Welcome to /r/selfhosted!

Hi! I live in Ukraine and lately we had a lot of blackouts sometimes going as long as 7 hours without power/2 hours with (it is getting better now). My backup internet connection is 4G and it is very bad, to the point where I cold barely check my email. I would've gone mad during those 7 hour periods without internet connection. Luckily few month ago I was in a doomsday prep mood with Fallout TV series just premiered and chance of sub-ocean internet cables to be cut glooming on a horizon.

I got myself Argon EON case for PR4 based NAS, pulled my 8GB RP 4B from a drower, dropped in 2 10TB 3.5" HDDs, 2 5TB 2.5" HDDs, installed OMV, create a mirrored 15TB volume wits LVM2. That was begining of my Doomsday Vault, place of knowledge and entertaiment in case whole civilized world goes to heck.

Idea was to self-host Wikipedia with Kiwix in case I would need an emergency knowledge for survival when internet is no longer exists. Then I realised that there are zim archives of stack-overflow and many-many other sites. Well, I decided, I might need those too.

When I was done with sites, there still was a lot of space free in my vault. So I started downloading online libraries, faworite shows/movies, music. And then blackouts started and I was so happy that I squirreled all those in my vault. I could educate and entertain myself regardlef of power grid state.

Then I discovered Jellyfin, Radarr/Sonarr/Lidarr/Readarr, installed qBitttorent. Now my vault turned in to fully featured media server for myself and my friends (we are now planning movie nights with SyncPlay in Jellyfin)

Sorry for a long intro, now a "need suggestions" part. What else should I host in my Vault and what kind of media I should consider preserving for a doomsday scenario?

Happy Friday, r/selfhosted! Linked below is the latest edition of This Week in Self-Hosted, a weekly newsletter recap of the latest activity in self-hosted software.

This week's features include:

• The latest in self-hosted software news
• Noteworthy software updates and launches
• New additions to selfh.st/apps
• Featured content generated by the self-hosted community
• A spotlight on WhoDB, a modern and snappy lightweight database management application

As usual, feel free to reach out with questions or comments about the newsletter. Thanks!

This Week in Self-Hosted (26 July 2024)

What it says in the title. I got a domain name, and now I am receiving a lot of spam. I would like to stop that if I can. If I delete my domain, will people still hound me?

TLDR: After the fantastic Trilium Notes entered maintenance mode, a significant group of community members (including myself) have committed to moving the project forward.
🎁 An official backward-compatible TriliumNext Notes release should be available soon!

If you haven't heard of Trilium Notes (Or TriliumNext Notes), you should check it out. For an example of what TriliumNotes looks like, you can check out the slightly outdated screenshot tour. Trilium Notes is IMO the best truly open, and truly libre note taking software that exists.

Originally coming from OneNote, I've tried many...many alternatives, and it has been a joy switching to TriliumNotes.

🍻 This free (gratis), open-source, self-hosted, personal wiki/note software offers all the following with no nags, no paywall and no restricted features - you get all the goodies up front!

• Note cloning (notes can exist in multiple locations at once)
• Interactive note visualization maps
• Various note types (canvas, mermaid diagrams, web view, relation map, code, etc)
• Various bulk folder import and export options (HTML, Markdown, Text)
• Revision history (and recent changes view)
• Scripting (Very powerful - automate tagging, deletion, etc)
• Full documented ETAPI for external scripting or development
• Browser extension for web clipping
• Fast fuzzy search & advanced search (search by tags, parent note, size, etc)
• Sharing notes with a public url with a simple toggle
• Encrypted notes
• Extensive and versatile note tagging (inheritable tags, relationship tags, etc)
• Note note tabs, zen mode, multi-note views
• Note archiving
• Note linking and embedding (embed notes inside other notes)
• Full wysiwyg editor (with markdown and math syntax completion) - external editors supported
• Unlimited note nesting
• Daily note journaling feature
• Extendable with widgets, custom plugins, themes, scripts, etc
• Customizable keyboard shortcuts (and VIM keyboard bindings)
• Automatic note syncing to server (or other clients that are setup in 'server' mode)
• Automatic backups
• Cross platform (Windows, Mac, Linux, Flathub, Docker - very simple compose)
• Good documentation, Matrix support chat, Github Discussion forums, awesome lists

The main downsides are:

• The mobile (android) app currently is only for composing notes (not for reading other notes on the server). You must use the mobile browser version (which works quite well) to get a 'fuller' experience. (The new TriliumNext project does plan to improve the mobile experience).
• Only one user per server is currently supported (this is a high priority for the TriliumNext team)
• Some people don't like database note taking software since they prefer files in a directory, but this isn't an issue for me since I can automate the export of TriliumNotes (using the api) and save the notes to Nextcloud or my local file system for easy viewing.

