cross-posted from: https://lemmy.world/post/42574918

I am getting started with self hosting and one of the things I would love to host is a Signal TLS proxy using Docker.

Problem is that I have ports 80 and 443 taken by Nginx Proxy Manager (also in a Docker container), through which I forward to different services depending on the subdomain.

I tried modifying the docker-compose.yml file to use ports 9443 and 980 and have it working using a certificate created on NPM, but to no avail.

Being a beginner, it can well be that I don't understand reverse proxies well enough, but that's why, with your help I would love to take this opportunity to learn more.

Thanks in advance.

cross-posted from: https://lemmy.ml/post/42502523

Charmarr aims to make self-hosting a media stack in Kubernetes easy. It provides charmed versions of *arr applications (radarr, sonarr, etc) and some friends. Charms are operational wrappers, that is they configure the underlying applications themselves. So deploying Radarr, Prowlarr, SABnzbd, Gluetun. Setting a required TRaSH profile Radarr and routing the traffic of SABnzbd and Prowlarr via Gluetun VPN tunnel can be done with a few intuitive commands. An example command snippet would be sth like

# deploy the apps into my cluster
juju deploy radarr-k8s
juju deploy prowlarr-k8s
juju deploy sabnzbd-k8s
juju deploy gluetun-k8s

# tune 4k TRaSH guide profiles in my Radarr
juju config radarr-k8s variant=4k

# Route Prowlarr and SABnzbd via Gluetun
juju integrate sabnzbd-k8s gluetun-k8s
juju integrate prowlarr-k8s gluetun-k8s

This can be extended to any cross-communicating tools like Overseerr (already part of charmarr), Plex (already part of charmarr), Huntarr (planned) etc.

This also enables the using OpenTofu to deploy the entire stack using a single command:

tofu init && tofu apply

okay, 2 cmds. This way your entire media stack can have a declarative deployment using a single 20-30 line .tf file instead of multiple manifests. This sets up all applications, handles storage, handles VPN routing (you just provide your VPN credentials and media paths), connects everything together, and it's ready in about 10 minutes. You just need to log into Plex, connect Overseerr, and add your indexers.

"But K8s is overkill for a homelab and no one needs it"

Totally agree. This is intended to make managing the media stack in a Kubernetes substrate easier for the veterans and loosening up the entry point into Kubernetes for a self-hosted media server for this who are interested in K8s. That said, it will still have some learning curve if you're completely new to K8s.

All the tools that are part of charmarr including charmarr itself (except for Plex, which I plan to switch with or add on top of Jellyfin eventually) are open source and free to use.

Is it stable?

It's been running in my lab for more than a month without any issues. But, I wouldn't call it stable yet especially if you enable all the fancy bells and whistles, but I've been running nightly tests deploying the stack using tofu and tearing it down and it's been consistently successful. If you're interested in experimenting or using it, its enough that you have a Ubuntu system (I also have an oneliner to setup the required infra to deploy charmarr).

Here's the repo - https://github.com/charmarr/charmarr

PS: sorry about the ads on the docs site. It's hosted by readthedocs and they include ads on the free version.

cross-posted from: https://discuss.online/post/34584845

Curious on what tools people would recommend, either from clients, locally or self-hosted.

• privatebin works nicely as a basic pastebin.
• stuffedanimalwar is just silly fun, with group drawing collaboration and chat that only exists in the active client session.

cross-posted from: https://discuss.online/post/34494723

Detailed episode for pairing with the very light "A Great Day for Linux". Hope you enjoy it. Since Lemmy struggles with markdown from Castopod, here is a link to the notes.

I've really enjoyed working on and improving Taskpony and am pleased to be able to release another update in the hope that you'll also like it.

• Demo 1
• Demo 2
• More information
• Release Notes

cross-posted from: https://feditown.com/post/2375147

I'm not the creator of this program, but its too fun not to share! The comments from the developer and users joining the swarms on the reddit thread are hilarious.

It's basically a decentralized swarm of docker users. It does nothing except tell you how many other users you are connected to. Some are in the tens of thousands, haha!

https://github.com/lklynet/hypermind

I've tried unsuccessfully to get Valutwarden working without a proxy. See here. Any request with https leads me to the SSL_ERROR_RX_RECORD_TOO_LONG error, while via http I get the "Loading wheel" running indefinitely.

