Hi everyone,

I’m one of the maintainers of Portabase. I already shared the project here recently, but we have a major update: REST API is now available!

Repository: https://github.com/Portabase/portabase

This is still a first version and it will be extended over the coming weeks.

Since this was requested by the community, the goal is to make Portabase easier to integrate into automation workflows, CI pipelines, n8n scenarios, and other external tools.

Swagger with OpenAPI documentation is also available: https://portabase.io/docs/dashboard/api/introduction

This should make it easier to explore the available endpoints and start testing.

Quick recap for those who do not know the project yet: Portabase is an open-source platform for database backup and restore, built on an agent-based architecture with one central server and lightweight agents deployed next to your databases.

We now support 9 databases:

• PostgreSQL
• MariaDB and MySQL
• SQLite
• MongoDB
• Redis and Valkey
• Firebird SQL
• Microsoft SQL Server

As always, feedback is very welcome. Feel free to open an issue if you find a bug or have suggestions.

cross-posted from: https://sh.itjust.works/post/61139432

I seriously can't believe how much progress he's made for the FOSS community. He actually might take a bite out of the big 3's profits with this

Today I randomly felt on this release note, mentioning an RCE “under certain conditions “

Digging up a bit, it’s a full blown RCE on any default install. Worst, unless you were aware of the /storybook path, it’s very unlikely you blocked it.

I also wrote a small POC here https://gist.github.com/Calyhre/67337024ece3762cbc3c9e4956b0e3d4

If you are using Plausible 3.0.0 until 3.2.0 included, you should upgrade ASAP, and rotate everything

Has anyone migrated from CasaOS to ZimaOS?

Is it worth the migration? It seems like a lot of work, and maybe going in a more commercialized direction that I don't like.

Curious what other people's thoughts/experiences are.

I am switching to Databasus for backing up my databases. Postgres has been fine but on two separate mariadb databases, Databasus cannot create read only users. Everything is on docker compose on separate stacks with a bridge network backup-db between the database containers and Databasus.

I think the problem is that the normal user only has permission for the single database but not universal, so have something I can try but I can't seem to actually login to the databases with the root passwords set in .env a long time ago (along with the normal user / pw which seen to be used fine by the apps). My Nextcloud database is one of the issues. The root PW env variable is the one taken from there database documentation.

Trying to access through "docker exec -it <db_container_name> mariadb -u root -p"

I have already tried setting the -h flag as localhost, 127.0.0.1, <db_container_name> and <nextcloud_app_container_name>.

I tried changing the root PW too.

Any help would be greatly appreciated!

How do you monitor your homelab network for internal attackers? E.g. you have a publicly available service and theres a vulnerability that you miss or you pull a bad update and suddenly someone has access to your VM/machine/container. How could you increase the chances of automatically detecting that?

The built in IDS in opnsense seems pretty useless, and doesn't really help detect if e.g. someone is trying to exploit services between your vlans (I could be using it wrong though).

Crowdsec in opnsense is nice but it seems to also be primarily for protecting from malicious actors coming from the WAN.

I've heard about the opnsense zenarmor plugin but you have to agree to a privacy policy to use it?

Another option I guess would be collecting firewall logs and making custom notifications for things that you think would be suspicious on your network.

I also know update cooldowns and not exposing anything could largely solve this too, but the monitoring and alerting question really interests me.

So today after almost a year of learning what self hosting and what a nas and raid configuration was, I was to get a used hp prodesk 600 g6 mini and install zimaos on it. Zimaos really made things a lot simpler than I thought it was going to be. I was easily able to install portainer and immich and it wasn’t as hard as I thought it would be.

I’ve actually made a goal now to use this for me to get used to it and since I already have a list of what I would like to self hosting for my parents as well as for myself, I’m going to take this as an opportunity to try to set everything up so I’m comfortable with it and when I’m ready to buy a nas for my parents and set it up for them, it won’t be hard. I will also learn how to do remote access and how to do it safely and maybe even try out different nas os to see which one I’m comfortable/like more.

Anyway I just wanted to say that I’m happy to be deep diving and this and can’t wait to learn and host more!!

Synology is for work files, photos, Unifi, and a few other misc items. Right now Unraid is just for Jellyfin w/ Tailscale access. Homeassistnat literally just runs a dashboard and a few lights + plugs but I mostly went back to wyze for that. Raspiblitz is for bitcoin node and lightning.

