What’s up, what’s down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
You must log in or register to comment.
Found out that docker volumes are important after restarting my server 🙃
Am I mistaken that docker creates temporary volumes with a nondescript name and you can potentially dig up the volumes that were being used in
/var/lib/docker/volumes?That’s a mistake you only make once!
Meh, made it a few times.
Some images treat volumes differently .
Looking at you, nextcloud.
Email… My wife really wants to further de-google, this means moving custom domains off gsute.
Do I move to proton/tuta or go back to self hosting email again like I did for years until about 2010?
If I self host, do I do it at home or on the server that runs my lemmy instance?
Don’t go to Proton or Tuta - both are impossible to get out of basically, do not support free standards and Proton is scumy in terms of their marketing.
Mailbox.org Infomaniak Fastmail Posted
Just to name a few.
I self-host my email using Mailcow, and use a VPS for it. I don’t trust my home server to be reliable enough, and the VPS providers have nicer equipment (modern AMD EPYC CPUs, enterprise SSDs, datacenter-grade 10Gbps or 40Gbps connections, etc). I use a separate VPS just for my emails - it’s the one thing I want to ensure is secure, so I didn’t want any other random software (that could potentially have security issues) running on it…
I also use an outbound SMTP relay to avoid having to deal with IP reputation. Very easy to configure this in Mailcow. SMTP2Go has a free plan for sending <1000 emails per month.
It kind of amazes me that, in this day and age, email has turned out to be the lynchpin of security. Email as a 2FA endpoint. Email password reset systems. If email is compromised, everything else falls. They used to tell us not to put anything in email that you wouldn’t put on a postcard…how did this happen?
That and email protocols are outdated and aren’t too secure. For example:
- Neither SMTP nor IMAP have no way to use two factor authentication.
- Spam blocking is so hard because SMTP was not designed with it in mind.
- SMTP has no way to do end-to-end encryption which is why you need to layer things like GPG on top.
IMAP has a modern replacement in JMAP, but it’s not widespread. SMTP is practically impossible to replace since it’s how email servers communicate with each other.
The “solution” has been for companies to make their own proprietary protocols and apps, for example the Gmail and Outlook apps combined with a Gmail or Microsoft 365 account respectively.
I went with Tuta because it’s my backup if everything else goes wrong. If my house burns down or my VPS shuts down my instance (e.g. billing fail, IP block ban, provider goes under, etc), I don’t want to lose access to my email.
I use a custom domain for it, so if I ever need to, switching to a different provider should be as simple as swapping some domain configs.
It’s relatively inexpensive too at €3/month when paying annually. I wanted two domains (one for personal, one for online stuff) and didn’t need any of the other stuff Proton has, so Tuta worked.
Cool your wife is into de googling! My wife thinks I’m a conspiracy nut. I have custom domains on proton and its been great, but with their moves toward AI and crypto who knows. I would probably try tuta if I was setting it up now - but who knows if they will eventually go wonkey then you will wish you self hosted anyway 🤝
I had to reboot my Proxmox server after applying powertop --auto-tune. All was fine with every advised tweak but touching the Lan interfaces was not a great idea
Did autotune touch the interfaces?
Yes, it applies some power-saving settings to both my interfaces, then I lose the connection in the following 10 seconds. I should screencap the commands for all the other settings and prepare a custom script that wouldn’t touch my network
Ouch!
Finally switched from plex to jellyfin, seems to be ok so far. Needed to make some small scripts for metadata management but it’s running smoothly. Finally decided I’m hosting enough software with user accounts that I’ve made an authentik instance for SSO with each (ofc jellyfin first)
Ann reason you choose authenik? There are a nmber of options and I’m not sure why to choose one over the other.
I’m not the person you’re replying to, but Authentik:
- Has a UI for configuring it, including adding users.
- Supports LDAP if you need it. Authelia needs a separate LDAP server.
- Supports practically every two factor auth protocol you’d need: OIDC (OpenID Connect), OAuth2, SCIM, SAML, RADIUS, LDAP, and proxying for apps that don’t support any of them (which is getting rarer).
- Supports permissions and permission groups, i.e. only allow certain users to access particular apps.
- Can be used as the source of truth for Google Workspace and Microsoft Entra. Maybe not as relevant for home use.
I haven’t tried Keycloak but I hear it’s pretty good, albeit a heavier app to deploy.
I have tried Authelia, and it’s much less powerful than Authentik. Authelia requires you to manually modify config files rather than using a web UI. It also only supports OIDC (which is in beta) and proxying. Proxying is not recommended and has several issues since it’s not “true” single sign-on.
I’m considering Keycloak myself because it’s trusted by security professionals (I think it’s a RedHat project), whereas Authentik is basically a passion project.
I hear keycloak has quarkus builds as well these days which should be much slimmer than how it used to be built.
I hadn’t heard of it, and looking into quarkus just reminded me of how complicated the whole Java ecosystem is. Gross.
Hosting Go, Rust, etc stuff is dead simple, but with Java, there’s all this complexity…
Nothing’s as bad as trying to host and maintain a Ruby on Rails app :)
Docker has made a lot of it a non-issue though, since the apps are already preconfigured within the Docker image.
Agreed, with the clear exception being PHP, which often requires configuring a web server.
Keycloak is very much lighter actually. Can run under half a gig ram whereas authentik uses about 1GB.
Authelia is king though in running with just about 30MB of ram.
That’s interesting… It used to be a lot heavier.
Authelia is definitely the lightest in terms of RAM, but it’s also the lightest in terms of features. As far as I can remember, they only added OIDC support fairly recently - previously it only supported proxying.
