I've really enjoyed working on and improving Taskpony and am pleased to be able to release another update in the hope that you'll also like it.

• Demo 1
• Demo 2
• More information
• Release Notes

cross-posted from: https://feditown.com/post/2375147

I'm not the creator of this program, but its too fun not to share! The comments from the developer and users joining the swarms on the reddit thread are hilarious.

It's basically a decentralized swarm of docker users. It does nothing except tell you how many other users you are connected to. Some are in the tens of thousands, haha!

https://github.com/lklynet/hypermind

I've tried unsuccessfully to get Valutwarden working without a proxy. See here. Any request with https leads me to the SSL_ERROR_RX_RECORD_TOO_LONG error, while via http I get the "Loading wheel" running indefinitely.

Despite the top of the page here suggests you can run Valutwarden without internally without proxy, my experience suggest that this is not the case and have tried on different VMs getting the same error. So seems like the only way is going via proxy. From what I've read, people seem to suggest that Traefik is the way to go. So I'm thinking of setting it up on my same VM as Valutwarden.

Note that my network is behind a pfsense install on another hardware machine. DNS forwarding is enabled with unbound. Will installing Traefik require changes to pfSense config? Looks like it may be the case from here. For now all I want is getting Vaultwarden going; later down the line I'll learn how Traefik can benefit the rest of my homelab.

I'm trying to work out the simplest way of getting Vaultwarden going using a minimalistic proxy, as there seems to be no alternative to not having a proxy going. Thoughts?

I'm having some problems installing Vaultwarden and I wonder if it because I'm running docker compose in the wrong way and there are user permission issues.

What is the right way of installing docker compose (on a linux VM)? In in the past I would create a docker folder /home/user/docker. In there I would create the folder firefly or whatever and then I would run docker compose as user. So, when installing firefly, I would be in the /home/user/docker/firefly and run docker compose from within. Not as root (using sudo) but as a the normal user user. Firefly service would just run without problmes. Shoudl I be installing containers this way of shoudl I be using root (sudo)?

I wanted to run a container with Netbird and Memos. I currently have same setup with Tailscale. Could anyone guide me how I can replicate the same using docker compose. @selfhost

Example docker compose

services:
ts-webserver1:
image: tailscale/tailscale:latest
hostname: memos
environment:
- TS_AUTHKEY=tskey-auth-key
- TS_STATE_DIR=/var/lib/tailscale
volumes:
- tailscale-data-webserver1:/var/lib/tailscale
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- net_admin
- sys_module
restart: unless-stopped

memos:
image: neosmemo/memos:stable
network_mode: service:ts-webserver1
volumes:
- memos-data:/var/opt/memos
environment:
- MEMOS_MODE=prod
- MEMOS_PORT=5230
- MEMOS_DATA=/var/opt/memos
restart: unless-stopped
depends_on:
- ts-webserver1
volumes:
tailscale-data-webserver1:
driver: local
memos-data:
driver: local

Last week bought a Nuki Smart Lock Pro 5 to be able to open the door remotely in case it is needed.

As I don't want any IoT device to have access to internet and send telemetry, I (tried) to add it to my isolated vlan where all my sensors are connected, but I had some issues trying to set up the local MQTT (I'm not alone on this). DISCLAIMER: you need their mobile app to set up the device, but I was able to do it mostly without internet connection, only Bluetooth and GPS enabled.

After some digging, found this troubleshooting FAQ, which mentioned to either disabling DNS port or blocking just HTTPS port in firewall.

In my case, as I do provide DNS to some local services within that isolated network I cannot simply block DNS on firewall, indeed my DNS querying is restricted to my local zone, anything else is refused. Internet forwarding is blocked, too. Under this conditions, MQTT setup was still refusing to connect to my server, although I was seeing some attempts in the mosquitto server logs.

My solution was just forcing the nuki.io to return 127.0.0.1 for any record (i.e. set up *.nuki.io IN A 127.0.0.1 in my DNS server for that network), as it seems the device use DNS as LAN connectivity healthcheck, so when it was unable to resolve some nuki.io records, it was disconnected from the WLAN.

