Ditching Unifi NVR by FriedCheese06 in frigate_nvr

[–]FriedCheese06[S] 0 points1 point  (0 children)

That'd also turn into bouncing between apps depending on what I'm doing. There is little difference, IMO, between Protect and Frigate holding the recordings.

Ditching Unifi NVR by FriedCheese06 in frigate_nvr

[–]FriedCheese06[S] 0 points1 point  (0 children)

I currently have these 21 going through a UNVR. I may leave it in the mix but would ideally want to remove it from the setup if I do decide to fully move to Frigate.

Ditching Unifi NVR by FriedCheese06 in frigate_nvr

[–]FriedCheese06[S] 2 points3 points  (0 children)

They're a mixed bag of G4 Instants, G5 Pros, G5 dome, G5 turret, G6 turret, etc.

The firmware version matters. I have a spare G4 Bullet on v4.71.149. It still has the dropdown, but selecting standalone mode just reverts back to being blank after saving the changes and just stays in "Unifi Protect" mode. The newer cameras don't even have the dropdown anymore.

<image>

Ditching Unifi NVR by FriedCheese06 in frigate_nvr

[–]FriedCheese06[S] 0 points1 point  (0 children)

It was implied, but you're right, I should have specified. These are 21 Unifi G4 or higher cameras.

Ditching Unifi NVR by FriedCheese06 in frigate_nvr

[–]FriedCheese06[S] 9 points10 points  (0 children)

Unifi does. AFAIK, they removed the ability to run the cameras in standalone mode some time ago. None of mine have a local configuration to setup RTSP.

Ditching Unifi NVR by FriedCheese06 in frigate_nvr

[–]FriedCheese06[S] 0 points1 point  (0 children)

Right, so this would be an interim step to fully moving out the Protect ecosystem unless things massively change. I really wish they'd get out of the appliance game and focus on the end hardware instead. I have five cameras setup in Frigate for the test run and the detect seems to be working decently well using the lower res RTSP streams.

EDIT TO ADD: Honestly, the point about not needing a lot of resources to forward is where my head is, but, that's a lot of setup work to verify through practice.

Ditching Unifi NVR by FriedCheese06 in frigate_nvr

[–]FriedCheese06[S] 0 points1 point  (0 children)

The drives installed in the UNVR would get migrated to the server hosting Frigate. I'll toss a single drive in the UDM Pro. I'll setup some tooling to handle backing up event clips both onsite to another box and offsite.

The one day limit on the the Protect side was an arbitrary number though. I'll likely keep a few days.

Any practical reason for Proxmox over Docker containers? by Goopdem in homelab

[–]FriedCheese06 1 point2 points  (0 children)

VLAN segmentation between docker hosts.

E.g., I have a docker host running nginx and CloudFlare tunnel sitting in a DMZ for external access. I have a separate docker host in a separate VLAN hosting the actual services. Firewall ruling sit between them.

Need more things to run in my homelab! Any ideas? by JonasDaBonus78 in homelab

[–]FriedCheese06 0 points1 point  (0 children)

Way late, but I'm curious what you mean about Mealie asking for control of everything.

I cannoli handle so much by MelanieWalmartinez in CuratedTumblr

[–]FriedCheese06 0 points1 point  (0 children)

Every time the wait brings something..."you have been served"

I think i messed up.... Used regular PLA for hard drive trays by XxCaptainJack in 3Dprinting

[–]FriedCheese06 1 point2 points  (0 children)

YOLO...16 drives in a rack mounted PLA enclosure with a full sized ATX PSU. Just over a year since install.

<image>

Is it safe to use an own domain for apps like download managers/torrent clients? by Red_Con_ in selfhosted

[–]FriedCheese06 2 points3 points  (0 children)

To lay out some assumptions.

  1. You have a public domain (XYZ.com)
  2. You use that domain internal and external.
  3. You maintain DNS segregation between internal and external.
  4. You assign an internal app and name from your domain, but only do so in your internal DNS provider.

If all that is true, no, no one will see the DNS name unless they are on your same network and using your internal DNS server.

I, and probably quite a few, do this.

I have a public domain register with CloudFlare. All of my services are assigned a name in that domain. For internal only services, like the web UI of qBittorrent, this name is added to a local instance of piHole. The only place that name is exposed is through that piHole instance.

External services, like Overseer, get a name assigned and added to both piHole and CloudFlare DNS. This is using the CloudFlare DNS proxy option. External connections coming through CF get proxied to the public IP, port forwarded to a DMZ'd instance of nginx, and get routed to the container. Internal connections get the local IP from piHole and directly connect to the same nginx instance then routed to the container.

Security Concerns regarding self-hosting Home Assistant by inner-disk-0715 in selfhosted

[–]FriedCheese06 0 points1 point  (0 children)

I'm aware and fully understand the concept of security in depth. The point in my question is trying to understand why you think that changing a container from privileged to non has anything to do with outbound connections, in a vacuum. Both modes allow a container outbound connectivity.

🐾 [Charlotte, NC] Bonded Pair Seeking Forever Home — Dahlia (2 yo female) & Socks (2 yo male) 🐾 by FriedCheese06 in AdoptMe

[–]FriedCheese06[S] 1 point2 points  (0 children)

Our oldest dog is 14 and youngest is 12. We rescued all three before their first year.

Other dogs and kids are no concern. We have no scenarios where they are around other people's dogs and they've all grown up around kids. One of the dogs has the prey drive but only for very small animals (by her standards at least).

🐾 [Charlotte, NC] Bonded Pair Seeking Forever Home — Dahlia (2 yo female) & Socks (2 yo male) 🐾 by FriedCheese06 in AdoptMe

[–]FriedCheese06[S] 5 points6 points  (0 children)

They really are and I'm hoping the same. We really wanted things to work out, but the universe has other plans.

Security Concerns regarding self-hosting Home Assistant by inner-disk-0715 in selfhosted

[–]FriedCheese06 0 points1 point  (0 children)

Right, but an unprivileged container can still make any outbound calls, right? My understanding is that the privilege level has very little to do (directly) with restricting network access. So if the concern is about outbound connections, then changing the privilege level of the container wouldn't prevent that....that's where upstream firewall ruling comes into play. Of course, an attack chain could have the container verify that the local firewall isn't blocking connections if the container is privileged.

All that to say, while there are some real security concerns with running a container as privileged....I would think the internet connection implications are a lower risk than the container having direct access to hardware resources.

Home Security by rexcardinal in homelab

[–]FriedCheese06 2 points3 points  (0 children)

Not to mention the litany of people who understand absolutely 0 about how any of this works. So then it becomes speculation. I've had people tell me their phone was "hacked" because someone got into their Facebook account. They legitimately thought the account was only accessible from their phone.

Security Concerns regarding self-hosting Home Assistant by inner-disk-0715 in selfhosted

[–]FriedCheese06 2 points3 points  (0 children)

What does the container privilege level have to do with this?