I'm just copy pasting my reddit writeup since that's where the creator is active. For those curious the basic idea of cosmos (https://cosmos-cloud.io/) is home server with a push towards default safety stuff. Reverse proxy over your docker containers configured to not see beyond their world sort of thing so you can safely control access. I believe it's a one person project and still very much in development, but given that so many people just drop "roll your own, you just need to learn...." as the solution I find this to be vastly preferable, and maybe better than things like CasaOS

Post:
I've had less time than I hoped to really poke at this, so it's a bit rambly/stream of consciousness. Figured I'd put this up as a data point for anyone either considering cosmos, or maybe as some feedback. If anyone wants more detail on a specific part I'll gladly dive in, but for now if I don't put this up I never will. A very large thanks to the various people who guided me on the discord.

Techstack/layout/hardware:

1. Cloudflare domain with proxy active
2. Ubiquiti UDM Pro router
3. MS01 on Unbuntu, in default DMZ vlan
4. Client devices on other vlans(a secure VLAN, technically not the default but similar) or external to network

Personal skill level: I code for a living, but that's probably overstating my skill. Mostly light CRUD apps. Network is a MASSIVE blindspot that I know very little about. This project was in part to help fix that by getting me some practical experience. It's also GROSSLY overspecc'd for my skill level with some hope I can eventually do some more ambitious stuff.

Setup: I had installed Cosmos before and run it locally unsecured/self signed (as provided by just clicking on the button in cosmos), just to make sure I understood "intended" behavior.

My initial hiccups mostly revolved around me setting up port forwarding incorrectly in the router, so i'll skip most of that. Short version is misread something, went down the out of date documentation rabbit hole and then doubled down with some AI hallucinations. In the end it's MUCH easier than I was making it.

All i needed to do was setup a 443 port forward to the static IP of my Cosmos box. It's even limited to cloudflare IPs only, which was just taking the list provided by cloud flare and copy pasting it in. There's a section in ubiquitis network interface for this and it's very straight forward.

From there it was configuring the right tokens so I could do the cloudflare DNS Challenge, which is well documented (went the double token route rather than full key.) Once I found the right pages for that it was simple.

Made my tokens, but was confused as hell because in Comsos it says "you don't need to fill everything out" for cloudflare, and there's CLEARLY duplicate entries, so I wasn't sure if I needed to fill out both.

From what I can tell, you need to fill out the duplicates (so you will double enter your email and your key/tokens). You can leave blank things like timeouts or whatever you're not using (key if using tokens, token if using key). Some clarity on the dupe thing might help.

I do think a small guide on bare minimum DNS config would also help. I was using a root A record and a CNAME wildcard record, and I never got it to working with cosmos. Unsure if that's my fault or not, but when I changed the wildcard to another A record (so A record for root and A record for *), it started working. For someone like me who knows fuck all about any of this, there was a lot of stumbling around with DNS.

Of note I did select allow wildcard domains and .local domains on all attempts. No insecure http local access.

From there it, mostly, started working. Https enabled and everyone can connect....exceeeept .local domains.

This is the part i'm still struggling with. There's not a lot of documentation on .local, just "it will work if you check the box". I'm not sure if it clashes with https, or if i need to self sign, or if it really should be that easy.

My understanding is I just make new url for an app, call it whatever.local, and boom I should be able to connect so long as i'm one the same network.

In practice, I see no traffic hitting the server when I try this(unless on the server itself), and get timeouts from local clients (server does work). I got it to work once from a client on another vlan after trying to curl the https://whatever.local, but the next morning with nothing changed (went to bed right after and just left the machines running), it no longer worked.

I did 100% confirm this worked because I used filebrowser to transfer some large data at speeds that NEVER would have been possible if it wasn't over my local network(everything is wired, no wifi, hence the desire for .local access). Also worth noting that I CAN ping the server locally and ssh to it from my other network, so i'm confident the firewall/vlans are configured correctly for that.

Even for that brief moment when it was working, I STILL couldn't hit domain.local. It clearly exists, but if I can hit it (again from the server box or for that one moment from my other machine) I get the "you should use your domain address" text and cannot continue.

