Unmapped
Well, this is going to mess up my whole setup. Especially my notes.
From what I understand running high bandwidth things like video streaming through cloudflare tunnels will get your cloudflare account banned or charged (which is why they require payment info to setup tunnels).
Best to keep things like emby, jellyfin, and Plex to tailscale or just open the port.
Idk how emby works but with Plex I feel pretty safe having port open. Since any logins have to auth though Plex’s servers.
From what I understand tailscale is basically wire guard but made convenient. And how they do that is by managing you wire guard keys for you. So I would have assumed they could use the keys to access your network. HOWever while trying to look into this just now I found out tailnet lock exist and it says “When tailnet lock is enabled, even if Tailscale infrastructure is malicious or hacked, attackers can’t send or receive traffic on your tailnet.”
Not really directly answering your question here so feel free to ignore me. But if I’m understanding right your setup sounds like a more complicated way of doing what I am.
I put tailscale on all my devices. And in every docker compose for the ports I do. TailscaleIP:hostport:containerport
So nothing can be access on local network at all. Only through tailscale. Which I can access from any of my devices locally or remotely without opening a port. All E2E encrypted I’m pretty sure. The only con is having to trust tailscale.
I do keep Plex port open for friends though.
I noticed this too. In theprimeagens recent video on cups problem they kept making jokes about printing on Unix. I think I must be lucky or something cause so far every printer I have setup on Linux has been easier then having to download all the bloatware to make them work on windows. But I have only done about 6 printers so far on Linux.
Not that I know of, but I kind of feel like Nixos could be. The way you can use nix flakes or shells so each project has its on version of nodejs, go, rust, or w/e you use. Instead of having them installed system wide. And you can put the flake.nix and flake.lock in your git repo so any other Dev with nix can use it to DL the exact same packages.
You could use Torbox.app. Its like debrid, but also seeds so you can use it for private trackers.