In the latest episode of "they will always sell you out" - they sold you out! Who would've thought.

Hoping for a good alternative client to appear, the writing is on the wall. Vaultwarden can't exist without "leeching" off of Bitwarden.

Recently I've installed luci-app-banip on my OpenWrt router and blocked most countries from accessing my services on my network. Not seeing why I would want any of that traffic I also blocked the whole of the ARIN registry, responsible for IP addresses from Canada and the United States.
Edit: Note this is only for inbound traffic. Outbound traffic is allowed no matter the target country.

Fast forward a few weeks and my certbot renewals fail with the following error: Failed to renew certificate enter.domain.here with error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

Confused af I start looking for solutions and as so often only find useless or completely ridiulous solutions (lowering my MTU to 1300, what? WHY?). Finally I find some enlighted figure that says they recently enabled a blocklist for certain countries and that was the issue for them.
Now I make the connection to my use of banIP, re-allow the USA and my cert renewals start working again. Hooray!

However, there are two things bothering me:

1. Why would such a block even interrupt my renewals? I'm using DNS challenges and the ACME servers should only check the DNS entries, not where those entries actually redirect to. The DNS server/root isn't in my home network, so isn't affected by any firewall shenanigans I do here.
2. How can I make an exception for the Let's Encrypt ACME servers while blocking the rest of the ARIN IP space?

I see there's the option for ASN selection and external allowlists:

Does anybody have an idea on how to configure this so that Let's Encrypt continues to work without compromising on my network security?

(Edit: And just for clarity, I do not live in the US or anywhere on the American continent.)

Is there a good android app thats dedicated to reading epubs from your ABS instance? I dislike a lot of things about the native reader in the native app and was wondering if there is something ('Still' seems good but its just for ios)

I usually use ReadEra for reading epubs (which is awesome) but i like the aspect of having my own cloud, not having to download every file manually and syncing my reading status.

Does not need to be free, I am willing to do one-time-payments for a good android reader app that connects to my ABS.

Our family watches TV trough IPTV and via streaming services and it's been fine enough for quite some time. However, now one of our broadcast companies got in a fight about streaming contract with our IPTV provider and we lost a few of the channels. Not that big of a deal for me personally, but apparently there's some shows the rest of the family wants to see. This isn't the first time and likely it won't be the last.

However, all the free channels are available over air as well (and that's one excuse for IPTV operators to exclude offerings, "you can watch it anyway"). We have an antenna, but previous house owners just left the cable loose at the outside wall and brough it trough a hole in window frame. I've removed the cable and patched the hole for it and it'd be pretty difficult to run antenna cable to our TV set cleanly. However, I could pull a new cable nearby to my server stack with reasonable effort.

It's been quite a while since I've played with capture cards and any kind of streaming, so maybe hive mind here has some ideas. TV already has Android TV box connected, so anything that works with it is a bonus, but not a requirement.

So, what software (and hardware) I could use to pull video from DVB-T2 and stream that over local network?

Do you have any advice or suggestions about it?

• Hardware (what should be enough for a local PC, or VPS...)
• Software (OS [Debian, Yunohost, other...], "containerization" (Docker, virtual machines?), dashboard, management, backups, VPN tunneling...)
• "Utilities" to host (Lemmy, Peertube, Matrix, Mastodon, Actual Budget, Jellyfin, Forgejo, Invidious/Piped, local Pi-Hole, email, dedicated videogame servers like for Minecraft, SearXNG, personal file storage like Drive, AI [in the future, when I can afford a rig that can run a local model decently]...)

I'm aware it's a lot of stuff to take on, so, do you have any advice on where to start? (how to find a cheap PC to experiment with, if not get a VPS, what to test on it, what "utilities" to try self-hosting first...)

cross-posted from: https://sh.itjust.works/post/60171730

Hey y'all, looking to land my first DevOps Engineering role soon, and figured I should use enterprise software as much as possible for some resume building and personal practice. For reference, I've set up a NAS server once before but haven't got too much experience outside of that. Basing this on some DevOps Engineers I've talked to IRL and some friends who hire engineers, but wanted extra community feedback.

Use case: parents are data hoarders, probably have at least 4tb saved composed of every type of media you can think of, so hopefully the whole family can use this when I'm done with it all. Otherwise, aiming to be able to claim experience with enterprise grade DevOps software.