I did no research whatsoever and picked the one I’d seen the name of more often. I figured if it didn’t work for me I’d try something else, same as when plex wasn’t working for me so I switched to jellyfin. I have no idea how it compares to the other options but it feels pretty solid so far
Doing that switch soon.
Plex doesn’t do hw accel well, which kind of defeats the purpose.
Setting up HW accel on Jellyfin was a bit more manual than a single checkbox. You have to tell it which codecs it should HW decode and encode. I had some issues with it so left it off for now
The only feature I want that jellyfin doesn’t have (or I haven’t found it) is shuffle. Throwing on how it’s made or mythbusters on shuffle is great background stuff.
Aren’t there clients that support that?
Maybe, i haven’t seen it yet though
I do it for music
Damn ok that sucks it doesn’t seem available on the client for apple tv.
Yeah I dont know why any Dev wouldn’t choose a cross platform framework
I’ve never done dev for apple stuff, but I think it’s probably just not that friendly with more open/cross platform frameworks
I see it in the default WebUI, perhaps whatever app you’re using doesn’t support it?
Ya I don’t think it’s supported on the apple tv app. Damn.
Hey, we’re also thinking about setting up authentik. Could you answer the following, where I haven’t found answers to yet: does introducing SSO impede logging into Jellyfin on a TV / phone app at all?
no, works fine. there’s an LDAP plugin for jellyfin so you can use the jellyfin internal login page and the server will verify the login against authentik. took some setting up though.
Alright, thank you!
Firing up my NAS and Arrs. My Aoostar WTR Pro and all the components arrived, it’s all setup, and I swapped out the fan for a larger one to get more airflow into the nvme drive area since I live in a hot climate.
Spending the day configuring a vpn, sab, and qbit. Already learning a lot!
I’m trying to figure out a basic CRM for my local sports club. I use docker to self host a voting platform called RALLLY that we use a lot and enjoy. If people can recommend a CRM I’d give it a go today. I tried a platform called twenty yesterday but couldn’t get it off the ground
Consider reviewing odoo, I last looked at them when they were known as openERP, I know one guy that runs it and is happy. It might be a bit much if you just want a CRM…
Was using realvnc to vnc from remote, it was easy and cloud driven.
Fully swapped to tailscale and normal VNC sever now.
Performance is good and works great for the troubleshooting and small GUI stuff I need to do.
Recently been working on setting up forgejo to migrate away from GitHub. My open source stuff I’ve actually put onto codeberg and I’ve set up a handful of pull mirrors on my local instance for redundancy. This weekend I’ve been testing out woodpecker-ci for automating pushing files to s3 for some static websites for repos on codeberg as well as my forgejo instance. Today will tell if that is successful!
A catalog for organizing various Roms you have. It can pull metadata from a number of sources and properly add all the details, cover art, and platform information to each game. It’s smart enough to auto-generate collections based on game series, and embed YouTube videos for gameplay of each one without even any configuration.
The best part? It has Ruffle and EmulatorJS built in so you can play any games supported by EmulatorJS in your browser. I tested games up to N64 and they all ran smooth as butter right in the browser with gamepad configurations built in. They even support local multiplayer.
A new homepage for the business of my wife.
I plan to use Hugo for it, I just wish the documentation would be better.
For the homepage I need a few additional “non-blog” pages and from the documentation I am not sure how to do that the best way.
But to be honest, I have not really looked deeper into that, so it is very possible that I just missed something.
Ive been using Zola for a bit now and love it. Very simplistic. Could be worth a look but simple pages can be html or markdown. Couldnt be much simpler. Super fast to build
Zola really is great, I have started to work with it and it is so much easier to grasp and to get results with. Thanks a lot for pointing me to Zola!
I will look into that too, thank you for the suggestion
Are there any AI apps that will index markdown documents with a vector DB, then allow you to run natural language queries using some kind of RAG approach with a local LLM?
Closest I’ve found is LlamaIndex, but this is still more of a ‘foundation’ than a turn-key solution and right now I’m too time-poor to do the assembly required…
I realise I’m describing close-to-frontier tech, but is there anything more turn-key (Dockerised) out there yet?
My use-case is pretty ‘vanilla’ in this space: Having a knowledge base and wanting quick answers to questions like “How should screen X behave if I am not a registered user?”.
Thanks for any suggestions!
I think I found my jam! AnythingLLM self-hostable
Ollama + OpenWebUI also can do this.
Building a simple workflow with AI agent for our community watch group. Also building an open source automation platform, currently working through GUI templates for it.
i run coolify and I have to make my own solutions so I’m learning a lot about docker.
Finally installed jellyfin when I realized I could use rclone to mount 10G of free disk space from box (with client side encryption using rclone) on my server.
Very easy to install on Debian, but the plugins are a security nightmare. Jellyfin devs are kinda dumb.
A LOT of plugins in many projects are a huge concern. I say this as someone who ran security for an OS for a while. It’s just people making bad decisions for everyone and then hand-waving the risks when questioned.
I dont mean the plugins themselves but the fact that there’s no way to safely download a plugin.
Even if the plugin really is benign, jellyfin will happily download something inauthentic and malicious befuarse there’s no cryptographic signature checks
This week I finally managed to route torrent traffic through a VPS that was sitting around gathering dust. I am behind CGNAT so was taking me 6 weeks to do the kind of traffic I do in a day now. I couldn’t be more chuffed.
What ratio are you at with your Linux ISOs *wink.
Just under two right now but it is throwing out 55-60GB a day at the moment. Gotta keep those Linux ISOs seeded!
