stratself

joined 10 months ago
sorted by: new top controversial old
Tips on speeding up remote connection to personal server? in c/selfhosted@lemmy.world
[–] stratself 2 points 3 hours ago

Run tailscale ping if it's using a DERP relay that means you'd get abysmal speed and bandwidth. Usually this is because the NAT can't be punched through. Try opening proper ports and/or configure a peer relay

Which caddy docker builds to use? in c/selfhosted@lemmy.world
[–] stratself 3 points 12 hours ago* (last edited 12 hours ago)

I custom-build the Caddy container since it is easy to do with xcaddy. It is automated to run every week via Forgejo Actions on a Forgejo repo, and one can pull the latest images from there using Portainer or whatever docker updater software there is.

You can also use any other CI/CD solutions you like as long as it churn out a regularly updated image. Github Actions is another good one if you don't wanna set up Forgejo.

The caddy-cloudflare image is probably also enough for your use case, assuming they're regularly updated. But if you like control, CI is one way to go.

Need Help: I'm not getting notifications to my chat. in c/matrix@programming.dev
[–] stratself 2 points 3 days ago

i'm not sure what you mean? you configure it as your default ntfy server, then delete the previous topic. Then Element X should be able to recreate a new topic again and you can test if notifications are working.

If your server is a continuwuity then there are some little push problems. But if you're on matrix.org or any other Synapse server it should be fine.

Need Help: I'm not getting notifications to my chat. in c/matrix@programming.dev
[–] stratself 1 points 3 days ago (2 children)

Probably https://ntfy.schildi.chat/ which is maintained by the SchildiChat developers

Need Help: I'm not getting notifications to my chat. in c/matrix@programming.dev
[–] stratself 2 points 3 days ago (4 children)

The default https://ntfy.sh/ server ratelimits Matrix notifications by a lot and is therefore unusable. Try a different ntfy server

Why are so many Linux projects on Microsoft GitHub? Shouldn't they all move to Codeberg? in c/linux@lemmy.ml
[–] stratself 4 points 3 days ago (1 children)

The idea is to download the "project" down to a local machine, switch to the contributors' PRs, and have those new files natively show up in their directories. Then they can use local software i.e. Inkscape/Illustrator/etc to edit those SVGs and commit the appropriate changes. This is really not feasible with a forge's web UI.

Why are so many Linux projects on Microsoft GitHub? Shouldn't they all move to Codeberg? in c/linux@lemmy.ml
[–] stratself 24 points 4 days ago (3 children)

The case of free CI/CD, visibility, and network effects are already said. So I wanna offer an anectode: someone I know is a graphic designer, who maintains a project that curate icons. Moving to Codeberg means he has to interact with PRs using the CLI, which he really does not have familiarity with. GitHub OTOH has a simple desktop client that allows natively switching across PRs, approving then in the UI, etc. It's really, really convenient for someone who's not a developer.

I think Forgejo-based platforms will need to work on a very good GUI client, in order to attract less technical contributors.

Chat - Decentralized P2P Messenging in c/opensource@programming.dev
[–] stratself 1 points 1 week ago (1 children)

Hi, I do think this is a very cool idea. I appreciate using the WebRTC stack, and see that there are even AR/VR integrated too. I do have some questions about this project:

  • How do you see groups to be implemented (if that's on your roadmap)? IIRC webrtc mesh topology doesn't scale really well with many nodes, and how does a group handle netsplits between participants when some are offline?
  • Will you address offline delivery of messages, and how? Afaict, maybe something like a P2P relay with limited retention can help, although it must be in semitrusted/trusted territory
  • Do you see any chance this technology may be used in alternative networks (TOR, I2P, etc)? I guess that deviates from the webRTC model by a lot, but could there be any technical developments for it to become a possibility?

Thanks in advance for any responses :)

HELP : Cannot upload files bigger than ~180MB to matrix server in c/selfhosted@lemmy.world
[–] stratself 1 points 1 week ago

Use the --resolve flag e.g. curl --resolve matrix.example.com:8008:127.0.0.1 https://matrix.example.com:8008/

HELP : Cannot upload files bigger than ~180MB to matrix server in c/selfhosted@lemmy.world
[–] stratself 5 points 1 week ago (1 children)

Why is there two nginx containers? Can you do nginx1 --> continuwuity?