Some of this is personal research, a lot of Reddit research, and some LLM comparisons used to choose between two software systems. Please let me know what you'd keep or change! I'm still kinda new to this :p

Hardware: (old gaming pc)

• Intel i5-9600K
• 32GB DDR4 RAM
• GTX 1070
• Gigabyte Z370XP SLI
• Seagate IronWolf 12TB 3.5" SATA

Hypervisor & OS:

• Proxmox VE (type-1 hypervisor)
• Ubuntu Server 24.04 LTS (VM operating system)
• cloud-init (VM provisioning automation)

Infrastructure as Code & Automation:

• Terraform (infrastructure provisioning)
• Proxmox Terraform Provider (VM automation)
• Ansible (configuration management)
• GitHub Actions (CI/CD pipelines)

Containerization & Orchestration:

• Docker (container runtime/builds)
• Kubernetes/k3s (container orchestration)
• Helm (Kubernetes package manager)
• ArgoCD (GitOps continuous deployment)

Networking & Ingress:

• Traefik (ingress controller/reverse proxy)
• MetalLB (bare-metal load balancer)
• cert-manager (TLS certificate automation)
• WireGuard (VPN software)
• Surfshark (VPN service)

Secrets & Security:

• HashiCorp Vault (secrets management)
• External Secrets Operator (Kubernetes secret syncing)
• SSH hardening (secure remote access)

Observability & Monitoring:

• Prometheus (metrics collection)
• Grafana (monitoring dashboards/visualization)
• Loki (centralized log aggregation)
• Promtail (log shipping agent)
• Alertmanager (alert routing/notifications)

Storage & Backups:

• ZFS (filesystem/storage management)
• NFS (network storage)
• Persistent Volumes/PVCs (Kubernetes storage)
• Restic (encrypted backups)
• Velero (Kubernetes backup/disaster recovery)

Container Registry & CI Infrastructure:

• GitHub Container Registry or Harbor (container registry)
• GitHub Runner (self-hosted CI runner)

AWS Emulation:

• LocalStack (AWS cloud emulation)
• Terraform AWS Provider (AWS IaC practice)
• MinIO (S3-compatible object storage)

Self-Hosted Applications:

• Prowlarr (indexer manager)
• Sonarr (TV show management automation)
• Radarr (movie management automation)
• LazyLibrarian (book management automation)
• Lidarr (music management automation)
• Homarr (application dashboard)
• Seerr/Overseerr (media request management)
• Jellyfin (media server)
• qBittorrent (torrent client)
• NZBGet (Usenet downloader)
• Immich (photo gallery & backup)
• Mealie (meal planner)
• Moonlight (low-latency remote gaming)
• Kavita (ebook/manga/audiobook reader)
• Funkwhale (music streaming)
• Grafana (monitoring dashboards)

Hi all, for my own selfhosting needs i looked into many different dashboards, but none really fit my bill.

I want a dashboard that:

• super lightweight
• has no server-side requirements
• can be edited with a single text file
• simple CSS to adapt to your style

and so, of course, i developed my own. After a few years of usage, i upgraded it to AlpineJS (previously uglier code on jQuery) and i am proudly making it public for anybody who might be interested.

Here it is: https://github.com/gardiol/dashboard/

(the project was released on github long ago, but i never wrote about it anywhere IIRC, also i might migrate to Codeberg in the future, so do not bash me for Github)

There is a quite long readme, it's GPLv3, and aboslutely zero lines of AI / Vibe coding. I used AI for research and quick support specially on how to format CSS (which i kind of despise) but nothing else.

As a bonus, there is also a CGI system made in bash (totally optional) that i use for local monitors, but it's kinda messy and really not ready for broader use, so you can ignore the "monitor" subfolder or delete it completely.

Anyway, here it is, hope someone could make use of it.

Does anyone run one of the above on a Pi 4 and can share their experience how good or bad they run?

If course, transcoding won't be any good and OCR probably cannot run in parallel, but aside from that - is it okay?

Currently running everything on a mini ITX with a i5-6600 which handles this easily for my small use cases, but also draws 20-30W idling most of the day... I'm eyeing a Pi 4b with 8gb RAM but don't want to spend the money and then realizing that it doesn't run smooth enough

Update your nginx instances

cross-posted from: https://lemmy.world/post/46851448

• Affected an non-affected versions https://nginx.org/en/security_advisories.html
• CVE record https://www.cve.org/CVERecord?id=CVE-2026-42945
• CVE details https://nvd.nist.gov/vuln/detail/CVE-2026-42945
• PoC https://github.com/DepthFirstDisclosures/Nginx-Rift

CVE - Common Vulnerabilities and Exposures system
RCE - Remote Code Execution
PoC - Proof of Concept

Alright so my lab is pretty much functionally complete; it does everything I was hoping it would and much more.

