I wanted a quick local way to review my own Docker Compose stacks before assuming a service was private, behind a reverse proxy, or only bound to localhost.

ExposeMap is a small open-source CLI that reads a docker-compose.yml file and reports exposure hints: internal, localhost-only, directly exposed from Compose config, reverse-proxy exposed, or unknown.

It generates a Markdown report and Mermaid diagram. It checks common port mappings, localhost bindings, Traefik-style labels, likely reverse proxy services, and risky directly published database/admin ports.

Important limitation: it does not prove internet reachability, run network scans, connect to containers, modify Compose files, inspect secrets, or upload anything.

GitHub: https://github.com/kaibuild/exposemap

I'm especially looking for sanitized Compose edge cases where the classification is misleading or the wording should be clearer.

Hello everyone,

I have been working on this project for quite some time, and I have decided to open source it.

I originally started building Reloops because I wanted something that provided more value than a traditional file review process.

Reloops is an open-source creative asset workspace / DAM for teams and AI agents.

It helps teams organize creative assets, generate AI descriptions and tags, manage versions, collect approvals, share collections, and let agents work inside the media library.

Core Functionality

• Multiple workspaces with branding support
• Team member invites and collaboration
• Branded asset collections
• Metadata-powered search across the entire workspace
• Automatic metadata generation during file upload
• Folders and nested folders
• AI-generated tags and descriptions
• Client review and approval workflows
• Annotations and commenting for PDFs, videos, images, and website screenshots
• Login-free guest reviews
• Kanban-style project workflows
• Side-by-side version comparison for different files
• In-app and email notifications for file uploads, mentions, and when AI-generated tags and descriptions are ready
• API keys for agents to find assets, upload/download files, create share links, and pick up assigned work
• Customizable workflows for OpenClaw and other AI integrations such as n8n
• Mobile device and social media previews for short-form videos

Reloops is an open-source alternative to Frame .io, Bynder, Canto, Brandfolder, Dropbox Replay, Ziflow, Filestage, Google Drive, Airtable**, and internal DAM tools.

I have also added Docker installation support.

Links

• GitHub: https://github.com/Reloops-App/reloops
• Author: https://github.com/bhatiadheeraj

When Immich originally joined FUTO two years ago, the news was received with a healthy level of skepticism. Who was FUTO? Why did they want to "acquire" Immich? Did this mean the beginning of the end for the product? Well, it's been almost two years now and we thought it would be fun to have a little retrospective on how things have played out since then.

Hi Folks,

I've used Ticktick as a SaaS task manager app for years now. There was a time when I had tried almost every productivity app under the sun and Ticktick had the best features and app and a WAY better pricing structure than alternatives like Todoist. Nevertheless, I had growing concerns about privacy and control of my own data as I need to be able to trust my to-do app with information about my life that I don't want repeated to every advertiser on the internet. Bearing in mind the state of the internet in general, I've been slowly cutting away all my SaaS dependencies and it may be close to time for me to say goodby to an app that kept me sane for over a decade of my life. I'd like to move to a self-hosted solution, first for myself and eventually I'll migrate my family to a shared project on the new solution.

What do you use to stay organized? Why do you like it?

Can you recommend something for my needs?

• Some sort of custom lists logic where I can filter with some sort of typed or gui-button filter to see and save specific views of my tasks/cards, for example "overdue+project:yard+tag:do_it_later"

• Must be source available, but I prefer open-source especially the less shareware-y less crippled versions. There's a lot of subscription/shareware/FOSS+sub kind of stuff in this space and I'd rather use whatever the neckbeard & fedora FOSS purists use.

• I'm mostly used to the getting things done (GTD) methodology with task managers that use lists, but I am not opposed to using a tool that uses Kanban boards or something else.

• I'm partial to something that I can grow into (more of a accessible but powerful project management tool and less of a simple todo app) but I only need to account for 2-3 users and a few thousand tasks a year with minimal media attachments.

• I prefer something I can deploy via docker though I wouldn't completely rule out a bare-metal install if the feature set justified it.

• Must have support for recurring tasks natively or via a plugin.

• Bonus points for native android(graphene)/ios apps, but access via webapp is acceptable

  I've tried a lot of the NextCloud based solutions. I've tried Vikunja (which is pretty good and AGPL), and I'm currently messing with Planka which is good, but isn't open-source which really isn't where I'm trying to go with this. Kanboard is under the MIT license, but seems to have a steeper learning curve.

