While speaking with a colleague who is working in a small company he told me, that the lost track about user right management. They had a an excel table where they tracked all user groups and special rights users in the company have. But depending on some changes in the company structure, they got problems.

Is there any selfhosting software to manage usergroups, teams and userrights in a modern UI? It should be abe to set also data owner and so may keep track on non Active-Directory data.

!selfhost@lemmy.ml

Hey,

Some of you may know me for Jotty and Cr*nmaster, been quiet with my head down lately improving my apps and trying to build a searxng alternative for myself.

Whilst I have used searxng for about a year now, I have had quite a few personal gripes with it (mostly stuff I personally would prefer worked differently) so in the past few weeks I have decided to make my take on it and ran it happily locally. Since publishing the beta to my discord server I ended up building a fairly extensive tool.

Degoog is actually pretty minimal, there's no much to it aside from a very comprehensive plugin/extension system. The idea being users can create their own engines, themes and plugins that hook into the core application and do.. pretty much anything, from adding stuff to the result page (e.g. speedtests, tmdb information, ip retrieval, rss feeds embedded on the home page) to full on OIDC systems.

This is still very much in beta and I figured the best way to get it out of beta would be to publish it to a wider audience (currently some users in our discord server have been testing it fairly successfully and i've been on top of bug fixing).

Repo: https://github.com/fccview/degoog

Official extensions: https://github.com/fccview/fccview-degoog-extensions

Docs: https://fccview.github.io/degoog

You can install custom plugins/extensions. You can make your own repo and add it to the store page in the settings, or you can just have your own plugins locally for yourself.

Let me know what you think, and feel free to ask any questions and feel free to join our discord (link in releases page on any of my apps) for a more direct chat about things <3

Hej lemmings! (Hoping this is relevant enough for the selfhosted commjnity)

Quick question for you all: do you stick with the same distro across your PC, laptop, and server, or do you pick different ones based on the device and what you're doing?

For me, I've been mixing and matching depending on the use case, but I'm starting to think it'd be nice to just have one distro (or at least one family like Fedora or Debian) running everywhere. That way I wouldn't get confused about default settings or constantly have to look up flags for different package managers.

Right now my setup is:

• Gaming rig: CachyOS
• Laptop: AuroraOS
• NAS: Unraid
• Various project servers: DietPi, Debian, Alpine etc..

I feel like NixOS might be the only distro that could realistically handle all these use cases, but I'm a bit scared of the learning curve and the maintenance work it'd take to migrate everything over.

Am I the only one who feels like having "one distro to rule them all" would be nice? How do you guys handle your setups? All ears! 😊

So I'm moving away from apple because of all the trump bootlicking Tim Apple is doing.

Anyways, anyone got any self hosted notes app that has a flat file structure?

The most important part is the flat file structure. I want flat files because it makes it a LOT easier to back up than a db.

So any suggestions?

TIA

Hey gang, do you have any suggestions for moving data from my phone to my jellyfin server? I tried using the daemon tools on F-Droid and could not for the life of me figure them out.

Hello!

I've spent a lot of time struggling with Hetzner's KVM console, there are a lot of problems causing severe issues with setting up passwords and passphrases. I just thought I'd create this "guide" to get things rolling, for everyone who faces the same issues I've faced.

Step 1 - Firewall

Set up a firewall and only open port 22 with your IP (you can look it up using ip.me).

Step 2 - Installation

Perform the installation procedure as normal, setting very simple passwords and passphrases for the user accounts and the disk encryption. Set them to something like 123. These will be changed later!

I'm using Debian 13, the steps may or may not be the same for your choice of distribution.

Step 3 - SSH access

Unmount the ISO and reboot. Enter the console again, log in as root with your simple password. Now, if you have the same problem as me, keys like /, CTRL etc. won't work, so I used tab completion and vi to to modify the config file.

# cd ../etc/ssh/
# vi sshd<TAB>

Inside vi, press o to create a new line and enter insert mode. Add:

PermitRootLogin yes
PasswordAuthentication yes

Press ESC and then <SHIFT>-yy (so holding shift and pressing y twice). This will save the file and exit vi. Restart the SSH services:

# systemctl restart ssh sshd

Step 4 - Dropbear

ssh into your VPS. Now you have full keyboard access like usual. Install dropbear-initramfs, which is an SSH server that's placed in the initial RAM filesystem so that you can ssh into your VPS during start up so you can easily enter your encryption passphrase.

Generate a new key pair and add the public key to /etc/dropbear/initramfs/authorized_keys

Run update-initramfs -u and reboot. You should now be able to ssh into your VPS using the key you just generated. The following command lets you unlock the encrypted disk:

cryptroot-unlock

This will probably disconnect you from the tunnel, simply re-establish the SSH tunnel again.

