Private Project · Home Security

homescope

A local-first home command deck running on a repurposed Intel iMac (Debian). Started as a Firewalla MSP insight layer and grew into a single Grafana console covering home network security, home health, and host vitals. Zero new egress by default — every cloud reach-out is deliberate and accounted for.

Status LAN-only · Internal git · Active development

What it watches

Network security — top talkers, beaconing detection, new domains, blocked outbound/inbound, inbound scans by country, riskiest devices, abnormal uploads, and new device events. Watchlists and a feedback loop let you teach it over time.

Home health — Ecobee climate and air quality, Ring doorbell, Rachio irrigation, outdoor weather, and Synology NAS health via SNMP.

The box itself — host vitals, internet uplink latency and loss, and local Ollama model status. All from /proc, zero egress.

Architecture

Five components, each swappable: collector, store, translator, briefer, and ask agent. Every number the model produces comes from a deterministic SQL query first. The model writes prose around facts the system hands it — it cannot invent traffic that isn't in the database.

The DJ (triage.py + dj.py) pre-sorts watchlist noise into auto-handled versus needs-you, using the local Ollama model. It proposes, never auto-acts. Decisions stay yours.

Security posture

ufw default-deny inbound. Read-only MSP token. Secrets live in 600 files outside the repo, never committed. The ask box binds 127.0.0.1 only, reached via nginx HTTPS with basic auth. Grafana is LAN-bound with auth on and no anonymous access.

Egress is honestly accounted for: a routine MSP poll over outbound HTTPS, an optional roll-up email, WAN-health ICMP pings, and whois RDAP on human trigger only. Everything else is local.

Key findings

The MSP API's time-window filters don't work — every query returns newest-first regardless of parameters. Worked around with pagination plus a bookmark file, so new records are captured without gaps or duplicates.

Shared CDNs defeat domain-level attribution. Disney+ rides Akamai and Fastly, so flow data can't distinguish it from anything else on the same edge. The agent reports what it sees and what it can't, without filling the gap with guesses.

Design principle

The grounding constraint is non-negotiable: the model translates facts the system produces, it does not generate facts the system hasn't verified. That boundary is what makes the output trustworthy on a home network where the stakes are real.