I’d also glue it to the back of my TV and install Kodi or Batocera on it. Next option is give it away if you don’t need it. Either to someone who is still in need of a homelab or to recycling.

It can even do XMPP in addition to telephony.

I’d use the built-in. Or use Oauth2 or OIDC if you want a more elaborate setup and have an application that supports it.

kobold.cpp is easy to use, fast and I like it.

If you’re interested in more relevant Lemmy communities:

• !fosai@lemmy.world
• !localllama@sh.itjust.works

(another option: text-generation-webui has several backends bundled. Maybe one of those works for you.)

You’re right. Both standards are open. I got confused by the German Wikipedia article about Matter which is very misleading.

I have 2 thermostats but that’s not enough for the rooms. And I’m not entirely happy with them. Maybe I need to find a good model and buy some more.

Zigbee

Sure. I think Zigbee/Matter are proprietary standards. And you don’t have too much control over how it is implemented in the individual devices and any possible security vulnerabilities. It is a separate network though and easy to use. I bought a small Gateway to connect it to Home Assistant after the USB stick I was initially using showed some compatibility issues.

What I really like are those cheap chinese devices that have ESP8266 or ESP32 microcontrollers in them. I can flash Tasmota or Esphome on them, take control and have them run free software. No manufacturer’s cloud needed and updates indefinitely.

Yeah, and we recently talked about smart/dumb appliances. In this household there are lots of older appliances anyways. And we moved a few years ago so they’re just old enough that none of them have wifi. I think that has changed since. Nowadays it’s not an extra 150€ for wifi anymore, but part of most appliances. And you get an App along with your new diswasher per default. I like “smart” with lighting. And having the washing machine turn on 2h before I get home is a huge convenience. Apart of that, I’d like the heating unit to be smart, but it isn’t. I think we could save some energy if the gas heating stopped after everyone left. There is no steady weekly schedule I could program into the central unit, so it’s just some radiators I can turn down. Apart from that, I don’t think I have a good use-case for a smart diswasher, fridge or a bugging device that can play music.

[Intel ME] it is essentially at ring 0

I don’t like it either. It’s just a very stupid design choice to have some uncontrollable extra chips run god knows what with highest privileges. And in the past people already discovered several security vulnerabilities. And there is no alternative to it. I think AMD does the same. And coreboot is a bit niche. I’d have to put quite some effort in and make some trade-offs. And it doesn’t have to be this way. I don’t think the embedded controller firmware is a super valuable trade-secret anyways. They probably keep it a secret and locked down for shady reasons or because they don’t want people to see the amount of vulnerabilities in it. I don’t think it would do Intel or AMD any harm to just open up that part of the system.

Ah. Thanks for explaining :-)

Yeah, the …keeping the mess somewhere else and not doing it on the important firewall… makes sense.

I also like to keep it clean so everything is a bit more modular and better to maintain. (I made the mistake of introducing circular dependencies and overly complicated setups often enough.)

I think the double-NAT is a bad idea. Such things just cause pain and break in unexpected ways. I’d rather focus on getting the firewall right. And the NAT doesn’t add anything here. A firewall is the correct tool to filter packets between two network segments. A NAT is a crude thing that happens to drop incoming connections from the other side. But you could as well instruct your firewall to drop those packets. It’d be the same result just without the added pain.

And I have some IoT devices as well. Half of them use Zigbee, the other half is connected to my main wifi, I never got around to seperate them. But the’re all running open source software and talking to my Home Assistant via MQTT or Esphome. (I don’t own any smart dishwashers or coffee machines.)

I don’t have too much info on IntelME. I suppose it doesn’t do stupid things, or someone would have found out already. And it’s really difficult to protect from. Especially in a setup that isn’t completely locked down. I hope they someday learn and replace that with an open solution.

Thanks. I was going a bit more for the “what do you need that for” aspect. Emulating an enterprise environment sounds more like tinkering or learning? I mean I get network segmenting if you want to seperate for example an home-office from the entertainment devices in the livingroom from the cheap unpatched IoT devices… And also have a seperate network to experiment in the basement lab… Doing firewalling to keep the TV from transmitting behaviour tracking data to the manufacturer… Stop the kids from accessing the network share… Or you have several servers running at home with lots of containers…

But are that hypothetical use-cases? Or what do people actually use the 2 consecutive firewalls and different network segments for?

I mean I live in a country where electricity isn’t that cheap. I run one server 24/7 and that has to do everything. And since it’s just one machine I can set up a network bridge and a seperate internal network for docker there. Most of the networking isn’t overly complicated and contained within that machine. But my OpenWRT also does additional wifi for the guests and a third network for experimentation.

I get doing it as a hobby. I was just wondering if there are 12 laptops at home, VLANs through the house and 3 servers with lots of storage and webservices and that’s what the OPNsense is for, or if it’s more “because I can”.

What kind of extensive network setups are you running at home? I just have a few Wifi-routers with OpenWRT and one server / NAS. (Which also does DNS Ad-blocking.)