Despite the top of the page here suggests you can run Valutwarden without internally without proxy, my experience suggest that this is not the case and have tried on different VMs getting the same error. So seems like the only way is going via proxy. From what I've read, people seem to suggest that Traefik is the way to go. So I'm thinking of setting it up on my same VM as Valutwarden.

Note that my network is behind a pfsense install on another hardware machine. DNS forwarding is enabled with unbound. Will installing Traefik require changes to pfSense config? Looks like it may be the case from here. For now all I want is getting Vaultwarden going; later down the line I'll learn how Traefik can benefit the rest of my homelab.

I'm trying to work out the simplest way of getting Vaultwarden going using a minimalistic proxy, as there seems to be no alternative to not having a proxy going. Thoughts?

I'm having some problems installing Vaultwarden and I wonder if it because I'm running docker compose in the wrong way and there are user permission issues.

What is the right way of installing docker compose (on a linux VM)? In in the past I would create a docker folder /home/user/docker. In there I would create the folder firefly or whatever and then I would run docker compose as user. So, when installing firefly, I would be in the /home/user/docker/firefly and run docker compose from within. Not as root (using sudo) but as a the normal user user. Firefly service would just run without problmes. Shoudl I be installing containers this way of shoudl I be using root (sudo)?

I wanted to run a container with Netbird and Memos. I currently have same setup with Tailscale. Could anyone guide me how I can replicate the same using docker compose. @selfhost

Example docker compose

services:
ts-webserver1:
image: tailscale/tailscale:latest
hostname: memos
environment:
- TS_AUTHKEY=tskey-auth-key
- TS_STATE_DIR=/var/lib/tailscale
volumes:
- tailscale-data-webserver1:/var/lib/tailscale
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- net_admin
- sys_module
restart: unless-stopped

memos:
image: neosmemo/memos:stable
network_mode: service:ts-webserver1
volumes:
- memos-data:/var/opt/memos
environment:
- MEMOS_MODE=prod
- MEMOS_PORT=5230
- MEMOS_DATA=/var/opt/memos
restart: unless-stopped
depends_on:
- ts-webserver1
volumes:
tailscale-data-webserver1:
driver: local
memos-data:
driver: local

Last week bought a Nuki Smart Lock Pro 5 to be able to open the door remotely in case it is needed.

As I don't want any IoT device to have access to internet and send telemetry, I (tried) to add it to my isolated vlan where all my sensors are connected, but I had some issues trying to set up the local MQTT (I'm not alone on this). DISCLAIMER: you need their mobile app to set up the device, but I was able to do it mostly without internet connection, only Bluetooth and GPS enabled.

After some digging, found this troubleshooting FAQ, which mentioned to either disabling DNS port or blocking just HTTPS port in firewall.

In my case, as I do provide DNS to some local services within that isolated network I cannot simply block DNS on firewall, indeed my DNS querying is restricted to my local zone, anything else is refused. Internet forwarding is blocked, too. Under this conditions, MQTT setup was still refusing to connect to my server, although I was seeing some attempts in the mosquitto server logs.

My solution was just forcing the nuki.io to return 127.0.0.1 for any record (i.e. set up *.nuki.io IN A 127.0.0.1 in my DNS server for that network), as it seems the device use DNS as LAN connectivity healthcheck, so when it was unable to resolve some nuki.io records, it was disconnected from the WLAN.

With that set up I was able to make it work without internet connectivity. Note that even with this I received an error (8E) within the app, but if you return back, the MQTT connectivity data gets stored and it connects after a few seconds.

Hope this helps anyone facing the same issue.

I’ve been running my #TrueNAS #homelab for six months now. And as I’m moving more services to it, I need to make sure I also can restore my Docker containers if the server should crash.

Is getting a SFF box like one of the ThinkCentre M7xx/M9xx and restore there a good way to do that exercise?

#selfhosting #selfhosted

@selfhost

So far all my setups have had root on SSD mirror with separate hard disk storage pool for all the data. Years ago I used to keep the app config, databases and docker files on the root filesystem, while the app data resided on the storage pool. That was cumbersome for backups and storage size. Eventually I moved all app data to the storage pool. Essentially the apps can be started on any machine with a Linux OS that has docker installed. Database access is slower but it's a decent compromise for having trivial all-in-one snapshots and backup. Now I'm setting up a new NAS for a friend and I'm wondering whether it's worth keeping the root filesystem separate from the storage pool. If I put it on the disks, I'd get trivial full system snapshots and backups. I'd have the same hardware reliability as the storage pool. There wouldn't be issues with root filling up. The caveat is that the OS would be slower. Has anyone reasoned and/or tried this? Should I go for it?

