Is there an alternative to unifi that is Podman or Docker compatible/available and better than the old site manager?

Is it your local server, which streams music for your PC and phone? Is it something else?

What about streaming music from your server to your work laptop?

ONYX is a self-hosted, anonymous E2EE messenger. Flutter client, separate server component, no phone number or email required for an account. Solo project, beta is rough in places but moving forward.

v1.7-beta out. The thing I actually want to talk about is WardLink.

Even on a self-hosted setup, keeping your favorited chats in sync between your phone and your desktop usually still routes through the server, or you do it by hand. WardLink does it directly between your own devices over LAN instead. Pair two (or more) devices once via QR, and from then on, when they're on the same network, favorited chats sync passively (if you turn it on yourself, of course :D). No central point holding the sync state, no cloud account needed for it. Traffic is sealed with per-device keys.

I'll be upfront about the limits: It only runs while both devices share a network. This is for the "I have a phone and a laptop in the same house and want them in sync without my server being in the loop" case specifically.

Rest of the changelog:

• chat gallery view
• search across settings, plus chat search by name/keyword
• on-demand and scheduled backups
• adjustable scroll-to-bottom button
• markdown support in the changelog tab itself
• redesigned player, dialogs, and settings (also restructured)
• new storage engine under the hood
• folders stay unlocked for the session on desktop instead of re-locking constantly
• removed the message entrance animation: it was slowing chat opening down more than it helped
• fixed backend bugs affecting message sending, a settings UI arrow glitch, and the biometrics toggle showing up when biometrics aren't available or are disabled on the device

If you're upgrading from an earlier version: this release switches local storage to a new engine, and it migrates your data automatically on first launch. In my own testing it's roughly 80% faster after the migration is done.

Repo and full release notes: https://github.com/wardcore-dev/onyx/releases/tag/v1.7-beta

One-person project, and I lean on AI tooling for parts of the code. Architecture, crypto decisions, and review are mine. Still beta, so expect rough edges. An issue on the repo helps a lot right now if you hit something broken.

TL;DR DietPi has an easy to configure kiosk mode to boot up opening a website. E.g. your gallery displayed with ImmichFrame

The photos

Part of my post vacation workflow involves collecting all photos taken, sorting out the 90% duplicates and blurry ones, and slapping the remaining into an album. There they can sit until some unlucky person asks me about my last journey, or I get an urge to look at them again (about once every three years).

Since using Immich I get these flashbacks a little more often, since it has this memory feature that shows photos from x years ago (folders don't have that. Yeah I used folders before). This still involves opening the app on my phone though, which I'd like to use less in the first place. If only there I had a big screen somewhere in my home that could display images at a decent resolution...

The frame

There is digital frames for that, but I don't want to make room for one. Maybe later. What I realized is: My TV displays this one (pseudo) artsy drawing whenever I turn it on. Instead of seeing this same boring image 5-10min every day: Why not enjoy my photos?

There might be a TV app for that, but I don't want to be opening/installing apps on the TV - I need my photos to show in the 'default' mode (which might be possible with an app, but I didn't bother to check). Instead I grabbed an old RPi3 and installed ~~Raspbian~~ RaspberryPiOS (it has been a while...) and ImmichFrame. A promising looking app that is meant to take my Immich albums and display them. Everything worked super quick, but opening the browser to display the ImmichFrame page hosted in Docker. While messing with a script to open the browser on boot, I noticed that everything felt a little (a lot) laggy. (In hindsight I was probably overheating my little PI due to missing cooling. Fixed this later as well)

The diet

Looking at lightweight OS for the Pi, I discovered DietPi and gave it a quick install. It is very convenient to configure via the console, and while messing around there I stumbled across something-something kiosk mode. That's exactly what I needed! Lucky me didn't know about such things, but it makes sense I guess. Just configure a URL and it will display that page on every boot. Currently ImmichFrame is hosted on the PI as well, so I added a little wait loop into the startup of the kiosk mode, but that's all. Performance is ok right now, but if it continues to lag, I'll just host ImmichFrame on my server.