Sometimes I think I should consolidate but it's a daunting idea so for now I'm running them all.

I can finally set this partially aside for a little while. v1.0.0 is now available.

Cliparr is a self-hosted media-clipper that runs *mostly * in your browser to quickly and easily create clips from your personal media. Whether it's Jellyfin, Plex, or a local video, you can jump in and quickly export a clip in a variety of file types and resolutions.

To use it, you would do something like:

• Watch a video on Jellyfin, pause at something funny.
• Open Cliparr and click "Edit Clip"
• The clip will begin exactly where you paused. Trim to your desired length.
• Customize subtitles, if you desire.
• Click "Export".

Like I shared a week ago, you will then have something like this

Check out the new website and docs at https://cliparr.dev/ The repo is available here: https://github.com/TechSquidTV/Cliparr

I'll shamelessly ask you to please share! I can not post on that other site, try as I might.

I want to start with self hosting something available from internet. Currently I have jellyfin, nas etc but everything is available in local network.

My biggest concern is securing local network. I thought i will run application on separate server, I will use small vps as proxy, but Im not sure if it will be enough

Hey folks! I know a while back there was a kerfuffle because syncthing-fork for Android went dark, and then a new person showed up and claimed everything was cool and they'd been privately given the keys or something, and people were concerned. I pinned my fdroid version to the at-that-time-current release until we got clarity.

Well, it's been a while and I just noticed I'm still on that old release. So... how'd it turn out? Do we like the new person yet? Is there a promising fork y'all are using? Or is the project dead? I'm sure I could just go look at the repo, but I'm also sure the repo would tell me "yeah, we're all cool" no matter what, so I'm curious what the community feelings are. Have there even been any useful new releases since then?

Thanks!

0.9 is out.

Quick context if this is your first time: Ideon is a self-hosted visual workspace, an infinite canvas where you drop blocks for your Git repos, notes, tasks, files, and now automation. Everything about a project in one place.

The last release post ended with "move from visibility to control." This is the start of that.

Webhook block: drop one on the canvas, it becomes a live HTTP endpoint. CI pipeline finishes, monitoring alert fires, form submits, POST to the URL and Ideon reacts. Configure what happens: set a block's visual state, change its color, create a Kanban task, prepend text to a note. Runs server-side, no open browser tab needed.

Cron block: same action set, triggered on a schedule instead of an event. Preset or custom cron expression.

LaTeX block: several people asked for it. Write $...$ or $$...$$, toggle preview, done. Turned out to look better on the canvas than I expected.

Proxy / Header Auth: probably the most relevant one for this crowd. Already running Ideon behind nginx mTLS, Traefik, or Authelia? You can now configure it to read user identity straight from the headers your proxy injects. No OAuth round-trip, no separate IdP. A few env vars, and all auth events still go to the audit log.

Still open source, still self-hosted only.

GitHub: https://github.com/3xpyth0n/ideon

Docs: https://www.theideon.com/docs

If you ever ran eMule or MLDonkey back in the day, this will feel familiar — but it's built from scratch in Rust on modern infrastructure.

rucio is a decentralized peer-to-peer file sharing app. No trackers, no central servers, no relay nodes for the actual data. Peers find each other and the files through a Kademlia DHT (plus mDNS on the local network), keyword search rides on Gossipsub, and bytes move directly between peers.

I started it partly out of nostalgia and partly because I wanted a P2P stack I actually understood end to end — discovery, transfer, NAT handling, the lot — instead of a black box. It grew into something I now use daily, so I'm putting it out there.

What it does today:

• Fully decentralized — Kademlia DHT over the internet, mDNS on the LAN, no infrastructure to run (though you can run a bootstrap node if you want one).
• Web control panel — manage shares, searches and downloads from the browser. It's served by the daemon itself (Leptos/WASM), no extra process.
• Command-line client — a scriptable rucio CLI for everything, locally or against a remote daemon.
• Magnet links — share any file with a single rucio:<hash> link, generated entirely offline if you like.
• Resumable downloads — interrupted transfers pick up where they left off after a restart.
• Directory sharing — point it at a folder and every file inside gets indexed, hashed and announced automatically.
• NAT-friendly — HighID/LowID-style handling so peers behind NAT can still download; publicly reachable nodes serve chunks to everyone.
• Single binary — the same rucio binary is the daemon (ruciod) and the CLI depending on how you invoke it.