Does continuwuity show any logs? What about nginx? Check Element Web's devtools, does the 499'd network request say anything of note?

Maybe have a chat in the support room

Where is the love for conduit? Everybody is preferring continuwuity or tuwunel? in c/selfhosted@lemmy.world
[–] stratself 4 points 1 week ago* (last edited 1 week ago)

If you are running a conduit fork, what is your reason for leaving conduit, and if you are running conduit, why didn't you switch?

Conduwuit (predecessor of Continuwuity and Tuwunel) hard-forked from Conduit and introduced breaking database changes. That is a significant people don't easily "switch over"

It may be slow in development, taking a bit longer to implement a new feature, but not too much longer.

I would say its pace of development is very slow compared to the pace of Matrix in general. But if you only want the barebones features, you can use it.

Or am I missing something the others have to offer?

Feature-wise, Continuwuity offers email support, single-use registration token, policy server integration, user suspending, a ton more of admin commands, and some extra endpoints for Element Call. It is also actively working on OIDC-OAuth (so you can login with your IDP), and an ecosystem-wide Admin API. It also has an active community. I can't speak for the other fork.

Lastly, I don't think anyone "hate" conduit, the project is alright. It's just not the topmost option.

Where is the love for conduit? Everybody is preferring continuwuity or tuwunel? in c/selfhosted@lemmy.world
[–] stratself 2 points 1 week ago* (last edited 1 week ago)

As to answer your questions, threaded conversations are mostly a client issue. The UX for them are still not very good so not a lot of people use it.

SSO/Auth is actually quite hard to support. There's the "legacy SSO" option which is deprecated in favor of native OIDC, and afaict only Synapse supports it for now. But Continuwuity is actively working on it.

46
Technitium DNS v15.1.0 released with OpenID Connect integration (github.com)
submitted 1 month ago* (last edited 1 month ago) by stratself to c/selfhosted@lemmy.world
35 comments fedilink
 

Technitium DNS Server v15.1.0 has been released with support for OIDC! Now you can use your preferred identity provider to log in to user accounts, and manage your DHCP/DNS deployments with approriately granular permissions controls.

I've played around with it, and safe to say that the SSO integration works well. I've written a guide to set it up against Kanidm here. There were some OIDC/clustering bugs in prior v15 releases, and with v15.1.0 they have been squashed and solved.

The major release of version 15 also include various important changes, such as the following highlights:

  • A new API call for Prometheus metrics
  • Query Logs apps can now follow live updates
  • Codebase updated to .NET 10 runtime
  • HTTP tokens are now accepted via the Authorization: Bearer <token> header
  • Many other bugfixes, secfixes, and improvements...

Technitium is pretty great. Hope everyone enjoy the release :)

97
PSA: If you are running a Matrix homeserver written in Rust, you'll need to upgrade NOW (see updates in comments) (self.selfhosting)
submitted 6 months ago* (last edited 5 months ago) by stratself to c/selfhosting@slrpnk.net
1 comments fedilink
 

There is a recently discovered critical vulnerability that affects all Matrix homeservers of the Conduit lineage. If you're using a Rust-based Matrix server (which are basically Conduit and forks), please urgently upgrade to the following versions:

If you're not able to upgrade right now, you should urgently implement this workaround in your reverse proxy.

Attackers exploiting this flaw can arbitrarily kick any user out of a room, join rooms unauthorized on the same server, and can also ban same-server users. They effectively constitute a severe denial of service from an unauthenticated party, and it has been exploited in the wild.

94
Technitium DNS v14 is released with support for clustering (github.com)
 

Technitium DNS Server (TDNS) has gotten a new release with many awesome features: TOTP authentication, an upgraded .NET library, and many security and performance fixes.

But most important of all, it now supports clustering. A long-awaited feature, this allows Technitium to sync DNS zones and configurations across multiple nodes, without needing an external orchestrator like Kubernetes, or an out-of-band method to replicate underlying data. For selfhosters, this would enable resilience for many use cases, such as internal homelab adblocks or even selfhosting your public domains.