The Pi gets plugged into the TV and is running all the time, since I could not think of a smarter way. Now I have a neat solution that is fully under my control.

Ive been working on an opensource HSM (Hierarchical Storage Management) engine called HuskHoard. Most transparent storage tools on Linux use FUSE, but I found the contextswitching overhead was killing my NVMe performance for hot data. I decided to bypass FUSE and use the fanotify API to intercept file access at the kernel level instead. How it works A background janitor moves cold files to slow storage HDD/Tape/S3. It leaves a sparse husk file on the SSD. When an app tries to read the husk, HuskHoard pauses the process, recalls the data, and resumes. Its written in Rust and licensed under AGPL3.0. Github: https://github.com/huskhoard/huskhoard Technical Architecture: https://www.huskhoard.com/blog.html Im curious if anyone else here has experimented with fanotify for storage management? I'd love some technical feedback on the architecture

I've been successfully using Jellyfin and Sonarr/Radarr for over 2 years now, and one of those things I find really annoying when it happens is incorrect audio tracks playing or subtitles showing. It happens rarely enough that I forget to do anything about it (until now) but it's something I'd like to never have to think about again.

I'd ideally like my setup to abide by the following rules

For subtitles:

1. Display English[Forced] subtitles by default if applicable (the kind that show up if characters suddenly start speaking another language as part of the media in question)
2. Otherwise have subtitles off by default
3. Have English subtitles available as an option in case I want them
4. Completey remove all other subtitle options from the media entirely

For audio tracks:

1. English by default if available
2. Otherwise the native language of the media as the default (bonus points if English subtitles can be enabled automatically if this case arrises)
3. The native language of the media available as an option if applicable (even if an English audio track is available)
4. All other audio track options removed from the media entirely.

Does anyone know of any tools or post-processing options I can use to accomplish what I want?

I run 0807, a small self-hosted file host. Drop a file, get a short link, and choose when it disappears.

What it does:

• No account, no ads, no trackers
• Auto-delete by time (1 hour up to 30 days, or never) or after a set number of downloads
• Optional password protection on files and on text notes
• Files up to 20 GB, with 16 TB of storage behind it
• Reachable over Tor through an onion service
• Text notes with the same self-destruct and password options
• A few file types are blocked for safety (exe, bat, scripts, and similar)

PS: there is no end-to-end encryption, and that is deliberate. The server can read what is stored.

I want to be able to take illegal uploads down when they get reported, CSAM in particular.

End-to-end encryption would make the server blind to its own contents, which is great for privacy but would also stop me from acting on those reports.

If you need real secrecy, encrypt the file before you upload it. The password option is there for casual privacy (not as protection from me or from whoever might get into the server.)

The code is open, and I host it the same way I host the files, on my own server instead of HERE .

You can read it, propose a change, or open an issue there, no account needed

Happy to answer questions about the setup or take feedback.

Wanted to provide an update around the CLI runner that we shipped a few days ago. This was already on beta for quite some time so now that its on stable, I thought of giving it another go in the community.

For those who are not familiar with the tool and what the h#$@ I am talking about: Voiden is an offline, git-native API tool built on Markdown.

We built it (and then open sourced it) because API tooling sucked (and we work a lot of APIs enough to care to do something about it). I will just name a few issues: cloud dependencies, forced accounts, proprietary formats plus many more.

Long story short, this is Voiden: instead of keeping API requests inside a cloud workspace, Voiden stores them as .void files that can live with your codebase, be versioned in Git, reviewed in PRs, and reused across a team. Plus everything is plain executable markdown. By "everything" I mean really everything: API specs, tests, docs, context...everything.

We have now released the @voiden/runner, which is a headless CLI for running those .void files outside the desktop app.

The runner executes the requests, prints the results, and exits with a standard exit code that CI systems can use.

Things to note:

• runs on Node.js 18+
• works in terminal, CI/CD, Docker, and cron jobs
• supports REST, WebSocket, gRPC, and GraphQL
• supports request chaining through runtime variables
• works with core Voiden plugins like scripting, assertions, faker, advanced auth, + more.