I suspect router shenanigans (i do have mdns enabled on all VLANS), but I'm having a hard time finding logs and what not for this. I'm also unsure if I don't know enough and am doing some config that obviously shouldn't work. I have toggled the "allow insecure local access" option in testing once or twice, but it doesn't seem to change anything. Not sure how long the delay should be.

Small things I noticed that might need fixing/expanding: 1. The initial admin account creation "your passwords do not match" help text is not in English. 2. Small thing but while browsing the market it seems there's a few configs that no longer work or aren't supported. EmulatorJS was the main one that seemed clearly done. 3. Hitting the domain, after logging in but not having touched it since forever, just gives you a "user unauthorized" warning but still lets you putter around the setup. 4. Related to that, it does sorta suck that right now even normal users see so much. I would like to hide a LOT of the interface for some of my users(just show them installed visible apps?), and while I can hide something like a new URL, I can't hide the URL screen, or the market, or whatever. It's "fine" but several test members had to be told "yes i know you can see that, no its fine, no you can't delete or edit, yes i know it looks like you can, yes i've tested, etc, etc" 5. In my testing, I did manage to get my domain IP banned by smart shield due to all the logging in and out. Was easy enough to bounce the box and get back in, but maybe a "heavy testing" mode an admin can enable that has smart shield chill for 30 minutes? Dunno how sane that is given the security first focus and I'm sure I could've whitelisted the IP briefly/neutered smart shield somewhere. 6. When entering your license key, you instantly see a "manage your license" button pop up. I emailed about it because I was confused and thought my license was busted, but just needed to scroll to the bottom and hit save. Just a flow thing that might wan to change. 7. Maybe an early "what is your goal" question? Local only vs using a domain vs using a domain and local access with adjusted config process to skip/auto handle things that could go wrong?
8. The "make admin only" checkbox on every app i've installed, that has it, doesn't appear to work. I have to go into the URL config and manually make it admin only from there. Maybe i'm misunderstanding where/how it's doing this, but some light testing seems to confirm that non admin accounts can access until I do that.

Side issues:

At some point in all this my Ubuntu took a spirited attempt at destroying itself and would let me login and then just show me a cursor and nothing else. Couldn't get to the terminal through the recommended ways, but after sshing to the box locally and changing uhh...the display driver I think?, it's mostly been working, but I cannot restart the machine without issues until I hard shutdown (hold the power button). I doubt this is related to cosmos (either caused by, or affecting behavior), but figure I should mention it just in case. Planning a full reinstall later.

Overall:

I do love it. Cosmos is trying to be something that I think should exist and yet for some reason does not. There's so many ways to screw something like this up and the "well just roll your own" approach is hellishly easy to screw up with extreme consequences. I have a few more upgrades/tweaks to do (get .local working, maybe reinstall the OS and the thus resetup from scratch, NAS for storage of some family videos/photos we want backed up in more than one spot), and I have mostly enjoyed how clear Cosmos has been.

Add awesome game deals to this topic as they come up over the course of the week!

Alternately, ask about a given game deal if you want the community’s opinions: e.g. “What games from this bundle are most worth my attention?”

Rules:

• No grey market sales
• No affiliate links

If posting a sale, it is strongly encouraged that you share why you think the available game/games are worthwhile.

All previous Save Point topics

If you don’t want to see threads in this series, add save point to your personal tag filters.

I’m sure most people know of the common examples (“Hold me closer, Tony Danza”), but I’m interested in lyrics that you or someone you know has gotten wrong in the songs you regularly listen to.

Also, I’m interested in the story of how you found out it was a misheard lyric.

• How long had you heard the wrong thing?
• How did you find out the what the actual line was supposed to be?
• Was there a dawning realization or comedy wrapped up in it?
• Do you still sing it your way in spite of the actual lyrics?
• Is the song actually improved by your lyric swap?

If it’s not a burden, link to the timestamp of the song(s) where your misheard lyrics occurs.

If you want to prime people to hear things your way, feel free to put the actual lyrics in a <details> dropdown to hide them, so people can listen to the song with your words in mind first.

With October approaching, it's time to play some horror games! Horror is my favorite genre. It's chock full of emotion and creative game design. It's a genre that has to continuously reinvent itself to avoid getting stale, which leads to dozens of incredible games.

