Ah, right, read to fast it seems! Though that still leaves the possibility of software firewalls, but any OOTB ones wouldn’t be doing any packet inspection.

Do you have a firewall? Packet inspection in particular can wreak havoc on speeds.

And no helm(et) or lifejacket in sight… Looks like a spectacularly dumb way to die given all the jagged rocks.

Tell them to move to yubikey or similar hardware key which is far more secure than any password policy will ever be and vastly more user friendly. Only downside is the intense shame if you manage to lose it.

The key should stick with the user thus not be stored with the computer when not in use. The key isn’t harmless of course but it takes a very deliberate targeting and advance knowledge about what it goes to and how it can be used. It’s also easy to remote revoke. If you’re extra special paranoid you could of course store the key locked at a separate site if you want nuclear codes levels of security.

Proxmox is VMWare light in a good way.

Yes.

Microsoft To-Do has most of the features requested here (but is not open really) and I’ve tried to use it extensively but for anything that’s not one-off it doesn’t really work because the problem isn’t generally remembering that you need to clean, pay bills etc it’s actually doing it.

To-Do software only really works for the things you forget, like buy ingredients to make a birthday cake or setup that ladder service in your selfhosted setup to go around pay walls in a more automated fashion.

For app supported habit forming there are some gamification apps that some friends swear by but they’ve never really done it for me. For me the only thing that works is cultivating discipline by… Just fucking doing it, no matter what I feel.

I think a VPS and moving to NetBird self hosted would be the simplest solution for you. $5 per month gives you a range of options and you can go even lower with things like yearly subscriptions. That way you get around the subdomain issue, you get a proper tunnel and can proxy whatever traffic you want into your home.

As for control scheme for your home automation you’ll need to come up with something that fits you but I strongly advise against letting users into Home Assistant. You could build a simple web interface that interacts via API with HA, through Node-Red is super simple if it seems daunting to build the API.

If a RPi 4 is what you’ve got and that’s it then I guess you’re kinda stuck for the time being. Home Assistant is often quite lightweight if you’re not doing something crazy so it runs well on even a RPi 3, same with NAS software for home use, it too works fine on a 3. If SBC is your style my recommendation is to setup an alert on whatever second hand sites operate in your area and pick up a cheap one to allow you to separate things and make the setup simpler.

That’s one part of it, but the other is that there’s no proper way to ensure you won’t cause issues down the line and it makes the configuration unclean and harder to maintain.

It also makes your setup dependent on seemingly unrelated things. Like the certificate for the domain which is some completely different applications problem but will break your Home Assistant setup all the same. That dependency issue can be a nightmare to troubleshoot in some instances, especially when it comes to stuff like authentication. Try doing SSO towards two different applications running on different subpaths on the same domain…

I can’t grasp your use case I feel, pretty much all your complaints seem… odd. To me at least.

First subdomain. I think HA is completely right that proxy with a subpath is basically an anti-pattern that just makes things worse for you and is always a bad idea (with very few exceptions).

As for your tunnel I don’t know how you’ve set it up and I haven’t used tailscale but them only allowing one domain sounds like a very arbitrary limit, is it something that costs money to add? I use NetBird which I selfhost on my VPS and from there tunnel into my much beefier home setup.

Then docker in HAOS. The proper way I feel of running HA is for sure HAOS, and also running it in its own VM / or on dedicated hardware. This because you will likely need to couple additional hardware like a stick providing support for more protocols like ZigBee or Matter. It really isn’t a good solution for running all your self hosted stuff, and wasn’t ever intended to be. Running Plex in HA for instance is just a plain bad idea, even if it can be done. As such the need for an external drive seems strange as well. If you need to interact with storage you should set up a NAS and share over SAMBA. All this to say that HA should be one VM/Device, your docker environment another VM.

As for authentication there are 10k plus contributors to Home Assistant yearly but very few bother to make authentication more streamlined. I would’ve loved OpenID/OAuth2 support natively but there are ways to do so with custom components and in the end I quite strongly feel that if the end-users of your smarthome setup (i.e. the wife and kids) need to login to Home Assistant then you’ve probably got more work to do. Remote controls which interact with HA handle the vast majority of manual interaction and I’ve dabbled with self-hosted voice interfaces for the more complex operations.

Sorry if this came across as writing you on the nose, that’s not my intention. I just suspect you’re making things harder for yourself and maybe have a strange idea around how to selfhost in general?

Well, as someone also self-hosting email I agree with his solutions but he paints a picture of how bad it is that I feel is a bit exaggerated. But then again I host for myself and my family, I suspect it gets a bit different when you have many users and send hundreds of mail per day.

Only one I’ve had trouble with it Microsoft, they’re the strictest and you need to get some support from them to make it work reliably. Google has an automated service.

So no ads, sure, but then you need a commandment about paying for what you consume. Since otherwise, if we all followed the commandments, we’d be out of content right quick since you can’t make a living producing it.

Yes, but I’m pointing out how the cable is part of it in ways that wasn’t true for many older standards. So if I plug a non-data cable into a data USB-c port (say a digital camera with AAA / LR6 batteries) into a computers USB-C port then nothing happens. Same if I try to charge the camera by plugging it into a USB-c wall plug. Or if try to plug my phone into the USB-c charging port on my laptop, no matter the cable since neither phone nor laptop has the function to charge other devices. Etc etc.

I work IT and while I don’t work directly in support anymore I still get people at the office coming to me for support because I used to and we’ve outsourced it now. So I know first hand how confusing USB-C is to average users.

More like do nothing. Sure if everyone follows spec nothing will break from using the wrong usb-c cable in the wrong usb-c port but it’s common to end in a situation were literally nothing happens.

Amen, can’t fix everything or one.

As a sales guy myself by training and tech sales by profession that sounds very much like there are some very fucked incentive structures at play that need to be addressed. If they’re only monitored on number of deals closed then you get shit like that trying to meet targets and get the bonus that is extremely standard in the sales profession and account for a large share of the yearly salary. If they’re measured on profitability then you wouldn’t see that, they’d drop stingy clients themselves for wasting their time. Another solution I’ve seen is having a larger bonus for customer satisfaction and renewals / growing the contract but that only really works out if your sales also doubles as account managers.

Yeah my take away there is if that’s the tech level of your sales guys you need to have a tech sales role and a strict ban on the pure sales people even attempting talking tech. Sales should be talking business and business needs that the solution can adress.

Yeah exactly, if they have decent APIs or you can scissor out the content via iframes or something. Not really a web developer so I probably ain’t makin’ sense.

Doesn’t sound like it’s own “product” to be honest. I’d probably look at an alternative presentation layer that can present what’s in Jellyfin and also supports being the presentation layer for the top solutions for books, comics etc. If nothing like that exists I think there are people that would be interested in a unified media presenter. It doesn’t even need to actually play the media, just link to it.

Yeah, I was just confused about the direction/flow he was asking for. He clarified and his use case is fully solvable. Just not something I’ve personally dabbled in since he wants it for non http traffic.

Well thats just a normal reverse proxy then. In my setup I use Caddy to send traffic through the NetBird managed wireguard tunnel to my home machine that runs Jellyfin but for any outside observer it look like it’s my VPS that is serving Jellyfin.