iMeddles

I worte a guide last year on how I do network bound encryption - that is the disk will automatically decrypt at boot if it's connected to my home network, but not if the disk or machine is removed from my house. The advantage over the dropbear method is that you can set unattended upgrades to auto reboot your server whenever it installs security updates, and it'll come back up with no manual intervention from you.

Dry air causes way more static electricity build up, which electronics really don't like having discharged into them

I had some spare time today, so I wrote it up on my website here

I don't at the moment, because I don't have a need for it, but I did for a while run a PoC with Step CA, and that seems like the easiest way to get up and running, even if its features are overkill for a home lab.

if you go down the luks route, an option to look at is Clevis/Tang for automatic unlocking on a trusted network. I have a tang server running in the cloud, firewalled to my home IP, so if my server reboots in my house, it auto unlocks, but if you steal it and try to turn it on anywhere else, it won't be able to auto unlock, and will require a password.

I should write that config up somewhere as a guide.

Thinkst have also published opencanary which you can run yourself and contains a decent subset of what their hardware canaries run, including SSH and cifs.

My aim for the year of voice is to replace my google minis with something that works locally with ha, if this gets integrated that way its gonna save me reasonable amounts of money on speakers :D

Yes, if you've built the network from scratch that works. Retrofitting it into an existing network however is a massive piece of work when you don't have that single source of truth to start with however. On networks I've built sensibly, I'll happily give people whatever CNAME they want to refer to their machine, but the machines actual name is descriptive, not the other way round.

My home network is somewhat overkill ;p but so far, about £500 on compute to run VMs, >£1000 on a nas and various other offsite and local stoarage, a couple hundred quid on networking gear, and then the extra premium on smart home devices you pay for non-tracking versions of the hardware (e.g a ring video doorbell would have cost me £40 less than the reolink I ended up buying). I've also so far spent over £75 on smart light switches trying to find one that both works with home assistant and fits inside my really narrow back boxes without yet finding one that works, so the number is continuing to go up!

A pihole. Given how much I've spent over the years on self hosting kit, few 'cheap' things have ended up costing me more than that first 30 quid raspberry pi

Every machine is named after what it does (although I do 1337-ify the names, because I'm still a late 90s IRC teen at heart). If you've ever been onboarded into a sysadmin role where all the machines are named with whatever whimsical naming scheme each department chose, you'll fast develop a visceral hatred for non-descriptive naming schemes. The fifth time you get a ticket saying something like 'Hedwig is down' and you have to go crawling through three layers of linked files on SharePoint to find what and where 'Hedwig' is, you'll be ready to beat the person who named it to death, and that attitude tends to persist to your home naming scheme :p

AV1 isn't needed yet, because its only really being used for live streaming like youtube gaming at the moment (Plex itself only started supporting AV1 in December). That might change in the next few years, depending on if the scene picks it up as a technology, its just a case of whether you want to future proof yourself. Of course, given how cheap these mini pcs are, you might be as well sticking with the N5105 now, and then picking up an N100 (or even whatever it's successor is) in a few years time. If you do end up running proxmox, you can always cluster them together, so you can keep using the old one alongside the new one. (Because they're so cheap, I actually have three of them in a little cluster, so I can patch and reboot each proxmox server without downtime to my plex server)