set and forget type of setup.

• VLC - Need I say more? Lol

• OnlyOffice - Better aesthetically IMHO than LibreOffice

• PDF Arranger - Works well to re-arrange pages or rotate them after scanning them in. (I self host Sterling PDF and will probably switch to that later)

And for some inspiration - the “Awesome Linux Software” list (Not mine) similar to the other Awesome lists you see around. https://github.com/luong-komorebi/Awesome-Linux-Software

In one way, I’m happy this is happening, in another way, I’m not - I’ve given well over 2 decades of my life to the call center way of living. Let me give you a sneak peak into what really happens in the daily life of a call center worker.

• You live by the time on your telephone, it’s your punch in and punch out system in most centers. Don’t clock in more than 8 or 15 or whatever insane metrics they set past your clock in time else you will be considered tardy. This includes all breaks and clocking out.

• If you are a first contact person and taking phone orders, your ‘talk time’ is measured. Anything more than the standardized 5 or 6 minutes is considered excessive and they tell you to move the calls along faster.
  If you are customer service, your talk time is loosened but you are also the first and last contact the customer should have for the issue.

• Your phone calls are monitored and/or recorded (For Real!). If you are like me and hate to your your voice, woe be it to you when they play back your last call or two so you can hear yourself talking to the customer. If not recorded, then it is up to the monitoring person to be nice. You are then told what you need to do to speed up your talk time, or increase sales etc…

Telemarketing

Oh dear God, this is a life sucker and has the highest turnover on jobs. You quickly learn more about human nature in an odd sense. The sheer pressure on booking that next sale is insanely high and if you don’t meet the sales minimums for the day or even hour, you are sent home without pay. I worked for a company which sold HR Manual trials, I was never more relieved and happy to be fired when I was for not making the per-requisite sales quotas for the half day.

TIPS

I don’t think I’ve encountered a single call center rep in my years of service where a CSR decided that today, they would be a jerk. All we ever want to do is get through the day and earn our wages and go home.

One thing I will say with confidence, is everyone you work with has something in common, you aren’t there necessarily because you enjoy it, you are there because it puts food on the table and beats living off of unemployment benefits. It’s a thankless job.

If you receive great service from a call center rep (CSR) and are happy, politely ask to speak with their supervisor and when you do, be sure to leave them a good review. It doesn’t always help to do this after a bad call, but sometimes rebounding to a new agent by calling the company back and asking for a supervisor will make a big difference if you take issue with them about the poor quality of service you received.

Remember, if you can’t resolve an issue with a CSR, It’s not always that they don’t want to resolve the issue for you, their hands are probably tied and in fear of losing their job or being reprimanded, they simply won’t budge.

Kindness goes a long way with us as well, if you are respectful and kind, we reflect the same back to you and often have tools at our disposal to grant you an extra discount and/or savings. We genuinely want to see you happy!

ON THE OTHER HAND

If putting AI in front of the call centers will help screen out the most common issues, then by all means do it. Also, if the stupid bean counters out there which insist of outsourcing to third world countries as it’s cheaper, can find it to be more cost effective to use AI, and keep the jobs local to their country of operation, then I’m in favor of it.

Homebox - before we relocate - whenever that is, I will be printing labels and putting them under and behind my stuff, scanning it into there and then will use that to keep track of our items after the move to know what is in which box etc.

NocoDB Self Hosted (I use this for a few things) - started out with my network ip’s I have on my servers and ports for my containers and most recently a sleep log.

Just a couple there.

Grafana + Prometheus dashboards can be quite addicting or useful. Noted.lol put together a nice tutorial for getting started.

For most of my services though, I simply use Uptime Kuma which then sends an alert to Gotify when my services go down or whatnot, Gotify then instantly notifies my phone so I can be aware. It helps keep the spouse happy when their go to service for some reason crashed. :)

From their readme. I asked about that last night and he replied an pointed me to it. :)

Kiosk mode

Kiosk mode can be activated by a checkbox on the page. Note that there is no way out of kiosk mode (except refresh or closing the browser), and the play/pause and other controls will not be available. This is deliberate as a browser’s kiosk mode it intended not to be exited or significantly modified.

It’s also possible to enter kiosk mode using a permalink. First generate a Permalink, then to the end of it add &kiosk=true. Opening this link will load all of the selected displays included in the Permalink, enter kiosk mode immediately upon loading and start playing the forecast.

I didn’t see IIS mentioned, but I didn’t take a close look at the code. They give you a docker run command to set it up, so I converted it to a docker compose file so I can run it later. All of this is running on a Debian 12 system, so if IIS is needed, I’d wager that is if you are running a Windows setup.

I have mine embedded in Home Assistant now as an iframe using the Kiosk mode setting which works.

Looks nice! I set mine up and have it as an Iframe in Home Assistant. The app is a fork from https://github.com/vbguyny/ws4kp with his demo site here: https://battaglia.ddns.net/twc That version has the music we all came to know and love from back then.

Authentik is my IDP provider so I put it in front of all my publicly facing Apps which support OIDC login. For example, I can log into my Portainer instance from an external network, but to do so, I log into Authentik First which sends it to my service.

For the apps which support HTTP headers, like I said, Pomerium acts as the service which passes my credentials to the device. I admit - Authentik does this also without the need for Pomerium, (through their flow settings) but I found Pomerium to be much easier to set up for this than Authentik and haven’t looked back or felt the need to change it.

With that, I use Pomerium for apps which accept a HTTP Headers, for example, my Fresh Tomato firmware flashed router, it has a HTTP dialog. This allows me to login from the road if I need to manage something like rebooting it or updating firewall rules etc.

My access flow is this :

router.example.com —> Cloudflare Tunnel —> Pomerium IP —>Authentik —> Router’s Gui.

It works flawlessly. I don’t often use it, but when I do, it helps. I also had it enabled for AdguardHome but moved to Technitium DNS which I prefer and that doesn’t have the HTTP Headers so it’s not fully compatible with Pomerium that I’m aware of.

I use Ferdium on my desktop and self host my server for it, then just add it through there. Works quite well. Plus, with Ferdium, I can add other services such as Discord, and Mastodon so, it’s sort of my go to hub for a lot of my social media.

I came pretty close to death I think - I was home recovering from a surgery and woke up early in the morning, short of breath, my heart was racing, and literally felt like it stopped. Naturally, at that time, my bladder decided it need to be relieved so I stumbled breathlessly into the restroom and did my thing. When I stood up, started to lose my hearing and vision for a few seconds, and felt myself starting to collapse, but I managed to catch myself and things restored, I face planted on my bed which got my wife’s attention and 911 was called. All of this was due to a massive pulmonary embolism choking my heart I later learned. The embolism was caused by a clot which traveled up my leg.

Lesson learned: Keep moving after recovering from surgery at home kids! Your life depends on it.