Introducing an open-source, auto-configured home automation system based on Home Assistant. The system sets up a robust, secure infrastructure in minutes, ensuring top-notch security and privacy.

It’s user-friendly, cost-effective (around $50), and offers out-of-the-box support for a broad range of IoT devices including ZigBee, Ethernet, Wi-Fi, and Bluetooth.

The project is available on GitHub: https://github.com/lucadibello/zerotrust-your-home

  • Conroman16@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Impressive. It’s set up like a corporation would do it. Very much overkill for most folks, but still a wonderful writeup. Hopefully it doesn’t turn out to need an entire corporate team just to manage and support it.

    What you’re doing here is essentially what I do in my setup, but I haven’t ever attempted to write any of it down or automate the configuration of it. The main differences are: I use two piholes with VRRP addresses as my primary DNS servers, and then IPA as the actual source of record for most of the internal zones. IPA also backs a keycloak cluster which in turn backs my Cloudflare Access config via SAML and thus functions as the SSO arbiter for the tunnels. Also, these days I don’t go nearly as far out of my way to put unnecessary monitoring or restrictions on things just for the sake of “hardening” because it’s just a pain in the ass on down the road unless you’re some high profile target. I get into enough of this stuff at work that I don’t care to deal with it in my personal life. Well-known defaults and best-practices are plenty safe for the average user. 

    In general, great writeup. Hopefully it helps guide some of the less experienced folks into setting up something better than what they already have

    • SkinnyT_NJ@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’d be curious to know more about your real world setup. I agree that some overkill may be necessary, but not for the majority of us that just want to stay behind closed doors, and at least open them when we see fit.

      I’ve started down the path of securing and anonymizing my network a few months ago, but it’s tough finding a more well laid out plan.

    • RainSwiss@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yes, this project might be a bit overkill if used in a home-setting, but the norm if employed in offices / any other workplace.

      Thank you very much for your feedback!