The ultimate goal is to make .void files executable API workflows, not just files used inside the desktop app.

The Github repo: https://github.com/VoidenHQ/voiden

Voiden CLI Runner : https://github.com/VoidenHQ/voiden/tree/beta/packages/voiden-runner

Visit Voiden here : https://voiden.md/

P.S this post is mainly around the Runner but every feedback outside that is also welcome, especially coming from any postman or insomnia power users in the room :)

If anyone else is having issues setting these up, message me and I will zip the whole build to you and walk you through setup.

UPDATE:

So I've made some major progress but still have a persistent issue. Radarr, sonarr, and lidarr are set to rename files, rename folders, and move them to the root directory. Even after importing the media the do not do that. I have both the boxes for renaming ticked, I have hard links turned off, they all have permissions for all the directories involved, and they have the media available in the program. If anyone knows how to fix this I'd love the help. I literally did all of this because I don't want to manually rename 1600 files into a consistent scheme and Radarr apparently doesn't want to either.

I used yams.media to do the full install. It was incredibly easy to use for most of the installation and setup. The Mullvad wireguard setup was a pain. The VPN part of yams specifically says to follow the instructions to the letter but the link it gives is a 404. The mullvad.md it was supposed to take me to was just "TLDR" and two code boxes with no explanation. I managed to bungle my way through with some knowledge from past attempts and the yams VPN test says I'm in Switzerland and my client is ready to go.

Yams wouldn't let me set the directories I needed (it wants one directory for everything and I'm sorting them into different mounted drives) but it was actually remarkably easy to copy the yams config folders into my preferred directory and the yaml file directly into portainer to create a portainer stack running everything I needed. I even learned how to use the env and "advanced env input" in portainer to correct all the variable sections instead of writing all of them myself. All in all, it was exactly what I was wanting to do when I posted the TLDR.

~~Tl;dr: I understand docker is supposed to help get things running on different systems easily, can someone give me a copy of their working Arr stack?~~

Frustrated venting I'm past being new to this server thing having run mine for over a year so I guess I can officially say I'm just bad at it. I've been working on getting Sonarr, Radarr, and, lidarr running since 4 in the afternoon, discounting dinner that's 6 hours of constantly failing to get these to work. This is my 5th time trying since I learned about it in April.

I've given up on the automatic downloads, I've given up on the request system, I'm even done with the torrenting, I'll just do that on my phone. All I want is something that format my 5TB of media to Title (date) instead of MOVIE_TITLE_ALL_UNDERSCORE, or TB_1000, or movie.videoformat.year.special.deluxe.username.host.visit.my.site.please. I was sold on this idea that self hosting was a relatively easy thing that anyone can get into and while I have a good understanding of how a config.yml is supposed to look and work, and I've got a decent understanding of ssh and sftp between two computers, but trying to grt any one of these things to run is soul crushing. I literally work in the foster system and my worst cases do not give me the stress this does. I just want to get it fixed so I can watch Pokemon with my family and offer it to people who will never bother to log on.

~~Edit: OMFG I moved them back into individual folders and they work now. 6 hours of videos and tutorials and not a single thing saying they absolutely have to be in their own folders or it won't work.~~ edit unclear, brain stuck in toaster

Edit 2: turns out, Radarr can't find movies at /movies/movie.mkv and needs /movies/folder/movie.mkv. Now Radarr can import movies but all other problems persist.

Just released GeoTag Photos, a Nextcloud Files plugin to add, read, or remove geolocation metadata from photos in one click.

This tool works both ways: inspect or add location metadata during investigations, visualize where photos were taken via Nextcloud Maps/Memories, or scrub it before sharing sensitive files, all self-hosted, without third parties.

Howdy Selfhosters!

A family member who does not live in my state recently got a new PC, and asked for my help in setting it up. Since it can't be done in person, I'll have to do this over the phone. Problem is, I don't really want to walk them through all of the steps (download Firefox, ublock origin, uninstall W11 bloat, etc) over the phone. I was hoping there exists a software that I could host on my Linux machine (I am able to port forward/host externally if necessary), and instruct them over the phone to download the "other end" (client-side) of the software so that I can remote in and set their PC up myself.