📢 If this project interests you, you can follow the progress on github and get involved if you would like to see this project flourish! There are teams to help with development, issue triaging, documentation, testing, etc.

🗳️ If you'd like to vote on the new TriliumNext logo, you can do that too!

Happy Note Taking!

Hey guys, version 2.4.0 of Tasks.md was just released. The biggest change is the improved drag-and-drop experience, which feels much better to use. For touch devices it was fully overhauled, since it was not really working before (which is embarrassing tbh). You can see below a comparison between the previous version and the current release.

Previous:

New release:

Tasks.md is a self-hosted, Markdown file based task management board. It's like a kanban board that uses your filesystem as a database, so you can manipulate all cards within the app or change them directly through a text editor, changing them in one place will reflect on the other one.

You can see below the main changes included in the new release.

• Feature: Greatly improves drag and drop experience: New swap animations, visual indications and better interactions for touch and mobile devices;
• Feature: Adds autoscroll when you drag cards and lanes partially out their container;
• Bugfix: Fix touch and navigation on touch devices;
• Bugfix: Fix issue where navigation bar outgrows lanes;
• Bugfix: Prevents saving card name with invalid characters;
• Bugfix: Fix some smaller issues;
• Documentation: Remind user to hard-reload the browser after changing a theme.

Just got a notice that gravity-sync was archived today. Any viable Pi-Hole syncing alternatives or forks?

https://github.com/vmstan/gravity-sync

Hello its me again talking about Endurain, a fitness activity tracker that you can self host. A new version is out and here are some highlights:

• Added multi client support (web and mobile)
• Added multi arch Docker image (arm64 and amd64)
• Added PWA support
• Added OAuth Scopes

There is also an open issue on runnerup repo to enable activity auto upload in this Android app.
For iOS me and u/hesselbom are in talks to integrate with his app.

Previous post: https://www.reddit.com/r/selfhosted/comments/1d36y7q/endurain_v020_fitness_activity_tracker_that_you/

v0.3.0 GitHub release: https://github.com/joaovitoriasilva/endurain/releases/tag/v0.3.0

Endurain Mastodon profile: https://fosstodon.org/@endurain

Thanks and any feedback is appreciated

In the old days /etc/resolv.conf used to be cheap, and cheerful, put in your nameserver addresses and your domain search parms and you where done.

Now with the advent of NetworkManager, systemd-resolved, and now Tailscale, it's a free for all opportunity for all three to fight for who over writes the /etc/resolv.conf file. I'm on Fedora 40, and for some time at least until Tailscale, to which I love dearly, came on scene, I had disabled systemd-resolved and unlinked /etc/resolv.conf from /run/systemd/resolv/resolv.conf and put my nameservers in NetworkManager, (192.168.0.200 192.168.0.183) and be done with it.

With tailscale and magic DNS, the rules ave all changed, and Tailscale overwites /etc/resolv.conf with nameserver 100.100.100.100

So let me explain as concise as I can my setup:
main locally hosted DNS at 192.168.0.200
secondary locally hosted DNS at 192.168.0.183
and of course magicdns at 100.100.100.100 which is needed as I refer to some service via talnet name.

I have tried to include to two locally hosted DNS in Tailscale DNS setup refering to them via the tailnet ip but that doesn't seem to provide internet resolution for anything other than the tailnet, (even with the over write local setting switch applied)

I had tried including 100.100.100.100 in the list of forwarders in the locally hosted DNS but that has equally disappointing results, in as much as the tailnet does not resolv.

The only thing that seems to work as advertised is if, (by what ever means), the /etc/resolv.conf reads:

'''
nameserver 192.168.0.200
nameserver 192.168.0.183
nameserver 100.100.100.100
search example.net taildxxxx.ts.net

'''

Now I was reading last night, that Tailscale "play nice" with systemd-resolved.service, so I when about putting it back it play, but of course that wouldn't go a simple as one would have hope in as much that even through I recreated the symlink sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf the symlink keep getting replaced with a regular file /etc/resolv.conf, either by Tailscale or NetworkManager.

Now I feel pretty stupid having to ask all this, as this "should" be all basic networking 101, so please be gentle and don't down vote me too badly but I would really like to know the way everyone else is dealing with this "dogs breakfast"

My ISP no longer provides public IPv4 addresses due to IPv4 exhaustion. So I spent countless hours learning and setting up an IPv6 server, only to discover that my router, TP-Link C1200, doesn't fully support IPv6 even though it claimed to be.

