Goofed Home

Last year, I was tearing apart some of these fancier pacifiers for adults when I noticed something

When you know you’re going to enjoy the article.

Loaded very quickly for me, just a few seconds. I’m guessing it was overloaded for a bit.

Hi! I am running Umbrel on a Raspberry Pi 4 and I have “Home Assistant” installed in it, I oly have some smart lights connected to it. I would like to integrate a Thermostat with HA. But I am a bit overwhelmed with the different types of connections (Z-wave, Zigbee, Wifi, …)

Do you guys have any kind of recommendation, what connection is better? I would like to keep it local (or connecting remotely via Tailscale) but I would like to avoid any cloud or third-party server solution.

What thermostat hardware can I buy?

I’ve recently started with home assistant on a pi as well. Today I have 2 zigbee relay for my lights from Sonoff, 2 zigbee fire alarms, 1 wifi plug from Shelly and 3 Ikea remotes working on Matter over Thread.

Basically, any protocol you want to support other than wifi and Bluetooth will need a dedicated radio device. Luckily they are all pretty well supposed with home assistant. I have 2 Aeotec Zi-stick, one for Zigbee, the other flashed with OpenThread firmware (that’s for Matter over Thread, it wasn’t a good idea to buy twice the same device, I had to work around this issue). I don’t have Z-wave devices today, as I noticed they tend to be more expensive that the zigbee equipment. The new IKEA smart devices are very competitive in terms of price, they all work on Matter over Thread protocol.

In the end, you don’t need to choose. You can support all these protocols on the same raspberry pi. It’s just a matter of adding the corresponding radio and integration in home assistant.

My understanding is that that is because Google and Apple want to onboard it to their own home automation platforms, and HomeAssistant just piggybacked on that because it was easier, and it hasn’t been a priority to rewrite it. But this is based on a few old threads I just looked up, I’m not exactly an expert.
I think there was some talk about Bluetooth onboarding, but that’d require the devices to have a Bluetooth radio, which is more expensive that a QR code sticker. Idk if anyone uses it.
Having something like a WEP button would certainly be nice though.

Voiden is an offline-first, git-native API tool built on Markdown - and it very intentionally didn’t start as “let’s build a better Postman”.

Over time, API tooling became heavyweight: cloud dependencies for local work, forced accounts, proprietary formats, and workflows that break the moment you’re offline. Testing a localhost API shouldn’t need an internet connection.

So we asked a simple question: What if an API tool respected how developers already work?

That led to a few core ideas:

• Offline-first, no accounts, no telemetry

• Git as the source of truth

• Specs, tests, and docs living together in Markdown

We opensourced Voiden because extensibility without openness just shifts the bottleneck.

If workflows should be transparent, the tool should be too.

Github : https://github.com/VoidenHQ/voiden

Download here : https://voiden.md/download

Wow, an org mode rest client; this might be worth switching to! What I like about these is that you end up with documentation in a standard file that can live along with your APIs. Org mode can of course be saved either as org files, or exported as any number of things - whatever your team uses. Ok, time to go bully some vim users.

curl is great. I use curl. Most developers use curl. But “you can call an API with curl” and “curl is enough as an API working environment” are two very different claims.

The problem is that real API work is almost never just one request typed into a terminal like some kind of beautifully minimalist Unix haiku. It usually turns into auth, environments, copied headers, reused payload fragments, request chains, documentation, testing, debugging, sharing examples with teammates, reviewing changes in Git, and trying not to break prod because you forgot to swap one token or one base URL.

At that point, people are not really using “just curl” anymore. They are using curl plus shell scripts, plus notes, plus env files, plus copied commands from Slack, plus random JSON files, plus tribal knowledge. Which is fine, until it becomes annoying, fragile, and weirdly hard to collaborate around.

That is the gap Voiden is trying to solve.

So for me it is not “curl vs Voiden.” curl is a low-level execution tool. Voiden is a workspace for actual API work: writing requests, organizing them, reusing pieces, documenting them, testing them, versioning them in Git, and not duplicating the same headers/body/auth setup 45 times like a person slowly losing control of their life.

