I have luks set up on my server and it is kind of annoying to type the password at reboots (mostly power outages). Strictly speaking I do not need the luks, but I feel its good to have anyway. I was thinking of getting a yubikey and just leaving it on or at least telling a trusted family member where to get it and to plug it in when turning it on.

Has anyone over come a similar set up or issue?

For some clarity I am not a pro and the homelabing is mostly just a learning experience for me.

Do you have any advice or suggestions about it?

• Hardware (what should be enough for a local PC, or VPS...)
• Software (OS [Debian, Yunohost, other...], "containerization" (Docker, virtual machines?), dashboard, management, backups, VPN tunneling...)
• "Utilities" to host (Lemmy, Peertube, Matrix, Mastodon, Actual Budget, Jellyfin, Forgejo, Invidious/Piped, local Pi-Hole, email, dedicated videogame servers like for Minecraft, SearXNG, personal file storage like Drive, AI [in the future, when I can afford a rig that can run a local model decently]...)

I'm aware it's a lot of stuff to take on, so, do you have any advice on where to start? (how to find a cheap PC to experiment with, if not get a VPS, what to test on it, what "utilities" to try self-hosting first...)

cross-posted from: https://sh.itjust.works/post/60171730

Hey y'all, looking to land my first DevOps Engineering role soon, and figured I should use enterprise software as much as possible for some resume building and personal practice. For reference, I've set up a NAS server once before but haven't got too much experience outside of that. Basing this on some DevOps Engineers I've talked to IRL and some friends who hire engineers, but wanted extra community feedback.

Use case: parents are data hoarders, probably have at least 4tb saved composed of every type of media you can think of, so hopefully the whole family can use this when I'm done with it all. Otherwise, aiming to be able to claim experience with enterprise grade DevOps software.

Some of this is personal research, a lot of Reddit research, and some LLM comparisons used to choose between two software systems. Please let me know what you'd keep or change! I'm still kinda new to this :p

Hardware: (old gaming pc)

• Intel i5-9600K
• 32GB DDR4 RAM
• GTX 1070
• Gigabyte Z370XP SLI
• Seagate IronWolf 12TB 3.5" SATA

Hypervisor & OS:

• Proxmox VE (type-1 hypervisor)
• Ubuntu Server 24.04 LTS (VM operating system)
• cloud-init (VM provisioning automation)

Infrastructure as Code & Automation:

• Terraform (infrastructure provisioning)
• Proxmox Terraform Provider (VM automation)
• Ansible (configuration management)
• GitHub Actions (CI/CD pipelines)

Containerization & Orchestration:

• Docker (container runtime/builds)
• Kubernetes/k3s (container orchestration)
• Helm (Kubernetes package manager)
• ArgoCD (GitOps continuous deployment)

Networking & Ingress:

• Traefik (ingress controller/reverse proxy)
• MetalLB (bare-metal load balancer)
• cert-manager (TLS certificate automation)
• WireGuard (VPN software)
• Surfshark (VPN service)

Secrets & Security:

• HashiCorp Vault (secrets management)
• External Secrets Operator (Kubernetes secret syncing)
• SSH hardening (secure remote access)

Observability & Monitoring:

• Prometheus (metrics collection)
• Grafana (monitoring dashboards/visualization)
• Loki (centralized log aggregation)
• Promtail (log shipping agent)
• Alertmanager (alert routing/notifications)

Storage & Backups:

• ZFS (filesystem/storage management)
• NFS (network storage)
• Persistent Volumes/PVCs (Kubernetes storage)
• Restic (encrypted backups)
• Velero (Kubernetes backup/disaster recovery)

Container Registry & CI Infrastructure:

• GitHub Container Registry or Harbor (container registry)
• GitHub Runner (self-hosted CI runner)

AWS Emulation:

• LocalStack (AWS cloud emulation)
• Terraform AWS Provider (AWS IaC practice)
• MinIO (S3-compatible object storage)

Self-Hosted Applications:

• Prowlarr (indexer manager)
• Sonarr (TV show management automation)
• Radarr (movie management automation)
• LazyLibrarian (book management automation)
• Lidarr (music management automation)
• Homarr (application dashboard)
• Seerr/Overseerr (media request management)
• Jellyfin (media server)
• qBittorrent (torrent client)
• NZBGet (Usenet downloader)
• Immich (photo gallery & backup)
• Mealie (meal planner)
• Moonlight (low-latency remote gaming)
• Kavita (ebook/manga/audiobook reader)
• Funkwhale (music streaming)
• Grafana (monitoring dashboards)

Does anyone run one of the above on a Pi 4 and can share their experience how good or bad they run?

If course, transcoding won't be any good and OCR probably cannot run in parallel, but aside from that - is it okay?

Currently running everything on a mini ITX with a i5-6600 which handles this easily for my small use cases, but also draws 20-30W idling most of the day... I'm eyeing a Pi 4b with 8gb RAM but don't want to spend the money and then realizing that it doesn't run smooth enough

Hi all, for my own selfhosting needs i looked into many different dashboards, but none really fit my bill.

I want a dashboard that:

• super lightweight
• has no server-side requirements
• can be edited with a single text file
• simple CSS to adapt to your style

and so, of course, i developed my own. After a few years of usage, i upgraded it to AlpineJS (previously uglier code on jQuery) and i am proudly making it public for anybody who might be interested.

Here it is: https://github.com/gardiol/dashboard/

(the project was released on github long ago, but i never wrote about it anywhere IIRC, also i might migrate to Codeberg in the future, so do not bash me for Github)

There is a quite long readme, it's GPLv3, and aboslutely zero lines of AI / Vibe coding. I used AI for research and quick support specially on how to format CSS (which i kind of despise) but nothing else.

As a bonus, there is also a CGI system made in bash (totally optional) that i use for local monitors, but it's kinda messy and really not ready for broader use, so you can ignore the "monitor" subfolder or delete it completely.

Anyway, here it is, hope someone could make use of it.

Update your nginx instances

cross-posted from: https://lemmy.world/post/46851448

• Affected an non-affected versions https://nginx.org/en/security_advisories.html
• CVE record https://www.cve.org/CVERecord?id=CVE-2026-42945
• CVE details https://nvd.nist.gov/vuln/detail/CVE-2026-42945
• PoC https://github.com/DepthFirstDisclosures/Nginx-Rift

CVE - Common Vulnerabilities and Exposures system
RCE - Remote Code Execution
PoC - Proof of Concept

Alright so my lab is pretty much functionally complete; it does everything I was hoping it would and much more.

OK so now what :D Do you know of any projects that are self-hostable and serve no functional purpose whatsoever and exist just for fun? Could be silly projects, could be games. I'd like to add a "silly things" section to my publicly facing list of web services.

For instance, I was thinking of hosting a web version of nethack. Also I enjoyed hosting a node of hypermind for a little while just because it was so silly.

This release brings three main changes.

1. The ability to filter links.
2. Support for an optional notes field.
3. Ability to edit expiry time and notes.

I try not to too many new features to avoid bloat, but it seemed like these were pretty useful for a link shortener, especially when managing thousands of short links. (To my surprise, some people even use it to manage millions of links.)

Please take a look at the release notes for a complete list of changes.

P.S. The next thing I'll be focusing on is improving throughput under sustained load. If anyone has experience with SQLite, feel free to drop any tips. All the db related code is here. I'm mostly interested in improving insert speeds when 1000s of inserts are done per second.

Edit: There's a Codeberg mirror as well.

What to people use and recommend for this? I've read a bit about portainer, but I'm still learning - and don't know what the best solutions are.

Today I have a handful of selfhosted services running on my home machine - mostly installed directly, but a couple running as docker containers. As the scale of my selfhosting has grown, I've realized that things would be a lot easier to manage if each service was run as its own container, so that installed services are isolated.