I checked out the awesome-selfhosted list and found that most of the remote access softwares are mainly for SSH servers. I did check out Guacamole, but I'm not sure I understand how to utilize the software. Any help and suggestions are welcome. Thank you everyone!

Hi all,

I'm looking at exposing some self-hosted web-based services externally so that some relatives can access them and would appreciate some advice.

Vikunja is the starting point (mostly to facilitate my spouse and I using it when away from home) but in future I want to set up Immich or similar to replace Google Photos, and that in particular will need to be shared with friends and family (especially so that immediate family can have camera uploads on automatically).

I understand that ideally I'd use SSH, a VPN, or tailscale or similar (although I don't have experience with tailscale), but that's not going to be feasible. Most of the family will not be able to set up those connections themselves (which means I would need to) and several are far enough away that it is impractical for me to provide on-site support or do it myself. Even if I could get a VPN or similar deployed on all their devices, I suspect that they're going to struggle with needing to connect to it just to upload or view photos, then disconnect afterwards to resume using the Internet -- I really need this to "just work" for them.

So this brings me back to safely exposing these services to the outside world. My network architecture complicates this a little, so for context:

• Modem/router has basic firewall and points to a Raspberry Pi for DHCP. I already have No-IP set up with a domain name so that I can SSH into my LAN when away from home.
• RPi runs Pi-hole + dnscrypt, acting as DHCP and DNS server for the network.
• I want to use nginx as a reverse proxy running on this RPi, as I have experience with it and it can add SSL using certbot. The router would be configured to use port forwarding to direct external traffic for ports 80 and 443 to the RPi.
• Vikunja is hosted on a separate Raspberry Pi (with other things like Shiori)
• I have not yet determined where Immich or similar is going to go. I have existing home server that I use for backups and important family stuff, but I really don't want this to be vulnerable to the outside world. If I were to install Immich here, I'd need it to be well-isolated from the rest of the system. The other option is to get a NUC or similar, which is what I am leaning towards as the less stressful option.

So my main questions are:

1. Beyond fail2ban and my router's firewall, what else can I do to protect my network once I open ports 80 and 443?

2. How do I handle fail2ban configuration when the services are on different devices to the nginx proxy? I understand the best place to put fail2ban would be on the Pi running nginx (since it's the access point to the outside world), but that it also needs to read the logs from Vikunja, etc. to be effective.

3. Where would you put Immich in my network architecture?

Any other tips/recommendations for making this easy to use for my less tech-inclined friends and family would be much appreciated as well. Thanks.

@vincent - I'm fairly new to running services on my vms but does anyone have any experience running DotMakeup ? I'd like to host an instance to share some Twitter and instagram accounts in a controlled way to my family on my #friendica instance.

I'm kinda of at that point where I can sort of use #DockerCompose but umm.. honestly not really sure where I would start from git.sr.ht/~cloutier/dotmakeup

Currently running all my docker compose containers on my gaming PC. 15 containers in total. Mostly *arr stack, plex, immich, home assistant, actual budget and jellyfin. Running on Mint.

Want to get these onto a dedicated pc. I have a mini with a I5 10-600, 32GB ram. I've played with it a little with jellyfin, on Debian and don't think I was able to get quick sync enabled with my testing, and one transcode pretty much maxed out the CPU usage. To use this PC, I'd need to buy a 4 bay USB HDD enclosure.

So, basically I'm just wondering before I spend money and time if the hardware is even capable enough for my usage. 3 concurrent streams is probably the most it'd ever see, ideally with no more than 2 transcodes. Immich, home assistant etc are all pretty new and just in testing for now, but would only have 2 users total. Mostly using Plex, jellyfin is also in testing so it'll be ready if plex enshitifies too much.

