bravesilvernest

bravesilvernest , 6 days ago

Expanding on this, I also have wireguard setup if I'm not on my home WiFi so can access "as needed" that way

bravesilvernest , 10 days ago

Unsure wtf I just read (upvotes)

bravesilvernest , 21 days ago

vault101 was retired a few years ago and migrated to vault111

bravesilvernest , 26 days ago

My wife and I recently moved to a smaller town in the Northeast from Colorado. It's been an adjustment, but honestly I've found some wonderful communities here supporting each other much more than I had out West.

This isn't to say that it's a hellhole out there. It's more that I wasn't expecting to find it here, which gave me a bit of a recheck to my thoughts on the state of things.

It also isn't perfect, but I'm not letting that bring down the hope it brought me.

Now back to being jaded 🙃

bravesilvernest , 28 days ago

See, both report and record signify different things in my mind. The original code was just printing to stdout.

In my mind logMissingData makes more sense because it's not actively sending anything; it's just logging.

bravesilvernest , 1 month ago

If only they shipped to the US...at least, I didn't see that option.

bravesilvernest , 1 month ago

What a dive that was!

bravesilvernest , 4 months ago

I've been using it for about a month, and love it.

My one complaint: self-signed certs on reverse proxies seem to break the android app backup. I'm not sure why, but internal CA seems to make things angry. Its more likely to be a local setup issue than anything in immich, but frustrating to pin down.

bravesilvernest , 4 months ago

All the traffic is internal, so I can get away with it 🙃

Really was just interested in what cert generation entailed and did a fun little dive a few years back.

bravesilvernest , 4 months ago

My current backup strategy is BTSync, which while super easy to get going is a pain in the ass to look up old images. Using direct IP on the app works perfectly, and the DNS lookup only works internally anyways.

All that to say that I'm probably going to use it and remove the btsync approach in a couple months.

bravesilvernest , 4 months ago

I'm the bad guy that installed my CA where needed lol but nice!

bravesilvernest , 3 months ago

Here's how I generated the CA:

# openssl genrsa -des3 -out my-ca.key 2048
# openssl req -x509 -new -nodes -key my-ca.key -sha256 -days 1825 -out my-ca.pem

I'm sure I'll receive flak for how I went about it, but importing that pem into the "install certificates" bit of the settings works like a charm.

bravesilvernest , 5 months ago

Started at college in 08. Multiple Debian internal servers, and now daily driving PopOS since 2018.

No ragrets.

bravesilvernest , 8 months ago

Alternatively, set up a VPN into your home and only allow cam access via local network 🙂

As far as network cams are concerned, it’s a pita to find a good one that is also not expensive.

Feel free to correct me, anyone, because I do want a better solution than buying a cheap one and just blocking it from all WAN access in or out.

bravesilvernest , 9 months ago

My approach was to set it all up internally, create a wireguard VPN accesspoint and only open that up. That way I don’t have as much to worry as much within the network (still use generated passwords for things) and able to access it anywhere.

Granted, you asked about opening up to the www. I’d suggest buying a domain through cloudfront, setting up an nginx instance that proxies traffic (think nextcloud.mydomain.com), and have it only accept connections from cloudfront servers.

That allows you SSL termination, pretty good bot coverage, and a nice domain name to share as needed.