The eMule/Kad bridge (the fun part): rucio can optionally talk to the eMule Kad2 network. That means you can search Kad and download ed2k:// links right alongside native rucio transfers. It's opt-in (a build feature), but it's there because a chunk of those old files are still out there and still moving.

Some screenshots:

Try it (container):

docker run -d --name rucio \
  -e RUCIOD_API_LISTEN=0.0.0.0:3003 \
  -e RUCIOD_UPNP=false \
  -v rucio-data:/var/lib/rucio \
  -p 4321:4321/tcp \
  -p 3003:3003/tcp \
  -p 4662:4662/tcp \
  -p 4672:4672/udp \
  ghcr.io/ogarcia/rucio:latest

Then open http://localhost:3003/. There are slimmer image flavors too — latest-headless (daemon only), latest-cli (standalone client), and latest-bootstrap (a DHT bootstrap node). Pre-built binaries for Linux and macOS (x86_64 + aarch64) are on the releases page as well.

Note: If you download the precompiled binary from releases, when you extract it, create a symbolic link from ruciod to rucio, and run ruciod for the daemon and rucio for the CLI.

Honest caveats (it's early):

• I work with AI, so I’m not going to lie to you—there’s some vibe coding involved. I review and go over what I’ve done, but I want to be honest. If you don’t like it, just skip this app.
• This is v0.1.0, pre-1.0 — expect breaking changes (DB schema, API, config) between releases. I'll happily break things to get them right.
• There is no built-in authentication. If you expose the daemon beyond your own machine, put it behind a reverse proxy with auth (the docs have an nginx + basic-auth example). Keep the API port private otherwise.
• It's the work of one person so far. Rough edges exist.

Links:

• Source: https://github.com/ogarcia/rucio
• Containers: ghcr.io/ogarcia/rucio
• License: GPL-3.0

cross-posted from: https://lemmy.world/post/47534332

I have spent a long time at Synology Photos, along with my family. We have tags and albums. Is there a good way to migrate? I'm even open to migrating manually (album by album) if I could trust the process.

Hi, so I have a little Proxmox box with two VMs: VM1 and VM2 which is a clone of VM1. I change the mac of VM2 to avoid conflict and I reset the machine ID of VM1. I then have a seperate pfSense machine machine that that acts as router, firewall and DHCP server. Proxmox is on the 192.168.20.1/24 domain. In the DHCP server, Proxmox get IP 192.168.20.8 explicitly assigned. All good to this point. I've set VMs on pfSense to get the 192.168.20.9X addresses assigned. VM1 gets 192.168.20.91 assigned, while VM2 should be getting 192.168.20.92.

But this is what actually happens:

• VM1 gets 192.168.20.106 assigned, despite telling pfSense to assign it 192.168.20.91. This happens even with VM2 shutdown. The DHCP Lease table is showing 91 up and running and does not list 106. Yet, the ARP table shows 106 assigned and no 91 assigned. This is even with me deleting the 106 entry from the ARP table several times and rebooting both the VM and the Proxmox server.

• The VM is definately getting 106 assigned as I can log into it with 106 IP but 91 doesn't respond (no route to host).

Is this something to do with the bridge configuration on Proxmox? Iv'e added a screenshot of what I see. It doesn't seem to be that complicated to setup a bridge?

I can't get my head around this so tips are welcome.

EDIT: I've just run 'sudo ip' on the VM and i see the ens18 interface with the MAC I assigned to it and the 106 IP assigned to this interface. There are then seven of 'vethXXX' interfaces. Not sure what these are. There are also four 'brXXXX' interfaces, one 'loXXXX' interface and one 'docker0' interface, the latter probably used by the docker subsystem running on the VM. I imagine the 'brXXXX' interfaces are the docker containers themselves (I think I have four running). But what are the 'vethXXXX' interfaces? Sounds like its something to do with "virtual interface". Why so many and what is creating these?

I got a banner warning today linking to this page. It was announced a while back, but I either didn't see it or forgot.

We have made the difficult decision to limit the use of LanguageTool’s browser extension to Premium users only. The rise of generative AI has made it more challenging to sustainably monetize our offering. A majority of users use our products for free, and the relatively small percentage of Premium subscribers is all that is subsidizing our continuously increasing server costs. To improve our Premium experience and to sustain our business model, we’ll be making the LanguageTool browser extension available exclusively for paying customers.