I'm looking forward to hearing what the community uses!

Hi all,

I want to spin up a small home server. Nothing crazy, maybe 4 or 8GB ram at most. 1 Docker instance running a few privacy frontends (Invidious, Redlib, Xcancel, SearxNG, etc.) and split tunneling VPN connections for each one.

Obviously, a Raspberry Pi 4 or higher is the internet's favorite choice, but I don't need wireless connectivity, I just need a single HDMI and 2 USB ports to get everything set up, one ethernet port, and a dream in my heart.

Has anyone use alternatives like Le Potato or Orange Pi? I'm curious what their community support is like, and if there's a FOSS-friendly standard.

Thanks!

Affiliation up front: I built this, the data is open (CC BY 4.0), no signup, not selling anything.

What pushed me to make it: when you're choosing the box your self-hosted services run on 24/7, the number that decides the power bill is measured idle watts, and nobody prints it. Spec sheets list TDP, which is a thermal rating for sizing a cooler, not actual draw. The same Dell OptiPlex Micro chassis idles around 11W with a 35W-TDP "T" chip vs around 18W with a 65W-TDP desktop chip, and at roughly $1/W/year (US) or $2.50/W/year (EU) that gap adds up over the life of an always-on server.

So I aggregated 51 boxes into one filterable table built around the facts that actually decide a self-host box: measured idle (wall-metered, with the method noted), the 2.5GbE chipset (i226-V is fine, i225-V has the documented random-dropout bug that takes a headless box offline until a hard reset), ECC support, RAM ceiling, and IOMMU / GPU-passthrough notes for anyone running VMs. Every field is cited to a dated source or left blank, never guessed.

Finder: https://idlewatt.vercel.app/ Open dataset (CC BY, pull it or send corrections / new wall-meter readings as PRs): https://github.com/SolvoHQ/homelab-mini-pc-dataset

What are you running your stack on, and does anyone have measured-idle numbers for a box I'm missing?

Hi everyone,

I’m one of the maintainers of Portabase. I already shared the project here recently, but we have a major update: REST API is now available!

Repository: https://github.com/Portabase/portabase

This is still a first version and it will be extended over the coming weeks.

Since this was requested by the community, the goal is to make Portabase easier to integrate into automation workflows, CI pipelines, n8n scenarios, and other external tools.

Swagger with OpenAPI documentation is also available: https://portabase.io/docs/dashboard/api/introduction

This should make it easier to explore the available endpoints and start testing.

Quick recap for those who do not know the project yet: Portabase is an open-source platform for database backup and restore, built on an agent-based architecture with one central server and lightweight agents deployed next to your databases.

We now support 9 databases:

• PostgreSQL
• MariaDB and MySQL
• SQLite
• MongoDB
• Redis and Valkey
• Firebird SQL
• Microsoft SQL Server

As always, feedback is very welcome. Feel free to open an issue if you find a bug or have suggestions.

cross-posted from: https://sh.itjust.works/post/61139432

I seriously can't believe how much progress he's made for the FOSS community. He actually might take a bite out of the big 3's profits with this

Today I randomly felt on this release note, mentioning an RCE “under certain conditions “

Digging up a bit, it’s a full blown RCE on any default install. Worst, unless you were aware of the /storybook path, it’s very unlikely you blocked it.

I also wrote a small POC here https://gist.github.com/Calyhre/67337024ece3762cbc3c9e4956b0e3d4

If you are using Plausible 3.0.0 until 3.2.0 included, you should upgrade ASAP, and rotate everything

So today after almost a year of learning what self hosting and what a nas and raid configuration was, I was to get a used hp prodesk 600 g6 mini and install zimaos on it. Zimaos really made things a lot simpler than I thought it was going to be. I was easily able to install portainer and immich and it wasn’t as hard as I thought it would be.

I’ve actually made a goal now to use this for me to get used to it and since I already have a list of what I would like to self hosting for my parents as well as for myself, I’m going to take this as an opportunity to try to set everything up so I’m comfortable with it and when I’m ready to buy a nas for my parents and set it up for them, it won’t be hard. I will also learn how to do remote access and how to do it safely and maybe even try out different nas os to see which one I’m comfortable/like more.