Step 5 - Changing passwords and passphrases

To change the encryption passphrase:

# cryptsetup luksAddKey /dev/sdXY
# cryptsetup luksRemoveKey

Lock the root user and change the password of your user (don't forget to add the user to the sudo group!):

# passwd -l root
# passwd user

Done!

At this point you might want to use some other means to access the server, such as Netbird or Tailscale or Wireguard. Regardless of how you decide to access the server, you should revert the changes to sshd_config.

P.S.

I have no idea if this is a secure or good way to do this. Use at your own risk!

https://github.com/egg82/fetcharr

Disclaimer: I am the developer

Long story short, after Huntarr exploded I still wanted an app that did the core of Huntarr's job: find and fetch missing or upgradable media. I looked around for some solutions but didn't like them for various reasons. So, I made my own.

No web UI, configured via environment variables in a similar manner to Unpackerr. It does one job and it does it (a little too) well. Even when trying a few different solutions for a few days each, Fetcharr caught a bunch of stuff they all missed almost immediately. This is likely due to the way it weights media for search.

Since you made it this far, a few notes:

1. I did still use ChatGPT on a couple of occasions. They're documented and entirely web UI - no agents. Anything it gave me was vetted and noted in the code before publishing.
2. The current icon is temporary and LLM-generated. I've put out some feelers to pay an artist to create an icon. Waiting to hear back.
3. It's written in Java because that's the language I'm most familiar with. SSL certs in Java containers can be painful but I added some code to make it as easy as Python requests or Node
4. While it still has a skip-if-tagged-with-X feature, it doesn't create or apply any tags. I didn't find that portion necessary, despite other popular *arrs using it. Not sure why they do, even after developing this.
5. Caution is advised when first using it on a large media collection. It'll very likely pick up quite a number of things initially if you weren't on top of things beforehand. Just make sure your pipeline is set up well, or you limit the number of searches or lengthen the amount of time between searches using the environment variables.

I'm not sure anyone shares the same glee I feel when I view all the blocked IPs scrolling by in my pFsense firewall. Suricata does a lot of heavy lifting for sure.

What's your selfhosting guilty pleasure or pleasures?

Hi all, I’m desperate. This has been draining my brain cells one a time. I know for a fact that it is not an ABS issue, because it runs flawlessly locally and it has never even hitched once. The shit starts when I connect through my cloudflare “.com” domain that I just bought last week thinking it’ll solve all my problems (nope).

Every now and then, the frontend client I use (it doesn’t matter which one I use) just disconnects from my ABS server and things just start spinning for a very long time. Just out of nowhere and half of my books are just ghosts because it can’t reach the sever. It acts as if the ABS server becomes inactive and cloudflare just shuts off its tunnel. It’s like the ABS server stops telling cloudflare “yo, I’m up, give me a pass” but cloudflare doesn’t hear/see it and just disconnects it anyway, if that makes any sense.

Sometimes it comes back, and others I have to go into my Debian server and restart the cloudflared service I have for it, in order for the service to resume. I often go to the web interface and either get a red error message complaining about websocket something something. Then I’d refresh the page and either get thrown into the login screen and get stuck there or get the “oops couldn’t find library……..”.

I’ve literally disabled everything I can on cloudflare dashboard that now probably a child can hack me. lol . I even put my audiobooks server in its own tunnel.

I’m at a point that I’m just gonna give up and deactivate all of this cloudflare shit and go back to tailscale and switching servers between home and out of home.

I’m asking for any suggestions if you’ve ever been through something similar. Searching the internet lead me to doing many things that didn’t even fix it. Don’t even get me started on AI.

Thank you in advance. Let me know if you want any details: Debian Trixie and the latest ABS server. Your average .com cloudflare domain are the things I have.

Edit: one little detail I forgot to mention maybe it could be of help. My phone and the pc are both running through pihole and my own DNS with unbound.

Found this utility barely mentioned given how useful it is in the context of limited selfhosting resources.

According to the release:

Adds experimental PostgreSQL support

The code was written by Cursor and Claude

14,997 added lines of code, and 10,202 lines removed

reviewed and heavily tested over 2-3 weeks

This makes me uneasy, especially as ntfy is an internet facing service. I am now looking for alternatives.

Am I overreacting or do you all share the same concern?

I’ve been building a self-hosted task manager focused on something I couldn’t find in one package: true offline support and fast sync across devices.

Most open source task apps I tried leaned toward either:

• good offline support but weak multi-device sync with no API support
• or good sync but limited offline functionality

Will Be Done is my attempt to solve both.