E: I recently put my laptop's root on ZFS and the ability to do full backups while the system is running is pretty great. The full system can be pretty trivialy restored to a new drive with zfs send / recv during setup.

cross-posted from: https://discuss.online/post/30840627

Genuine question, so please don't be mean to whoever responds. Better to learn than to judge.

Curious if people who are on Cloudflare are considering any selfhosted alternatives? If not, interested to hear what is a deal breaker in regards to using a service besides Cloudflare. I do hear a lot of praise for Cloudflare when facing DDOS, and always happy to learn more!

However, not all of the charts seem to be getting updated.

I'm running my own harbor registry for maintaining my own images for www.keyboardvagabond.com and I was working on finishing up this longhorn excessive api call issue when I saw that harbor stopped working.

Essentially, the gist is that they moved certain image references to the bitnamilegacy repository instead of bitnami, but the harbor helm chart didn't get the updates, so the images failed to pull because they "disappeared" and updating the the latest helm version didn't solve it.

Essentially, for now what I had to do was go to the default values modal and search for "repository" and make sure that I had an entry under earch part for image.repository where the value was bitnamilegacy/<failing image name without tag>.

This took me a while to figure out and I hope this helps someone!

I've been selfhosting for a bit, but have never really gotten a solid understanding of Traefik.

What I'd like to do is have 3 machines, 1 as an "entry point" where Traefik forwards by domain to the two other machines. Ie I route to anything.domain1.com and the entry machine forwards to machine 1, anything.domain2.com forwards to machine 2.

Then on each machine have another instance of Traefik to manage the applications that machine hosts.

Is this even possible? Without using docker swarm?

Thanks.

I have been looking into setting up a secure home/small business server and hardening my local network and I came across this kickstarter which is currently floundering, likely because it’s campaign page is way too technical without enough fluff for the uninformed out there (like myself to some extent). For reference I work in small industry and have some interest in implementing more IOT, and also want to self host more of my media probably via Jellyfin, and an indieweb site, possibly some AI automation via n8n.

That said, from what I can tell it seems like a really great device for my use case actually, combining a multiband WiFi 7 gateway with a built in NAS and upgradeable compute modules. As a bonus it is a German company so I’m a bit less worried about back doors that with some of the Chinese generic manufacturers out there. That said, I haven't run a server of my own before and am not sure what to make of the hardware specifications.

What I can’t sus out is how secure this actually is, how technical my background needs to be to get it set up effectively, and whether the price is good for the hardware. Any help?

cross-posted from: https://sh.itjust.works/post/49034430

Looking for some advice / recommendations / considerations on running OPNsense on bare metal vs virtualized, and if virtualized how best to do so.

I currently have OPNsense running bare metal on a Protectli FW6E Vault, with the following specs:

• Intel i7-8550U CPU @ 1.80GHz
• 120GB mSATA (1% utilization)
• 16GB RAM (6.5% utilization)
• 6 Gigabit Ethernet NIC ports

The Vault running OPNsense is the primary firewall and router, any wireless devices connect through a dumb AP running OpenWRT. Connected over Ethernet I have a RPi running HomeAssistant OS (would probably also move to virtual if that's the chosen direction) as well as a TrueNAS setup.

How much of a performance hit would be expected running in some sort of container vs the current bare metal setup? Are there any other concerns with running the main firewall / router virtually vs bare metal to take into account?

cross-posted from: https://lemmy.world/post/38014703

Hi All, my fork of Tempo has had a rebrand, which was a requirement to get back into the app stores as the original Tempo still exists in F-Droid/IzzyOnDroid

Tempus v4.0.7

Attention

This release will not update previous installs as it is considered a new app, no longer Tempo, new icon, new app id, and new app name. Hoping it will not be a huge inconvenience but was necessary in order to publish to app stores izzyDroid

Android Auto Support should be the same as before, however, I was not able to test any of the icons/visuals, so please let me know if there are any remnants of the tempo logo/icon as I believe I removed them all and replaced them successfully.

