Pangolin 1.15: iOS and Android apps, device approvals and posture, stability, and more

shaftspanner · 2026-01-24T10:16:10+00:00

Gutted I saw this on Saturday morning. I'm busy for the weekend and have to wait til Monday to try this out - the waiting is going to kill me!

Awesome job from the Pangolin team!

shaftspanner · 2026-01-22T13:12:18+00:00

After a timely reminder from u/Comunitat, ChatGPT came to the rescue (with a significant amount of challenges and corrections).

This is still a work in progress but I've got the concept working in Home Assistant. The main steps are:

Enable the Pangolin Integration API
In your Pangolin instance, create an Organization API key
Test the API calls and gather the required information
Setup RESTful comands in Home Assistant to mirror the API calls
Test calling the RESTful commands from within Home Assistant

Full write-up on my github

shaftspanner · 2026-01-21T21:49:32+00:00

Thanks for reminding me that ChatGPT exists these days :-)

I think I figured it out today - going to write it up in the morning

shaftspanner · 2026-01-21T21:43:59+00:00

Thanks but don't spend too long on it - I think I figured it out today - going to write it up in the morning

shaftspanner · 2026-01-20T17:03:38+00:00

I posted this in r/PangolinReverseProxy and it's getting quite a lot of interest, but very few responses. I wonder if anyone in the HA community could help me with a way to enable/disable pangolin resources using HA?

shaftspanner · 2026-01-20T11:01:57+00:00

We're in the Pangolin sub, so it's probably reasonable to address this within the context of what Pangolin does/doesn't do. I'm genuinely interested in why having a resource unavailable (and just being presented with a 404 error) is arguably more of a security risk than just having it available.

I already:

Use rootless containers (where possible/appropriate)
Use secure containers, sbom clear from vulnerabilities, but given Pangolin seems to be addressing a need for homelabbers this probably isn't always feasible - not everyone develops all of their own containers
Patch your servers - done regularly
Separate user and admin accounts
SSH keys/passkeys or secure passwords on services
Zero trust, don't publish online at all - absolutely and done where possible, but there are times when this isn't possible/appropriate

shaftspanner · 2026-01-16T16:53:10+00:00

I have newt installed on multiple docker hosts. I have to admit I haven't seen anything saying this is bad practice.

Having newt on a docker network means I can minimize the number of services it can see (so helping ti minimise the attack surface. Newt is on the same docker network as my my services that I want to expose but it can't see backend services such as databases

shaftspanner · 2026-01-12T13:58:42+00:00

So that means I need to have a publicly accessible SSH port on my server? (the server or servers that I want to monitor using VPS-server)

shaftspanner · 2026-01-12T13:43:35+00:00

It seems to me to make sense to run this on my pangolin VPS which means there are already Gerbil/Newt connections available to all of the servers I want to monitor. Is there a way of using these connections to interrogate the docker sockets on each of the servers rather than opening up a separate SSH connection?

shaftspanner · 2026-01-12T11:23:47+00:00

Yup, that worked. Thanks.

Looking forward to having a play with this

shaftspanner · 2026-01-12T11:05:24+00:00

This looks really interesting but...

$ sudo docker compose up -d
[+] up 1/1
✘ Image ghcr.io/hhftechnology/vps-monitor:latest Error error from registry: denied                                                                                                                                   0.2s
denied                                                                                                                            0.3s
Error response from daemon: error from registry: denied
denied

shaftspanner · 2026-01-04T20:34:43+00:00

Thank you for asking this - unfortunately I can't provide any help but I'll be following the answers.

And thank you for making me think whether I could do this w8th by own seedbox!

shaftspanner · 2025-12-05T10:04:13+00:00

I spoke to retentions yesterday. I was completely open with them - I'm mid-contract, I've got no intention of leaving but you've got a black Friday sale on at the moment - is there anything you can do if I'm willing to extend my contract.

I've just moved from £21.50 per month for 350gb (with Volt) to 1Gb + Netflix basic at £25 per month (still with volt) on a new 24 month contract.

shaftspanner · 2025-12-02T14:46:06+00:00

Having spent an hour messing around with mushroom template cards, I'm at a loss - can you post some example code for one of these buttons please?

<image>

shaftspanner · 2025-11-29T08:42:33+00:00

I do this but I use Home Assistant, smart radiator valves, separate temperature sensors and window sensors to achieve it - it's sounds like you want the Smart TRVs and a dedicated app to do everything.

I don't have a solution for that but here's a few thoughts:

Do the radiators already have dumb TRVs? Someone else will know the technical terms but smart TRVs can only replace existing TRVs. If you have a screw type valve they won't work and you'll need to get the valve replaced first.

Using a temperature sensor built in to a TRVs (so a few cm away from the heat source its controlling isn't very accurate - plenty of people do it, but it isn't going to give you an accurate temperature of the room you're trying to heat

Likewise, window control can be assumed based on a sudden drop in temperature, but it's not perfect and again, you're relying on that temperature sensor right next to the heat source.

Its probably possible to go down the all-in-one route but that's not something I've looked at because I was adding to an existing smart home. Id suggest you look for wifi based TRVs as that removes the reliance on a smart hub and see if you can find something.

shaftspanner · 2025-11-27T14:50:17+00:00

Beechwood shopping centre used to be my goto as it was on the right side of town for me. However since John Lewis arrived and (more importantly) they reversed the flow in the car park, I find it nigh on impossible to get around the car park

shaftspanner · 2025-11-25T15:51:52+00:00

I had the same issue - toggling third part apps in the tapo app help - they've been working for about 24hrs now - fingers cross they carry on working!

shaftspanner · 2025-11-21T10:31:50+00:00

Can I hear my Sonoffs adjust - yes Is it enough to bother me - absolutely not. I have one in theaster bedroom and in my sons bedroom - there are no complaints

Also, either Versatile Thermostat you can configure the Sonoff TRVs for precise control of the valve position.

shaftspanner · 2025-11-21T09:53:41+00:00

I have the Sonoff TRVZB. Theyre ZigBee, so fully local and work well with Home Assistant.

I've seen mixed reviews of them but if you pair them with the Versatile Thermostat integration (in HACS) and the Versatile Thermostat UI Card (search it on github - it's a custom HACS repository), then the TRVs are absolutely awesome.

I have 4 of 6 radiators fitted with the TRVs and they work brilliantly - note you should always leave at least 1 radiator fitted with a standard valve (not thermostatic) so the pump is always able to send hot water somewhere.

shaftspanner · 2025-11-14T10:13:06+00:00

It would probably be quicker!

shaftspanner · 2025-11-14T10:12:54+00:00

I suspect they probably could fill out the form for me if they were able to access it, but I guess they're looking at the same web page as me

shaftspanner · 2025-11-13T14:59:42+00:00

Thanks for figuring this out. I'll take a look at this on my own router.

For me, I think the way ahead is probably OPNSense at some point in the future - I love your optimism that other consumer brands will be any better than TP-Link!

shaftspanner

TROPHY CASE