The solution I'm looking for would make it easy (possibly a web UI) for me to monitor, modify, update, and remove containerized services, including networking and storage.

Edit: Also I would only want a FOSS solution.

Cross-posted (hopefully properly) from !selfhosting@slrpnk.net

Looking for some advice on what to do with my selfhosting setup. I currently have 2 Vostro 430's (salvaged from work), and have retrieved 5(!) newer computers from work:

• 1 ThinkStation P330 (1x16gb ram),

• 2 ThinkCentre M720 SFF's (4x4gb ram each), and

• 2 ThinkCentre M73's (mixed ram amounts/brands, may salvage from the Vostro's depending)

The Vostro's are currently setup with 1 of them being baremetal Debian with a Pihole, and a Debian VM with a Headscale server, and the other being baremetal Debian with... just a few containers, and baremetal tailscale as an exit node (I don't like this, need to do better). Using Authelia with a password to block incoming connections, and Traefik as my reverse proxy. It also has 2x10TB and 1x7TB HDD's in Raid1.

My current plan is to see if the M73's are good enough for light emulation (PS1 for sure, PS2 maybe) and Jellyfin, hook 1 up to my TV (to replace the 25' HDMI that is slowly killing itself under it's own weight), and 1 for a relative, connected to my server via Headscale/Tailscale.

I currently have 1 of the M720's hosting a small webserver to learn HTML so I can replace my workplace's website (I did do a temporary replacement already, but it's not great). Trying to decide if it is staying completely separate, or if I am utilizing it in the overall setup.

Now, what I am looking for advice on, is how best to utilize what I have, and any recommendations on better software to use.

• Do I dedicate each computer to different tasks, or learn how to do a docker swarm/kubernetes cluster/something else?

• Should I set up one device as a dedicated NAS, using a NAS focused OS, or continue to use SSHFS mounts?

• Should the file storage be on the best hardware I have available, mid ranged, or should I save one of the Vostros specifically for being a NAS with nothing else running on it?

• Should I learn how to do SSO with Authelia, or is there a better program for SSO (I want to do better with security, and SSO feels like the best place to start)

• What do you recommend as a reverse proxy? I have my Traefik configs working great for automatic service discovery, but the way it stores the certs feels impossible to extract for other services that ask for them, and I have no idea what I am doing wrong with that - hasn't been a problem, but I feel like I should be doing better with this.

I had other thoughts, but they swam away while writing this. If you ask a question/make a comment and I don't answer right away, it means I fell asleep and will answer tomorrow. I am open to any and all suggestions, and am happy to answer any clarifying questions!

I have always been intrigued by ExcaliDraw but it's a client side thing that don't store your drawings on the server, don't support authentication or multi user out of the box.

I came across ExcaliDash which embeds the tool In a fully self host able solution.

Loving it so far...

.... Not involved with the project, just a user

Lots of layoffs ("re-evaluating our operational footprint") and switching to "agentic" processes. Target user is AI.

Anyone still hosting Gitlab?

I wanted to move away from Tailscale but found Headscale a bit too convoluted for what I actually needed.

Ended up with a simple WireGuard setup using two VPSes: one as a VPN hub, the other acting as a reverse proxy back into my home lab.

It lets me expose services publicly without any inbound port forwarding on my home connection.

Hello all!

I’m one of the maintainers of Portabase, I share about it on Lemmy one month ago (https://lemmy.world/post/45042565) and I have some updates!

Repository: https://github.com/Portabase/portabase

Database homogenous migration is now built-in!

Previously, migrating meant:

• Download backup from the source DB
• Upload & restore it into the target DB

Now: no download, no upload, everything happens directly through the GUI.

It works with all supported databases, and migrations can be done within the same organization.

We also added support for Microsoft SQL Server! It still needs broader community testing to help identify bugs or edge cases we may have missed.

Quick recap : Portabase is an open-source platform for database backup and restore.