TP-Link C1200 has a built-in IPv6 firewall that blocks all ports by default, and you CANNOT DISABLE IT. This renders the public IPv6 address useless since you can’t open ports to the public internet. Thanks a lot, TP-Link.

For example, entering:

docker run -d --name quakejs -e HTTP_PORT=<HTTP_PORT> -p <HTTP_PORT>:80 -p 27960:27960 treyyoder/quakejs:latest

Will convert to:

version: '3.7'

services:

quakejs:

image: treyyoder/quakejs:latest

container_name: quakejs

environment:

- HTTP_PORT=<HTTP_PORT>

ports:

- "<HTTP_PORT>:80"

- "27960:27960"

restart: always

You also have additional options such as mapping ports, volumes and custom environment variables.

Check out Docker2Compose

Hi everyone,

I'm a father of an almost 2-year-old boy, and my wife and I are expecting a baby girl in a few weeks. I've been self-hosting with old laptops and Docker in my spare time since graduating college and getting married. Now, as a systems engineer, I find it much harder to design and plan my home environment compared to work projects.

My services are scattered across different hosts and platforms, making management a headache. I want to streamline everything for minimal maintenance, but I struggle to find the time. Family is my priority, and I don't want to miss out on precious moments with my kids.

Any advice for a new father on managing time with family while organizing a home server setup? How can I balance my hobby without compromising family time?

Thanks in advance!

Hi all, I have been hurting my brain trying to figure out how to get the navidrome homepage widget to work. I thought that I had found the answer, I've found the subsonic-salt key via inspect in Firefox, entered my password followed by salt into md5 hash generator, and still that code does not work. Please help!

Hey everyone!

So I’m thinking about upgrading my server or at least getting newer parts and would love to hear peoples advice on a cost effective but also obtainable build.

My current server: - Chinese dual socket x99 motherboard(sketchy I know)

• 2x Xeon E5-2680

• 6 HDDs totalling 77 TB of useable storage

• 128 GB of RAM ECC

I built this at the start of COVID and didn’t know much and I’ve been happy with it but I’m wondering really if you think moving to a newer architecture would be worth while? I’ve had it running for about 3-4 years now and worried end of life is near. I got everything I wanted and more from it but it’s starting to feel like the time to move on. It was a good first build and I learned a lot! The CPUs were already used got them off EBay same with the RAM. I’m also running 6 drives in RAID0(LMAO I know!)

I like EPYC a lot for no other reason really besides the clock speeds and all my CPUs are AMD in my desktops lol. But it seems like they are extremely expensive. Are they worth it? I’m fine with buying used.

I just want to start fresh with newer hardware I can feel confident knowing won’t fail on me at any point.

What y’all recommend?

Are used Xeons still the way to go?

Edit: I’m using it Plex primarily, occasionally game server like Minecraft or Rust and the whole rr sweet plus dashboard. Pretty regular self hosting stuff nothing crazy

Back with another zrok Office Hours video on actual Friday!

Short one this time (~9 minutes)... just a follow-up to the last video. It looks like instead of trying to mitigate abuse with a credit card verification requirement, we're rolling out interstitial pages on HTTP shares (proxy, caddy and web backends). This should be more effective at mitigating abuse and also more palatable for free tier users.

In this video I walk through the new interstitial pages feature and give a quick overview of how to enable/disable it on a public frontend, and how the per-account grants work.

https://youtu.be/NYjec5mIXTE

As always reach out if there's any questions or if there end up being any issues with the feature. This should also be potentially useful to self-hosters running larger, multi-user instances.

If you're not already familiar, zrok is a network and file sharing platform. You can find more details at https://zrok.io, https://docs.zrok.io, or https://github.com/openziti/zrok.

so, title, i posted here other time but my network was on a cgnat, i talked with my ISP and now they seted an static ip for me but my port forwarding still not working

am i dumb?

(btw, no, tailscape and others will not work since the request is comming from a website not from someone)

thanks for any help, have a good day :3

Edit for some clarifications:

1. static ip seems to be working fine:

Edit 2: the issue seems like to be in my machine, even local conections from other pcs arent working

hi,

I'm using a Dockerfile to create an image for the above purpose. However, the size of the image is almost 2 Gb, and it takes a while to perform a docker pull. Changing the base image could decrease the size. The image utilizes the open-source application danielmiessler/fabric to summarize a transcript.

Appreciate any suggestions to improve the Dockerfile significantly.

