vegetaaaaaaa

vegetaaaaaaa, 1 month ago

Don’t mind him. He’s always there ranting about who knows what whenever software he dislikes is mentioned. Lookup his comment history for more of the same.

Easiest method to summon him is to mention Nextcloud and Proxmox in the same sentence.

vegetaaaaaaa, 1 month ago

See you back on Debian in a few months

vegetaaaaaaa, 1 month ago (edited 1 month ago)

How does this compare to awesome-selfhosted.net ?

vegetaaaaaaa, 3 months ago

/thread

This is my go-to setup.

I try to stick with libvirt/https://manpages.debian.org/bookworm/libvirt-clients/virsh.1.en.html when I don’t need any graphical interface (integrates beautifully with ansible [1]), or when I don’t need clustering/HA (libvirt does support “clustering” at least in some capability, you can live migrate VMs between hosts, manage remote hypervisors from virsh/virt-manager, etc). On development/lab desktops I bolt virt-manager on top so I have the exact same setup as my production setup, with a nice added GUI. I heard that cockpit could be used as a web interface but have never tried it.

Proxmox on more complex setups (I try to manage it using ansible/the API as much as possible, but the web UI is a nice touch for one-shot operations).

Re incus: I don’t know for sure yet. I have an old LXD setup at work that I’d like to migrate to something else, but I figured that since both libvirt and proxmox support management of LXC containers, I might as well consolidate and use one of these instead.

vegetaaaaaaa, 4 months ago (edited 4 months ago)

I recently set up a personal Owncast instance on my home server, it should do what you’re looking for. I use OBS Studio to stream random stuff to friends, if your webcam can send RTMP streams it should be able to stream to Owncast without OBS in the middle - else, you just need to set up OBS to capture from the camera and stream to Owncast over RTMP.

the communication itself should be encrypted

I suggest having the camera/OBS and Owncast on the same local network as RTMP is unencrypted and could possibly be intercepted between the source and the Owncast server, so make sure it happens over a reasonably “trusted” network. From there, my reverse proxy (apache) serves the owncast instance to the Internet over HTTPS (using let’s encrypt or self-signed certs), so it is encrypted between the server and clients. You can watch the stream from any web browser, or use another player such as VLC pointing to the correct stream address [1]

it seems that I might need to self-host a VPN to achieve this

Owncast itself offers no authentication mechanism to watch the stream, so if you expose this to the internet directly and don’t want it public, you’d have to implement authentication at the reverse proxy level (HTTP Basic auth), or as you said you may set up a VPN server (I use wireguard) on the same machine as the Owncast instance and only expose the instance to the VPN network range (with the VPN providing the authentication layer). If you go for a VPN between your phone and owncast server, there’s also no real need to setup HTTPS at the reverseproxy level (as the VPN already provides encryption)

Of course you should also forward the correct ports (VPN or HTTPS) from your home/ISP router to the server on your LAN.

There are also dedicated video surveillance solutions.

vegetaaaaaaa, 7 months ago

Not “self-hosted” (it doesn’t even need a server, just a mobile app), but this is Free/Open-Source and works well: f-droid.org/en/packages/org.isoron.uhabits/

vegetaaaaaaa, 7 months ago

Lemmy is licensed under AGPL choosealicense.com/licenses/agpl-3.0/

When a modified version is used to provide a service over a network, the complete source code of the modified version must be made available.

vegetaaaaaaa, 8 months ago (edited 7 months ago)

Don’t use a synchronized folder as a backup solution (delete a file by mistake on your local replica -> the deletion gets replicated to the server -> you lose both copies).

old pc that has 2x 80gb, 120gb, 320gb, and 500gb hdd

You can make a JBOD array out of that using LVM (add all disks as PVs, create a single VG on top of that, create a single LV on top of that VG, create a filesystem on top of that LV, format it as ext4 filesystem, mount this filesystem somewhere, access it over SFTP or another file transfer protocol).