Uh, why use a Microsoft product that doesn’t even tie into the rest of the selfhosted services very well? There are easier and way better solutions for SSO and web services. And I don’t have a pool of 30 windows laptops that’d need to share a set of login credentials and software rollout, at home.

I’d rather use the time I’d put into such a project that is just work and little to no benefit for something else. For example doing backups, deleting the Windows on those laptops and replacing it with free software.

I think that is a good question to write something positive about SystemD.

I start my services with SystemD. I also moved my containers and docker-compose stack to be started by systemd. And it does mounting and bind-mounts, too. So I removed things from /etc/fstab and instead created unit files for systemd to mount the network mounts. And then you can edit the service file that starts the docker-container and say it relies on the mount. SystemD will figure it out and start them in the correct order, wait until the network and the mounts are there.

You have to put some effort in but it’s not that hard. And for me it’s turned out to be pretty reliable and low maintenance.

I think opening a tunnel and forwarding the port through it and opening a port forward directly have about the same security implications. Both end up opening the same port and forwarding the same packets to the same computer. The only difference is with a tunnel there is an extra step in between that slows things down. In some edge cases it may be nice if people can’t directly see your IP but just the one from the tunnel. But that doesn’t matter if it’s only for you and your friends. Might be a concern though if you’re a big live-streamer and fear people DDoSing you. But then there are better alternatives. (for example paying $8 a month for a small VPS.) So I think a tunnel makes perfect sense if you can’t get the port forward running. It just doesn’t add anything to security.

Cloudflare might be a different deal though. They include DDoS protection and filter some attacks. I don’t like cloudflare so I don’t really know the specifics. I think it’s bad for the internet that a good share of the overall traffic is tunneled over a single company’s servers. And I myself don’t need a middleman in my own services. But they certainly must have something to offer or they wouldn’t be as popular as they are…

Sorry, 10.x.x.x is a private IP address range. That can’t be reached from the internet.

Maybe try one of the services that display your IP like https://www.showmyip.com/ or the one mentioned earlier: canyouseeme.org , that one also shows your IP.

I have little info to work on. There are many different providers around the world with very different setups. Some are suitable for port forwarding, some arent. (You could sit behind a Carrier Grade NAT, which makes port forward difficult to impossible.) But you need to figure out your IP first.

All I can say, I run something like you describe… Nextcloud, a reverse proxy and a few other services. I did some port forwards, got a domain that points to my IP and it works fine.

Edit: I use YunoHost on my computer. Its a Linux distribution for selfhosting. I think its a good choice to get your feet warm or if you want a low maintenance setup. It includes Nextcloud and many other services.

But you have to figure out how to access your computer from outside. Either you get your IP and the port forward running, or you have to use a service like pagekite.net or you get a VPN running like almost everyone else here wants to convince you to use. I don’t think a VPN is a good idea except if you only want to use it by yourself and not use all the collaborative features of nextcloud.

How have you tested this? You need to use the external IP address of your router (public ip) to open it. And you need to test that from another internet connection. Also make sure the browser is actually trying to open an http connection to port 80. Some modern browsers / addons try to prefer https on port 443 instead and that wouldn’t be reachable. Does a ping work? What’s the exact error message? The port forward could be wrong. Needs to be port 80 (TCP) towards the internal device where nextcloud runs, to the port where it runs on that machine (could be 80, too). It could also be blocked by your provider, or your specific provider doesn’t allow port forwards. Or you ran into issues with the shift to IPv6 addresses. Maybe your provider has some strange setup. Try if you can ping your router from external first. And try the canyouseeme.org mentioned in the other comment. That’s good advice.

There are also heavy mats available in the hardware store, to put your washing machine on.

Alright. I wouldn’t worry too much, then. If you set it up correctly and you keep it up to date so there aren’t any security vulnerabilities, you should be okay.

Of course there are arbitrary, more strict approaches. You could do monitoring. Or restrict the IP addresses the server answers to. Or put everything behind a VPN and not have it exposed in the first place. But I also have my NAS and a few internet services like Nextcloud and it’s been fine, similar to this, for years.

Make your services password protected and have some software like fail2ban that blocks people from brute-forcing passwords.

Keep your software up to date.

Depends on what you mean by “localhost”. Localhost is just the computer you’re currently logged in / sitting in front of… But I don’t know what kind of computer that is and how it is connected to the internet.

You’d need a webserver that is reachable from the internet to be able to have a Lemmy instance that can interact with other parts of the network. The webserver itself can run on any machine. You just need to make it accessible from the internet. So you either have a connection to the internet that allows hosting stuff… Use port forwarding in your router (at home) or if that’s all not available use a tunnel or VPN.

I really don’t know were you’re trying to get… If your question is: Can I selfhost stuff from a domestic internet connection: The answer is: Probably. Depends a bit on the provider and setup.

If your question is: Do I need a domain name? The answer is: Probably yes if your (external) IP address changes frequently.

Nice. In the last few years, I’ve only ever heard people say they stopped selfhosting mail some time ago.

de rien