No, I use a second reverse proxy for my local network. For example, I can resolve navidrome either via my VPS using navidrome.mydomain.net or directly in my local network with the address navidrome.local.mydomain.net. I also configured the local caddy reverse proxy with a DNS provider module to get LetsEncrypt certificates for my local addresses.

I use a wireguard tunnel that connects to a cheap VPS and then configured a caddy reverse proxy on that VPS that makes my services available on the internet.

deleted by creator

I recently bought one and I am quite happy with it.

I installed Shelter into the owner profile to enable the work profile. All the googly stuff gets installed in that work profile. I only unpause the work profile when I need a specific app and pause it again when I am done. Open source and apps that do not require play services are allowed to run directly in my owner profile.

No manual intervention needed just track everything and retain the data for a long time. Then you can query the database for all serial numbers your target has ever taken out of an ATM and where they where returned. Circulation will diffuse these results somewhat but that follows a normal distribution. That means it is much more likely that a bill that was spent at a store by your target which is given out again as change, is more likely to be spent at another store near that original store. Aggregate this information over a couple of weeks or months and you will get a heatmap of locations to check out. You can run this operation automatically on all bank accounts if you want. Threshold the heatmap at some significant value and you get a list of stores visited by each person with X% probability.

Yes that would destroy some data points but we are talking about a statistical approach here. How often do you give other people cash directly in comparison to spending it at stores. Given enough time and collected information local concentrations will show up. Its surveillance through data analysis with a new veneer.

Netzpolitik recently did an article about that. I consider them a credible source. How often bills are used before there are returned to the bank heavily depends on the denomination. Larger bills don’t circulate as much and at least in my country most stores return their cash income to the bank on a daily basis. People also tend to spend their money around the area where they live, so even if you couldn’t figure out which exact store a targeted person spends their money at due to circulation (which I doubt), you can still quickly find the general area in which they are staying.

Given a large enough time frame this can be treated as random noise which is easily filtered out, and this data isn’t necessarily meant to track your supermarket shopping. For example, you can use it to figure out where somebody went who has gone into hiding. They might have cleared out their bank accounts before leaving and with that data you can see where these banknotes are now showing up. Just wait at the store they apparently visit every Tuesday.

Banks can track each banknotes serial number when you receive them from the ATM and when they are returned from the store you spent them at. This data could then be used to create a complete profile of your spending habits.

https://www.heise.de/en/news/Bill-tracking-Increasing-cash-tracking-worries-data-protectionists-10481696.html

I use Kopia to do encrypted incremental backups of my user directory.

Honestly, I would go with a managed Nextcloud solution like Hetzner Storage Share or another reputable provider. No hassle of updating and securing the server, no data stored at Google or Microsoft, and easy to administrate by people who aren’t expert system administrators in case you are no longer available. I also went with that route for my personal instance because it was actually cheaper than hosting it myself on a VPS.

As for the listenbrainz/last.fm that is kind of a solution, but it takes a very long time to train up your profile to actually be useful.

This isn’t a huge issue, listenbrainz supports importing your spotify history.

There no need to choose on over the other. I host all my podman containers in a Proxmox VM.

You can connect navidrome and many other music players to listenbrainz.org. Like Spotify it creates an end of the year report and it also does recommendations like the weekly spotify playlist.

Pretty cool as a learning exercise. As a follow up scenario maybe try moving this infrastructure to another cloud provider because AWS deleted your account without warning or try a multi-cloud deployment.

Regarding Lets Encrypt your server doesn’t need to be accessible from the internet if you use the DNS-01 challenge. Caddy with the caddy-dns plugin for your provider can do that automatically for you.

Either use the sftp command, it also supports the -J option, or use SSH tunneling. For example here I bind the homelab port 4533 to my local port 8080.

$ ssh -L 8080:vpn-homelab-ip:4533 user@vps-ip
(user@vps) $

I can now open a new shell and run:

$ curl http://localhost:8080/
<a href="/app/">Found</a>.

You could also do it this way:

$ ssh -L 8080:localhost:4533 user@vpn-homelab-ip -J user@vps-ip
(user@homelab) $

According to the Pangolin docs it supports raw TCP and UDP connections.

For SSH you can also try to use the VPS as a jump host like this:

$ ssh user@vpn-homelab-ip -J user@vps-ip

Lullabies that are pretty grim seem to be a thing in a lot of cultures. I read an article from the university of Oslo about that recently.