I'm looking to expand into having a online library and looking for some real world experiences and opinions. Ideally, looking for someone that worked well with docker and the various arrs.

I've been building PRISM - a self-hosted OSINT toolkit you run yourself instead of pasting investigation targets into someone else's web service.

Give it a domain, IP, email, phone, or username and it runs 22+ modules in parallel into one dashboard: WHOIS, DNS, crt.sh subdomains, GeoIP, threat intel (Shodan/VirusTotal/AbuseIPDB/Censys), breach data, username search across 3000+ sites (Blackbird + Maigret), dark-web mirror checks, and more. Results come with an entity graph, a GeoIP map, an OPSEC exposure score (0–100), and HTML/PDF/CSV/Markdown exports.

Your targets never leave your PC, and 14 of the 22 modules work with zero API keys (missing keys degrade gracefully instead of erroring).

Stack: FastAPI + Next.js 14, runs with one docker compose up. MIT licensed.

Demo: https://getprism.su/ Github: https://github.com/NovaCode37/Prism-platform

Built it solo - feedback welcome, especially on which modules you'd want added.

Two days ago, I posted to this community asking for help with managing subtitles and audio tracks on my media server (and removing the ones I don't need). @ohulancutash@feddit.uk suggested I try Muxarr which looked promising, so I set it up yesterday.

First impressions were good, the setup was really easy and I set up the profile I wanted in around 10 minutes (only keeping the English and original audio tracks, and only English subtitles). I enqueued all my files (there's a big green button in the top left which I somehow missed for a few seconds, but that's on me) and it started doing its thing. It did take a while to process my nearly 3000 files so I left it running overnight. I came back this morning to find it had worked perfectly and all my media had the unwanted tracks removed.

What's possibly even more impressive though, and something I wasn't expecting, was that removing all that unneeded data had freed a whopping 135GB of storage!! I only have 8tb available total and with storage prices as they are right now, that's really quite a significant amount to just be sitting there holding data that will never be used.

I just wanted to take a few minutes out of my day to write this and thank @ohulancutash@feddit.uk and this community for recommending Muxarr to me and spread the word to others who didn't know about it like me two days ago

Cliparr 1.2.0 is out, with many small improvements and a new convert tool.

Cliparr is a self-hosted browser-based personal media clipper. Load up Jellyfin or Plex to the moment you want to capture, open Cliparr, and export.

What's New

• Offline, browser-based video converter with GIF support.
• Fix Jellyfin HLS streams not transcoding
• Add user-select filter for popular servers

See the release notes: https://cliparr.dev/changelog/#v1.2.0

Read more about adding GIF support to Cliparr, it wasn't as simple as it sounds: https://cliparr.dev/blog/convert-video-in-your-browser/

Progress Report:

So, building on @captcha_incorrect 's n8n script he graciously offered, and pulling data into Grafana, and learning how to python correctly....it's been a journey. However, I am happy to report that I have some weather data now. It's by no means a finished product but I have made some progress.

The extended forecast in the right hand side took me some time to figure out pagination so I could scroll through 5 days in advance. The weather tab at the top left will get a couple more tabs. One for forecast map, if I can figure that out. LOL

I'm running Monicahq on Pikapods. v. 4.1.2. I've entered my email address in the settings>General. After this email address it says "This is the email used to login, and this is where Monica will send your reminders." However, I'm getting no notifications.

I've tried looking in the monicahq manual. The documentation doesn't appear to correspond to my version. I can't find this in my instance: https://docs.monicahq.com/user-and-account-settings/notification-channels#anatomy-of-the-notification-channel-list

The documentation says it's possible to send test notification:

https://docs.monicahq.com/user-and-account-settings/notification-channels#send-tests-and-logs

I can't find a page where I can send a test notification on my instance.

How can I fix notifications? Any help gratefully received.

I've been using this as my e-book library management for a couple of months now, ever since switching from booklore, which imploded a bit.

I just noticed today that it hasn't shipped an update since February, and in fact there's been essentially no activity on the GitHub page since early February. Four months is not that much time without an update, but it is a pretty long time without any new commits. I'm not seeing the lead developer replying to reports, etc. Is this still an active project? Does anybody know? It seemed like there was a lot of enthusiasm behind this project six months ago, so I'm not sure.

Edit: There is an active community on Discord that is working on updates. There is a fork with bugfixes here.