The key bit for people who can selfhost:

Yes. If you are a developer, you can still host and run your own instance of LanguageTool’s server. The browser extension will continue to work as it currently does for users who use it with their own server.

Hi Selfhosting community.

Was looking for PaperCut alternatives that are self-hostable and preferably open-source. I came across this software: SavaPage. It looks really great, loads of features that ticks many of the boxes I need it for. I want to implement this at our offices. Wondering if anyone here has any experience with this, and if you might be willing to share said experience?

TIA.

Edit: I've tried out a few, here's what I found:

• PiGallery: Super fast, really easy to get going. Not a huge amount of features but really functional. If you just want a gallery, its a great choice.
• Home-Gallery: Nice looking with a basic detection features. No slideshow, but good filtering options. Definitely tried to make my CPU into a hot plate when processing.
• Immich: WAAAAYYYY more resource friendly than their docs suggest. Trimmed up further using an existing postgres and redis, and offloaded the ml onto my photo editing workstation. Would be even better if I could use the mac I had to buy for some client work since its just sitting there, but maybe one day.

The Result: Yeah I'm using Immich. Thanks everyone!

Hey everyone, would really appreciate some ideas on image + video gallery options.

We have a bunch of personal photos and videos taken over the years, and since we don't want them on cloud providers, right now they are just a bunch of folders on a local share. We do actually enjoy going through them, but browsing a directory isn't the most fun experience.

Something that had a nice photo/video browser, maybe albums, a slideshow option (maybe with shuffling?), and tags would be great. I'd like to not have to duplicate the images into yet-another-storage-location, so something that can just pull from that share would be great. Backups are also already handled, so not a factor here.

I've tried Stash, but thats more oriented toward the adult industry, so it requires a lot of manual intervention.

Ive never tried Immich, but it seems like a lot for this scenario. Maybe I'm wrong though, let me know.

This will never be available anywhere outside of our home (well aside from a WG connection back to our home), so I don't care about sharing links or any of that kind of stuff. Media is mostly jpg with some Canon and Fuji raws, h264 and h265 videos.

Let me hear your recommendations for open source, locally hosted, no cloud personal media enjoyment!

Recent post re: AI as utility

https://www.tomsguide.com/ai/people-will-buy-intelligence-from-us-on-a-meter-chatgpts-ceo-sam-altman-has-critics-worried-with-his-ai-vision

Myself, I'm a fan of local LLM / self hosted ML.... but if you ever needed a clarion call that a hard pivot is coming (soon) for online/ cloud based AI...Altman et al are making some concerning mouth noises (to say nothing of broader concerns with OAI, Anthropic etc).

Right now, I'm sketching out a plan where my Raspberry Pi (always on, 2-3w) uses a magic packet to wake up my modest AI server (Lenovo P330 with Tesla P4) if/when needed (Qwen 3.6-35B-A3B); no point in chugging down 80-100w, 24/7 for no good reason.

If the trend continues the direction it appears to be (increasing costs, environmental impacts etc) then I'd feel a lot better hosting my own as port of first call and replacing simpler tasks with more traditional programs. YMMV.

Gah! This bit me today.

I'm experimenting with switching from Tailscale to Netbird. I was streaming Jellyfin to my TV via netbird and was surprised when it started buffering. Turning down the video quality helped keep the stream going.

Yeah, no wonder. Turns out my video was being streamed via relay because all of the Android apps default to force relayed connections.

I guess they're working out some kinks still... anyway, turning that setting off fixed my streaming latency!

I want to host some LLM's locally and use more advanced models. Since new hardware is out of the question, I think I should be able to pull something off buying some yesteryear equipment on ebay etc. Did anybody attempt such a project? Does it scale horizontally? (I.e. can I connext two boxes to overcome single box slowness?)

hey everyone, I wanted to share a project l've been developing for the past two weeks. I had tried to find a minimalist open-source bad-habit tracker, but I didn't like the ones I found or ran into some issues. So I decided to build one using the stack I know best. I added some features like setting a target number of days with a progress bar toward that target, notes and a feed to save articles, news, or video links that help you stay focused on your goal. there's also an option to set a password to access the site, and both light and dark themes.