But you’re still using Caddy as the sole reverse proxy, don’t you? Do you have multiple Caddy instances that require access to a single certificate?

I do not understand why you are using certwarden when Caddy can generate SSL certificates by itself.

Well, for image manipulation, I can only think of GIMP as I have been using it for close to 2 decades. But because I have barely scratched the surface of what you can do with it, I don’t know if it would be a suitable replacement for your use-case. Also of note, its UI is definitely not a one-to-one reproduction of Photoshop’s, so it will require some getting used to.

You’re 100% right, OP could sync their mobile apps when the PC is up and get everything to work when it’s off.

AdGuard’s dnsproxy should fill the bill.

Try running this command from your PC, your server and the uptime kuma container:

dig @192.168.0.100 api.pushover.net

If it fails on all three, the issue is on PiHole. If it fails on the server or container, it’s a common networking issue between container and host or intra-container.

No issue as well, seems like you have a DNS issue. Any chance you’ve got a PiHole with a faulty config?

Have you tried Piper’s speech models? You can use Pied to install a model and set Orca to use it by default. The French one is very good.

I don’t think Pi-Hole can query DoT and DoH resolvers directly. People usually set up unbound or AdGuard’s dnsproxy, configure it to forward queries to the DoT/DoH resolver and set it as Pi-Hole’s upstream resolver.

I have no experience with Wallabag, but I have been pretty happy with Readeck. Skimming through Wallabag’s documentation, I would say they are pretty similar, while both have unique features. For example, Wallabag has annotations (you can only highlight in Readeck), and Android and iOS apps; whereas Readeck can export collections to eBooks, has RSS feeds for pretty much anything (all articles, unread, archives, collections, etc.) and its browser extension allows to only save part of a page (by selecting it first) and to directly send the page content to your instance (which is useful when saving paywalled content)

Caddy with DNS provider module: https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148

I would add that you can follow this guide for building Caddy with DNS Provider modules. For Docker you can start from the instructions for Caddy Docker Proxy

I use unbound as an upstream resolver for Pi-hole, not directly on my machines. Be aware that resolving new domains can incur some delay (about 1s), but once cached, it’s pretty quick, even for additional entries on the same domain.

Every developer wishing to offer applications on F-Droid will have to register their identities and package names to Google for Android devices to install their apps, regardless of the distribution platform (F-Droid, Obtainium, GitHub releases, etc.)

From my understanding, it will only allow apps that were registered, so since ReVanced uses identical package names to the patched apps, it probably won’t work unless they start using ReVanced-specific package names that are tied to their identity. But that would allow Google to block these package names (or ban ReVanced completely) if say, Spotify or YouTube complain about them.

Hopefully, the EU and other jurisdictions block this.

This is very similar to the notarization process Apple introduced to comply with the EU requirement of allowing third-party stores, and yet the EU doesn’t seem concerned (maybe because Apple did not allow third-party stores in the first place, will it be different for Google?)

I first read the original report from Android Authority thinking it would only be an additional hurdle for third-party stores and developers, but I’m now thinking that it would potentially block the use of ReVanced

1: I’m assuming (hoping) this wouldn’t be a full wipe and start over? It should just upgrade right?

Yes, you can upgrade in-place. If I recall correctly, you just have to change the release channel from LTS to non-LTS in the Sources app, then trigger an update (I don’t quite remember how to do)

2: Do I need to do the whole USB route, and if so is there an option to keep everything (I’m hoping, I put a LOT of work into this so far and I don’t remember if that was an option on first install).

No, as I said above. But it’s always a good idea to have backups if you ever need to wipe and re-install.

3: I remember a few apps I installed were specific to Noble, will this break those apps?

Hard to be 100% sure without knowing which apps and how they were installed, but most likely yes as their dependencies might no longer be available on Plucky.

4: It seems like there should be an option to upgrade from the desktop, but I don’t have that option. If I run plasma-distro-release-notifier I should get an update notification right? In which case I can just say “hell yeah!” and it’ll do its thing?

Refer to my first answer

What’s your issue exactly?

Personally, I set up Caddy with subdomains like radarr.local.example.tld, added a DNS entry on my domain so that *.local.example.tld points to the local IP of Caddy, then followed this guide so that Caddy issues TLS certificates using the DNS challenge (since the subdomains don’t point to anything accessible from Internet) along with the caddy-docker-proxy plug-in to easily manage upstreams.

Don’t you have any off-site backup? It would help keeping some peace of mind knowing you have a copy somewhere else.