I've had several people ask me how to set local AI up on a laptop or desktop computer so I decided to make a guide that cuts through a lot of beginner confusion. I run Windows, so I put wrote out the windows guide first, will do a writeup for Linux and Mac if I see any demand or requests. My guide Covers both LM Studio and Ollama, plus Open WebUI if someone wants a browser interface instead of working purely from a terminal.

Goes through model picks by RAM (what's actually usable at 8/16/32/64GB+), GPU offloading, and a troubleshooting section for the stuff that actually trips people up — port conflicts, CUDA OOM errors, Ollama not showing up in PATH, that kind of thing.

It's a paid guide, $10, https://indigonynja.gumroad.com/l/jqwisc

Happy to answer questions in the comments tell me your RAM/GPU and I'll line out what to run, *I'm not an expert and I'm sure there's other people on here that another stuff a lot better than me but I'm happy to help and any support is greatly appreciated!

Let's say you have access to a remote machine and use it to copy backups occasionally, eg with rsync. Your local machine has credentials stored that allow write access on the remote machine, however if the local account was compromised that could also allow access to the remote machine and the data stored there.

How can you grant access to an account to write remotely, but also protect the data from this account? One possibility could be to change the permissions on the data after it is copied to prevent deletion/interference, although I'm just making this up. Is there a standard practise for this?

I've been running self-hosted AI agents for a while. Tools like OpenClaw and Hermes do this well and were a big inspiration, but they're CLI/dev-first and headless. I wanted that kind of power with a real, mobile-friendly UI my non-technical wife could actually use from her phone. I couldn't find it, so I built it for my own household and open-sourced it. Not claiming to reinvent anything (there's a new "AI agents platform" every other week right now), I just took the UI-first angle.

Self-hosting fundamentals:

• Single Docker container. Bun + SQLite, no Postgres, no Redis, no external cloud. All state in one volume.
• Light enough to run on a small home server.
• Secrets are stored in an AES-256-GCM encrypted vault and never sent to the LLM provider.
• Reachable over Telegram, WhatsApp, Slack, Discord, Signal and Matrix.
• Bring your own keys: Anthropic, OpenAI, Gemini, OpenRouter (an OpenAI-compatible endpoint for llama.cpp / LM Studio / vLLM is in progress).
• MIT, actively maintained.

The parts I focused on (where having a UI actually pays off):

• A proper web UI that works on mobile, not a terminal.
• Full transparency into what the model sees: you can inspect the exact context sent to the LLM and the token cost of every message. No black box.
• Tool calls rendered visually in the chat with custom renderers (a weather call shows a weather card, not raw JSON).
• Mini-apps embedded in the UI: small interactive apps, dashboards, even live background services.
• Create your own tools from inside the platform, instantly reusable by any agent.
• A Kanban board to manage projects and tickets the agents work on.
• A plugin system (NPM) to add providers, channels, tools and more.
• Connected accounts with triggers (e.g. an incoming email can wake an agent).
• A workspace file browser and terminal, in the UI.
• Conversational setup: an onboarding agent walks you through configuring everything.
• Image generation and TTS/STT built in.

Install:

docker run -d -p 3000:3000 -v hivekeep:/app/data ghcr.io/marlburrow/hivekeep:latest

Open the web UI and the setup agent takes it from there.

GitHub: https://github.com/MarlBurroW/hivekeep Site + demo: https://hivekeep.app/

It's young and I'm after honest feedback. Disclosure: I'm the author, happy to answer anything.

Is there an alternative to unifi that is Podman or Docker compatible/available and better than the old site manager?

Is it your local server, which streams music for your PC and phone? Is it something else?

What about streaming music from your server to your work laptop?

TL;DR DietPi has an easy to configure kiosk mode to boot up opening a website. E.g. your gallery displayed with ImmichFrame

The photos

Part of my post vacation workflow involves collecting all photos taken, sorting out the 90% duplicates and blurry ones, and slapping the remaining into an album. There they can sit until some unlucky person asks me about my last journey, or I get an urge to look at them again (about once every three years).

Since using Immich I get these flashbacks a little more often, since it has this memory feature that shows photos from x years ago (folders don't have that. Yeah I used folders before). This still involves opening the app on my phone though, which I'd like to use less in the first place. If only there I had a big screen somewhere in my home that could display images at a decent resolution...

The frame

There is digital frames for that, but I don't want to make room for one. Maybe later. What I realized is: My TV displays this one (pseudo) artsy drawing whenever I turn it on. Instead of seeing this same boring image 5-10min every day: Why not enjoy my photos?

