I'll introduce you to the concept of WAF, Wife Acceptance Factor.
Basically, all smart IoT devices MUST default back to dumb behaviour in an expected manner. All MITM systems must either fail gracefully, fall back simply, or be robust enough to not fall over.
I've been trying my very best to get Plex to a high WAF, but it fucks up constantly.
I get this constantly:
The WAF on my household tech is pretty high. That includes Plex.
I have in house dual/redundant DNS, and my Plex is nearly 100% 24/7/365 on old server hardware. Our living space is far enough away from the servers that the noise isn't really a problem, and I can break most of what I have installed/setup and internet continues to work because of the independent and redundant DNS. All of my homelab domains are just a stub zone in my main DNS, so everything keeps working if something dies or stops working.
I use Jellyfin instead of Plex, and it runs on my old PC, which sits next to my regular PC. I'd like to move it, but it's a bit too big to fit anywhere conveniently.
The WAF is teetering on a knife's edge. I have been spending so much time getting it set up and adding content that I haven't cleaned up the content much. I need to go and reorganize things to put her workout videos in a separate spot because they're very hard to find. If I can manage to get everything working well, she'll probably let me finally cancel our Netflix and Disney+ subscriptions, provided I top up our content a bit more.
I have yet to mess with DNS. I'd really like to give our Jellyfin a DNS entry, but I'd also really like it to be routed internally when on our network so we don't take a big perf hit. Doing that means I need to run a custom DNS on our network, so I've set up a second wifi network to play around with. But hopefully in the next month or so we'll have a nice domain, like "media.mydomain.com" or something, which would get routed internally when on wifi and still have TLS working properly.
For full WAF compabilty you need a front end where she can add content herself. Like Ombi or Overseer
These kinds of split DNS routing issues are something I've struggled with for a while. From my experience, you have basically two options, and depending on your specific situation only one might be viable.
The first option, which may or may not be available to you, entirely relies on what your router can do. Bluntly, if you use the ISP provided router, you're probably SOL, if not, you have a chance. Higher end (and/or enterprise class) routers and firewalls generally have sufficient features with a few exceptions. The feature you need to use is called hairpin NAT, though, it will pretty much never be called that in your NAT settings, so you'll need to Google your router and the term "hairpin NAT" to figure out if it can be done and how to do it. To describe what it is, let's start with basic port forwarding and adapt from there. I think most people know how port forwarding works: a connection to the external (or WAN) connection on a port is forwarded to an internal IP and port. Hairpin NAT is the same but from inside (the LAN port) basically if a connection from the LAN is destined for the WAN interface IP address, it will forward the connection to an internal (LAN) IP and port. This works alongside regular port forwarding, not instead of it.
If your router/firewall doesn't support hairpin NAT, you're going to be limited to plan B, DNS.
With bifurcated DNS, you're going to have some frustrations if anything changes, so like with all of your port forwards, you'll want to lock down the IP of your target system. With port forwards, it's bothersome to update, but not unreasonable. With DNS, it's really not fun. It's just that much more inconvenient, since you now need to update port forwards for external connections you need to update DNS too. Not great.
So how do you do this? It's actually not super hard. As far as I know, you can use pihole (which does not require a raspberry Pi, by the way), or any other DNS server system that tickles your fancy. I use bind, but the actual DNS software isn't super important, it just needs to support forwarders, and custom entries in the config, which I believe both do. Pihole or similar options can do DNS based ad blocking, I'm not a fan of that, but do what you want.
So the next step is to set up DNS internally. Get your DNS software of choice, and either buy a raspberry Pi to run it (bind is also compatible with the pi), or run virtual machines, or stand up an old PC for it. Install whatever os you feel comfortable running the software on, I always use Linux, but as long as your chosen software runs on the OS, it doesn't matter much. Give the system a static IP and install everything.
Once setup, if you own a domain, you can set an A-record for your service (in your case jellyfin), say "media.domain.com" pointing to your server for that service internally. Update your global DNS to point media.domain.com to your WAN IP.