But if the disks are old, I wouldn’t trust them as reliable backup storage. You can use them to store data that will be backed up somewhere else. Or as an expendable TEMP directory (this is what I do with my old disks).

My advice is get a large disk for this PC, store backups on that. You don’t necessarily need RAID (RAID is a high availability mechanism, not a backup). Setup backup software on this old PC to pull automatic daily backups from your server (and possibly other devices/desktops… personally I don’t bother with that. Anything that is not on the server is expendable). I use rsnapshot for that, simple config file, basic deduplication, simple filesystem-backed backups so I can access the files without any special software, gets the job done. There are a few threads here about backup software recommendations:

• What backup service do you use? - Lemmy.world
• What are your backup solutions? - Lemmy.world
• How do you guys back up your server? - Lemmy.world
• How do you backup things to your server? - Lemmy.world

In addition I make regular, manual, offsite copies of the backup server’s backups/ directory to removable media (stash the drive somewhere where a disaster that destroys the backup server will not also destroy the offsite backup drive).

Prefer pull-based backup strategies, where hosts being backed up do not have write access to the backup server (else a compromised host could alter previous backups).

Monitor correct execution of backups (my simple solution to that, is to have cron create/update a state file after correct execution, and have the netdata agent check the date of last modification of this file. If it has not been modified in the last 24-25hrs, something is wrong and I get an alert).

vegetaaaaaaa, 8 months ago

awesome-selfhosted.net/tags/office-suites.html

vegetaaaaaaa, 10 months ago

Load balancers/Reverse peoxies - Caddy, Traefik.

github.com/awesome-selfhosted/awesome-selfhosted#… -> github.com/awesome-foss/awesome-sysadmin#web

Missing DNS server “blocky” which I find way better than Pi-Hole.

Listed at github.com/awesome-selfhosted/awesome-selfhosted#…

vegetaaaaaaa, 10 months ago (edited 10 months ago)

awesome-selhosted maintainer here. This critique comes up often (and I sometimes agree…) but it’s hard to properly “fix”:

Any rule that enforces some kind of “quality” guideline has to be explicitly written to the contribution guidelines to not waste submitters’ (and maintainers) time.

As you can see there are already minimal rules in place (software has to be actively maintained, properly documented, first release must be older than 4 months, must of course be fully Free and Open-source…). Anything more is very hard to word objectively or is plain unfair - in the last 7 years (!) maintaining the list I’ve spent countless hours thinking about it.

For example, rejecting new projects because an existing/already listed one effectively does the same thing would give an unfair advantage to older projects, effectively “locking out” newer ones. Moreover, you will rarely find two projects that have the exact same feature set, workflow, release frequency, technical requirements… and every user has different needs and requirements, so yeah, users of the list are expected to do some research to find the best solution to their particular needs.

This is of course, less true for some categories (why are there so many pastebins??). But again, it’s hard to find clear and objective criteria to determine what deserves to be listed and what does not.

If we started rejecting projects because “I don’t have a need for it” or “I already use a somewhat equivalent solution and am not going to switch”, that would discard 90% of entries in the list (and not necessarily the worst ones). I do check that projects being added are in a “production-ready” state and ask more questions during reviews if needed. But it’s hard to be more selective than we already are, without falling in subjective “I like/I don’t like” reasoning (let’s ban all Nodejs-based projects, npm is horrible and a security liability. Let’s also ban all projects that are so convoluted and impossible to build and install properly that Docker is the only installation option. Follow my thoughts?)

Also, Free Software has always been very fragmented, which is both a strength and a weakness. The list simply reflects that.

Another idea I contemplated is linking each project to a “review” thread for the software in question. But I will not host or moderate such a forum/review board, and it will be heavily brigaded by PR departments looking to promote their companies software.

A HTML version is coming out soon (based on the same data) that will hopefully make the list easier to browse.

I am open to other suggestions, keeping in mind the points above…

250+ self hostable apps

1268 exactly.

