There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Lem453

@[email protected]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Lem453 ,

OwnCloud rewrite in Go is way better

owncloud.dev/ocis/

Lem453 ,

And something like this can be used as the docker server to hold the repository

github.com/huncrys/docker-borg-server

Lem453 ,

If you use a KDE desktop

github.com/Bismuth-Forge/bismuth

Many tutorials available for this

Lem453 ,

I’m surprised no one mentioned this if you are already using kde

github.com/Bismuth-Forge/bismuth

Lem453 , (edited )

Vaultwarden itself is actually one of the easiest docker apps to deploy…if you already have the foundation of your home lab setup correctly.

The foundation has a steep learning curve.

Domain name, dynamic DNS update, port forwarding, reverse proxy. Not easy to get all this working perfectly but once it does you can use the same foundation to install any app. If you already had the foundation working, additional apps take only a few minutes.

Want ebooks? Calibre takes 10 mins. Want link archiving? Linkwarden takes 10 mins

And on and on

The foundation of your server makes a huge difference. Well worth getting it right at the start and then building on it.

I use this setup: youtu.be/liV3c9m_OX8

Local only websites that use https (Vaultwarden) and then external websites that also use https (jellyfin).

Lem453 ,

youtu.be/liV3c9m_OX8

This should help

Haptic: A new local-first, privacy-focused and open-source home for your markdown notes (github.com)

This seems like a solid choice for those of use looking for a obsidian-like replacement. Personally tried all editors out there, but nothing is able to defeat my love for obsidian. However, i look forwards to trying out Haptic when it comes to Linux. Currently it only supports Web and Mac. But state Linux and Windows support is...

Lem453 ,

The real power of obsidian is similar to why Raspberry Pi is so popular, it has such a large community that plugins are amazing and hard to duplicate.

That being said, I use this to live sync between all my devices. It works with almost the same latency as google docs but its not meant for multiple people editing the same file at the same time

github.com/vrtmrz/obsidian-livesync

Lem453 ,

I could never get NextCloud on android to sync files back to the servers

Lem453 ,

See me comment above

lemmy.ca/comment/11490137

I don’t like that obsidian not fully open source but the plugins can’t be beat if you use them. Check out some youtube videos for top 20 plugins etc. Takes the app to a whole new level.

Lem453 ,

Sleep mode seems to be working well for me on fedora atomic with kde (aurora).

Deep sleep works well and can stay sleeping for days.

Normally sleep rules are working well. The do not sleep toggle in the power menu also works to prevent it from sleeping.

Only thing that doesn’t work is flatpak apps can’t prevent the system from sleeping, so watching a video, using Handbrake to encode etc will all just allow it to sleep if there is no physical input.

I have a 2018 dell xps

Lem453 ,

And borgmatic makes retention rules with automatic runs super easy. It basically a wrapper that runs borg on the client side.

XPipe 10 comes with web service port-forwarding, markdown notes, better proxmox support, a new HTTP API, and more (sh.itjust.works)

I’m proud to share a major development status update of XPipe, a new connection hub that allows you to access your entire server infrastructure from your local desktop. It works on top of your installed command-line programs and does not require any setup on your remote systems. So if you normally use CLI tools like ssh,...

Lem453 ,

I’ve been using this for a few months now. Its really great.

Lem453 ,

Keep vaultwarden behind wireguard for local only access then also use https certs and good master password. Very secure like this

Lem453 ,

Borg backup to borgbase is not very expensive and borg will encrypt the data plus the vault is also encrypted

Lem453 ,

Anyone with the knowledge to self host will quickly discover 3-2-1. If they choose to follow it, that’s on them but data loss won’t be from ignorance

Lem453 ,

Security in layers.

All your services should be using https. Vaultwarden in particular won’t even run without https unless you bypass a bunch of security measures.

This is how to setup local only and external https, I highly recommend this as a baseline setup for every homelab. It allows you to choose how much security you want on a per app basis and makes adding new apps trivially easy.

youtu.be/liV3c9m_OX8?si=TSWXoN_8SJDpAHaW

Lem453 ,

Last in checked, there is an open PR for the PWA Android app the expose the share function. That will allow this to work however you will have to install the PWA via chrome since the share feature for PWA is proprietary. Sucks because I use Firefox with a bunch of privacy features .

Lem453 ,

Same with jellyfin.