Demo: https://demo.will-be-done.app/

GitHub: https://github.com/will-be-done/will-be-done

Home page: https://will-be-done.app/

What is supported right now:

• True offline mode - reads and writes happen in the local browser DB and sync to the server when it becomes available again (so you can still use it even if your homelab is down!)
• Fast sync across devices
• Tasks and projects with drag-and-drop support
• Kanban inside projects
• Weekly planner
• Recurring tasks
• Vim keybindings

Planned in the near future:

• CalDAV integration
• Import from Todoist / TickTick / Microsoft To Do
• API support
• MCP support
• Desktop app with global quick-add shortcut

Why I built it:

This is my third attempt over the last 3 years to build my ideal task manager, and I now use it daily.

I’ve worked on local-first and sync-heavy systems professionally, so offline-first architecture is something I care a lot about getting right.

Installation:

Single Docker command, no docker-compose, no external dependencies, SQLite included.

docker run -d \
  -p 3000:3000 \
  -v will_be_done_storage:/var/lib/will-be-done \
  --restart unless-stopped \
  ghcr.io/will-be-done/will-be-done:latest

Then open http://localhost:3000/.

Would love feedback from people here, especially if you care about self-hosting, offline-first apps, or replacing proprietary task managers.

I posted this over at https://discuss.tchncs.de/c/navidrome, but I thought I'd post it here, maybe someone has had experience with this.

I've been noticing demo.navidrome.org showing up in my firewall:

pFsense:

abuseipdb.com:

As with anything entering or exiting my network, I am cautious and curious why my instance of Navidrome has the need to contact demo.navidrome.org.

I am running Navidrome as a Docker Instance. I have combed my compose file and can find nothing in that itself that would trigger Navidrome to 'call home'.

Is this for stats, or other? As of right now, I have demo.navidrome.org blocked until I've gathered some information.

BTW, sweet piece of opensource software. I tip my hat to the dev team(s).

What's everyone using to auto-transcode their media library?

Tdarr and unmanic are both freemium/proprietary. I dont mind paying for software but I prefer to support open source projects.

Is there anything similar worth looking at?

My wife needed a cycle tracker. Everything out there was either Flo (which got sued twice for sharing health data) or an abandoned GitHub project. So I built Ovumcy. Single Go binary, SQLite, Docker-ready. No analytics, no third-party APIs, no cloud. Your data stays on your server. Features: period tracking, symptom logging, predictions (ovulation, fertile window), statistics, CSV/JSON export, dark mode, Russian and English. Just pushed v0.2.5. Looking for feedback from real users.

I have a Talos k8s setup now and I'm trying to add various services. I have discovered that my old htpasswd file won't cut it for auth.

I want to host the following,

1. WebDAV solution (currently sftpgo)
2. Invidious
3. *arr tools
4. Bitwarden

Should I go with keycloak? Are there better auth services?

Hello fellow TCP users.

I am currently having a lot of unused bandwidth. I wonder do you have any suggestion what to do with that bandwidth ?. Ideally it should more or less only relay the traffic because unfortunately I don't have much idle RAM left (something like a Tor-relay node but least risky).

Thank you very much!

Edit: If you have any not so heavy torrent (<250GiB) that could be helpful please suggest as well.

Edit: Thank you for all the options you've suggested:

• archiveteam warrior
• tor relay/snowflae
• syncthing relay
• i2p
• radicle
• peertube
• seeding torrents

I will try to explore them. Thank you very much!

Figured I'd give Netbird a go, glad I did because I can self host extremely easily by using the new services feature.

You specify a subdomain, point to a peer, specify a protocol and port, and you are good. NetBird fetches you the certificate and your site goes live fast.

I can use my Immich with my mobile data now.

Edit: Note that I choose to self host NetBird, and haven't really used the service they provide all that much.

Hi! I am running Umbrel on a Raspberry Pi 4 and I have "Home Assistant" installed in it, I oly have some smart lights connected to it. I would like to integrate a Thermostat with HA. But I am a bit overwhelmed with the different types of connections (Z-wave, Zigbee, Wifi, ...)

Do you guys have any kind of recommendation, what connection is better? I would like to keep it local (or connecting remotely via Tailscale) but I would like to avoid any cloud or third-party server solution.

What thermostat hardware can I buy?

Voiden is an offline-first, git-native API tool built on Markdown - and it very intentionally didn’t start as “let’s build a better Postman”.

Over time, API tooling became heavyweight: cloud dependencies for local work, forced accounts, proprietary formats, and workflows that break the moment you’re offline. Testing a localhost API shouldn’t need an internet connection.

So we asked a simple question: What if an API tool respected how developers already work?

That led to a few core ideas:

• Offline-first, no accounts, no telemetry

• Git as the source of truth

• Specs, tests, and docs living together in Markdown

We opensourced Voiden because extensibility without openness just shifts the bottleneck.

If workflows should be transparent, the tool should be too.

Github : https://github.com/VoidenHQ/voiden

Download here : https://voiden.md/download