Hello,

I know it is strictly related to selfhosting but I don't have a reddit account so please bear with me. I've been using a Blackblaze B2 bucket as the storage for my restic backup for my whole homelab for a while and recently when reading from that bucket it is so so so so so so slow and unreliable (a lot of unexpected EOF and interruption). I've tested this on several machines (including a VPS on Hetzer) and I can access other sites just fine. Their status page says nothing and I wonder is it just me or do some of you also experience the same thing ?

Also any alternative recommendation is welcome but I can not selfhost my S3 at the moment :(

Thank you very much!

Edit: this is the log for my restic check --read-data (something similar on Hetzner VPS).

create exclusive lock for repository
load indexes
check all packs
check snapshots, trees and blobs
Load(<data/ef0e80ecc6>, 541, 6322304) returned error, retrying after 508.096097ms: unexpected EOF
Load(<data/ef0e80ecc6>, 541, 6322304) operation successful after 1 retries
Load(<data/c10459132f>, 535, 14002087) returned error, retrying after 1.352882596s: unexpected EOF
Load(<data/c10459132f>, 535, 14002087) operation successful after 1 retries
Load(<data/44089c2105>, 536, 10041504) returned error, retrying after 1.094099947s: unexpected EOF
Load(<data/44089c2105>, 536, 10041504) operation successful after 1 retries
Load(<data/c10459132f>, 481, 3262415) returned error, retrying after 1.418694544s: unexpected EOF
Load(<data/927e700367>, 467, 7776453) returned error, retrying after 634.119689ms: unexpected EOF
Load(<data/927e700367>, 473, 7798234) returned error, retrying after 849.03055ms: unexpected EOF
Load(<data/927e700367>, 467, 7776453) returned error, retrying after 1.243622488s: unexpected EOF
Load(<data/653ef7abb0>, 523, 8280899) returned error, retrying after 578.669152ms: unexpected EOF
Load(<data/fd9edf4117>, 533, 485866) returned error, retrying after 823.382046ms: unexpected EOF
Load(<data/c10459132f>, 528, 3248055) returned error, retrying after 1.402372952s: unexpected EOF
Load(<data/c10459132f>, 524, 3175555) returned error, retrying after 1.425799941s: unexpected EOF
Load(<data/9b179c749d>, 534, 13802701) returned error, retrying after 1.234603672s: unexpected EOF
Load(<data/7b827c96f6>, 531, 8412866) returned error, retrying after 1.49579899s: unexpected EOF
Load(<data/ef0e80ecc6>, 530, 5093059) returned error, retrying after 1.405885227s: unexpected EOF
Load(<data/927e700367>, 409, 7763564) returned error, retrying after 798.04783ms: unexpected EOF
Load(<data/c10459132f>, 481, 3262415) returned error, retrying after 1.362966862s: unexpected EOF
Load(<data/653ef7abb0>, 523, 8280899) returned error, retrying after 2.966804822s: unexpected EOF
Load(<data/927e700367>, 467, 7776453) operation successful after 2 retries
Load(<data/fd9edf4117>, 533, 485866) operation successful after 1 retries
Load(<data/927e700367>, 409, 7763564) operation successful after 1 retries
Load(<data/9b179c749d>, 534, 13802701) operation successful after 1 retries
Load(<data/c10459132f>, 528, 3248055) operation successful after 1 retries
...

Edit: After a day my restic check --read-data finished with no data corruption but it took a lot of retrying, even 7 retries to read the correct data :/ So I guess it is a sign for me to move to somewhere else.

Hi there, everyone.

For various reasons, our family makes use of Life360. I'm wanting to move to either a linux or completely degoogled phone(ATM, I'm on Graphene but utilize the Play store for Life360 and a few other apps) but can't afford not to have the ability for a group of 4 phones to share their locations with each other all the time, not just to send a pin at certain times. I ONLY need the real time sharing to other devices in the group, I don't need anything else that Life360 offers.

It can't be hard to use as one of the phones we need it on is owned by an 80yo with cognitive/memory issues. This is where Life360 shines, we're able to find him without him ever needing to do anything on his phone.

Is there an option for this out there for self hosting? I could even handle not self-hosted but multi-OS and non-Play connected. I do have a couple VPS I could run backend software on, if needed.