With that set up I was able to make it work without internet connectivity. Note that even with this I received an error (8E) within the app, but if you return back, the MQTT connectivity data gets stored and it connects after a few seconds.

Hope this helps anyone facing the same issue.

I’ve been running my #TrueNAS #homelab for six months now. And as I’m moving more services to it, I need to make sure I also can restore my Docker containers if the server should crash.

Is getting a SFF box like one of the ThinkCentre M7xx/M9xx and restore there a good way to do that exercise?

#selfhosting #selfhosted

@selfhost

So far all my setups have had root on SSD mirror with separate hard disk storage pool for all the data. Years ago I used to keep the app config, databases and docker files on the root filesystem, while the app data resided on the storage pool. That was cumbersome for backups and storage size. Eventually I moved all app data to the storage pool. Essentially the apps can be started on any machine with a Linux OS that has docker installed. Database access is slower but it's a decent compromise for having trivial all-in-one snapshots and backup. Now I'm setting up a new NAS for a friend and I'm wondering whether it's worth keeping the root filesystem separate from the storage pool. If I put it on the disks, I'd get trivial full system snapshots and backups. I'd have the same hardware reliability as the storage pool. There wouldn't be issues with root filling up. The caveat is that the OS would be slower. Has anyone reasoned and/or tried this? Should I go for it?

E: I recently put my laptop's root on ZFS and the ability to do full backups while the system is running is pretty great. The full system can be pretty trivialy restored to a new drive with zfs send / recv during setup.

cross-posted from: https://discuss.online/post/30840627

Genuine question, so please don't be mean to whoever responds. Better to learn than to judge.

Curious if people who are on Cloudflare are considering any selfhosted alternatives? If not, interested to hear what is a deal breaker in regards to using a service besides Cloudflare. I do hear a lot of praise for Cloudflare when facing DDOS, and always happy to learn more!

However, not all of the charts seem to be getting updated.

I'm running my own harbor registry for maintaining my own images for www.keyboardvagabond.com and I was working on finishing up this longhorn excessive api call issue when I saw that harbor stopped working.

Essentially, the gist is that they moved certain image references to the bitnamilegacy repository instead of bitnami, but the harbor helm chart didn't get the updates, so the images failed to pull because they "disappeared" and updating the the latest helm version didn't solve it.

Essentially, for now what I had to do was go to the default values modal and search for "repository" and make sure that I had an entry under earch part for image.repository where the value was bitnamilegacy/<failing image name without tag>.

This took me a while to figure out and I hope this helps someone!

I've been selfhosting for a bit, but have never really gotten a solid understanding of Traefik.

What I'd like to do is have 3 machines, 1 as an "entry point" where Traefik forwards by domain to the two other machines. Ie I route to anything.domain1.com and the entry machine forwards to machine 1, anything.domain2.com forwards to machine 2.

Then on each machine have another instance of Traefik to manage the applications that machine hosts.

Is this even possible? Without using docker swarm?

Thanks.

I have been looking into setting up a secure home/small business server and hardening my local network and I came across this kickstarter which is currently floundering, likely because it’s campaign page is way too technical without enough fluff for the uninformed out there (like myself to some extent). For reference I work in small industry and have some interest in implementing more IOT, and also want to self host more of my media probably via Jellyfin, and an indieweb site, possibly some AI automation via n8n.

That said, from what I can tell it seems like a really great device for my use case actually, combining a multiband WiFi 7 gateway with a built in NAS and upgradeable compute modules. As a bonus it is a German company so I’m a bit less worried about back doors that with some of the Chinese generic manufacturers out there. That said, I haven't run a server of my own before and am not sure what to make of the hardware specifications.

What I can’t sus out is how secure this actually is, how technical my background needs to be to get it set up effectively, and whether the price is good for the hardware. Any help?

cross-posted from: https://sh.itjust.works/post/49034430

Looking for some advice / recommendations / considerations on running OPNsense on bare metal vs virtualized, and if virtualized how best to do so.

I currently have OPNsense running bare metal on a Protectli FW6E Vault, with the following specs:

• Intel i7-8550U CPU @ 1.80GHz
• 120GB mSATA (1% utilization)
• 16GB RAM (6.5% utilization)
• 6 Gigabit Ethernet NIC ports

The Vault running OPNsense is the primary firewall and router, any wireless devices connect through a dumb AP running OpenWRT. Connected over Ethernet I have a RPi running HomeAssistant OS (would probably also move to virtual if that's the chosen direction) as well as a TrueNAS setup.