What's Changed

fix: Crash on share no expiration date or field returned from api
fix: Check also underlying transport 
feat: Unhide genre from album details view 
fix: persist album sorting on resume 
chore: Tempus rebrand 
chore: Update Polish translation 

Now available via the IzzyOnDroid Repository -> https://apt.izzysoft.de/fdroid/index/apk/com.eddyizm.degoogled.tempus

note:

app-tempo* <- The github release with all the android auto/chromecast features

app-degoogled* <- The izzyOnDroid release that goes without any of the google stuff.

As usual, any dev contributions appreciated as I am not actually a java/mobile dev, so my progress is significantly slower than those who do this on the daily.

In particular, any android dev is familiar android auto to help me set up a dev environment

Hello, i'm looking to upgrade my 10 years old NAS/server. I already have the HDD and the case. But i have difficulties to chose motherboard, power supply, CPU & RAM.

So far i'm looking for :

• AMD CPU, +12 threads
• A bunch of SATA ports, maybe a LSI ? Which one ? And 2 NVME slots for the Motherboard.
• More than 16GB of ram, IF possible ECC
• All of this available in western Europe

I'm aiming for a budget between 600€ and 900€ for those 4 components.

Have a nice day :)

cross-posted from: https://lemmy.world/post/37454125

Hi All,

my first post over here on lemmy. Thought I'd share my forked tempo release.

Some new fixes for October. v3.17.14

What's Changed

fix: General build warning and playback issues 
fix: persist album sort preference 
Fix album parse empty date field 
fix: Include shuffle/repeat controls in f-droid build's media notific… 
fix: limits image size to prevent widget crash 

note app-tempo* <- The github release with all the android auto/chromecast features

app-notquitemy* <- The f-droid release that goes without any of the google stuff.

Full Changelog: https://github.com/eddyizm/tempo/compare/v3.17.0...v3.17.14

As usual, any dev contributions appreciated as I am not actually a java/mobile dev, so my progress is significantly slower than those who do this on the daily.

In particular, any android dev is familiar with changing the name/icon in order get this app published in app stores.

IMPORTANT NOTE - READ FIRST:

While this can be selfhosted, YOU SHOULDNT! ... NONE of my projects have been audited or reviewed. I provide them for testing and demo purposes only. NOT to replace any other app you use.

BE RESPONSIBLE WHEN USING UNAUDITED SOFTWARE... DO NOT USE FOR SENSITIVE PURPOSES.

Now that I've hit you over the head with caution...

Want to send encrypted WebRTC messages and video calls with no downloads, no sign-ups and no tracking?

This prototype uses WebRTC to establish an encrypted browser-to-browser connection. Everything is stored locally in browser storage and cleared when you clear the site data from your browser - true zerodata privacy!

• Demo: https://chat.positive-intentions.com/
• Github: https://github.com/positive-intentions/chat
• Website: https://positive-intentions.com/
• Mastodon: https://infosec.exchange/@xoron

I have 2 servers both running a Debian VM each. The old VM was one of the first o installed several years ago when I knew lityle and its messed up and has little space left. It running on Truenas Scale and has a couple of docker apps that I'm very dependent on (Firefly, Hammond). I want to move the datasets for these docker apps to a newer VM running on Proxmox server. It a Debian 13 VM with loads of space. What are my options for moving the data given neither Firefly nor Hammond have the appropriate export / import functions? I could migrate the old VM that that wouldn't resolve my space issue. Plus it Debian 10 and it would take a lot to being it up to Trixie.

Howdy folks,

I’ve come upon a solid amount of 4tb drives, 8 SAS drives for dirt cheap from a local biz. Never used. I saw a HP ProLiant DL385p Gen8 Server on eBay for $80 and thought it was a score since it had been the best deal. I’d been wanting to upgrade off my think center m710. Curious any recommendations for this? My current setup is as follows:

Main server:

Lenovo think center m710

16gb, gt 1030, 2 4tb HDD sata, one 500gb ssd sata

Ubuntu lts

Docker compose

• Arr stack -Gluetun with open on proton in Germany -qbittorrent -sonarr -radarr -Overseer -cleanuparr -prowlarr -plex -navidrome -audiobookshelf -Minecraft server (modded: neoforge itzg) -immich -bunch of others that aren’t fully working like tatuli or plex wrapped

Secondary Thinkpad x220 (loved this shit through college) 16gbRAM, 250ssd sata Arch Docker compose -searxng -pihole dns

I’m still looking in to some security system ideas as I’d like to use some storage and maybe do that with some of it. Or some cybersecurity projects or a banned book library or something. I’m open to any suggestions to help this go as smooth as I can make it and as fun as it can be.