For me, I use bind on a raspberry Pi. To make management easier, I also installed webmin, which allows management of the bind configuration on a web interface.
For bonus points, do it all over again and build a second one.
And don't forget to set up forwarders on your internal DNS so they can resolve internet addresses. Pro tip, use the DNS benchmark tool from GRC.com to find the fastest DNS servers for you.
If you want to go crazy, like me, build a third DNS server for all your internal lab stuff on a different domain, like "homelab.local" (it can be anything), and create a stub zone for it on your primary DNS that points to the lab DNS. That way, any "homelab.local" names, like, media.homelab.local or something, can be setup once on your dedicated homelab DNS server, and the other two will simply point to it via the stub zone.
I always recommend finding fast DNS servers to use internally, and I always recommend that if you're using internal DNS, you have at least two of them.
Last, but not least, after all of that effort, confirm that your fancy new DNS works (good luck with any troubleshooting you might need to do), and update DHCP to point clients at the internal systems for DNS resolving.
Easy, simple, barely an inconvenience, right?
I kinda feel like old server hardware is key here. I have pretty much my whole lab running on an old R730 I put a bunch of ECC RAM, disks, and a transcode GPU into and it's been essentially flawless for like 2 years. Plus it has an IPMI which I don't think I could live without now. It replaced a setup that would always give me issues which consisted of a bunch of optiplexes, and white boxes. I still hack on pi's cuz it's fun, but all the core stuff is surplus enterprise.
My Plex server is also a literal pile of garbage, but I only host on the LAN so I don't even have to worry about DNS fuckery.
My WAF with radarr+sonarr+kodi is sky high Plus Home Assistant with smart switches and outlets in every room.
I bet your wife is really cool. You know, by the standards of some nerd on the Internet, but I'm guessing I'd think she was cool.
Women are temporary. Enshitification is eternal. Sail the high seas matey. Arrrrr
If you do the whole home server self host thing, you could probably fool most people by changing the skin to a red theme though. I use a custom made php piece of shit for mine but there's this better one everybody uses, I just can't remember what it's called.
F
Yeah, this is not a U shaped curve. As you learn more and start to implement concepts like fail-safe and redundancy, the chances of everything in your house being broken goes way back down again.
The main thing you gotta learn though is stop fucking with it.
Or get a second homelab airgapped away from the first one.
My NAS is currently sitting apart while I turn my wife's old PC into our new media/game/whatever server, it's been 3 weeks of different random shit not working/being forgotten (whoops, I tossed all my old sata cables! Oops, forgot that the PSU is shit and needs replacement! Oops, the dog PISSED ON JT AND RUINED THE MOTHERBOARD)
Wife is clearly annoyed that the automatic piracy machine isn't working and has threatened to resubscribe to streaming services if I don't fix it soon lol
(Just gonna upgrade my gaming PC and use MY old parts to cover the busted mobo I guess)
Ok, clearly this one is on you. And I donāt blame your wife.
I mean comāon. Those are all rookie mistakes!
You tossed out perfectly good cables. Iāve made this mistake too, so I feel your pain.
Ha ha, I haven't!
<is consumed by giant pile of IDE, parallel, serial, VGA, telephone, USB A-B, RCA, and other assorted very obsolete cables>
And there will come a day where you will be asked for a cable, and eventually youāll find it in the tangled mess of cables that youāve put somewhere in your domicile, youāre sure of it, just give yourself a minute to check; hold on, you swear you have it, just give yourself a minute to find itā¦. No not that one, almost but not quiteā¦. Ah ha! Found itā¦ no, youāll keep looking.
What, you took the old one offline before the new one was ready? What the hell, man
Yeah sure but for some of us itās not because we have over-complicated our homes.
Itās because we do āfix the damn techā at work all day and are too damn old to do it at home as well!
You can always tell who is the car mechanic on the block. He drives the shittiest barely functional car.
This!
Get yourself a partner(s) who know a thing or two about tech and can at least perform basic troubleshooting and report to you.