How much of a performance hit would be expected running in some sort of container vs the current bare metal setup? Are there any other concerns with running the main firewall / router virtually vs bare metal to take into account?

cross-posted from: https://lemmy.world/post/38014703

Hi All, my fork of Tempo has had a rebrand, which was a requirement to get back into the app stores as the original Tempo still exists in F-Droid/IzzyOnDroid

Tempus v4.0.7

Attention

This release will not update previous installs as it is considered a new app, no longer Tempo, new icon, new app id, and new app name. Hoping it will not be a huge inconvenience but was necessary in order to publish to app stores izzyDroid

Android Auto Support should be the same as before, however, I was not able to test any of the icons/visuals, so please let me know if there are any remnants of the tempo logo/icon as I believe I removed them all and replaced them successfully.

What's Changed

fix: Crash on share no expiration date or field returned from api
fix: Check also underlying transport 
feat: Unhide genre from album details view 
fix: persist album sorting on resume 
chore: Tempus rebrand 
chore: Update Polish translation 

Now available via the IzzyOnDroid Repository -> https://apt.izzysoft.de/fdroid/index/apk/com.eddyizm.degoogled.tempus

note:

app-tempo* <- The github release with all the android auto/chromecast features

app-degoogled* <- The izzyOnDroid release that goes without any of the google stuff.

As usual, any dev contributions appreciated as I am not actually a java/mobile dev, so my progress is significantly slower than those who do this on the daily.

In particular, any android dev is familiar android auto to help me set up a dev environment

Hello, i'm looking to upgrade my 10 years old NAS/server. I already have the HDD and the case. But i have difficulties to chose motherboard, power supply, CPU & RAM.

So far i'm looking for :

• AMD CPU, +12 threads
• A bunch of SATA ports, maybe a LSI ? Which one ? And 2 NVME slots for the Motherboard.
• More than 16GB of ram, IF possible ECC
• All of this available in western Europe

I'm aiming for a budget between 600€ and 900€ for those 4 components.

Have a nice day :)

cross-posted from: https://lemmy.world/post/37454125

Hi All,

my first post over here on lemmy. Thought I'd share my forked tempo release.

Some new fixes for October. v3.17.14

What's Changed

fix: General build warning and playback issues 
fix: persist album sort preference 
Fix album parse empty date field 
fix: Include shuffle/repeat controls in f-droid build's media notific… 
fix: limits image size to prevent widget crash 

note app-tempo* <- The github release with all the android auto/chromecast features

app-notquitemy* <- The f-droid release that goes without any of the google stuff.

Full Changelog: https://github.com/eddyizm/tempo/compare/v3.17.0...v3.17.14

As usual, any dev contributions appreciated as I am not actually a java/mobile dev, so my progress is significantly slower than those who do this on the daily.

In particular, any android dev is familiar with changing the name/icon in order get this app published in app stores.

IMPORTANT NOTE - READ FIRST:

While this can be selfhosted, YOU SHOULDNT! ... NONE of my projects have been audited or reviewed. I provide them for testing and demo purposes only. NOT to replace any other app you use.

BE RESPONSIBLE WHEN USING UNAUDITED SOFTWARE... DO NOT USE FOR SENSITIVE PURPOSES.

Now that I've hit you over the head with caution...

Want to send encrypted WebRTC messages and video calls with no downloads, no sign-ups and no tracking?

This prototype uses WebRTC to establish an encrypted browser-to-browser connection. Everything is stored locally in browser storage and cleared when you clear the site data from your browser - true zerodata privacy!

• Demo: https://chat.positive-intentions.com/
• Github: https://github.com/positive-intentions/chat
• Website: https://positive-intentions.com/
• Mastodon: https://infosec.exchange/@xoron

I have 2 servers both running a Debian VM each. The old VM was one of the first o installed several years ago when I knew lityle and its messed up and has little space left. It running on Truenas Scale and has a couple of docker apps that I'm very dependent on (Firefly, Hammond). I want to move the datasets for these docker apps to a newer VM running on Proxmox server. It a Debian 13 VM with loads of space. What are my options for moving the data given neither Firefly nor Hammond have the appropriate export / import functions? I could migrate the old VM that that wouldn't resolve my space issue. Plus it Debian 10 and it would take a lot to being it up to Trixie.

