• 0 Posts
  • 14 Comments
Joined 1 year ago
cake
Cake day: June 16th, 2023

help-circle

  • To use Wireguard, you need to:

    1. provision a client tunnel for every device, or at least every person who needs to access your network
    2. have Wireguard downloaded and installed on every device, with the tunnels all imported.

    Basically, Wireguard works really well for services that only you use, on your own devices. You set it up once per device, and you have access to every service you host on your network.

    For the DuckDNS / reverse proxy route, you need to configure the reverse proxy for every service you want to expose, but don’t need to configure anything on the end user’s device.

    For Jellyfin, since I have users that are not me, it is impractical to expect them to go through all the hoops to get Wireguard running just to watch some movie or tv show. I also don’t want to make new Wireguard client tunnels for every single friend that I add to my jellyfin server. This also means I can access jellyfin on devices that aren’t my own such as a friend’s TV.

    For immich, my phone is a bit wonky with keeping Wireguard connected in the background, and I just don’t want to worry about if I’m connected to my vpn just so my photos will get backed up.


  • Different services for different use cases.

    I use nginx reverse proxy behind Duckdns for anything that requires public access, or that I use very frequently, like jellyfin or immich

    I use Wireguard for everything else, to expose as little as possible.

    If anything, I would say that Duckdns is harder to setup than Wireguard. You will need something like nginx reverse proxy if you want to host multiple services, and also deal with SSL certificates.






  • If you had a Samsung fridge, and you willingly put a bomb in the fridge, would you blame Samsung when your fridge explodes?

    Microsoft gives you the freedom to install software that runs with the same level of privilege as the kernel itself. You’re the one that chose to install defective software, and then give it kernel level permissions. You put a bomb in your computer and now you’re blaming Microsoft after the bomb exploded.

    Microsoft didn’t make the decision to allow the faulty input, the person who installed the software did, when they gave it permission to run in kernel mode.


  • I don’t remember much about plex photos, but facial (and object) recognition, photo map, easy sharing through albums (without the other person needing an account), and being open source are some features I imagine plex photos does not have.

    it seems barebones still, because it is a very young app, and the UI is not great, especially on mobile.

    It is the best replacement for Google photos that I have seen though.


  • +1 to immich

    However, because of the fast dev cycle, it has a lot of breaking changes, and needs regular maintenance (most notably for me, postgres docker changes. Especially if you are not giving it it’s own postgres instance and using their provided docker compose.)

    You could stay pegged to a single version, but the mobile app also doesn’t have full backwards compatibility with server versions, which results in a slew of other problems (how do I do a fresh install of an older app version on a new device?)

    But if you are willing to keep up and perform semi-regular maintenance, immich is great, and the rapid dev cycle means more new features faster!