They basically don’t accept recurrent donations on purpose

forum.jellyfin.org/t-we-re-good-seriously

Lem453 ,

I’ve got multiple apps using LDAP, oauth, and proxy on authentik, I’ve not had this happen.

I also use traefik as reverse proxy.

I didn’t manually create an outpost. Not sure what advantage there is unless you have a huge organization and run multiple redundant containers. Regardless there might be some bug here because I otherwise have the same setup as you.

I would definitely try uploading everything to the latest container version first

Lem453 ,

For people wanting the a very versatile setup, follow this video:

youtu.be/liV3c9m_OX8

Apps that are accessed outside the network (jellyfin) are jellyfin.domain.com

Apps that are internal only (vaultwarden) or via wireguard as extra security: Vaultwarden.local.domain.com

Add on Authentik to get single sign on. Apps like sonarr that don’t have good security can be put behind a proxy auth and also only accessed locally or over wireguard.

Apps that have oAuth integration (seafile etc) get single sign on as well at Seafile.domain.com (make this external so you can do share links with others, same for immich etc).

With this setup you will be super versatile and can expand to any apps you could every want in the future.

Lem453 ,

Not using cloud based 2fa which is dumb to begin with

Lem453 ,

Don’t use cloud based 2fa and you won’t need to wonder about this.

Aegis is one of several opensource 2fa apps you can use instead.

Lem453 ,

The same as for anything else if your phone gets stolen. You restore from backups.

Aegis allows you to make a backup that you can keep yourself on your computer, your own cloud storage etc.

Every OS has some kind of built in vault/encryption feature. Put the file in there. It only needs to be updated when you add another 2fa account (so very infrequently)

Lem453 ,

Bitwarden let’s you upload files (key files) and save all you passwords.

Lem453 ,

Use aegis, export the keys and then reimport them every time you switch. Trusting your second factor to a cloud is a disaster waiting to happen.

If you want to get fancy setup your own cloud server (nextcloud, Seafile, owncloud etc) and set the backup folder for aegis to the self hosted cloud for easy restore every time you switch ROMs.

Lem453 ,

If you really want to be pedantic you could setup raid 1+0 or 5 and live the true RAM hot swapping life

Lem453 ,

FWIW collabora and open office can integrate with other clouds like Seafile and owncloud Infinite scale. So even without NextCloud it can be used. It can also be used stand alone.

Am I overthinking it?

I’m working on my transition plan away from Windows and testing out various things in VMs as I do so, and one big hurdle is making sure the VPN client my work requires can connect. Bazzite is my target distro (primarily gaming, work less frequently), though other more traditionally structured ones like Pop!_OS and Garuda are...

Lem453 ,

If I understand it correctly, layering an application is no more dangerous than a regular install on a non atomic os. In other words, every piece of software you have installed on normal fedora desktop is not containerized, if it’s software you were going to install anyways, layering it is the same as before (albeit significantly slower than install and update).

But that means that you get great benefits because 99% of your software packages are properly containerized

Lem453 OP ,

Exactly, Seafile is the best I’ve found so far but a clean re write of the basic sync features would be great.

Seafile for example has full text search locked behind a paywall even though tools like Elasticsearch could be integrated into it for free. Even the android app as filename search locked behind a paywall. You have to log into the website on your phone if you need to search.

Pathetic state of affairs.

Lem453 OP ,

I had NextCloud on a Ryzen 3600 with NVME zfs array. While faster that my previous Intel atom with HDD + SSD cache, Seafile blows it away in terms of speed and resiliency. It feels much more reliable with updates etc.

Lem453 OP ,

I know, I did as well.

The point of the post is that there is a very active full rewrite of the whole thing trying to ditch all the tech debt that NextCloud inherited from the OG owncloud (php, Apache etc)

Lem453 OP ,

Did not know this. Thanks!

Looks like Kiteworks invested in OwnCloud in 2014 and they still seems to be going strong with the OSS development which is a good sign.

This probably explains why there are so many active devs on the project and how they got a full rewrite into version 4 relatively quickly.

Already seems to have more features than Seafile.

Lem453 OP , (edited )

Also looking through some of the issues and comments on github about no plans to implement basic features (file search on the android app) does not inspire confidence at all. One of the reasons I’m hoping the OwnCloud rewrite is good.

Lem453 OP ,

Thank your for providing first hand perspective. I’ll probably try to spin up a docker deployment for testing.

