I use Frigate and HomeAssistant, they are on different hosts and the only port allowed from Frigate to HomeAssistant is the non-auth api port. For normal users using Frigate, I use an Oauth2-proxy instance on the same host (same compose) as Frigate tied to a third host with keycloak. go2rtc is on the Frigate host, but it only talks to Frigate and the cameras themselves. You can also access go2rtc from outside if you want to access the streams directly but your HomeAssistant does not need too. I find that this is better than the cameras directly as the processing is not really meant for a whole bunch of streams at once.

I followed docs for the HomeAssistant to Frigate stuff with the GIF notifications and it is working fine. I also use the Frigate integration (using HACS) so maybe there is a lot done for me.

Verizon and ATT just rebrand nokia ONTs and roll some of their own software that is mostly enhanced or changed encryption at L1. Can’t speak for Comcast, I only know about the other two as I’m in a smaller ISP that competes with them.

They use have L2 onts that don’t have any gateway functions, just fiber to ethernet with some extra overhead to monitor the connection between the hose and shelf.

The ONT-on-a-stick units do the same thing, just a more compact and expensive interface that doesn’t have great support, unless comcast or running all home run fibers where they can just provide a straight SFP instead of doing any optical splitting.

No, you are likely looking at an ONT (optical network terminal), and it is not a router. Even with a port that accepts the fiber (sfp or sfp+ for 10g) on your equipment, the OLT (optical line terminal) likely will not provide you with service.

If you were to match the wavelengths the ISP is using you are likely to become a “rogue” on their PON that can knock out service for other customers that share the same passive network as you.

I make assumptions about you being on PON since you say AT&T, generally all I have ever seen from them are passive networks (one fiber with splitters for 1 port to many customers) unless you are paying extra for “dedicated” ($$$$$) internet.

If they are using a ONT with an “RG” (residential gateway) which is the typical “all in one” you can request the gateway service can be removed and replaced with a layer 2 bridge, where you’re router/firewall gets the “external” addressing and there is nothing being done by the ISP equipment other than sending you traffic and OAM (operations, administration, and maintenance; usually check or alert for light levels, software status, if a part of the ONT fails etc).

For indoor cameras, I use TP-Link tapo wireless cameras, and hikvision for outdoor. I put all of them on an isolated camera wlan and vlan without internet. the tapos work fine without internet access, but the status light will always be orange as it tries to reach some tplink aws IP to verify connectivity.

All the hikvision cameras and tapos support rtsp.

typically you only need one power supply to run it, once you move to redundant power you can use the second one in case the first one fails. when you plug both in it will just balance across both until one fails.

in my opinion, hardware should only be hypervisors that run virtual machines, then you can provision VMs, similar to using VPSs. going this route you will need a vga monitor for initial setup, eventually everything is done over the lan with a web ui or ssh.

i use proxmox which is Debian based for the hypervisor.

As far as what you do with it, is that you can in theory replace the VPSs or test software in your lan.

to compare, i have my router (vyos), homeassistant, a docker server for hosting small services, a network lab (gns3), windows and mac VMs, and more running on a cluster that is using similar hardware.

it looks like there is a bedrock branch, but i personally have no experience with bedrock.

see this issue for more details: https://github.com/minekube/gate/issues/11

i have used gate for my internal and external, works very well and i do exactly what you are asking and separate different versions and modpacks by name https://github.com/minekube/gate

as someone who does stuff in my lab that can translate to a work context, i absolutely second this opinion.

if i am labbing to learn, then learning the best way to do it is always be the main focus, even if it means restarting what I was doing to change how some prerequisite is setup or functions.

today, OP is working with jellyfin, but as an example, what happens if later they get security cameras and want to use some sort of local ML to analyze events, and don’t want to put a lot cpu utilization to that task during lulls in activity? a solution might be to dynamically create and destroy containers for the analysis tasks, and the background on a network setup in an unrelated container stack that would allow scaling that means one less problem to solve later.

short between pairs probably. tdr (time domain reflectometer) cable tester should help locate fault. might be pinched somewhere or something else

there are “casts” you can get to repair buried cable. usually used in copper telephone plant, i wouldn’t trust it to certify to a gig but you could use it for a backup link or if you play with pots at some point. or “temporary repair”

i would expect your lengthy research would have included “router model default password”, “reset password router model” and “port forward on router model”

12-24 from a telco guy, buy a 12-24 tap to help take the paint off