The games I'd like to play for the first time are:

• Silent Hill 2 - I was holding out for a proper remaster for over a decade. It's finally here, but it's $70! I'll probably have to bite the bullet.
• Resident Evil Village - I've been meaning to play this for years and already own it! On sale for $10.
• Resident Evil 4 (Remaster) - I played the original but not the new remaster. On sale for $20.
• Dead Space - Just bought this on sale a few weeks ago. It looks really good! On sale for $12.
• Alien Isolation - Alien is one of my favorite movies of all time, so I should really play this.

Now for some recommendations:

• Resident Evil (REmake) - This is where you start if you're new to horror. Absolutely iconic, and not too scary thanks to its cheesy B-movie script, which can be humorous. On sale for $5.
• Resident Evil 7 Biohazard - This game was a true return to form in the horror department. Absolutely loved it. On sale for $8. Genuine steal.
• Inscryption - Not very spooky. Has a fun card game and a lot of intriguing ideas.

Are there any games you're looking forward to playing?

Do you have any recommendations?

Tildes is a very serious site, where we discuss very serious matters like search engines, ea and jane goodall. Tags culled from the highest voted topics from the last seven days, if anyone was inquisitive.

But one of my favourite tags happens to be offbeat! Taking its original inspiration from Sir Nils Olav III, this thread is looking for any far-fetched offbeat stories lurking in the newspapers. It may not deserve its own post, but it deserves a wider audience!

Im trying to get into the habit of setting a daily/weekly routine of hobbies, chores, meal planning etc.

Right now, they happen when they need to happen but its not the most efficient or well coordinated. And i'd like to spend less time thinking about when to do things or what to do for routine activities.

What are some routines that work for you well?

So I have a car that's ~10 years old and I like to listen to music as I drive. I was relying on the CD player, but it only works intermittently these days, so I'm looking into alternatives.

I'm not big on connecting my phone via Bluetooth for security reasons, battery life concerns, and poor connection for streaming. I've got radio of course, but it's slim pickings where I live.

I starting looking into digital audio players. They sound ideal - compact, big offline library, physical controls - so I was hoping someone on Tildes can recommend one to me. Alternatively, if you've another solution, I'd love to hear it.

It's been a while since I've watched an old TV show. We've had widescreen TVs in our houses for decades now. When HD and digital video came into the scene, it basically came hand in hand with the 16:9 aspect ratio. It was more cinematic. It was basically a mark of quality in and of itself.

On a whim, I decided to watch Wolf's Rain, an original Bones anime that was produced in 4:3. I thought it would be difficult to adapt to the more narrow screen. I was thinking what I'd be missing out on by the missing part of the screen.

In hindsight, those thoughts were pretty rediculous. The people who made the show knew they were going to target that aspect ratio, so they built the entire show around it. It's animation: every frame is literally a painting. The aspect ratio was never a limitation to the artist because it was effectively the same limitation any given piece of paper or canvas they would apply their art to.

By no longer producing video in 4:3, we have lost something important to framing: verticality and angularity. 16:9 means there's a lot more room to the left and right than there is up and down, and because you have so much more horizontal view dutch angles tend to be extra disorienting. While Wolf's Rain doesn't use dutch angles very often, vertical framing is extremely common. One early episode has a particularly striking scene where a white wolf is running vertically up a cliff towards the moon. Other times it's used to show off the scale of large structures, which can better express a sense of dread or oppression. The show also often has circular framing; where characters and objects are arranged in a circle, which doesn't seem to work quite as well aesthetically on widescreen formats.

Now that I've started thinking about this, I started to think about what a shame it is that we are actually losing some of our treasured 4:3 shows from the past. TV shows aren't terribly well archived in general outside of ultra-popular shows, and even then many old shows that were made for 4:3 have been bowdlerized into 16:9. Many shows have been stretched out or had their tops and bottoms deleted in order to fit into 16:9. Some shows were shot on film and had new scans done in order to use the parts that were originally designed to be cropped out. But because they are ruining the intent of the cinematographers, the addition is not necessarily a good one.

But what do you think? I know this is probably not a popular opinion, but I'm sure that I'm not the only one who thinks this.

As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!