|
BlankSystemDaemon posted:The official standards exist and even mention .local and .workgroup - and while there used to be problems with it when combined with Apples zero-conf known as Bonjour, they're mostly fixed now so unless you have really old gear, you can use .local just fine. It really is just a mention though, not a standard nor a suggestion that they should be used. RFC8375 proposes that "home.arpa" be designated for this kind of use case in home networks.
|
# ¿ Nov 18, 2021 23:47 |
|
|
# ¿ May 14, 2024 05:42 |
|
Matt Zerella posted:If you want VPN built on WireGuard that doesn't need a hole punched in your firewall, look into Tailscale. And while Tailscale is excellent, if you'd like to be self hosting instead of handing core network infrastructure control off to a company's servers there's the Headscale project.
|
# ¿ Dec 6, 2021 20:22 |
|
I've been using Matrix (Synapse + Element) since summer last year and it works alright for instant messaging across a mix of individual and group chats. It was complicated to set up, and sometimes notifications seem to not trigger for some reason on Android clients. Defaulting to E2EE is nice for tinfoil hatters. I think it's cool that you have all kinds of bridges providing integrations with other chat services, so that I can use Matrix and my contacts can stay on whichever lovely service they prefer.
|
# ¿ Mar 4, 2022 12:40 |
|
I was running the Maddy email server for about a year until a few weeks back. It was very easy to configure and lightweight, and I didn't experience any issues with it to be honest. Ultimately though I went against the spirit of this thread and decomissioned it in favor of letting Cloudflare handle mail reception and offloading sending to Mailgrid. I just want to be able to send notifications without having to worry about them getting dropped, and don't really need or want more mailboxes than I already have.
|
# ¿ Mar 29, 2022 10:21 |
|
BlankSystemDaemon posted:Wow, that dockerfile is a nightmare of security issues. LOL you're not kidding. That was impressively bad, and not just security wise either; it's like an exhibition of what to not do when building containers. And this is closed source software too? Not very tempting.
|
# ¿ Apr 20, 2022 10:38 |
|
BlankSystemDaemon posted:Matrix somehow manages to be even worse, because it does an impossibly poor job of interoperating with IRC by completely making GBS threads all over the existing protocol, implementing threaded conversations by doing partial inline quoting which makes conversations harder to follow if you're using a regular client, and on top of all that if you so much as dare type one character above the max length of any message on IRC, Matrix unilaterally decides to parse the entire sentence through a httpd and instead put part of the message plus an URI into the IRC channel. I don't really see how Matrix is worse than Discord because of poor IRC interoperability, considering neither of the services connect to IRC. I guess you're talking about this appservice bridge, which lets you configure how many lines to output before linking a document instead: https://matrix-org.github.io/matrix-appservice-irc/latest/usage#matrix---irc-formatting Looking briefly at the sample config the reply formatting is completely configurable as well. Allow posting lots of lines at once and your service will get banned for spamming, or link long posts Twitter style and you get banned for being annoying, there's no winning with the IRC crowd.
|
# ¿ Apr 27, 2022 01:43 |
|
BlankSystemDaemon posted:This conversation about Matrix-IRC bridging reminds me a lot of the people who insist on top-posting and doing rich text MIME in mailing lists without the client at least inclining a plaintext alternative. Yeah, that's a good comparison of the "problem" I would say. BlankSystemDaemon posted:Be conservative in what you send, be liberal in what you receive. BlankSystemDaemon posted:A quick glance at /who #libera suggests that out of ~2000 users it's maybe 5-10% - but since it's apparently something people have to go out of their way to setup, and it's looking like they deliberately ship without a sample config, it seems to me that they could do a bit more, since it's set to 3 by default, despite the fact that they acknowledge that it pisses off people who use IRC. Au contraire, the sample config sits right in the root of that repository. In the case of libera.chat, I think you're grievances should be with them rather than Matrix users: https://libera.chat/guides/faq#can-i-connect-with-matrix If the bridge interface they've got EMS running for them is configured in a way that pisses off users of their own network, they should do something about that.