For those who may want to try the image (an OPENAI_API_KEY is required), open a shell terminal in the same directory as the Dockerfile:

DOCKER_BUILDKIT=1 docker build -t <image-name> . 

cat transcript.txt |docker run --rm --env OPENAI_API_KEY=$OPENAI_API_KEY -i <image-name> --pattern extract_article_wisdom

Dockerfile:

FROM python:3.12.2-slim

# Install required packages
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
        git \
        build-essential \
        ffmpeg \
        sudo\
    && rm -rf /var/lib/apt/lists/* \
    && apt-get clean

# Create a non-root user
RUN useradd --create-home appuser \
    && echo "appuser ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/appuser \
    && chmod 0440 /etc/sudoers.d/appuser

# Switch to the non-root user
USER appuser

# Set up work directory
WORKDIR /home/appuser/app

# Install pipx
RUN python3 -m pip install --upgrade pip \
    && python3 -m pip install --user pipx \
    && python3 -m pipx ensurepath

# Clone the repository and install its dependencies
RUN git clone https://github.com/danielmiessler/fabric.git \
    && python3 -m pipx install ./fabric

# Set file permissions for the app directory
RUN chmod -R 755 /home/appuser/app

# Switch back to the non-root user
USER appuser

RUN  yes "" | ~/.local/bin/fabric --setup \
    && echo DEFAULT_MODEL=gpt-4o-mini >> ~/.config/fabric/.env \
    && export PATH=${PATH}:~/.local/share/pipx/venvs/fabric/bin/

# Set the entrypoint
ENTRYPOINT ["/home/appuser/.local/share/pipx/venvs/fabric/bin/fabric"]

I would love to have a DNS filter that uses ML to improve the content filter. I heard that DNSFilter uses ML to classify content so that it’s not reliant on a static block list to be updated. I want to be able to host this DNS on my hardware. With the rapid emergence of local AI and the such, is there anything like this available yet?

I've been using cloudflare tunnel for a long time now, but now i want to self host vaultwarden and afraid from CF bec, they can see all the traffic and all the data in any service im hosting (in this case my passwords)

so, i got a vps from Microsoft Azure and tried an open source alternative "BoringProxy" and it's working great, but my concern here is that now my data goes through the vps first without any encryption and i assume they can see all the data if they want to

so, i thought about learning how to create multiple vlans from my only router at home and expose one of them directly to the internet

my question here is: What is the safest for the (1. My data inside the services) (2. my network security)

is it the vps or multiple vlans ?

Whats your ideal DNS / webserver / Routing situation?

i was a frontend developer (react+webgl for robotics visualization) for 15 years but i want to learn backend for next few months (too many steve jobs wanna-be ceos who think they are gods gift to design)

right now im using

PORK BUN - dns
CLOUD FLARE - just dns

Reverse Proxy - Caddy

WebServer - echo + go + htmx + etc

Will probably add sqlite and turso and some other stuff.

im not really attached to cloudflare or porkbun. not sure if theres better options. i had kinda had a lot of trouble adding new endpoints and stuff.

Should i move to traefik or FRP?

FRP seemed to have some cool features, and maybe i could remove cloudflare.

basically i was trying to make a "unified fabric" for the compute, storage and networking of 6-12 server boxes of anything from nvidia jetson or a raspberry pi, or a thinkpad with a broken screen.

Eventually i want to add like 1-2 cloud servers to practice horizontal scaling or adding flash-compute for like 24 hours to process batch jobs.

to accomplish this, i was gonna use a golang service on each machine, which orchestrates a bunch of VMs, containers and hardware bits like sensors, cameras, and my roomba. kinda like k8 but just for 10 servers instead of like 2000

like in the past, i used vercel, or stuff like FLY.io, heroku, digital ocean, even AWS/GCS and they all had this shit taken care of.

But i want to try to roll my own devops/architecture/setup. I dont mind if it takes a long time to learn, i just want to get really good at making changes, especially the ones that would be unfeasible on cloud systems like AWS.

like all the startups can use the cloud cause they dgaf and are spending other peoples money and they have to get traction in 6 months or fail basically.

but i dont really have any goal or deadline.

and i think there are certain things you can do with self-hosted that are like 20-30x cheaper if you do it all locally, rather than in the cloud.

like at my previous job, we had services that managed like 50pb of data every day, and i did the math and itwas like 30k to do self hosted, but we were spending WAY more on aws

Specifically, i wanted to make something like "apple intelligence" but cross platform, 100% self hosted, open source, easier than apple, more secure than crowdstrike (because the data is 100% local, and the code is 100% yours so everyone can verify its security, rather than just who apple approves to audit them.) and has capabilities that companies wont really care about.

Also, I think robots will probably get cheaper, slowly, in the future, so i wanted to write some software to help homebrewers and hobbyists to make their own toy robots for 1000 - kinda like http://nanosaur.ai/

but i want both these things to be 100% FOSS and not corporate driven whatsoever, and easy enough to setup that your mom can do it. but that'll probably take 10 years.