Huge, thick cock but tiny brain and reeeeeeeeee? Pass. Small cock but can tell me when my homelab goes down, what services are actually affected, and suggest a solution that is plausible and is for up-to-date versions of X? Call in pizza and ice cream and clear your schedule, it's sexy time. And they knew a temporary solution for the outage so they aren't impacted while I was busy/away? Marry me.
There's a lot of other factors but that defo plays a factor. Learn tech, get blowjobs. It's that simple.
I fucking wish! Despite my profession and hobbies all being very technical I have never had a partner that knew anything beyond turning it off and on again š. I'd be eating them out like a bulldog with a jar of mayonnaise every night if they did! Though I guess I would do that if they didn't too....š¤
I may need to rethink my approach....
I can't even do that for my own homelab. If restarting everything in order from most to least likely culprit doesn't make it work again I'm usually fucked and looking forward to a couple hours of work.
Example: My "Smart" TV must have something like this in its code:
void main() {
if(hasLocalIP && !hasInternetAccess) {
randomlyQuitJellyfinEvery20MinutesOrSo = true;
}
startTV();
}
This took 2 weeks of restarting, app reinstalling, factory resetting, OS updating, OS downgrading, OS updating but different method, etc. to figure out. I'm literally just unplugging its ethernet port before starting now, it's that simple. I've never allowed it to connect to the internet though - no ad revenue for you, Google!
First of all, my parents have a Raspberry Pi V1.0 (the still holeless one) that has been piholing since day one. That's like a decade.
I keept it there, caseless and dangling from the lan cable, for sentimental reasons, I've grown fond of it.
Second of all, there is a secondary dns on Proxmox should the Pi need a rest.
Edit:
Forgot the third of all - that Raspberry doesn't even have a heatsink, much less a fan.
Iām running the same setup down to the dangling LAN cable. How do you deal with sd card deaths? Just a fact of life?
Does this thing still get updates??
Why would it need updates
Updates are good, they automatically install you extra RAM, extra AI assistant features, promotional targeted ads, extra bloatware, more bugs ... no, wait, that's Windows, nvm.
It's called a secondary DNS server. Like, literally the reason it exists. I guess it's still on the line towards knowing what TF you're doing. Every DHCP server offers at least 2 dns server options.
Came here to make a DHCP config backup DNS joke, but it turns out I'm on Lemmy and 5 other people got it covered
I feel attacked right now
Fun fact, theres a linux Pihole.
I kept having issues with my raspberrypi so i put a linux VM on my trueNAS server, then Pihole on it.
This is a mistake you only make once, which is why I now have a dedicated dmz network for work equipment that doesn't use the pihole for DNS resolution.
I just have my router fail over to 1.1.1.1 if pihole disappears. (I donāt use pi-hole for dhcp). It saves my ass from this.
Or have 2 piholes on 2 separate pieces of hardware, giving you the opportunity to fix things should one go down.
Full arr stack makes life much easier. Only time I got that look was when it pulls a .rar that didn't automatically extract. Wrote a script that transmission runs on completion and they extract when finished now.
I'm in this picture and I don't like it
Can confirm. Everything is broken. I wish I could say I was typing this on the laptop I built by duct taping a battery, a screen and a pi into a laptop but that doesn't work either because I have to mod up a laptop keyboard fpga hackfuck first š¤·
I'm not quite at Pi-Hole, I use OpenWRT on my router though.
I sent this to my wife and said "good thing our pi-hole is never down". Long story short, I think I'm sleeping on the couch tonight
this one feels "oddly specific"
Its a rookie mistake to implement a highly desirable, but low WAF (wife acceptance factor) solution to some shared resource.
The linked picture should have had a separate SSID that doesn't route through Pihole, so if the raspberry pie dies, wife know to simply change the SSID she connects to.
Your raspi needs a fan? I have mine just dangling from a USB-C cord wrapped around my router's antenna.
All posts need to have the same title: me_irl it is allowed to use an emoji instead of the underscore _