There might be a TV app for that, but I don't want to be opening/installing apps on the TV - I need my photos to show in the 'default' mode (which might be possible with an app, but I didn't bother to check). Instead I grabbed an old RPi3 and installed ~~Raspbian~~ RaspberryPiOS (it has been a while...) and ImmichFrame. A promising looking app that is meant to take my Immich albums and display them. Everything worked super quick, but opening the browser to display the ImmichFrame page hosted in Docker. While messing with a script to open the browser on boot, I noticed that everything felt a little (a lot) laggy. (In hindsight I was probably overheating my little PI due to missing cooling. Fixed this later as well)

The diet

Looking at lightweight OS for the Pi, I discovered DietPi and gave it a quick install. It is very convenient to configure via the console, and while messing around there I stumbled across something-something kiosk mode. That's exactly what I needed! Lucky me didn't know about such things, but it makes sense I guess. Just configure a URL and it will display that page on every boot. Currently ImmichFrame is hosted on the PI as well, so I added a little wait loop into the startup of the kiosk mode, but that's all. Performance is ok right now, but if it continues to lag, I'll just host ImmichFrame on my server.

The Pi gets plugged into the TV and is running all the time, since I could not think of a smarter way. Now I have a neat solution that is fully under my control.

Ive been working on an opensource HSM (Hierarchical Storage Management) engine called HuskHoard. Most transparent storage tools on Linux use FUSE, but I found the contextswitching overhead was killing my NVMe performance for hot data. I decided to bypass FUSE and use the fanotify API to intercept file access at the kernel level instead. How it works A background janitor moves cold files to slow storage HDD/Tape/S3. It leaves a sparse husk file on the SSD. When an app tries to read the husk, HuskHoard pauses the process, recalls the data, and resumes. Its written in Rust and licensed under AGPL3.0. Github: https://github.com/huskhoard/huskhoard Technical Architecture: https://www.huskhoard.com/blog.html Im curious if anyone else here has experimented with fanotify for storage management? I'd love some technical feedback on the architecture

ONYX is a self-hosted, anonymous E2EE messenger. Flutter client, separate server component, no phone number or email required for an account. Solo project, beta is rough in places but moving forward.

v1.7-beta out. The thing I actually want to talk about is WardLink.

Even on a self-hosted setup, keeping your favorited chats in sync between your phone and your desktop usually still routes through the server, or you do it by hand. WardLink does it directly between your own devices over LAN instead. Pair two (or more) devices once via QR, and from then on, when they're on the same network, favorited chats sync passively (if you turn it on yourself, of course :D). No central point holding the sync state, no cloud account needed for it. Traffic is sealed with per-device keys.

I'll be upfront about the limits: It only runs while both devices share a network. This is for the "I have a phone and a laptop in the same house and want them in sync without my server being in the loop" case specifically.

Rest of the changelog:

• chat gallery view
• search across settings, plus chat search by name/keyword
• on-demand and scheduled backups
• adjustable scroll-to-bottom button
• markdown support in the changelog tab itself
• redesigned player, dialogs, and settings (also restructured)
• new storage engine under the hood
• folders stay unlocked for the session on desktop instead of re-locking constantly
• removed the message entrance animation: it was slowing chat opening down more than it helped
• fixed backend bugs affecting message sending, a settings UI arrow glitch, and the biometrics toggle showing up when biometrics aren't available or are disabled on the device

If you're upgrading from an earlier version: this release switches local storage to a new engine, and it migrates your data automatically on first launch. In my own testing it's roughly 80% faster after the migration is done.

Repo and full release notes: https://github.com/wardcore-dev/onyx/releases/tag/v1.7-beta

One-person project, and I lean on AI tooling for parts of the code. Architecture, crypto decisions, and review are mine. Still beta, so expect rough edges. An issue on the repo helps a lot right now if you hit something broken.

I run 0807, a small self-hosted file host. Drop a file, get a short link, and choose when it disappears.

What it does:

• No account, no ads, no trackers
• Auto-delete by time (1 hour up to 30 days, or never) or after a set number of downloads
• Optional password protection on files and on text notes
• Files up to 20 GB, with 16 TB of storage behind it
• Reachable over Tor through an onion service
• Text notes with the same self-destruct and password options
• A few file types are blocked for safety (exe, bat, scripts, and similar)

PS: there is no end-to-end encryption, and that is deliberate. The server can read what is stored.

I want to be able to take illegal uploads down when they get reported, CSAM in particular.

End-to-end encryption would make the server blind to its own contents, which is great for privacy but would also stop me from acting on those reports.

If you need real secrecy, encrypt the file before you upload it. The password option is there for casual privacy (not as protection from me or from whoever might get into the server.)

