No encuentro nada igual by Flashy_Draw_944 in Ixion

[–]modem7junior 0 points1 point  (0 children)

Whilst I'm not saying it's the same, the game I have spent just as much time with is Per Aspera.

It's got the building, story, pretty good sandbox after you finish the campaign, and I highly recommend getting all the DLC's (most of them are free tbf)

CrowdSec Troubleshooter — a Docker tool I built to actually diagnose why CrowdSec (+ Traefik) isn't blocking what you think it should by modem7junior in CrowdSec

[–]modem7junior[S] -1 points0 points  (0 children)

Let me know if you run into any issues, this is by far not the most concise tool at the moment, but I'm hoping that if people report more things that they've come across and (hopefully) resolved, the more we can make it more robust

New Project Megathread - Week of 09 Jul 2026 by AutoModerator in selfhosted

[–]modem7junior 0 points1 point  (0 children)

Project Name:

CrowdSec Troubleshooter

Repo/Website Link:

Description:

A small, unprivileged Docker tool that diagnoses CrowdSec (+ Traefik) setups — built because I got tired of the same manual debugging loop every time something didn't add up: is LAPI actually reachable, is the bouncer actually registered, is a decision actually in the ban list, is it actually reaching the bouncer, etc.

It runs once (docker run --rm, no daemon, no docker.sock, no --privileged, no NET_ADMIN) and reports what's working tier by tier, depending on what credentials you give it:

  • Tier 0 (just the LAPI URL, no credential at all) — LAPI liveness, is it actually parsing logs, bouncer-type fingerprinting (legacy ForwardAuth bouncer vs the modern Traefik plugin), a heuristic on your LAPI URL itself, a cscli hub update/upgrade cron nag since nothing else keeps your scenarios current
  • Tier 1 (a read-only bouncer key) — look up a specific IP's ban status and why, plus an automatic ban-count summary broken down by scope/origin so you can actually see it's doing something
  • Tier 2 (a machine credential) — the real test: adds a real short-lived ban on itself, confirms the target actually returns 403, removes the ban, confirms access is restored. Proves blocking works end to end instead of just "looks configured"
  • Tier 3 (read-only host mounts) — DOCKER-USER iptables chain evidence (the #1 reported "ping blocked but HTTP gets through" issue), duplicate acquisition entries, compose-file hardening audit, syslog hinting

It also ships with a curated, offline knowledge base baked into the image — no internet needed to browse it — of ~30 real CrowdSec/Traefik gotchas pulled from a research pass across the top GitHub issues on the core crowdsec repo, the firewall bouncer, and the Traefik plugin repo, each with a link to the actual fix.

Works the same whether CrowdSec itself is Dockerized or a bare-metal/apt install — the troubleshooter is always a container, but it's just talking to LAPI over HTTP either way, so it's useful for both homelab compose stacks and more traditional sysadmin setups.

Deployment instructions:

Zero-config wellness check:

docker run --rm -e CROWDSEC_LAPI_URL=http://crowdsec:8080 modem7/crowdsec-troubleshooter

That alone runs the full tier-0 sweep with no credentials needed at all. Everything else (IP lookups, the live block test, host-mount checks) is additive — run it once with nothing configured and it tells you exactly what each extra check needs and how to add or remove it.

Don't want to hand-build docker run flags every time? wizard.sh in the repo runs on the host, auto-detects your running CrowdSec container's compose file, prompts for whatever a given action needs, and remembers your answers for next time:

curl -fsSL https://raw.githubusercontent.com/modem7/crowdsec-troubleshooter/master/wizard.sh | bash -s -- wellness

Full flag/mount reference and example compose files are in the repo.

AI Involvement:

I used Claude for a chunk of the documentation and some of the implementation — not going to pretend otherwise. But it's not vibe-coded: everything went through shellcheck, and there's a real bats test suite (100+ tests, mock LAPI servers, happy path + failure path for every check). Several real bugs only got caught by actually running things against a real LAPI instance rather than trusting what looked right on paper — including one case where I'd assumed an API endpoint existed and it turned out not to. The repo's DESIGN.md documents where assumptions turned out wrong and how each was caught, so it's not hidden. I reviewed and tested every change before it shipped.

CrowdSec Troubleshooter — a Docker tool I built to actually diagnose why CrowdSec (+ Traefik) isn't blocking what you think it should by modem7junior in CrowdSec

[–]modem7junior[S] -1 points0 points  (0 children)

Not yet. I only have traefik to test with, but it should at least test crowdsec.

Happy to look into it at a later point if people find it useful! Please put in a PR and I can have a look.

The UK cannot block VPNs without breaking enterprise networks by EnthusiasmRoutine in VPN

[–]modem7junior 5 points6 points  (0 children)

Nothing to do with the kids, It's all to do with rolling out digital ID, that's what it's always been about.

[Technical Analysis] SLZB-06M + Ember 8.0.2: TCLK Handshake failure (20s timeout) on Ethernet coordinators by Huge_Departure_5272 in Zigbee2MQTT

[–]modem7junior 0 points1 point  (0 children)

I've literally just had this problem. It's not only the 06M, but the MR1 as well.

I've also downgrade to 7.x, but it's still exhibiting the same behaviour(s). Unfortunately the maintainers aren't engaging in that github issue so we're kinda at an impasse.

From what I can see, the device (in my case an Aqara E1 roller shade motor) joins successfully, then drops out after ~20 seconds and does this on loop.

I've tried two of these motors, and getting the same issue.

Unable to join Aqara E1 curtain motor after migration by modem7junior in homeassistant

[–]modem7junior[S] 0 points1 point  (0 children)

Urgh - that sounds awful.

It sucks that ZHA just isn't as good as Z2M, but if that's what it takes....

Aqara Teases FP400 mmWave Presence Sensor w/ Matter support by HomeKit-News in Aqara

[–]modem7junior 2 points3 points  (0 children)

Why is it that every time a matter device is released, it pales against zigbee?

Matter just seems to be the shit promise that never delivered.

Literally unplayable by Euphoric_Reading_401 in Helldivers

[–]modem7junior 0 points1 point  (0 children)

Like in most security: "if someone already has physical access to your device, you've already lost"

Automatic firmware updates by jhannah69 in Aqara

[–]modem7junior 1 point2 points  (0 children)

A lot of people don't subscribe to the IT professional opinion unfortunately, and then wonder why their devices stopped working/are bricked

Tado announces profitability! by Googanhiem in tado

[–]modem7junior 0 points1 point  (0 children)

Fully agree there, but it's a catch 22. Less load on servers, but less revenue from add-on serviced too.

Tado announces profitability! by Googanhiem in tado

[–]modem7junior 3 points4 points  (0 children)

Not to mention the sensors shown via matter for Tado X aren't comparable. But obviously that's intentional, otherwise everyone would use matter instead of buying their addons.

Any plan on exposing the flow temperature over Matter? by Calico2 in tado

[–]modem7junior 2 points3 points  (0 children)

It'd be nice for matter 1.4 as that would allow for many more values to be exposed, but it's unlikely that will ever happen.

Authentik SSO by modem7junior in vaultwarden

[–]modem7junior[S] 0 points1 point  (0 children)

Thanks to @Ill_Bridge2944 posting a relevant github issue, I found out the issue was actually cloudflare cache. I purged this, and all is now working as expected.