OK so now what :D Do you know of any projects that are self-hostable and serve no functional purpose whatsoever and exist just for fun? Could be silly projects, could be games. I'd like to add a "silly things" section to my publicly facing list of web services.

For instance, I was thinking of hosting a web version of nethack. Also I enjoyed hosting a node of hypermind for a little while just because it was so silly.

This release brings three main changes.

1. The ability to filter links.
2. Support for an optional notes field.
3. Ability to edit expiry time and notes.

I try not to too many new features to avoid bloat, but it seemed like these were pretty useful for a link shortener, especially when managing thousands of short links. (To my surprise, some people even use it to manage millions of links.)

Please take a look at the release notes for a complete list of changes.

P.S. The next thing I'll be focusing on is improving throughput under sustained load. If anyone has experience with SQLite, feel free to drop any tips. All the db related code is here. I'm mostly interested in improving insert speeds when 1000s of inserts are done per second.

Edit: There's a Codeberg mirror as well.

What to people use and recommend for this? I've read a bit about portainer, but I'm still learning - and don't know what the best solutions are.

Today I have a handful of selfhosted services running on my home machine - mostly installed directly, but a couple running as docker containers. As the scale of my selfhosting has grown, I've realized that things would be a lot easier to manage if each service was run as its own container, so that installed services are isolated.

The solution I'm looking for would make it easy (possibly a web UI) for me to monitor, modify, update, and remove containerized services, including networking and storage.

Edit: Also I would only want a FOSS solution.

Lots of layoffs ("re-evaluating our operational footprint") and switching to "agentic" processes. Target user is AI.

Anyone still hosting Gitlab?

I have always been intrigued by ExcaliDraw but it's a client side thing that don't store your drawings on the server, don't support authentication or multi user out of the box.

I came across ExcaliDash which embeds the tool In a fully self host able solution.

Loving it so far...

.... Not involved with the project, just a user

Cross-posted (hopefully properly) from !selfhosting@slrpnk.net

Looking for some advice on what to do with my selfhosting setup. I currently have 2 Vostro 430's (salvaged from work), and have retrieved 5(!) newer computers from work:

• 1 ThinkStation P330 (1x16gb ram),

• 2 ThinkCentre M720 SFF's (4x4gb ram each), and

• 2 ThinkCentre M73's (mixed ram amounts/brands, may salvage from the Vostro's depending)

The Vostro's are currently setup with 1 of them being baremetal Debian with a Pihole, and a Debian VM with a Headscale server, and the other being baremetal Debian with... just a few containers, and baremetal tailscale as an exit node (I don't like this, need to do better). Using Authelia with a password to block incoming connections, and Traefik as my reverse proxy. It also has 2x10TB and 1x7TB HDD's in Raid1.

My current plan is to see if the M73's are good enough for light emulation (PS1 for sure, PS2 maybe) and Jellyfin, hook 1 up to my TV (to replace the 25' HDMI that is slowly killing itself under it's own weight), and 1 for a relative, connected to my server via Headscale/Tailscale.

I currently have 1 of the M720's hosting a small webserver to learn HTML so I can replace my workplace's website (I did do a temporary replacement already, but it's not great). Trying to decide if it is staying completely separate, or if I am utilizing it in the overall setup.

Now, what I am looking for advice on, is how best to utilize what I have, and any recommendations on better software to use.

• Do I dedicate each computer to different tasks, or learn how to do a docker swarm/kubernetes cluster/something else?

• Should I set up one device as a dedicated NAS, using a NAS focused OS, or continue to use SSHFS mounts?

• Should the file storage be on the best hardware I have available, mid ranged, or should I save one of the Vostros specifically for being a NAS with nothing else running on it?

• Should I learn how to do SSO with Authelia, or is there a better program for SSO (I want to do better with security, and SSO feels like the best place to start)

• What do you recommend as a reverse proxy? I have my Traefik configs working great for automatic service discovery, but the way it stores the certs feels impossible to extract for other services that ask for them, and I have no idea what I am doing wrong with that - hasn't been a problem, but I feel like I should be doing better with this.

I had other thoughts, but they swam away while writing this. If you ask a question/make a comment and I don't answer right away, it means I fell asleep and will answer tomorrow. I am open to any and all suggestions, and am happy to answer any clarifying questions!

I wanted to move away from Tailscale but found Headscale a bit too convoluted for what I actually needed.

Ended up with a simple WireGuard setup using two VPSes: one as a VPN hub, the other acting as a reverse proxy back into my home lab.

It lets me expose services publicly without any inbound port forwarding on my home connection.