The code is open, and I host it the same way I host the files, on my own server instead of HERE .

You can read it, propose a change, or open an issue there, no account needed

Happy to answer questions about the setup or take feedback.

I've been successfully using Jellyfin and Sonarr/Radarr for over 2 years now, and one of those things I find really annoying when it happens is incorrect audio tracks playing or subtitles showing. It happens rarely enough that I forget to do anything about it (until now) but it's something I'd like to never have to think about again.

I'd ideally like my setup to abide by the following rules

For subtitles:

1. Display English[Forced] subtitles by default if applicable (the kind that show up if characters suddenly start speaking another language as part of the media in question)
2. Otherwise have subtitles off by default
3. Have English subtitles available as an option in case I want them
4. Completey remove all other subtitle options from the media entirely

For audio tracks:

1. English by default if available
2. Otherwise the native language of the media as the default (bonus points if English subtitles can be enabled automatically if this case arrises)
3. The native language of the media available as an option if applicable (even if an English audio track is available)
4. All other audio track options removed from the media entirely.

Does anyone know of any tools or post-processing options I can use to accomplish what I want?

Wanted to provide an update around the CLI runner that we shipped a few days ago. This was already on beta for quite some time so now that its on stable, I thought of giving it another go in the community.

For those who are not familiar with the tool and what the h#$@ I am talking about: Voiden is an offline, git-native API tool built on Markdown.

We built it (and then open sourced it) because API tooling sucked (and we work a lot of APIs enough to care to do something about it). I will just name a few issues: cloud dependencies, forced accounts, proprietary formats plus many more.

Long story short, this is Voiden: instead of keeping API requests inside a cloud workspace, Voiden stores them as .void files that can live with your codebase, be versioned in Git, reviewed in PRs, and reused across a team. Plus everything is plain executable markdown. By "everything" I mean really everything: API specs, tests, docs, context...everything.

We have now released the @voiden/runner, which is a headless CLI for running those .void files outside the desktop app.

The runner executes the requests, prints the results, and exits with a standard exit code that CI systems can use.

Things to note:

• runs on Node.js 18+
• works in terminal, CI/CD, Docker, and cron jobs
• supports REST, WebSocket, gRPC, and GraphQL
• supports request chaining through runtime variables
• works with core Voiden plugins like scripting, assertions, faker, advanced auth, + more.

The ultimate goal is to make .void files executable API workflows, not just files used inside the desktop app.

The Github repo: https://github.com/VoidenHQ/voiden

Voiden CLI Runner : https://github.com/VoidenHQ/voiden/tree/beta/packages/voiden-runner

Visit Voiden here : https://voiden.md/

P.S this post is mainly around the Runner but every feedback outside that is also welcome, especially coming from any postman or insomnia power users in the room :)

If anyone else is having issues setting these up, message me and I will zip the whole build to you and walk you through setup.

UPDATE:

So I've made some major progress but still have a persistent issue. Radarr, sonarr, and lidarr are set to rename files, rename folders, and move them to the root directory. Even after importing the media the do not do that. I have both the boxes for renaming ticked, I have hard links turned off, they all have permissions for all the directories involved, and they have the media available in the program. If anyone knows how to fix this I'd love the help. I literally did all of this because I don't want to manually rename 1600 files into a consistent scheme and Radarr apparently doesn't want to either.

I used yams.media to do the full install. It was incredibly easy to use for most of the installation and setup. The Mullvad wireguard setup was a pain. The VPN part of yams specifically says to follow the instructions to the letter but the link it gives is a 404. The mullvad.md it was supposed to take me to was just "TLDR" and two code boxes with no explanation. I managed to bungle my way through with some knowledge from past attempts and the yams VPN test says I'm in Switzerland and my client is ready to go.

Yams wouldn't let me set the directories I needed (it wants one directory for everything and I'm sorting them into different mounted drives) but it was actually remarkably easy to copy the yams config folders into my preferred directory and the yaml file directly into portainer to create a portainer stack running everything I needed. I even learned how to use the env and "advanced env input" in portainer to correct all the variable sections instead of writing all of them myself. All in all, it was exactly what I was wanting to do when I posted the TLDR.

~~Tl;dr: I understand docker is supposed to help get things running on different systems easily, can someone give me a copy of their working Arr stack?~~

Frustrated venting I'm past being new to this server thing having run mine for over a year so I guess I can officially say I'm just bad at it. I've been working on getting Sonarr, Radarr, and, lidarr running since 4 in the afternoon, discounting dinner that's 6 hours of constantly failing to get these to work. This is my 5th time trying since I learned about it in April.

