I have a LaView LV-N9808C8E. It is quite a bit outdated, so I would not recommend that model, as the web interface requires Silverlight and the iOS app doesn't work on the latest iOS.
BUT, it is basically an offline NVR with 1TB harddrive that records continuously from my 6 ip cameras (all wired with PoE directly to the NVR). I think this model supports up to 8 cameras.
Then, on my home server I run frigate with a Coral USB to pull the rtsp streams and do object detection. When objects are detected, the screenshots are sent to Home Assistant for alerts.
This gives me good real time notifications and nothing is exposed to the internet or any 3rd parties.
If I want to watch real time camera feeds, and I can use my wireguard vpn + vlc to watch an individual camera via rtsp (I used to be able to use the iOS LaView app when on my vpn, but it no longer works). If I need to go back and look at recordings, since the LaView NVR is continuously recording, I can go back and pull video directly from the device for the last few days.
This is where tools like bubblewrap (bwrap) come in. For opencode, I heavily limit what it can see and what is has access to. No access to my ssh keys or aws credentials or anything else.
I typically use split routing BUT also have dns set to my pihole, both so dns works for my internal services and for tracker blocking. That causes a big issue. Also I wish WireGuard would just handle failures better. Even when it can’t connect, it seems to break networking (at least on iOS)
How does this handle IAM policies? At work we have a blackened that relies on S3 and IAM policies. For local development we use minio as it seamlessly handles that. Does garage?
I’m a big fan of Jellyfin. I would say it is easily family approved. That is for my family in my household who is using it on our home Wi-Fi.
But I am not about to expose it publicly. I have WireGuard set up on my immediate family’s devices and that is mostly ok (until you get on a public Wi-Fi that fails because you haven’t gone through their portal and can’t because the vpn is on, or you are on an airplane’s Wi-Fi with no internet trying to watch their movies and it doesn’t work until you turn off the vpn). Explaining this to my wife has been a nonstop battle.
I’d like it open it up to my siblings families, especially because I have the ersatztv plug-in to create approved child stations, but so many smart tvs and devices don’t support a vpn. How have others handled that situation?
How has immich been compared to photoprism? My issue with immich is that new releases kept breaking things. Has it finally stabilized? Lts are super important to me as I don’t want to spend every weekend reconfiguring services for my family.
This costs me not just time, but money. I know it isn’t much but is really a big pain. The biggest issue is that the app and recommendation algorithm isn’t going to be useful with 20 songs. You really need 1000s of songs to actually use the app…
Have you tried it with a Roku? My pi.hole blocks most things, but I haven't yet tried to completely block it from the Internet. In the past, I've had to allow some domains through my pi.hole or things would be completely broken, but that hasn't happened in a while...
I suppose I'd have to occasionally unblock it to get updates to the jellyfin app, which is doable.
I have started doing something completely different than using bookmarks. I set up yacy on a personal, internal server at my home, which I can access from all my devices, since they are always on my wireguard vpn.
Yacy is actually a distributed search engine, but I run in 'Robinson mode' as a private peer, to keep it isolated, as I just want a personal search of only sites I have indexed.
Anytime I come across something of interest, I index it with yacy, using a a depth of 0 (since I only want to index that one page, not the whole site). This way, I can just go to my search site, and search for something, and anything related that I've indexed before pops up. I found this works way better than trying to manage bookmarks with descriptions and tags.
Also, yacy will keep a cache of the content which is great if the site ever goes offline or changes.
If I need to browse, I can go use yacy's admin tools to see all the urls I have indexed.
I have been using this for several months and I am using this way more than I ever used my bookmarks.
I’m curious what is different. I already import WireGuard .conf files and turn them on/off with nmcli