I have a Talos k8s setup now and I’m trying to add various services. I have discovered that my old htpasswd file won’t cut it for auth.

I want to host the following,

1. WebDAV solution (currently sftpgo)
2. Invidious
3. *arr tools
4. Bitwarden

Should I go with keycloak? Are there better auth services?

I chose Keycloak because it seemed the most battle tested and least likely to just stop receiving updates and die and that is worth a lot to me. The most annoying thing for me was their storing usernames in lower case but after I figured out how to create custom SPI plugins I got that sorted out.

I’m on Keycloak + lldap for user provisioning and services that don’t support OIDC or SAML. I have yet to find a OAuth or SAML feature it doesn’t have. It does have a steep learning curve tho, so Authentik is maybe a better solution to get started with. I personally hit a wall with Authentik when I was trying to get different signature key algorithms for different services (some services have different supported set of key algorithms than others) and custom plugins for custom JWT fields and user attributes. I believe Authentik has something for extensions as well, but Keycloak is just Java, which has a much better development and deployment experience than throwing a .py or .js file in some directory and hoping it works.

Hey guys, so I’ve been self hosting for 2 years, making small upgrades until I reached this point where I replaced my router with one of those Chinese fanless firewalls running Intel n150 and running a proxmox homelab.

I am self hosting headscale with many of my buddies connected, including ny own services. Everything was working great until I setup OPNsense.

The firewall was not easy to setup, but after I set it up, I discovered odd behaviors from tailscale.

The firewall was blocking all connections from the ip 100.60.0.0/24, I had to explicitly allow it and change the forewall state to hybrid

What happens is that my LXC containers running tailscale would receive requests from tailscale0 interface but respond via LAN.

Apparently as I understood, consumer routers have assymetric NAT so that works fine, but not with opnsense.

Every guide I read online talks about installing tailscale on the opnsense router directly but I do not want to expose it to the tailscale network.

For now temporarily I set an ip route to tailscale0 and resolved it that way temporarily, but I still cannot get a solution that can help without compromising the firewall.

It’s also very cumbersome to do this for 50+ LXC containers over and over, even with running systemd scripts a problem might happen in the future

If you guys have any experience with this it would help a lot.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

[Thread #136 for this comm, first seen 6th Mar 2026, 09:50] [FAQ] [Full list] [Contact] [Source code]

I might have a solution for you by doing what I’m doing. I’m running OPNSense as my firewall as well. I have one NAT:Port Forward rule for torrents (I really am seeding linux iso torrents) and that is it. Any services I’m hosting outside the network are done using Cloudflare tunnels from either a Cloudflared instance or from the LXC itself. This method has fixed my issues with Plex outside of my network since I was able to turn off “Remote Access” and make it available to my friends/family through a “Custom server access URL” (in the network settings, looks like: https://plex.domain.url,http://192.168.1.xx:32400/). No messy NAT rules to complicate things.

I am also using tailscale, but I don’t terminate it on my firewall. I terminate Tailscale on another host inside my network, you could probably use an LXC container. It’s a Debian system with Tailscale installed, routing enabled (https://tailscale.com/docs/features/subnet-routers), and set up as an exit node and subnet router. On OPNSense, I set up a Gateway on the LAN interface pointing to my Debian Tailscale router node. Then I pointed the remote networks of my family to the Tailscale router using the routes in OPNSense. Fortunately, for me (and because I set them up), they are all different networks.

The benefit to this method is also that when remotely reaching my services, the traffic looks to the services on my network as if they are coming from the Tailscale router and so return there instead of trying to go out my firewall. Tailscale maintains the tunnel through the firewall so it really isn’t a participant in the tailnet. The only issue I’ve really had had been DNS with the Tailscale Magic DNS wanted to respond instead on my internal DNS servers. I’ve got MagicDNS disabled. but it always messed stuff up. The way I fixed it was to put tailscale on my Adguard container and make it’s tailscale IP the first DNS server, followed by the internal IP addresses of my DNS servers (192. addresses). This has worked for me pretty well.

