It was missing a bunch of features last time I tried it - no crossfades, no automatic playlists (for things like liked songs, decades, etc), no artist radio (play an artist plus similar artists), no way to play sonically similar songs (based on server-side analysis), no loudness leveling, no Android Auto. Maybe it’s improved now - I’ll have to give it another shot.

Unfortunately I’m not sure I know enough about audio processing and similarity analysis to be able to implement those features myself.

Yeah, unfortunately it’s closed-source. It’s a good app though! If you build something similar that’s fully open source, with an Android app and Android Auto support, then I’d definitely be interested in trying it.

Have you tried Plexamp? It supports all the features in your list. You need a Plex Pass for most of its features though.

I’m not mentioning it to suggest your project is bad or to discourage you; I’m mentioning it since it might give you some inspiration for features to implement in your one :)

Bitwarden and Vaultwarden are different products. Vaultwarden is API-compatible with the Bitwarden client apps, but it’s a completely separate project.

Both are self hostable. Bitwarden is designed for large deployments (like companies with tens of thousands of employees) so the design is very different to Vaultwarden which is designed for small deployments.

I used to self-host Bitwarden but switched to Vaultwarden a while back.

In the Bitwarden Android app, make sure all the autofill settings are enabled, including accessibility (which helps with autofill in apps that don’t officially support it). Sometimes, system updates seem to disable them.

Also note that Android apps need to explicitly support autofill. Not all apps do. The “use accessibility” option is supposed to help with apps that don’t officially support autofill.

At least there’s some competitors now, which could be used as drop-in replacements if Let’s Encrypt were to disappear.

I suspect the vast majority of certificate authorities will implement the ACME protocol eventually, since the industry as a whole is moving towards certificates with shorter expiry times, meaning that automation will essentially be mandatory unless you like manually updating certs every 90-180 days.

There’s no reason your media server needs to be directly exposed to the public internet. Use Tailscale. Get everyone that uses it to sign up for a Tailscale account, and add them all to your Tailnet.

Tailscale will perform better than a Cloudflare tunnel because it’s a direct connection between the two peers, whereas Cloudflare tunnels route through Cloudflare.

Tailscale does have relay servers, but they’re only used in very rare cases, if both peers have very strict firewalls. Almost always, the connection between two peers over Tailscale is a direct connection, so there’s no extra latency (other than some small overhead for the encryption)

You could use Wireguard and manually configure it to be in a mesh config, but Tailscale makes it so much easier. I’m a big fan of their product.

Oh yeah, there’ll be some overhead if you’re running Wireguard on a router. Hitting your router’s public IP won’t go out to the internet though - the router will recognize that it’s its IP.

It’s common to run Wireguard on every computer/phone/tablet/etc where possible rather than just on the router, since this takes advantage of its peer-to-peer nature. For home use, that’s how it was originally designed to be used. Tailscale makes it a lot easier to configure it this way though - it’s a bit of work for vanilla Wireguard. Tailscale does support “subnet routers” if you have any devices that you want to access over the VPN that can’t run Tailscale.

My point is that since the VPN uses a different subnet, it’s fine to keep it connected even at home. It’ll only use the VPN if you access the server’s VPN IP, not its regular IP.

In any case, Tailscale and Wireguard are peer-to-peer, so the connection over the VPN is still directly to the server and there’s no real disadvantage of using the VPN IP on your local network.

Yeah, this. Plus if you leave it connected, you can use the VPN IPs while at home instead of having to use a different IP when at home vs when out (or deal with split horizon DNS)

Headscale is a replacement for the coordination servers, which are only used to distribute configs and help nodes find each other. It won’t change client-side behaviour.

I did this and it still seems to randomly disconnect.

If you have a separate subnet for it, then why do you only want it to be connected when you’re not on home wifi? You can just leave it connected all the time since it won’t interfere with accessing anything outside that subnet.

One of the main benefits of Wireguard (and Tailscale) is that it’s peer-to-peer rather than client-server. You can use the VPN IPs at home too, and it’ll add barely any overhead.

(leaving it connected is assuming you’re not routing all your traffic through one of the peers)

conditional Auto-Connect. If not on home wifi, connect to the tunnel.

You don’t need this with Tailscale since it uses a separate IP range for the tunnel.

Edit: Tailscale (and Wireguard) are peer-to-peer rather than client-server, so there’s no harm leaving it connected all the time, and hitting the VPN IPs while at home will just go over your local network.

The one thing you probably wouldn’t do at home is use an exit node, unless you want all your traffic to go through another node on the Tailnet.

Yeah my wife and I are both on Android, and I haven’t been able to figure out why it does that.

The Android client is open-source so maybe someone could figure it out. https://github.com/tailscale/tailscale-android

deleted by creator

Is it just you that uses it, or do friends and family use it too?

The best way to secure it is to use a VPN like Tailscale, which avoids having to expose it to the public internet.

This is what I do for our security cameras. My wife installed Tailscale on her laptop and phone, created an account, and I added her to my Tailnet. I created a home screen icon for the Blue Iris web UI on her phone and mentioned to her, “if the cameras don’t load, open Tailscale and make sure it’s connected”. Works great - she hasn’t complained about anything at all.

If you use Tailscale for everything, there’s no need to have a reverse proxy. If you use Unraid, version 7 added the ability to add individual Docker containers to the Tailnet, so each one can have a separate Tailscale IP and subdomain, and thus all of them can run on port 80.

That’s interesting… It used to be a lot heavier.

Authelia is definitely the lightest in terms of RAM, but it’s also the lightest in terms of features. As far as I can remember, they only added OIDC support fairly recently - previously it only supported proxying.

Nothing’s as bad as trying to host and maintain a Ruby on Rails app :)

Docker has made a lot of it a non-issue though, since the apps are already preconfigured within the Docker image.

That and email protocols are outdated and aren’t too secure. For example:

• Neither SMTP nor IMAP have no way to use two factor authentication.
• Spam blocking is so hard because SMTP was not designed with it in mind.
• SMTP has no way to do end-to-end encryption which is why you need to layer things like GPG on top.

IMAP has a modern replacement in JMAP, but it’s not widespread. SMTP is practically impossible to replace since it’s how email servers communicate with each other.

The “solution” has been for companies to make their own proprietary protocols and apps, for example the Gmail and Outlook apps combined with a Gmail or Microsoft 365 account respectively.