https://edition.cnn.com/2025/10/09/business/china-tightens-rare-earth-export-controls-intl-hnk seems to contradict your statement.

Isn’t the US responsible for those restrictions in the first place?

If they do the object recognition on the cloud there is no way they offer those doorbells without any monthly subscription. My guess is that it is either doing something on the device or is just a dumb camera with an RTSP feed without any AI features.

My guess is the latter, considering the price. And still 20 bucks for this doorbell without a monthly subscription is a good deal. If they build something natively supporting Home Assistant that would be a killer device.

But as a friend used to say, if something is free, you are the product.

I agree with you, very little information was provided but I presume this is just Tuya or some similar OEM brand and maybe you can install a local control and cut the cloud part of the equation.

At the moment it is pure speculation on my part, but I am sure there are plenty of smart folks out there who would love to tinker with it and maybe find a way to install some custom firmware to cut the stalkware.

It would be interesting if it is also compatible with Home Assistant. That could be a really good entry level video doorbell

The king had his feelings hurt and he has no one to blame but himself.

He signed a trade agreement with Mexico and Canada during his first term which he isn’t honoring anymore. And then he is annoyed that people are feeling angry at his shenanigans.

The problem is that I have a couple of services listening on different ports and I want to use the reverse proxy to listen to incoming requests and route the traffic to the corresponding ports. I also want to issue SSL certificates and serve the traffic over TCP port 443.

Yes, I know that, but I just don’t want to remember the port numbers or create some bookmarks.

I think I can create a CNAME record for *.media to point to the Tailscale address of the reverse proxy and then use the reverse proxy with Cloudflare API key to serve SSL certificates from my domain.

I am currently struggling a bit with the setup though.

I have a registered domain name already, but I am behind CGNAT and I don’t really have a public IP.

I want to allow access to my services remotely only through Tailscale.

Yeah, I checked their webpage. The device looks solid, but finding replacement parts, the lack of touchpads, the higher resolution (1920x1080) will all affect your user experience.

Then there is thermal throttling, battery longevity, storage expandability, etc.

I will definitely do that, I just want to finish the whole setup.

Mind you, you need to research a bit more about this particular handheld, because in handhelds, ergonomics, long term support, etc. all play a very important role.

I have a Steam Deck and while I didn’t try other handhelds, I am quite content with its performance. A lot of people who purchased more powerful handhelds eventually also settled with Steam Deck, due to numerous factors, so just be very careful with that step.

I am playing around with Podman Quadlet and that’s one hell of a rabbit hole. I have everything up and running, and now I need to configure the containers, and probably will deal with other pain points, etc.

The good thing is that I have documented the whole process so it is reproducible but it took me quite some time to figure out everything.

Why don’t you simply stream the games to your handheld? No matter what handheld you get after a couple of years it will struggle with newer titles, and building a desktop with a discrete GPU that you can upgrade every now and then is the better option in my eyes.

Because it is beginner friendly and it has a lifetime license I guess and it is not yet enshittified.

Nice, thanks for sharing. How did you solve the file permission issue?

Also I see you put all your services as a single pod quadlet what I am trying to achieve is to have every service as a separate systemd unit file, that I can control separately. In this case you also have a complication with the network setup.

You can actually set your user to linger with

sudo loginctl enable-linger $USER

I will test your setup and report back if it works.

By the way what was the reason to switch back to Docker Compose?

There are no logs in journalctl, just when I check the status of the systemd services I see that the container service has crashed and after 5-6 restarts it gave up.

I was thinking of installing the latest podman 5.7.0 and try with it, as there are quite a few updates between that one and 5.4.2 that comes as standard on Rocky.

I can try to upload my container services and network tomorrow and share the link here.

Absolutely plus I love the idea of having them as separate services. I just don’t know how to configure them apparently.

Did you create a separate systemd network for your Quadlets or are you using a bridge or host network?