Currently, I run Unraid and have all of my services’ setup there as docker containers. While this is nice and easy to setup initially, it has some major downsides:...
For your last point, portainer fixes that. I use portainer to pull compose files from my gitea instance. There is an option to auto update on git comit but I prefer to press the button to update.
I write the compose files in vscode and push them to my repo.
This, I used to have a kubernetes setup but how much redudency can you really have at home. Do you have a generator? Multiple Internet lines?
The fact is most hardware is highly reliable. Having good backups to restore from is all you need and you gain a huge improvement in simplicity which adds reliability in and of itself.
Thank you for including oAuth options for sign on. Makes a big difference being able to use the same account for all the things like freshRSS, seafile, immich etc.
The general principle is called single sign on (sso).
The idea is that instead of each all keeping track of users itself, there is another app (sometimes called an identity provider) that does this. Then when you try to log into an app, it takes to the to login of your identity provider instead. When the IP says you are the correct user, it sends a token to the app saying to let you access your account.
The huge benefits are if you are already logged into the IP on a browser for example, the other apps will login automatically without having to put in your password again.
Also for me the biggest benefit is not having to manage passwords for a large number of apps so family that uses my server have 1 account which gives them access to jellyfin, seafile, immich, freshrss etc. If they change that password it changes it for everything. You can enforce minimum password requirements. You can also add 2FA to any app now immediately.
There’s good guides to settings it up with traefik so that you get let encrypt certificates and can use traefik for proxy authentication on web based apps like sonarr. There are many different authentication methods an app can choose to use and Authentik essentially supports everything.
SSO should really be the standard for self hosted apps because this way they don’t have to worry about ensuring they have the latest security for user management etc. The app just allows a dedicated identity provider to worry about user management security so the app devs can focus on just the app.
If you have to add a whole other app the match what authentik can do, is authelia really lighter weight?
Im joking because authentik does takes a decent chunk of ram but having all protocols together is nice. You can actually make ldap authentication 2FA if you want.
The above YouTube video shows that you can get authentik to send a 2fa push authentication that requires the phone to hit a button in order to complete the authentication flow.
I am currently running most of my stuff from an unraid box using spare parts I have. It seems like I am hitting my limit on it and just want to turn it into a NAS. Micro PCs/USFF are what I am planning on moving stuff to (probably a cluster of 2 for now but might expand later.). Just a few quick questions:...
My nas is a low powered atom board that runs unraid.
My dockets run on a ryzen CPU with proxmox. I don’t have a cluster, just 1.
In proxmox I run a VM that runs a all my dockets.
I use portainer to run all my services as stacks. So the arr stack has all the arrs together in a docker compose file. The docker compose files are stored in gitea (one of the few things I still run on unraid) and Everytime I make a change to the git, I press one button on portainer and it pulls down the latest docker compose.
For storage, on proxmox I use zfs with ssds only. The only thing that needs HDDs is the media on my unraid.
When a docker needs to access the media it uses an NFS mount to the unraid server.
Everything else is on my zfs array on proxmox. I have auto zfs snapshots every hour. Borg backup also takes hourly incremental backups of the zfs array and sends it to the unraid server locally and borg base for off-site backup.
The whole setup works very well and it very stable.
The flexibility of using proxmox means that things that work better in a VM (HaOS) I can install as a VM. Everything else is docker.
Hi guys, do you know if there is a good RSS Feed service that can be self-hosted which also exposes a good front-end to read the subscribed news? Thanks in advance.
I’ve been running nextcloud since before it was nextcloud. Was owncloud then moved to next cloud.
Another user put it best. It always feels 75% complete. Sync isn’t fast, gives errors that self correct when restarting the all. Most plugins are even more janky or feel super barren.
I wanted to like it so much but I stopped being able to trust most plugins which meant I had dedicated apps for those things and used nextcloud only for file sync.
If you only want file sync then seafile is vastly superior so that’s what I now have.
I am trying to slowly de-Google-ify myself by moving to open source apps, I wanna ditch google notes and evernote. I tried obsidian, standard notes, and joplin, I liked using obsidian on PC and standard notes looks nice on android but obsidian you need to pay to have sync and standard notes doesn’t do markdown unless you pay...
Obsidian-livesync works very well If you have some self hosting skill / hardware. The sync happens in realtime and is almost like Google docs. Allows excellent sync between all devices
CloudFlare is a good place for beginners to start. Setting up a reverse proxy can be daunting the first time. Certainly better than no reverse proxy.
That being said, having your own reverse proxy is nice. Better security since the certificates are controlled by your server. Also complex stuff becomes possible.
My traefik uses keys encrypt wild card domains to provide HTTPS for internal LAN only applications (vault warden) while providing external access for other things like seafile.
I also use traefik with authentik for single sign on. Traefik allows me to secure apps like sonarr with single sign on from my authentik setup. So I login once on my browser and I can access many of my apps without any further passwords.