From a discussion with the developer and his sneak peek on Reddit, it is now known that the cluster is set up as a single-primary/multiple-secondary topology. They communicate via good-old REST API calls, and transported via HTTPS for on-the-wire encryption.

To sync DNS zones (i.e. domains), the primary server provisions the "catalog" of domains, for secondary ones to dynamically update records in a method known as Zone Transfers. This feature, standardized as Catalog Zones (RFC9432), were actually supported since the previous v13 release as groundwork for the current implementation.

As an interesting result, nodes can sync to a cluster's catalog zone, as well as define their own zones and even employs other catalog zones from outside the cluster. This would allow setups where, for example, some domains are shared between all nodes, and some others only between a subset of servers.

To sync the rest of the data such as blocklists, allowlists, and installed apps, the software simply sends over incremental backups to secondaries. The admin UI panel is also revamped to improve multi-node management: it now allows logging in to other cluster nodes, as well as collating some aggregated statistics for the central Dashboard. Lastly, a secondary node can be promoted to primary in case of failures, with signing keys also managed within for a seamless transition of DNSSEC signed zones.

More details about configuring clusters is to be provided in a blogpost in the upcoming days. It is important to note that this feature only supports DNS stuff, and not DHCP just yet (Technitium is also a DHCP server). This, along with DHCPv6 and auto-promotion rules for secondaries, is planned for the upcoming major release(s) later on.

As a single-person copyleft project, the growth of this absolute gem of a software has been tremendous, and can only get better from here. I personally can't wait to try it out soon

Disclaimer: I'm just a user, not the maintainer of the project. Information here may be updated for correctness and you can repost this to whatever

66
Made an alternative to Tailscale + Gluetun (self.selfhosted)
submitted 7 months ago* (last edited 7 months ago) by stratself to c/selfhosted@lemmy.world
5 comments fedilink
 

Hi all, I made a simple container to forward tailscale traffic towards a WireGuard interface, so that you can use your commercial VPN as an exit node. It's called tswg

https://github.com/stratself/tswg

Previously I also tried Gluetun + Tailscale like some guides suggested, but found it to be slow and the firewall too strict for direct connections. Tswg doesn't do much firewalling aside from wg-quick rules, and uses kernelspace networking which should improve performance. This enables direct connections to other Tailscale nodes too, so you can hook up with DNS apps like Pi-hole/AdguardHome.

I've shilled for this previously, but now I wanna promote with an actual post. Having tested on podman, I'd like to know if it also works on machines behind NATs and/or within Docker. Do be warned though that I'm a noob w.r.t. networking, and can't guarantee against IP leaks or other VPN-related problems. But I'd like to improve.

Let me know your thoughts and any issues encountered, and thank you all for reading

37
Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC (self.selfhosted)
 

Hi all. Per the title, I'm looking for something that:

  • Can run as an unprivileged user inside a container

  • Allows OpenID Connect authentication for a multiuser setup

  • Doesn't take hostage of my CPU

Homarr and Dashy are featureful solutions, but they can't run unprivileged in docker. Dashy closed this issue, but in fact it's not resolved. Meanwhile Homarr does work with UID/GID env vars, but starting as root and dropping capabilities is not the same as defining user: 1234:1234 from the get-go. Furthermore, they are really heavy node apps, which kinda deter me from deploying.

I neither wanna use my reverse proxy with forward auth or having an extra oauth2-proxy container, so Organizr (using forwarded auth headers) or Homer/Homepage/bunch of static pages behind a reverse proxy is out of scope.

Feature-wise I'm just looking for a beautified link keeper, preferably with multiple dashboard mapped to different user groups (ideally it could be done via custom OAuth metadata/claims). Fancy plugins like RSS and weather are not needed, but appreciated.

With all that said (and sorry if I'm too choosy), is there a current solution that fits the bills above? My IDP's UI is quite rudimentary, but I can resort to using it as a "homepage". I wanna thank in advance for any guidance

P/S: Seems like most dashboards fall into two categories - bloated fancy apps, or dead simple frontpages. It'd be nice to have something inbetween.

view more: next ›