I should set up that bitwarden feature that lets people ask for access and they get it if you don’t respond in a set amount of time.

Ah, yeah I feel that. Been dealing with it in my own setup, and sometimes they get annoyed when stuff gets done on my time 😅

I’ve thought about deploying overseerr to take some of that off me, but I’m lazy…

What’s wrong with your setup that makes you have to touch your stack constantly?

I have radarr and sonarr, and I only ever touch them to add media. Hell, I use prowlarr more than either of the others just cuz I don’t have any kind of management for other media I partake in

I don’t have the attention span to draw out a Pepe Silva looking graph (even if I periodically have to try to explain it to newbies haha)

It sounds like your ubiquity and your ISP router are on the same LAN segment, which is not a good config.

You should never have multiple DHCP servers configured unless you’re intentionally split braining your vlan (only ever done that for HA purposes and using half of the pool on each). Im pretty sure you need to have your ISP connected to your cloud gateway, and all of your gear connected to the ubiquity. Your ISP router should only see your ubiquity, and that’s likely a good part of the reason you can’t see all the DHCP leases on your ubiquity gear.

Were I in your position, I’d probably disconnect everything and slowly reconnect stuff one piece at a time until you trip over what’s causing your issue. I doubt this is the case, but you could also have another DHCP server running on something you forgot about causing issues. Seen that many times before when doing small business network overhauls.

I tried this for a bit last year, and I never got it to work. I’m sure it was user error, but I’m super glad I got a new kit before shit blew up.

Might have to track down the bad kit I had and give this another try for giggles.

Agreed. I spent a bit of time writing out a script for similar functionality for one of our business units, but I never was able to figure out how to convert excel sheets to a PDF to be able to merge them in the allotted time, so it just doesn’t support them lol.

But I can see why it wouldn’t have an API, since the whole deal is it stays in your browser, and an API would mean sending the files to the server.

. if the duration is 45 days then they will give you 365/45 certificates ?

Minimum. We get through digicert at work, and we abuse the hell out of our wildcard and reissue it tons of times a year. You’re buying a service for the year, not an individual cert.

Given that automating things like this is annoying sometimes, you’ll be sure people will max out the 45 days…

I know from professional experience that this is a stupid as fuck idea that leads to outages. One of the many reasons I’m working to automate those annoying ones.

Also, don’t let perfect be the enemy of better.

Lol, never had to buy a cert huh?

You’re still buying a year or more at a time, no matter the lifetime of the cert itself. Even if the cert lifetime was a week, you’re still buying the same product, no matter how many times you rotate it.

Personally, yes. Everything is behind NPM and SSL cert management is handled by certbot.

Professionally? LOL NO. Shit is manual and usually regulated to overnight staff. Been working on getting to the point it is automated though, but too many bespoke apps for anyone to have cared enough to automate the process before me.

And you still can’t can self certify.

Skill issue, you’ve always been able to self certify. You just have to know where to drop the self signed cert or the parent/root cert you use to sign stuff.

If you’re running windows, it’s trivial to make a self signed cert trusted. There’s an entire certificate store you can access that makes it easy enough you can double click it and install it and be on your way. Haven’t had a reason to figure it out on Linux, but I expect it won’t be super difficult.

note that the max duration was reduced from 3 years to 398 days earlier this year)

2020 really has been the longest year of my life

I’ve been dreading this switch for months (I still am, but I have been, too!) considering this year and next year will each double the amount of cert work my team has to do. But, I’m hopeful that the automation work I’m doing will pay off in the long run.

So, if you would, help me out with the ‘why’ part

It eliminates a single point of failure, can be used to bypass censorship, and allow for community support/engagement in a way that is harder to track and suppress (in that there’s no ‘central’ hub and you have to go after nodes individually. From an opsec point of view, you’re still broadcasting a signal that someone in range can pick up). Obviously it requires many devices to make a good mesh work, but short of DOSing every channel or just blowing out the signal space, it’s gonna be hard to take that down.

I see it as something like tor or i2p, not something for general use at the moment, but definitely has good uses.

There’s not really too much of a debate, just a lack of deep understanding of how the infrastructure works under the hood.

The other person (rightly) doesn’t want to share their local network (what’s behind your wifi router) with their neighbors. My only point was that, much like current ISPs, you don’t share any networking with your neighbors. The only thing remotely close to ‘shared’ would be the individual uplinks (your ISP connection) from each residence to the (shared) networking gear of the ISP.

A local ISP and a Telco aren’t (shouldn’t) going to be handling the base networking layer any differently. They’ll all have individual connections between them and subscribers, and the only way that I could get into your network is to setup services and configure either side to talk to the service on the other.

To actually ELI5 (which I am exceptionally bad at with actual 5yos), Alice and Bob both get their toys from Charles (Telco ISP) who charges a lot of money, and doesn’t treat them well when they try to use the toys they got. Dan comes a long and works with Ed and Fred to set up a local toy store and try to treat customers better. Bob (irmadlad) is concerned that the new local toy store means he’ll have to share the toys he bought with Alice, not realizing neither store makes you share your toys.

why would I want to hook my uplink to someone else’s network

Well, the biggest reason I could think of is that you want to access the Internet.

Your local network is only as good as the services you run, and most people don’t self host. If you choose not to hook your uplink to your ISPs network, you’re not gonna be able to do all that much.

Oh I get how it would all work, I’m not into sharing my network.

See, I’m struggling to think that you do. You’re not sharing your network with anyone. You’re just hooking your uplink into someone else’s network, who will take as much (or more, given how fucky current ISPs are) care to keep you and your neighbors from talking to each other without your own config letting it happen.

There is a user here that mentioned he is in funding talks for a local, independent ISP. I’m not really sure I’m ready to be connected to my neighbors intimately. Good fences make good neighbors.

Why do you think an independent ISP would operate any differently at the networking level on a per-customer basis? This is basic network segmentation, and my home gear can do that pretty easily. Throw each customer on their own vlan that’s a /30 and they can’t do anything more than talk from their node to the central router.

Good firewalls make good digital neighbors, and an independent ISP isn’t going to survive long if Alice can access Bob’s home network over the ISP without having something specifically configured in Bob’s network to allow that.

How do you 3d print a rubber gasket/seal?