We now support 9 databases:

• PostgreSQL
• MariaDB and MySQL
• SQLite
• MongoDB
• Redis and Valkey
• Firebird SQL
• Microsoft SQL Server

What’s new since version 1.10:

• Healthchecks for both the database and the agent (with optional notifications)
• Homogeneous database migration
• Support for Microsoft SQL Server

If you’re using Microsoft SQL Server (or any other supported database), we’d really appreciate your feedback. Feel free to open issues if you find any bugs.

Hello everyone!

I did it. I reached a point where I got everything exactly how I wanted and now... Now I am dissatisfied as I look over my home lab's chaotic mess of a setup. This was my first time selfhosting things, and I learned a ton of stuff. I'll probably want to tear it down and start anew in the near future, being much tidier and mindful of what goes where.

Does anyone have any tips they want to impart to someone who's not an entire newbie but still learning stuff? Kind of a "If I could tell myself this before I set everything up, I would say..."

ONYX v1.5-beta

It is one of the biggest ONYX updates so far.

This update focuses on interaction, privacy and improving the overall feeling of using the messenger. Some parts of the interface were completely rethought from scratch, while others were redesigned to become more practical and flexible.

Account Graph

One of the biggest additions in open-beta 1.5 is the new Account Graph system.

Instead of navigating chats through a traditional static list, ONYX can now display your conversations as a dynamic orbital system.

Chats, groups and categories become connected nodes orbiting around your account like a living network. Online users are highlighted through presence glow, orbit speed can be customized, animations can be paused entirely, and the graph position can persist between sessions.

Surprisingly, this ended up becoming much more useful than we initially expected during development. It changes the way navigation feels and creates a completely different perspective on your conversations.

The entire system is optional and can be disabled at any time.

Emergency PIN & Decoy Environment

beta 1.5 introduces Emergency PIN support.

A secondary PIN can now open a completely separate decoy environment instead of your real account.

This environment can contain custom chats, avatars, names and manually configured content in order to appear believable and natural. The Emergency PIN can be changed at any time and always remains separated from the main unlock PIN.

This feature is designed for users who want an additional layer of privacy and control over access to their messenger.

Redesigned Media Cache Manager

The media cache management system has been completely redesigned.

Instead of separate buttons for local and server cache cleanup, ONYX now provides a unified “Manage Media Cache” interface with dedicated Local and Server tabs.

Users can:

• inspect locally stored files
• selectively remove specific media
• view categorized storage usage
• manage server-side files
• monitor storage quota usage through a visual progress bar

This makes cache management significantly cleaner and more practical compared to previous versions.

Redesigned Message Input

The message input field was rebuilt with a stronger focus on animations and interaction feel.

The new design introduces:

• smoother focus transitions
• animated voice recording buttons
• updated attachment button animations

While relatively small on paper, this is one of the most frequently used parts of any messenger, and improving it noticeably changes the overall experience of using the application.

Privacy & Security Improvements

Update also adds several new privacy and security related features.

Users can now:

• hide their account from global search
• manually lock the application through a dedicated Lock button
• receive explicit session expiration warnings when re-authentication is required

Interface & UX Improvements

Additional improvements in this update include:

• improved loading performance across multiple interface elements
• fixed opacity behavior for opponent messages
• ability to hide username/display name inside the account panel
• updated “Add Chat” button placement in Favorites and Groups tabs
• moved group/channel token actions into the overflow menu

Github - https://github.com/wardcore-dev/onyx/releases/tag/v1.5-beta

Always open to feedback!

Hey everyone,

We just released new features this week and wanted to share what's in them.

Quick Recap: Dograh is an open-source voice AI agent platform - a visual workflow builder like n8n, but for voice. You design conversational flows by dragging and dropping, connect your own LLM, TTS, and STT providers, and deploy agents that handle real phone calls. Inbound, outbound, call transfer to humans, voicemail detection, knowledge base, variable extraction, web widget, tool calls to CRM, n8n, WhatsApp, SMS, email, Calendly - anything with an API.