I don’t really plan to use many of the plugins since I think that was the down fall of NextCloud. Trying to do everything instead of doing it’s core job well.

Lem453 OP , (edited )

Ya it was bought by kiteworks which provides document management services for corps (which explains why that mention traceable file access in their features a lot).

That being said, they bought them in 2014 it seems and it’s been a decade nowCorrecting: they were bought very recently, they have been accepting corporate funding for more than a decade however. That’s not bad in and of itself.

Lem453 OP ,

Oh never mind, I saw this finding announcement for 6M and assumed it was the same company. Looks like they have many corporate investors…doesn’t inspire too much confidence.

Although they are still using the Apache 2 license and you can see they are very active in github. It does look like it’s a good FOSS project from the surface.

owncloud.com/…/muktware-owncloud-gets-another-rou…

Lem453 OP ,

I mean software that’s actively being developed can’t be called DOA. Even if it’s garbage now (and I don’t know if it is) doesn’t mean it can’t become useful at a future date.

Its not like a TV show where once released it can never be changed.

Lem453 OP ,

I have no problem supporting devs but locking what should be core features behind a paywall in unacceptable for me.

Lem453 OP ,

I only read the beginning but it says you can use it for private deployments but can’t use it commercially. Seems reasonable. Any specific issues?

Lem453 OP ,

I don’t remember all the details. They never went closed source, there was a difference in opinion between primary devs on the direction the project should take.

Its possible that was related to corporate funding but I don’t know that.

Regardless it was a fork where some devs stayed with owncloud and most went with NextCloud. I moved to NextCloud at this time as well.

OwnCloud now seems to have the resources to completely rewrite it from the ground up which seems like a great thing.

If the devs have a disagreement again then the code can just be forked again AFAIK just like any other open source project.

Lem453 ,

getaurora.dev

Has been working for me. The issues I’ve encountered so far are all minor flatpak issues (Firefox not allowed to sleep-lock so the laptop screen shuts off watching videos etc)

Lem453 ,

Kde has a disable sleep button in the power/battery icon menu which I use as a work around, still annoying and yet another quality of life issue that Just Works ™ on other platforms

Should I stick with Docker Swarm for self-hosting?

Hi! I’m starting out with self-hosting. I was setting up Grafana for system monitoring of my mini-PC. However, I ran into issue of keeping credentials secure in my Docker Compose file. I ended up using Docker Swarm since it was the path of least resistance. I’ve managed to set up Grafana/Prometheus/Node stack and it’s...

Lem453 , (edited )

When I was starting out I almost went down the same pathway. In the end, docker secrets are mainly useful when the same key needs to be distributed around multiple nodes.

Storing the keys locally in an env file that is only accessible to the docker user is close enough to the same thing for home use and greatly simplifies your setup.

I would suggest using a folder for each stack that contains 1 docker compose file and one env file. The env file contains passwords, the rest of the env variables are defined in the docker compose itself. Exclude the env files from your git repo (if you use this for version control) so you never check in a secret to your git repo (in practice I have one folder for compose files that is on git and my env files are stored in a different folder not in git).

I do this all via portainer, it will setup the above folder structure for you. Each stack is a compose file that portainer pulls from my self hosted gitea (on another machine). Portainer creates an env file itself when you add the env variables from the gui.

If someone gets access to your system and is able to access the env file, they already have high level access and your system is compromised regardless of if you have the secrets encrypted via swarm or not.

Lem453 ,

True, but the downside of cloudflare is that they are a reverse proxy and can see all your https traffic unencrypted.

Lem453 ,

I like finamp as my android music client for jellyfin

Help with deployment

Hello nerds! I’m hosting a lot of things on my home lab using docker compose. I have a private repo in GitHub for the config files. This is working fine for me, but every time I want to make a change I have to push the changes, then ssh to the lab, pull the changes, and run docker compose up. This is of course working fine,...

Lem453 ,

I world strongly suggest a second device like an RPI with Gitea. There what I have.

I use portainer to pull straight from git and deploy

Lem453 ,

Not to mention the advantage of infrastructure as code. All my docker configs are just a dozen or so text files (compose). I can recreate my server apps from a bare VM in just a few minutes then copy the data over to restore a backup, revert to a previous version or migrate to another server. Massive advantages compared to bare metal.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • lifeLocal
  • goranko
  • All magazines
    •