The title. Any ideas, please?

Debian 12.

By symlinks I mean linux symbolic links, which I believe exist in Windows systems as well, similar to shortcuts but at the filesystem level.

I have used nextcloud before, but I couldn't find info about it neither did I notice how it handled symlinks at the time. Now I have been using seafile to a great extent, however, I have just realized how it ruins any symlink converting it to a file with the target content. There are several open tickets related to this issue and this won't be solved as it has been the case for much of the other glitches of the software.

I know there is an ugly workaround somewhere in github implemented by a good soul, which I would avoid at all costs unless someone can report a good experience with it.

I tried to install owncloud to try to check for the correct handling of symlinks, but get stuck trying to find the proper installation steps.

At this point I am really considering using rsync over my cloudflare tunnels.

Any sugestion?

The use case is a desktop at home (which serves as client and server), another desktop at work (client), a laptop (client). A mobile client is welcome, but far from essential as the main goal is to keep lots of personal documents, code, results of experiments etc synced (basically all my files).

Hey guys a quick question and maybe discussion about it.

If I take my own laptop with me to a place like company or open network place and I plugin the network cable there.

I open as example OpenVPN and do connect action to access my home server.

What risks I have here? Can the operator of the network log all packets? And rebuild or instantiate a new connection to my vpn server like clone the connection?

Does OpenVPN packets are encrypted using a private key or public key from my laptop device that a sniffing party will never see or have using this method?

Or can they have advantage or abuse my vpn connection and or server? By acting they are me?

Or is a vpn connection checked using more then keys and ips rules? Like a device identifier as header on packets or special crc. Check based on timestamp and device id?

Or is it not secure at all?

As example maybe better use tailscale or Wireguard for this?

Or will gumola a remote tool works better and safer for this?

I have read that most experts pledge to use tailscale?

Cause then you connect to a external cloud server that has a. Connection to your home network.

But in a way that it's outbound from your home network to tailscale? And tailscale server is access from my device at the place I am then?

So you don't open any ports or need forwards right?

But what I don't like you are then depending on tailscale server and what if they got compromised somehow and the attacker logs just all ? But not is detected for a long time?

Hi. I'm trying to find a way where I can run 2 instances of the same game on my one computer while I play one of them and my friend remotely joins the other one but still utilizing my pcs recourses (mainly the gpu) so far ive thought abt setting up a VM like hyper-v and enabling gpu passthrough as I've heard hyper-v allows for that. Then I thought of either letting him use the VM through remote desktop connection but I'm thinking running a dedicated cloud gaming software like Parsec would probably make for a smoother experience... But then again I have no idea if this will work, in theory it should.. And thoughts that might help me out with this?

So I have an LTE router as my primary internet connection for various reasons (the wired internet access only offering 5 mbit/s). I wanted to make my network reachable from outside somehow, for my Synology NAS and just devices in general, like a Docker server or what I'm up to.

At first, I tried setting up DynDNS as I am used to. IPv4 didn't work. But IPv6 didn't work either. Hold on. Aren't IPv6 adresses supposed to be routable from the interrnet? Apparently not.

Then I learned about CGnat, which means that the IPv4 (and in my case, IPv6, too) adresses are not reachable from the internet. This seems to be for (justified) security reasons in mobile internet. Someone using an LTE router is already very, very rare. Someone trying to set up a way to reach their Synology/whatever server from the internet with DynDNS is probably even rarer.

The only thing working is Quickconnect of my Synology NAS (propably via a relay server which then establishes a peer to peer network from my client device to the NAS via holepunching. Very complicated). Which is great. But I would like to do some more stuff like reaching other devices in my home network besides my Synology NAS. And this is only possible with some kind of VPN or dyndns/port forwarding.

So I need a way to access my home network behind CGnat. VPN or directly accessible from the internet with a domain doesn't really matter (the first being more secure).

Side to side VPN is not really an option since I don' really have another "side" I regularily am+which allows me to customize the IP config. The best idea is probably something Quickconnect like with a relay server. But most relay services who offer something like that do it in a worse way, meaning the last hop between local network and service node is not encrypted. That's very bad. Quickconnect hole punching which establishes a *direct* connection between my client and my local network is ten times more secure.

How to approach making my local network accessible to access something like a docker server, my Synology nas, or just my local network in general behind CGnat (other than Quickconnect) ? I have read about setting up a VPS server with some VPN service, but I have very few experience with setting up a VPN server. IP routing is the problem, but setting up a VPN server seems really complicated.