What's new in 1.27.0:

MCP capabilities to create new workflows using natural language instructions ⁠

Multi tenancy for telephony support - wherein you can create multiple telephony configurations for various providers (Plivo, Telnyx, Vobiz, Vonage, Cloudonix, Twilio)

Made it easier to set up telephony with deeper API integration with telephony providers

Github: https://github.com/dograh-hq/dograh

Let me know if you have any feedback after trying it A star would mean a lot

except for nor using it at all, of course.

So I want to make my homelab IPv6 ready, because I have too much free time, i guess. There are two decisions that I'm currently unsure about:

1. ULA or not. Do you have local only addresses or do your clients communicate using the global IPv6 address? Does not using ULAs work without a static IP from the ISP?
2. DHCPv6 or is SLAAC enough?

For each question both options seem to be possible and I'm interested in your experience

Cheers

Hi!

Does anyone host SearXNG on a Proxmox container? I can get it to install and run fine. However all search engines return HTTP connection errors. I'm guessing it's an Apache misconfig perhaps. Could be something else.

This is using the manual install method. Followed it from their instructions. I'm a docker newb so chose the manual method with Apache and UWSGI instead.

The LXC config itself seems fine. Gave it 2GB RAM and swap. It can reach/ping google/bing etc. Having done a general search, I've not found something useful. :(

Hello all! I have never selfhosted before, but I have a pretty extensive digital library of videogames (ROMs from a couple dozen retro systems among other executables) that my friends have expressed interested in having access. What's the ideal software for giving them access to the library hosted on my drives? I'm picturing something like a selfhosted Steam where they see all of the games and can search via retro system, game tags, by name, etc. and each of could keep track of separate user accounts by playtime, favorites, recently played, etc. I use RetroArch and a few standalone emulators myself connected to RetroAchievements, so I figured they would need to download any emulators on their ends and then just pick and play the games as they see fit without having to have their own copies of the games.

(First blog post ever, would appreciate your input!)

Edit: Title was a lil clickbaity

NutriTrace is a self-hosted nutrition tracker (Docker on the server, PWA in the browser, native Android app). AGPL-3.0, no telemetry, no accounts on external services, your data stays on your hardware.

This release is the biggest one since the Android app shipped: the Wellness layer moves off the legacy Fitbit Web API (which Google is sunsetting in September 2026) onto the new Google Health API, the numeric Stress Score becomes Resilience (Optimal / Balanced / Low), Fitbit's new Sleep Quality sub-metrics show up under Sleep, and the Diary gets a Cronometer-style Split Recipe action.

What's new

Google Health migration — Wellness data now flows through Google Health instead of the deprecated Fitbit Web API. Existing Fitbit data still comes from the same device; only the connection method changes. Fitbit users will see a "Re-link required" notice in Settings → Wellness with the migration steps. Old tokens keep working through a transition window.

Resilience replaces the numeric Stress Score — Fitbit retired the 0-to-100 score and renamed it Resilience with three buckets (Optimal / Balanced / Low). The Wellness page reflects the change with a category badge, a one-line interpretation, and a breakdown of the three pillars Fitbit uses (Physical Calmness, Activity Balance, Sleep Patterns). Historical Stress values stay in the database for reference.

Sleep Quality sub-metrics — Time to Sound Sleep, Sound Sleep, Restlessness, and Interruptions appear under the Sleep tab when data is available. Restlessness under-counts vs Fitbit because Google Health doesn't expose the raw motion data Fitbit's app uses internally; the others track within a few minutes on most nights.

Split Recipe on the Diary — Long-press a saved recipe in your diary and tap Split Recipe to break it into its component ingredients in place. The recipe stays as the parent (so totals are preserved); a chevron expands to reveal each ingredient scaled by however much of the recipe was logged. Each child is editable (adjust portion, remove one) without touching the saved recipe in your library.

Info button on saved meals and recipes in the Foods picker — tap the i on any meal or recipe row to see the full ingredient list with portions and per-item energy before logging it. Mirrors the existing yesterday-meals expand pattern

Issues, feature requests, and integration test reports are all welcome on GitHub.