You can help cleaning up the list of unmaintained projects by working on this issue

vegetaaaaaaa, 10 months ago

• How do you backup things to your server? - Lemmy.world
• How do you guys back up your server? - Lemmy.world
• What are your backup solutions? - Lemmy.world

vegetaaaaaaa, 10 months ago (edited 10 months ago)

I tried OpenLDAP but Jesus that was very involved.

OpenLDAP is easy :) Once you understand LDAP concepts.

Check this and read through the tasks/ directory (particularly https://github.com/nodiscc/xsrv/blob/master/roles/openldap/tasks/openldap.yml and https://github.com/nodiscc/xsrv/blob/master/roles/openldap/tasks/populate.yml. It sets up everything needed for an LDAP authentication service (if you don’t use ansible you can still read what the tasks do and you should get a pretty good understanding of what’s needed, if not let me know).

In short you need:

• slapd (the OpenLDAP server)
• set up a base LDAP directory structure (OUs/Organizational Units, I only use 3 OUs: system, users and groups)
• an admin user in the LDAP directory (mine is admin directly at the base of the LDAP directory)
• (optional but recommended) a so-called bind user in the LDAP directory (unvprivileged account that can only list/read users/groups) (mine is bind under the system OU)
• (optional) groups to map users to their roles (e.g. only users in access_jellyfin are allowed to login to jellyfin)
• actual user accounts, member of one or more groups if needed

When you login to an application/service configured to use the LDAP authentication backend, it connects to the LDAP directory using the bind user credentials, and checks that the user exists (depending on how you configured the application either by name, uid, email…) , that the password you provided matches the hash stored in the LDAP directory, optionally that the user is part of the required groups. Then it allows or denies access.

There’s not much else to it:

• you can also do without the bind account but I wouldn’t recommend it (either configure your applications to use the admin user in which case they have admin access to the LDAP directory… not good. Or allow anonymous read-only access to the LDAP directory - also not ideal).
• slapd stores its configuration (admin user/password, log level…) inside the LDAP directory itself as attributes of a special entity (cn=config), so to access or modify it you have to use LDIF files and the ldapadd/ldapmodify commands, or use a convenient wrapper like the ansible modules tools used above.
• once this is set up, you can forget LDIF files and use a web interface to manage contents of the LDAP directory.
• OUs and groups are different and do not serve the same purpose, OUs are just hierarchical levels (like folders) inside your LDAP tree. groups can contain multiple users/users can have multiple groups so they’re like “labels” without a notion of hierarchy. You can do without OUs and stash everything at the top level of the directory, but it’s messy.
• users (or other entities) have several attributes (common name, firstname, lastname, email, uid, password, description… it can contain anything really, it’s just a directory service)
• LDAP is hierarchical by nature, so user with Common Name (CN) jane.doe in OU users in the directory for domain example.org has the Distinguished Name (DC) cn=jane.doe,ou=users,dc=example,dc=org. Think of it like /path/to/file.
• to look for a particular object you use filters which are just a search syntax to match specific entities (object classes) (users are inetOrgPersons, groups are posixGroups…) and attributes (uid, cn, email, phonenumber…). Usually applications that support LDAP come with predefined filters to look for users in specific groups, etc.

vegetaaaaaaa, 10 months ago

gitea switching to a for-profit

It did not “switch to a for-profit”. The company structure only exists to provide a way to hire gitea developers for paid work. The project owners are still elected by contributors: github.com/go-gitea/gitea/blob/…/CONTRIBUTING.md#…

vegetaaaaaaa, 10 months ago

Nobody mentioned the high amount of security issues in Synology products over the years, plus the fact that their OS is closed-source so impossible to audit, plus the fact that they will straight up stop offering OS and security updates for legacy products after some time.

So, for me, it is a no-go.

vegetaaaaaaa, 10 months ago

I maintain github.com/awesome-selfhosted/awesome-selfhosted :) Reviewing additions takes some time but it gives a good insight on new releases. You can check the list of Pull Requests/software being added here

There is also a third-party tool that tracks newly added software.