Authentik also allows oAuth so I can use that for seafile, freshrss and immich. Authentik allows jellyfin login with LDAP. (This last paragraph could be setup with CloudFlare as well).
The primary reason to put authentik in front of arrs is so I don’t have to keep putting in different password for each when logging in. I disable the authentication for each of them in the app itself and then disable the exposed docker port as well so the only way to access it it via traefik + authentik. It has local access only so isn’t directly exposed to the internet.
10 free accounts on duo is very nice but I hate being locked into things (not self hosted). An open source or self hosted alternative to duo would be great.
*.local.domain.com -> has its own cert but the * can be anything and the same cert can be used for anything in place of the star as many times as you want and therefore doesn’t need to be internet accessible to verify. That way vaultwarden.local.domain.com remains local only.
Any idea if a self hosted all like this can be set as the default PDF viewer for a browser. Firefox and Chrome both have built in pdf viewer when clicking on a pdf, having it open in this instead would be amazing.
I found this its the cheapest 10TB Exos drive on Newegg and looking to buy 4 of them. I will be putting them in my NAS that I use for my media library and pc backups. The price I’m posting this is $130, I’m also looking similar Exos drives that are $250 is there a difference? Should I shell up for the more expensive drives?
I have 3 14tb exos drives. I have them in a Roswell 4u hotseap chassis. Running unraid.
It’s nearly inaudible over the very reasonable case fans. No grinding noises. I can hear the heads moving a bit but it’s quite subtle. Not sure why people have such different experiences with these
I’m playing with a couple of routers and comparing proprietary to open source on the same hardware. I miss my .bashrc functions and aliases… and compgen, tree, manpages, detailed help, etc; the little things that get annoying when they are missing....
Is UI mimics ms office and has comparability with word files.
Not open-source and has some limitations without paying but works on windows and Linux. Can even be self hosted yourself to provide a web UI for access to your own files Google docs style.
Haier, the air conditioner maker, takes down open source third-party Home Assistant integration (lemmy.world)
cross-posted from: lemmy.world/post/10882099...
Kubernetes? docker-compose? How should I organize my container services in 2024?
Currently, I run Unraid and have all of my services’ setup there as docker containers. While this is nice and easy to setup initially, it has some major downsides:...
Linkwarden - An open-source collaborative bookmark manager to collect, organize and preserve webpages (lemmy.world)
Greetings everyone! Daniel here, I’ve been working on Linkwarden part-time over the past few months....
Planning on setting up Proxmox and moving most services there. Some questions
I am currently running most of my stuff from an unraid box using spare parts I have. It seems like I am hitting my limit on it and just want to turn it into a NAS. Micro PCs/USFF are what I am planning on moving stuff to (probably a cluster of 2 for now but might expand later.). Just a few quick questions:...
What qbittorent + vpn docker image do you use?
docker compose is appreciated
Any good RSS Feed service for self-hosting?
Hi guys, do you know if there is a good RSS Feed service that can be self-hosted which also exposes a good front-end to read the subscribed news? Thanks in advance.
Anyone tried this 4x 10gbe + 5x 2.5gbe router? (forums.servethehome.com)
Very solid price, the cheapest I’ve seen for something like this. Has anyone tried it with OPNsense or other software?...
Do any of you have that one service that just breaks constantly? I'd love to love Nextcloud, but it sure makes that difficult at times (lemmy.world)
Looking for Notes App for Android & Linux
I am trying to slowly de-Google-ify myself by moving to open source apps, I wanna ditch google notes and evernote. I tried obsidian, standard notes, and joplin, I liked using obsidian on PC and standard notes looks nice on android but obsidian you need to pay to have sync and standard notes doesn’t do markdown unless you pay...
What's the point of a reverse proxy and does cloudflare give all the benefits of one?
This Week in Self-Hosted (29 December 2023) (selfh.st)
By the way, this isn’t my newsletter - I just appreciate it and like sharing it with the community. The owners do use mastadon though: @selfhst
Is this Seagate Exos drive too good to be true?
I found this its the cheapest 10TB Exos drive on Newegg and looking to buy 4 of them. I will be putting them in my NAS that I use for my media library and pc backups. The price I’m posting this is $130, I’m also looking similar Exos drives that are $250 is there a difference? Should I shell up for the more expensive drives?
Do you mount an embedded Linux file system to the workstation and use your host scripts or do you SSH/SCP and deal with the limited shell commands?
I’m playing with a couple of routers and comparing proprietary to open source on the same hardware. I miss my .bashrc functions and aliases… and compgen, tree, manpages, detailed help, etc; the little things that get annoying when they are missing....
no.. just no (lemmy.ca)
Writing program
Besides Libre Office, what other programs/solutions exist in the Linux world for writers?...