I've given up on the automatic downloads, I've given up on the request system, I'm even done with the torrenting, I'll just do that on my phone. All I want is something that format my 5TB of media to Title (date) instead of MOVIE_TITLE_ALL_UNDERSCORE, or TB_1000, or movie.videoformat.year.special.deluxe.username.host.visit.my.site.please. I was sold on this idea that self hosting was a relatively easy thing that anyone can get into and while I have a good understanding of how a config.yml is supposed to look and work, and I've got a decent understanding of ssh and sftp between two computers, but trying to grt any one of these things to run is soul crushing. I literally work in the foster system and my worst cases do not give me the stress this does. I just want to get it fixed so I can watch Pokemon with my family and offer it to people who will never bother to log on.

~~Edit: OMFG I moved them back into individual folders and they work now. 6 hours of videos and tutorials and not a single thing saying they absolutely have to be in their own folders or it won't work.~~ edit unclear, brain stuck in toaster

Edit 2: turns out, Radarr can't find movies at /movies/movie.mkv and needs /movies/folder/movie.mkv. Now Radarr can import movies but all other problems persist.

Hi all,

I'm looking at exposing some self-hosted web-based services externally so that some relatives can access them and would appreciate some advice.

Vikunja is the starting point (mostly to facilitate my spouse and I using it when away from home) but in future I want to set up Immich or similar to replace Google Photos, and that in particular will need to be shared with friends and family (especially so that immediate family can have camera uploads on automatically).

I understand that ideally I'd use SSH, a VPN, or tailscale or similar (although I don't have experience with tailscale), but that's not going to be feasible. Most of the family will not be able to set up those connections themselves (which means I would need to) and several are far enough away that it is impractical for me to provide on-site support or do it myself. Even if I could get a VPN or similar deployed on all their devices, I suspect that they're going to struggle with needing to connect to it just to upload or view photos, then disconnect afterwards to resume using the Internet -- I really need this to "just work" for them.

So this brings me back to safely exposing these services to the outside world. My network architecture complicates this a little, so for context:

• Modem/router has basic firewall and points to a Raspberry Pi for DHCP. I already have No-IP set up with a domain name so that I can SSH into my LAN when away from home.
• RPi runs Pi-hole + dnscrypt, acting as DHCP and DNS server for the network.
• I want to use nginx as a reverse proxy running on this RPi, as I have experience with it and it can add SSL using certbot. The router would be configured to use port forwarding to direct external traffic for ports 80 and 443 to the RPi.
• Vikunja is hosted on a separate Raspberry Pi (with other things like Shiori)
• I have not yet determined where Immich or similar is going to go. I have existing home server that I use for backups and important family stuff, but I really don't want this to be vulnerable to the outside world. If I were to install Immich here, I'd need it to be well-isolated from the rest of the system. The other option is to get a NUC or similar, which is what I am leaning towards as the less stressful option.

So my main questions are:

1. Beyond fail2ban and my router's firewall, what else can I do to protect my network once I open ports 80 and 443?

2. How do I handle fail2ban configuration when the services are on different devices to the nginx proxy? I understand the best place to put fail2ban would be on the Pi running nginx (since it's the access point to the outside world), but that it also needs to read the logs from Vikunja, etc. to be effective.

3. Where would you put Immich in my network architecture?

Any other tips/recommendations for making this easy to use for my less tech-inclined friends and family would be much appreciated as well. Thanks.

Just released GeoTag Photos, a Nextcloud Files plugin to add, read, or remove geolocation metadata from photos in one click.

This tool works both ways: inspect or add location metadata during investigations, visualize where photos were taken via Nextcloud Maps/Memories, or scrub it before sharing sensitive files, all self-hosted, without third parties.

Howdy Selfhosters!

A family member who does not live in my state recently got a new PC, and asked for my help in setting it up. Since it can't be done in person, I'll have to do this over the phone. Problem is, I don't really want to walk them through all of the steps (download Firefox, ublock origin, uninstall W11 bloat, etc) over the phone. I was hoping there exists a software that I could host on my Linux machine (I am able to port forward/host externally if necessary), and instruct them over the phone to download the "other end" (client-side) of the software so that I can remote in and set their PC up myself.

I checked out the awesome-selfhosted list and found that most of the remote access softwares are mainly for SSH servers. I did check out Guacamole, but I'm not sure I understand how to utilize the software. Any help and suggestions are welcome. Thank you everyone!