|
# ¿ Apr 27, 2022 09:28 |
|
Billy Ray Blowjob posted:I'd just like to acknowledge how everyone who says Docker and containers are easy, and how in real life its worse than using Linux in 2004. The technology is excellent, but very complex. Most people are absolutely awful at writing/orchestrating Linux containers. As corgski wrote most of the self-hosting crowd seems to treat it as a universal app store which is less than ideal; poor understanding of the underlying tech/tooling and (I assume in most cases) no auditing of images they download onto their systems is pretty much bound to lead to security issues.
|
# ¿ May 13, 2022 09:50 |
|
BlankSystemDaemon posted:It's the same privilege separation as running something as root then dropping privileges. Not at all. You're talking about switching user inside of a container. What Nitrousoxide referred to was rootless containers which Podman (as well as Docker) supports, although no one in the selfhosting crowd seems to grok/know about it. In your previous post you linked these: BlankSystemDaemon posted:Docker isn't made for it either, with both Google and Red Hat pointing out that container solutions by themselves don't provide isolation. A 4 year old article from Google, and an 8 year old article from Red Hat, respectively. This is not where we're at with Linux containers at this point in time; Linux user namespaces are used to allow unprivileged users to run containers.
|
# ¿ May 13, 2022 19:55 |
|
BlankSystemDaemon posted:Welp. Did you read any of what I wrote/linked? Probably not.
|
# ¿ May 13, 2022 20:38 |
|
tuyop posted:Can anyone recommend an ID3 editor for running in headless Linux? I use beets for tagging my music. There's an edit plugin if you want to manually write tags.
|
# ¿ Jun 4, 2022 00:41 |
|
Zapf Dingbat posted:So I got the Cloudflare proxy set up, and I was running into trouble with the certificate. Before Cloudflare, I had: Do you mean that you are serving your sites with a CF origin cert now? There are several ways to go about resolving your issue, I'll describe two. The easiest might be if you revert back to using Let's Encrypt issues certificates in nginx, and then go with cloudflared for tunneling external traffic to nginx. Alternatively, as it's possible to serve the same domain name with different ports and different certs, you could do one config for CF and one for LE certs per nginx "server" directive. This approach leads to either lots of duplication or heavy use of includes, though. Both the above suggestions assume a split-horizon DNS setup, but I assume you have that considering you're getting an error in the first place.
|
# ¿ Jun 6, 2022 13:46 |
|
SEKCobra posted:I believe for the tunnels you can absolutely run TLS inside of it. Normal web protection does terminate at their firewall. Cloudflare encrypts the data transferred in the tunnels between their edge nodes and your host running cloudflared, but only after decrypting it once on their end. Whether cloudflared connects to your services via HTTPS or not afterwards doesn't change that.
|
# ¿ Aug 31, 2022 12:31 |
|
I've been setting up separate databases for each service so far, but the manual work involved with upgrading between major version releases (at least with PostgreSQL) makes it pretty annoying when you've got a bunch, so I'm not sure anymore. Started looking into CockroachDB as it seems pretty nice if going for clustering at some point.
|
# ¿ Dec 27, 2022 00:25 |
|
Nitrousoxide posted:Homepage is nice becase i've exposed the docker.socket to it (in RO only mode so it can't actually mess with it) and it can see my container statuses and health. That's not how sockets work. Bind mounting in a socket with the ro option only means that the container can't delete the socket itself, but you're still giving away full access to control dockerd (which is equivalent to giving away root access to the host system unless you're running dockerd in rootless mode).
|
# ¿ Jan 11, 2023 10:14 |
|
I set up PKI using Vault last year after reading this tutorial and it was relatively simple (if you're a nerd I guess). If you have a domain and the use case is just enabling TLS for HTTP services your devices will be accessing, you should probably be using Let's Encrypt instead of rolling your own CA though.
|
# ¿ Jan 20, 2023 13:59 |
|
I've ran TrueNAS CORE virtualized on ESXi for two years next month, and so far it's been completely hassle free. It only does storage and shares (NFS, etc), and then I have a separate Ubuntu LTS VM for containers. Thought I'd spin up some more VMs but haven't had any reason to do so yet. If I were redoing my setup I'd start with evaluating Proxmox VE instead of going with VMWare (especially because of Broadcom, but also because I'd prefer to be using free/open software), but I'd definitely be using virtualization again.
