I would use their LXC install, it’s much more flexible. It does not need to be local but it does simplify things like email. I had to put a bit of effort into getting it to be able to connect to IMAP mailboxes to process, but it wasn’t any more than just asking it to get the necessary libraries etc. But things like that are why using it as an LXC is a better choice. It might be able to do that as a docker, but there’s potential problems with network connectivity and docker in docker issues.

You can also firewall that LXC off without having to mess up your own workstation, as well as snapshot it and back it up.

And the first thing I would do is have it keep token budgets when you build tasks, and report it’s token use to you every hour or two. It takes some time to learn how to structure reminders and task processing to not create loops that eat up scads of tokens. Don’t ask me how I know.

But holy hell, can it be useful.

zfs.rent

I set up Pulse recently and the ease of setup and great UI/UX is impressive. Really liking it.

Of course, there’s some AI bullshit if you want to opt in, but it’s not enabled by default.

Mailcow-dockerized. I’ve used it for nearly a decade, it’s been flawless. Very easy to set up with the admin webpage and has a webmail client, or use Roundcube with it.

Make sure you have your DKIM, SPF and Dmarc records in order and tested against MXtoolbox before you start.

Frigate is painful to set up. It won’t just go out and query the onvif capabilities so you have to try and figure out its RTSP url manually and ptz support is primitive. Its low resource and stable once you manage to get it to work.

Blue Iris is much easier and more capable, but uses Windows, and its a resource hog, and its paid. But if you get past that, BI is really good.

That’s a real bitch if you’re running watchtower and have the latest tag set. If you aren’t watching this drama, it’s an easy pwn for whoever took it over.

Docker Hub needs to get their shit together.

Create a cloud flare accounts and change the name servers at you current registrars to what cloudflare gives you when you try to migrate. Its best practice to split up registrar and DNS anyway. then create an API token so your reverse proxy can build records and certbot a new cert.

What rock do you live under if you’re using MySQL over MariaDB?

If you get a camera that is ONVIF compatible, you won’t need an app to set it up. Vikylin, amcrest are a couple I’ve used.

Use tailscale to access your cameras, don’t portforward them. They are pathetically terrible for security.

OPNsense

NC is fine. Ignore the haters.

Why the hell would the FUTO guide recommend OpenVPN? It’s a nightmare. I guess they also recommend pfSense instead of OPNsense so there’s that.

For your own sanity, learn about Wireguard.

Happy to help.

The docker setup is probably less maintenance than a straight install, but your usecase might need the bare install. there’s also Home Assistant that can add Piper as an Addon (which is a docker container inside the HassOS docker container). Also the Hass install will let you add faster-Whisper and Openwakeword for a full voice assistant that autoconnects via the Wyoming protocol.

Piper just moved to https://github.com/OHF-Voice/piper1-gpl

It’s fine, and it’s probably the best TTS you’re going to run locally.

Rebuilding containers is trivial if they supply the dockerfile. Then the base image is up to date, and you can add any updates/patches for things like the recent react vuln.

Someone linked this fork, seems maintained:

https://github.com/nicholas-fedor/watchtower

Watchtower, the automatic container image update platform notorious for breaking things

That’s kind of a bullshit allegation. Watchtower did what it did, if you set it up to grab unstable tags, then too bad for you.

idk about a 4b these days but the 5’s are stupid priced. You can get a refurbed 6th gen intel machine with 16gb of ram and an SSD for the price of a 4Gb Pi 5. Add an ESP32 running ESPhome or Firmata and you’ve got everything you could do with a Pi and a lot more.

Do their radios still not do 801.11af? You still need to have their stupid POE injectors hanging on the wall?

I can’t say I particularly trust even Bitwarden’s servers. I export Bitwarden passwords to a spreadsheet once a month and rsync it along with SSH keys to a USB key. Takes a couple minutes.