I messed around in portainer before and I think possibly OP is referring to their feature where it can watch a git repo and anytime a change occurs, it’ll try to do a pull and recreate the container.

I don’t have a concrete example but I’ve talked to an online friend who works in IT and he claims the majority of his work is just renewing and applying certificates. Now he made it sound like upper management wanted them to specifically use a certain certificate provider, and I don’t know their exact setup. I of course have mentioned certbot and letsecrypt to him but yea, he’s apparently constantly managing certs. Whether that’s due to lack of motivation to automate or upper managements dumb requests idk

I second this. I have notifications set up via homeassistant, and if I want to view a feed I just VPN in

I have thought about different ways to do that. Both iOS and android have the ability to run scripts upon certain triggers such as joining a certain Wi-Fi network. (On iOS the Shortcuts app can do this). I’ve thought about using that to post to the already running mqtt broker and using that to update my system. Or I’ve thought about just snooping all the nearby Wi-Fi clients to my server, and if it detects my phone, do something similar.

Or I suppose you could turn it around, before the system decides it has an intruder, check to see if your phone is in fact at home via some method. Either scanning for it on Wi-Fi or some other way.

You could set it up like that yes, I suppose it would be bad opsec to give away exactly how I set mine up. But HA certainly has the ability to be informed when your phone comes home and change what alerts are sent out based on that

Unfortunately not quite so good. Maybe there exists a model that can do facial recognition. But the model I have loaded on mine just spits out “dog”, or “person”, or “car”. The false-positives I was referring to it not having, is what you’d typically get with a pixel-based motion detection camera. Where if it sees a leaf on a tree move, it alerts you.

Mine, at least that leaf needs to look convincingly like a person.

You can read more about the Coral at https://coral.ai/models/

I have a frigate setup. I run it through Docker and I even have the Coral AI processor chip hooked up. Which is pretty neat, runs local pattern recognition for people, annimals, etc. I use generic IP cams on their own network. I think pretty much anything that supports RTSP would work. Then hooked up to HA via MQTT, again all in docker. With the coral, I only get notifications if it actually detects a person. The false positives are extremely rare. And I use Tailscale for access from outside the LAN

You could be right. I am not a pro so I don’t really want to speak on the best practice approach. Really the only reason I containerize my services is the ease-of-deployment and the ease of potential re-deployment if my server did crash.

I personally am not too stressed about bad actors, being as this is a hobby server and the payout for a bad actor would be pretty low.

But your point does make sense to me.

I also do this. Just run Tailscale on bare metal and then I can access my all my services the same as if I was on my LAN, essentially.

+1 on duplicity. I run it directly on the host, outside of my docker containers. Grabs the data from the different volumes for my Nextcloud etc, puts it all into an AWS infrequent access bucket. Costs me ~3$USD/month. Pretty simple. Runs on cron

I don’t follow the full 3-2-1 rule, but I did want some sort of offsite backup for my Nextcloud so I use Duplicity to back up my user data from Nextcloud, plus all my DockerCompose files that run my server, to an S3 bucket. Costs me like $2/mo. Way cheaper than google drive