|
# ¿ Jan 28, 2023 14:41 |
|
Nitrousoxide posted:I do live backups for databases like Nextcloud too. Probably not ideal for that but it's not corrupted on me yet on a restore. For databases you should use their dumping utilities, like pg_dump/pg_dumpall for PostgreSQL. Always (afaik) much smaller size than the data directory, and also ensures that the backup is consistent even if the database is being written to while you're dumping it. ~Coxy posted:I miss XBMC. No "libraries", no debating whether something is a "TV show" or a "movie", no naming scheme or album art, just browse a SMB file share and see all the files and folders that are in it. You can still use Kodi exactly like that if you want. I prefer having metadata loaded though.
|
# ¿ Feb 16, 2023 09:18 |
|
cruft posted:I've formerly used apache, then nginx, then traefik. These days I think caddy is the pro option for https reverse proxying. Traefik is a lot more advanced as a reverse proxy, especially when working with containers. Caddy is simpler to use and also a web server.
|
# ¿ Feb 18, 2023 22:01 |
|
BlankSystemDaemon posted:Since mumble isn't binding to a privileged port, it's probably doing raw socket access - so yes, you should absolutely use its facility to drop privileges, instead of letting it run as root. Even if you for some reason need require to a privileged port, on Linux it's trivial to grant CAP_NET_BIND_SERVICE instead of giving away full root access. I'm sure FreeBSD has the same kind of system.
|
# ¿ Mar 2, 2023 22:16 |
|
Nitrousoxide posted:You can throw a :z or :Z at the end of a volume bind in a Podman deployment to let SELinux limit access to binds. Little "z" will let other stuff beyond just the container access that bind mount, while big "Z" will ONLY let that container access it. Podman (and SELinux) handles all the userspace craziness required to ensure this which is nice so you don't have to. It just relabels the SELinux context of the file hierarchy on the host system. Not that nice IMO since you're changing host (meta)data to make it work.
|
# ¿ Mar 2, 2023 22:52 |
|
Looks like Jellyfin users should update their installations ASAP: https://github.com/jellyfin/jellyfin/releases/tag/v10.8.10
|
# ¿ Apr 24, 2023 11:39 |
|
Resdfru posted:Anybody run tailscale in docker? I don't have it in front of me but I do have the key or whatever in a volume I think. Something I found online when trying to fix this. Anyway, everytike the container starts up it can't auth to tailscale. Maybe someone here has a fix that isn't just run it on the OS. I do, yeah. I'm not sure I understood if you're having issues with maintaining authentication state, or trouble authenticating in the first place, but for the former it's important to persist /var/lib/tailscale. If you have an auth key you should be able to pass it via the TS_AUTHKEY environment variable.
|
# ¿ May 8, 2023 08:45 |
|
lostleaf posted:Anyone with recommendations for VPN solution similar to tailscale? Tailscale is pretty great except you can't specify the IP address for each individual devices. Why do you need/want to manually choose IP addresses?
|
# ¿ May 17, 2023 22:42 |
|
Nitrousoxide posted:You could do it now with docker/podman on a mac, but at that point you're just running linux with extra steps. The podman CLI tool at least just downloads a Fedora CoreOS image and spins it up in QEMU, not sure about "(Docker|Podman) Desktop" but probably they are doing pretty much the same thing.
|
# ¿ Jul 17, 2023 18:48 |
|
Nitrousoxide posted:Like I said, Linux with extra steps. I didn't realize that by extra steps you meant "more layers of indirection", but sure, yeah, it's a lot. In terms of just getting going it's three commands; brew install podman && podman machine init && podman machine start.