Thanks for your time!

I've bounced around running my server on many different OS options, I used proxmox with Ubuntu VMs and containers for a long time and did really like it but decided that for my tiny operation basically just trying to run Jellyfin and maybe a few other things like a Minecraft server, a simple one click deployment OS works good enough for me. Most of the time.

I've really been loving ZimaOS, management is so easy when you're only running a couple basic services like I am. But I decided I wanted to set up an arr stack to build up my media library easier and let others request things. I actually had this set up before on proxmox so it's not my first time.

The only problem is I can't for the life of me get qBittorrent to use my gluetun VPN with Mullvad, the fact that I can't directly edit the compose yml is killing me, because the options that I need to change should hypothetically be simple, but they just don't appear to even exist in the ZimaOS app settings gui. Has anyone gotten this to work?

- I'm new to #Authentik - I've just spun up a test instance and tried to connect my first application (#Postiz) but I'm kind of stuck.

I've installed both Postiz and Authentik using Docker Compose - as provided by the relevant apps.

As far as #Authentik goes it looks like its approving authentication requests (its showing successes in the GUI) but the application just returns to the login screen without progressing.

One thing that I found was that within the configuration of the Application and Provider one URL provided by Authentik is the /application/o/postiz/.well-known/openid-configuration which lists several URLs used by the application - one is /application/o/authorize/ but unlike all the others this returns a 404 error when I try to load it via the browser.

I am struggling to work out if - this URL should 404 should occur and also how to diagnose what the problem is.

I've popped messages in their relevant Discord forums but any ideas or input would be greatly appreciated - I'm figuring getting Authentik is going to be key to getting other applications going.

I wanted to improve the security of a TV connecting to a server on a different LAN, and one approach I thought of is to use a RPi on the network to look after the secure connection.

So the pi could connect to the remove server through SSH, and forward the port locally. I thought this port could then be opened, and the TV can then be pointed at the pi on the local network.

Port forwarding to the pi works but I can't connect to it from another device, even after setting firewall settings.

Basically the firewall rule is ufw allow from 192.168.1.0/24 port 1234

Does this idea work, or is there a better approach? Am I missing something in the setup?

Hello friends!

My first attempt at a selfhosting project is up and running.

My goal was to make a private email and calendar system for my family. As it is private, as in we only email each other, I don't have to worry about delivery blocks or spam. The system needs to support 12 users. Turned out it was easier than I though it would be!

Here is my stack:

• Thinkpad T480 with 64G ram and 1tb ssd
• Windows Server 2022 eval
• MailEnable Standard Edition which is free software from Australia https://www.mailenable.com/standard_edition.asp
• Thunderbird Mobile https://www.thunderbird.net/en-US/mobile/

Right now we are using the native android calendar app but I would love suggestions for a better calendar app.

Happy Hosting!

so im setting up a proper anime server and im kind of stuck on the metadata

been running jellyfin for a bit , had everything scan and it looked fine at first but then i noticed stuff was misclassified , wrong episode orders, some seasons (of the same show) getting merged when they shouldnt be. basically a mess

wiped everything and starting fresh. currently looking at shoko server + shokofin plugin as the proper solution instead of just trying to fix filenames manually

my situation is a bit different tho , i dont torrent. most of my stuff came from animepahe and similar sites so the files are encoded in mp4 ,

anyone gone through this with a similar source situation ? is shoko the move or is there something better for my anime :)

thanks!

Edit : Almost forgot ! if you have any tools, tips or anything really that would be helpful to a beginner like me (like tailscale) please mention them in the comments and i will check them out.

Hi, so been working on this for a week but not really happy with the solutions I find as they seem to be done by induviduals who rely heavily on ai. I got wireguard easy going and can remotly connect which is great but id love to be able to route any internet traffic to and from the wireguard clients to go though another server while filtering my local onsite services. Felt that if i can crack this i dont need to rely on tailscale. The end goal is to have no reliance on tailscale as i am preparing for the eventual enshitification.