Another solution I don’t see mentioned (yet) is have both ends connect to a VPS running your WG endpoint. Then both sides only have to have egress ability, nothing coming in, no CGNAT to worry about.

Negative. All done in uptimekuma/HA. You’ll need an access-token from your home assistant server but it’s pretty straightforward.

I use uptimekuma with notifications through home assistant. I get notifications on my phone and watch. I had notifications set up to go to a room on my matrix homeserver but recently migrated it and don’t feel like messing with the room.

FWIW, here’s my compose file. I 100% use https for everything internal. With LetsEncrypt and Pihole, why wouldn’t you? It’s dead-simple.

networks:
  backend:
    external: True

services:
  vaultwarden:
    container_name: vw-svr-00
    image: vaultwarden/server
    environment:
      - TZ=My/Timezone
      - DOMAIN=https://my.internal.domain/
#    ports:
#      - "82:80"
    volumes:
      - ./vw_data:/data
    networks:
      - backend
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.vaultwarden.rule=Host(`my.internal.domain`)”
      - "traefik.http.routers.vaultwarden.entrypoints=websecure"
      - "traefik.http.routers.vaultwarden.tls=true"
      - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"

edit: I also run my instance on a subdomain vs a path. So my instances is actually at vw.internal.domain.

Yes. You can enable password requirements to install them. iOS at least, don’t know about Android.

Different use cases.

Why are you running full VMs for something that can be put in a container? Sounds to me (without having any evidence or proof) that you’re running out of memory and you’re swapping and it’s taking forever. That’s what causes the VMs to slow/stop.

Why not just run your own WireGuard instance? I have a pivpn vm for it and it works great. You could also just put jellyfin behind a TLS terminating reverse proxy.

Cloudflare zero trust tunnel might be up your alley. Look into that. It’s free but has privacy concerns so do your homework.

This is what I ended up going with. I’ll just have to keep an eye on disk space.

I’ll have to check this out. Have you run this in a container or just a native app?

Kind of. I’m thinking something along the lines of sonarr/radarr/etc but with the ability to play/stream the podcast instead of downloading it. I tend to use web interfaces of stuff like that at work and can’t really use my phone. Maybe I’ll have to look into a roll-your-own solution using some existing stuff. Was hoping I wouldn’t have to.