|
# ¿ Jul 18, 2023 10:50 |
|
Coxswain Balls posted:How are the self-hosted alternatives to Google Photos doing these days? I've been using it since it came with my Pixel phone but the free unlimited storage has long since expired, and I told myself that once I started getting close to the storage limit I'd finally get off of it and roll my own. The thing I like the most is being able to search "birds" and get all my pictures of birds using whatever ML algorithm they're using. With AI stuff becoming more widespread is that something alternatives are able to do these days? I'll probably be running it on my TrueNAS box. I've been using Immich for a couple of months now. It does run local ML stuff in a sidecar to classify images. Two users, auth via OIDC, sync from phones. Had trouble with some of the initial uploads from iPhone an (like 3-4 photos IIRC) getting corrupted when the phone turned off its screen mid transfer, before I figured out how to disable that timeout, but it was a bit disappointing that Immich treated those uploads interrupted uploads as if they were successful and prevented reuploads because the (non-corrupted) file hashes are registered for those entries in its database. Definitely still some rough edges, but the project is coming along nicely. iPhone background syncing is not working great.
|
# ¿ Oct 4, 2023 15:41 |
|
bsaber posted:Anyone running Headscale server know if I can have Tailscale client be connected to 2 different Headscale servers on 2 separate Tailnets (or whatever Headscale calls it)? I'm running Headscale but not multiple instances, what's the use case?
|
# ¿ Oct 6, 2023 15:34 |
|
bsaber posted:One for personal and the other is a friend’s instance so I can access his stuff. Gave it a try by going to add another account and broke the client (on windows). The client just said please restart the Tailscale service. Had to completely uninstall the client and re-install and authenticate again. That makes sense. On Linux at least I believe this could be possible by setting a different tun device / UDP port / state dir, if the two tailnets don't use overlapping IP address ranges at least, but it's not something I've tried. https://tailscale.com/kb/1278/tailscaled/#flags-to-tailscaled No idea how you'd do this on Windows though.
|
# ¿ Oct 6, 2023 21:30 |
|
So is this like rclone's crypt layer except you have to pay a subscription fee for it?
|
# ¿ Nov 19, 2023 11:51 |
|
Why would a "parity drive" replacement cause anything to disappear? That sounds insane. Edit: In the interest of trying to be useful: you pretty much need to read logs to figure out what is going on. I don't think anyone will be able to help because there's too little info to work with. Are requests reaching the Nextcloud container or not? If not, it's a traffic routing issue. If traffic is coming through, then it's a Nextcloud issue. Personally, I'd start out with checking if Nextcloud has gone into maintenance mode. Keito fucked around with this message at 20:39 on Feb 9, 2024 |
# ¿ Feb 9, 2024 20:34 |
|
I've been running Immich since late July last year and been satisfied with it. My wife and I sync our phone cameras there. Started out with Nextcloud for photo sync, but with both the syncing being unreliable/annoying (on my wife's phone the Nextcloud app would pop up 1000+ notifications in rapid succession asking her to compare diffs for apparent out-of-sync files every time it ran its background sync task), and its photo viewing experience being abysmal, I was happy to move away from it. Keeping up with Immich changes has been a little annoying too, but release notes are quite clear about what changes you need to implement, so it's not hard at all. I'm basically just using Nextcloud for syncing my SSH config/keys at this point, so I'm considering nuking it and setting up something that actually just works for simple file syncing, like Syncthing. Couldn't use Nextcloud for software development either as it can't deal with lots of tiny file changes generated by version control software, so I set up Gitea instead for that.
|
# ¿ Mar 28, 2024 17:00 |
|
|
# ¿ May 14, 2024 05:42 |
|
FAT32 SHAMER posted:I am building a new gaming computer and am planning on moving my plex, Linux iso sharing software, and iCloud backup dockers to my current system, which is an i7-7700k + GTX1070ftw. I have a couple really dumb questions that weren’t in the op so here it goes 1. Does gaming and the OS part of this have any connection? I'm assuming you aren't planning on gaming on Fedora coreOS? It's a special-purpose OS just for running container workloads where you're expected to write and provide in advance of boot time a declarative configuration for setting up the whole thing. Probably the opposite of what you want if you're talking about GUIs for configuration too. 2. Switching monitor inputs and your keyboard/mouse sounds less convenient than being able to operate both computers at the same time without any fiddling. There are web based management GUIs like Portainer that are popular for this kind of thing.
|
# ¿ Apr 18, 2024 07:39 |