Please let me know if you want any follow up info. I’ve been doing this for a long time. It’s my main hobby (and directly congruent to my job).

I love to hear about a Canadian alternative.

Detect is way too expensive because of the amount of unique visitors you get. When you federate and post, you’ll see your unique visitors climb fast.

Lemmy.ca gets it free I think because they are a non profit and deflect is being generous.

I posted this over at https://discuss.tchncs.de/c/navidrome, but I thought I’d post it here, maybe someone has had experience with this.

I’ve been noticing demo.navidrome.org showing up in my firewall:

pFsense: https://discuss.tchncs.de/pictrs/image/3829f59a-fe76-4fd0-b988-c8b8896f2dd3.png

abuseipdb.com: https://discuss.tchncs.de/pictrs/image/fd0b1738-8a21-4cfc-a996-36b109268c28.png

As with anything entering or exiting my network, I am cautious and curious why my instance of Navidrome has the need to contact demo.navidrome.org.

I am running Navidrome as a Docker Instance. I have combed my compose file and can find nothing in that itself that would trigger Navidrome to ‘call home’.

Is this for stats, or other? As of right now, I have demo.navidrome.org blocked until I’ve gathered some information.

BTW, sweet piece of opensource software. I tip my hat to the dev team(s).

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

[Thread #147 for this comm, first seen 8th Mar 2026, 16:20] [FAQ] [Full list] [Contact] [Source code]

Ahah! Ok that makes sense. Thank you so much for clearing that up. I guess I can now unblock demo.navidrome.org.

Hi all, The other day, I posted here asking about recommendations on audiobooks servers and clients for iOS, and I got so many nice and very helpful responses from you all. I really, really appreciated the sense of community and help that you all showed me. Some of you mentioned Android clients and I checked them out since I do have an Android phone and the iOS one was for my wife. I appreciated the two Android clients I saw, the official ABS and Lissen but they weren’t what I was looking for (with the utmost respect to their developers of course).

A kind soul here recommended the app Still for iOS. I checked it out and it was such a nice app. The wife loved it too. I was bummed that it was iOS only. So, I decided to make one for Android (with the help of my butt for transparency of course). I’ve been working on it nonstop for over 2 weeks now. When I say nonstop, I mean I stay up until 1AM daily working on it. I’ve got something working really well now.

I wanted to share that with you all in the hope that someone will find it useful. It’s completely free and open source (GPLv3). Completely private. Nothing leaves your device beside the calls the app makes to your own server. I won’t ask for donations or anything. I just want to share. I welcome any feedback and contributions.

Get it here and let me know.

Please do it, there is a big part of the foss community that only install apps from fdroid, including me.

Request has already been submitted to their gitlab page :)

A lot of people simply don’t have time to go the extra steps.

Instead you should be focused on secure by default design. E.g. not setting a static router password to admin admin.

It’s stupid in this day and age to continue to see default logins occur still.

simply don’t have time

Sorry, but that is no reason. That’s a bit akin to having a dog and saying: “Nah I don’t have time to walk the dog now”. Selfhosting something that is publicly available (not as in “everyone can use it” but “everyone can access it”) bears some level of responsibility. You either make the time to properly set up and maintain it, or you shouldn’t selfhost stuff.

Navidrome+Lidarr w/ plugins + tubifary plug-in for the LRCGet and expanded import lists. I currently have rsgain on a cronjob but I would like to get it running on an import script.

I originally had a webui alongside navidrome (airsonic-remix or something) and never used it. Tried out sptnr (ratings import from Spotify) but it felt completely unnecessary. I’ve tried several request stacks and it’s just awful vibe coded trash. The import list setup is pretty aggressive and so far we’ve only needed to manually add a few artist.

Do you mind sharing your Lidarr plugins? I’ve been hosting it for a while, but with limited success. The idea of plugins in it is new to me but I’d love to make better use and make my library more useful

https://github.com/TypNull/Tubifarry

This is the only one i use.