Thanks for the update! Really appreciate all of the work that has gone into this.

A few quick questions:

• Will the Android app be available on F-Droid? It looks like it should/will be, but I don’t see it on F-Droid at the moment.
• Is it possible to download episodes from a Pinepods server to a local device via a Pinepods client so the episodes can be stored on something externally, like a USB drive or old MP3 player? If so, can all/multiple episodes on the server for a podcast be downloaded without having to manually select each episode? The only download options that I have seen are for the server to download the episodes from the podcast’s source.

I think that any guides you find for Gitea + Renovate should work still for Forgejo + Renovate.

I believe the process is:

• Create Forgejo instance
• Create a user for Renovate within Forgejo
• Using the CLI on your local machine (or another tool to complete this step), create an SSH public/private key for the Renovate user
• Log into Forgejo using the Renovate user and configure the previously created SSH keys and separately generate a Forgejo token
• Create a Renovate instance with settings for at least RENOVATE_GIT_PRIVATE_KEY (SSH private key value), RENOVATE_TOKEN (Forgejo token value), RENOVATE_PLATFORM (gitea), RENOVATE_ENDPOINT (Forgejo API base URL), and any other Renovate settings that you may find helpful/necessary to configure (eg: GITHUB_COM_TOKEN, RENOVATE_AUTODISCOVER, etc.)
• Depending on how you want things to work, you may need to give the Renovate Forgejo user access to individual repos

Everything I mentioned works for LAN services as long as you have a domain name. You shouldn’t even need to point the domain name to any IP addresses to get it working. As long as you use a domain registrar that respects your privacy appropriately, you should be able to set things up with a good amount of privacy.

Yes, you can do wildcard certificates through Let’s Encrypt. If you use one of the reverse proxies I mentioned, the reverse proxy will create the wildcard certificates and maintain them for you. However, you will likely need to use a DNS challenge. Doing so isn’t necessarily difficult. You will likely need to generate an API key or something similar at the domain registrar or DNS service you’re using. The process will likely vary depending on what DNS service/company you are using.

Congrats on getting everything working - it looks great!

One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you’re running your services behind Wireguard so there isn’t too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you’re more likely to run into issues with services not running on HTTPS.

The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won’t know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).

Raspberry Pi + PiHole + PiVPN = Network Gateway Drug

Although, PiVPN is winding down so you might want to find something different instead. Setting up a regular Wireguard VPN isn’t so bad, but it may be simpler to setup a Tailscale Tailnet.

https://changedetection.io/

Change Detection can be used for several use cases. One of them is monitoring price changes.

Some additional ideas for the Protectli device:

• backup/redundant OPNsense instance for high availability
• backup NAS/storage
  • set it up at a family/friend’s house
• a test/QA device for new services or architecture changes
• travel router/firewall
• home theater PC
• Proxmox/virtualization host
  • Kubernetes cluster
• Tor, I2P, cryptocurrency, etc. node
• Home Assistant
  • dedicated local STT/TTS/conversation agent
• NVR
• low powered desktop PC

There are so many options. It really depends on what you want, your other devices, the Protectli’s specs, your budget, etc.

Could you explain further? Wouldn’t this just need to be setup once per server that OP wants to connect?

Could you use symlinks? Not sure what the “gotchas” or downside to this approach is though.