No stress, just making sure there wasn’t some other reason for it. Cheers

Had a look at that, sounds pretty cool. Curious to know why you linked to a fork that is out of date and not to the original at https://github.com/BassT23/Proxmox

Cheers I’ll check out Ansible, it been on my lost of things to look at over the years anyway so its a good excuse to dig into it

Thanks for the recommendation, I’ll check it out

Yea that was going to be my next step if I don’t find anything that fits my needs, I’ll make it - but this is a solved problem for sure. I just need the right thing that’s close enough to what I’m looking for.

I used to turn off my phones alarm by throwing it across the room and it would burst into 3 pieces. Never had an issue.

I wish they didn’t need to replace Discover and were able to integrate changes into it upstream instead of implementing Bazaar. I’m sure they had their reasons though.

You can install it via flatpak and use selinux as well if you need. You can also encrypt and password protect the database, which can also be held in your keyring.

As with any app its up to you to decide and mitigate any perceived risks.

Yep

OTPClient

Awesome TOTP app that can import your Aegis Authenticator database, which then you can keep in sync with your phone and desktop.

Super handy.

Nice. I don’t think I need this but its good to have options

Damn, not sure I’m a fan of any of this. I left Arch because I didn’t want to be on Rolling release any more, and really liked what Nobara was offering for the out of the box experience.

Brave is super sketchy, and not sure about putting in yet another thing to handle updates (replacing plasma-discover and gnome-software).

I’m wondering if its worth forking it to remove some of these changes.

What about Deskflow? Worked pretty well for me.

All good, yea its because I need crowdsec installed on the proxy as well - not just the bouncer - in order to actually send the logs to Opnsense.

I ended up having some weird performance issues so I pulled it all out for now and will revisit another time.

With the bouncer setup, I assume I need to pass in where to look for logs or something for those to be passed into the lapi? I followed this CrowdSec and Nginx Proxy Manager , as far as I can tell everything is connected an running, I have crowdsec running on OpnSense via the plugin - it appears to be healthy as per the CrowdSec Console.

npm  | [nginx       ] nginx: [error] [lua] crowdsec.lua:62: init(): error loading captcha plugin: no recaptcha site key provided, can't use recaptcha       
npm  | [nginx       ] nginx: [error] [lua] ban.lua:37: new(): BAN_TEMPLATE_PATH and REDIRECT_LOCATION variable are empty, will return HTTP 403 for ban decisions
npm  | [nginx       ] nginx: [alert] [lua] crowdsec_openresty.conf:5):11: [Crowdsec] Initialisation done                                                    
npm  | [supervisor  ] starting service 'app'...                                                                                                             
npm  | [app         ] [5/5/2025] [11:26:30 PM] [Global   ] › ℹ  info      Using Sqlite: /data/database.sqlite                                               
npm  | [supervisor  ] all services started.

Cheers, I’ve since discovered that’s is “bouncers” that I want on the endpoints I.e on my Nginx Proxy Manager. I’ll just use the LAPI on the Opnsense box for now I think.

I thought crowdsec does everything fail2ban does in addition to global block lists?

Where did you have it setup? Is your proxy configured to forward the real IP?

Nah, that one conflicts with my IPoAC networks unfortunately :(

I did have that same thought actually, with opening up opnsense to be modified. But I also like the idea of it getting blocked before it even gets into my network, instead if letting it in initially and then blocking afterwards - that’s kinda the whole job of a firewall after all ha ha