Howdy folks,

I’ve come upon a solid amount of 4tb drives, 8 SAS drives for dirt cheap from a local biz. Never used. I saw a HP ProLiant DL385p Gen8 Server on eBay for $80 and thought it was a score since it had been the best deal. I’d been wanting to upgrade off my think center m710. Curious any recommendations for this? My current setup is as follows:

Main server:

Lenovo think center m710

16gb, gt 1030, 2 4tb HDD sata, one 500gb ssd sata

Ubuntu lts

Docker compose

• Arr stack -Gluetun with open on proton in Germany -qbittorrent -sonarr -radarr -Overseer -cleanuparr -prowlarr -plex -navidrome -audiobookshelf -Minecraft server (modded: neoforge itzg) -immich -bunch of others that aren’t fully working like tatuli or plex wrapped

Secondary Thinkpad x220 (loved this shit through college) 16gbRAM, 250ssd sata Arch Docker compose -searxng -pihole dns

I’m still looking in to some security system ideas as I’d like to use some storage and maybe do that with some of it. Or some cybersecurity projects or a banned book library or something. I’m open to any suggestions to help this go as smooth as I can make it and as fun as it can be.

Good day folks, my company recently gave me some hardware, one in particular I’m curious if there are any real use cases for it. I’m not particularly well with networking. This device is a Cisco Meraki MX64. I saw it doesn’t support open WRT so I’m curious if there are any other known projects or alternative software that could run on it. I’d love to toss it in with my network stack but all I have now is just a switch that it’ll plug in to but would love to replace e switch with it.

Let's say I have a domain called mysite.com

mysite.com points to a server which only opens port 443, and each connection will need to go through that and deal with Caddy reverse proxy.

I want to host more services on it.

Let's say I want to host an email service, the easiest thing would be using a subdomain such as mail.mysite.com and reverse proxy each connection to the internal port on which the service run.

Same with a chat service chat.mysite.com.

But for the sake of readability it would be much better to simply have username@mysite.com than username@mail.mysite.com or username@chat.mysite.com.

reverse proxying every request from a subdomain to the right port is pretty straightforward with Caddy, also if you use cloudflare you can proxy with cloudflare each subdomain and have auto SSL certificate without further set up, which is amazing!

But what if I do want my services to be accessed through mysite.com directly instead of a specific per-service subdomain?

Some federated services also have two separate ports for server requests and client requests, which further complicates the process..

Is this service specific and must configured individually for each service? Or there is a way to tell caddy that a specific request going through mysite.com should be redirected through port X.X.X.X? Is there a way Caddy can recognize where requests need to be directed?

I've been self hosting a matrix istance for a while, but I'm honestly really really tired of bugs on clients and authentication not working, I know matrix is very feature rich and is awesome that is federated, but I'd prefer to use something which loads my server less and which is more simple despite lacking some features, what do you think?

Hello everybody,

I want to ask for some opinions on my current setup and how I pretend to use it for my Media Server:

Current Layout

I currently use an UGREEN DXP2800 NAS running TrueNAS Scale with two 4 TB HDDs in Mirror mode. This is planned to be my "long-term storage" for backups, photos, and so on.

Additionally, I have 1 TB SSD installed in the system. I created two datasets on it: one for Docker containers and the other one for Media, following the TRaSH guides folder layout

My current plan:

My idea is to use the SSD for the torrents and the seeds, and once the file (e.g. the ~~movie ~~ Linux ISO Image) is completed, to move it to the HDDs. From there, Jellyfin would read the corresponding dataset and play the media.

The question:

The TRaSH guides puts a lot of emphasis on hardlinks and atomic moves, and that forces you to operate in one single filesystem. Is it worth it to stick to the TRaSH guide or my current setup would work just fine? What do y'all think?

Thanks in advance and happy self-hosting!