Hello all!

I’m one of the maintainers of Portabase, I share about it on Lemmy one month ago (https://lemmy.world/post/45042565) and I have some updates!

Repository: https://github.com/Portabase/portabase

Database homogenous migration is now built-in!

Previously, migrating meant:

• Download backup from the source DB
• Upload & restore it into the target DB

Now: no download, no upload, everything happens directly through the GUI.

It works with all supported databases, and migrations can be done within the same organization.

We also added support for Microsoft SQL Server! It still needs broader community testing to help identify bugs or edge cases we may have missed.

Quick recap : Portabase is an open-source platform for database backup and restore.

We now support 9 databases:

• PostgreSQL
• MariaDB and MySQL
• SQLite
• MongoDB
• Redis and Valkey
• Firebird SQL
• Microsoft SQL Server

What’s new since version 1.10:

• Healthchecks for both the database and the agent (with optional notifications)
• Homogeneous database migration
• Support for Microsoft SQL Server

If you’re using Microsoft SQL Server (or any other supported database), we’d really appreciate your feedback. Feel free to open issues if you find any bugs.

ONYX v1.5-beta

It is one of the biggest ONYX updates so far.

This update focuses on interaction, privacy and improving the overall feeling of using the messenger. Some parts of the interface were completely rethought from scratch, while others were redesigned to become more practical and flexible.

Account Graph

One of the biggest additions in open-beta 1.5 is the new Account Graph system.

Instead of navigating chats through a traditional static list, ONYX can now display your conversations as a dynamic orbital system.

Chats, groups and categories become connected nodes orbiting around your account like a living network. Online users are highlighted through presence glow, orbit speed can be customized, animations can be paused entirely, and the graph position can persist between sessions.

Surprisingly, this ended up becoming much more useful than we initially expected during development. It changes the way navigation feels and creates a completely different perspective on your conversations.

The entire system is optional and can be disabled at any time.

Emergency PIN & Decoy Environment

beta 1.5 introduces Emergency PIN support.

A secondary PIN can now open a completely separate decoy environment instead of your real account.

This environment can contain custom chats, avatars, names and manually configured content in order to appear believable and natural. The Emergency PIN can be changed at any time and always remains separated from the main unlock PIN.

This feature is designed for users who want an additional layer of privacy and control over access to their messenger.

Redesigned Media Cache Manager

The media cache management system has been completely redesigned.

Instead of separate buttons for local and server cache cleanup, ONYX now provides a unified “Manage Media Cache” interface with dedicated Local and Server tabs.

Users can:

• inspect locally stored files
• selectively remove specific media
• view categorized storage usage
• manage server-side files
• monitor storage quota usage through a visual progress bar

This makes cache management significantly cleaner and more practical compared to previous versions.

Redesigned Message Input

The message input field was rebuilt with a stronger focus on animations and interaction feel.

The new design introduces:

• smoother focus transitions
• animated voice recording buttons
• updated attachment button animations

While relatively small on paper, this is one of the most frequently used parts of any messenger, and improving it noticeably changes the overall experience of using the application.

Privacy & Security Improvements

Update also adds several new privacy and security related features.

Users can now:

• hide their account from global search
• manually lock the application through a dedicated Lock button
• receive explicit session expiration warnings when re-authentication is required

Interface & UX Improvements

Additional improvements in this update include:

• improved loading performance across multiple interface elements
• fixed opacity behavior for opponent messages
• ability to hide username/display name inside the account panel
• updated “Add Chat” button placement in Favorites and Groups tabs
• moved group/channel token actions into the overflow menu

Github - https://github.com/wardcore-dev/onyx/releases/tag/v1.5-beta

Always open to feedback!

Hello everyone!

I did it. I reached a point where I got everything exactly how I wanted and now... Now I am dissatisfied as I look over my home lab's chaotic mess of a setup. This was my first time selfhosting things, and I learned a ton of stuff. I'll probably want to tear it down and start anew in the near future, being much tidier and mindful of what goes where.

Does anyone have any tips they want to impart to someone who's not an entire newbie but still learning stuff? Kind of a "If I could tell myself this before I set everything up, I would say..."

except for nor using it at all, of course.

So I want to make my homelab IPv6 ready, because I have too much free time, i guess. There are two decisions that I'm currently unsure about:

1. ULA or not. Do you have local only addresses or do your clients communicate using the global IPv6 address? Does not using ULAs work without a static IP from the ISP?
2. DHCPv6 or is SLAAC enough?

For each question both options seem to be possible and I'm interested in your experience

Cheers