Anyway I just wanted to say that I’m happy to be deep diving and this and can’t wait to learn and host more!!

How do you monitor your homelab network for internal attackers? E.g. you have a publicly available service and theres a vulnerability that you miss or you pull a bad update and suddenly someone has access to your VM/machine/container. How could you increase the chances of automatically detecting that?

The built in IDS in opnsense seems pretty useless, and doesn't really help detect if e.g. someone is trying to exploit services between your vlans (I could be using it wrong though).

Crowdsec in opnsense is nice but it seems to also be primarily for protecting from malicious actors coming from the WAN.

I've heard about the opnsense zenarmor plugin but you have to agree to a privacy policy to use it?

Another option I guess would be collecting firewall logs and making custom notifications for things that you think would be suspicious on your network.

I also know update cooldowns and not exposing anything could largely solve this too, but the monitoring and alerting question really interests me.

Has anyone migrated from CasaOS to ZimaOS?

Is it worth the migration? It seems like a lot of work, and maybe going in a more commercialized direction that I don't like.

Curious what other people's thoughts/experiences are.

I am switching to Databasus for backing up my databases. Postgres has been fine but on two separate mariadb databases, Databasus cannot create read only users. Everything is on docker compose on separate stacks with a bridge network backup-db between the database containers and Databasus.

I think the problem is that the normal user only has permission for the single database but not universal, so have something I can try but I can't seem to actually login to the databases with the root passwords set in .env a long time ago (along with the normal user / pw which seen to be used fine by the apps). My Nextcloud database is one of the issues. The root PW env variable is the one taken from there database documentation.

Trying to access through "docker exec -it <db_container_name> mariadb -u root -p"

I have already tried setting the -h flag as localhost, 127.0.0.1, <db_container_name> and <nextcloud_app_container_name>.

I tried changing the root PW too.

Any help would be greatly appreciated!

I can finally set this partially aside for a little while. v1.0.0 is now available.

Cliparr is a self-hosted media-clipper that runs *mostly * in your browser to quickly and easily create clips from your personal media. Whether it's Jellyfin, Plex, or a local video, you can jump in and quickly export a clip in a variety of file types and resolutions.

To use it, you would do something like:

• Watch a video on Jellyfin, pause at something funny.
• Open Cliparr and click "Edit Clip"
• The clip will begin exactly where you paused. Trim to your desired length.
• Customize subtitles, if you desire.
• Click "Export".

Like I shared a week ago, you will then have something like this

Check out the new website and docs at https://cliparr.dev/ The repo is available here: https://github.com/TechSquidTV/Cliparr

I'll shamelessly ask you to please share! I can not post on that other site, try as I might.

Synology is for work files, photos, Unifi, and a few other misc items. Right now Unraid is just for Jellyfin w/ Tailscale access. Homeassistnat literally just runs a dashboard and a few lights + plugs but I mostly went back to wyze for that. Raspiblitz is for bitcoin node and lightning.

Sometimes I think I should consolidate but it's a daunting idea so for now I'm running them all.

I want to start with self hosting something available from internet. Currently I have jellyfin, nas etc but everything is available in local network.

My biggest concern is securing local network. I thought i will run application on separate server, I will use small vps as proxy, but Im not sure if it will be enough

Hey folks! I know a while back there was a kerfuffle because syncthing-fork for Android went dark, and then a new person showed up and claimed everything was cool and they'd been privately given the keys or something, and people were concerned. I pinned my fdroid version to the at-that-time-current release until we got clarity.

Well, it's been a while and I just noticed I'm still on that old release. So... how'd it turn out? Do we like the new person yet? Is there a promising fork y'all are using? Or is the project dead? I'm sure I could just go look at the repo, but I'm also sure the repo would tell me "yeah, we're all cool" no matter what, so I'm curious what the community feelings are. Have there even been any useful new releases since then?

Thanks!

0.9 is out.

Quick context if this is your first time: Ideon is a self-hosted visual workspace, an infinite canvas where you drop blocks for your Git repos, notes, tasks, files, and now automation. Everything about a project in one place.

The last release post ended with "move from visibility to control." This is the start of that.

Webhook block: drop one on the canvas, it becomes a live HTTP endpoint. CI pipeline finishes, monitoring alert fires, form submits, POST to the URL and Ideon reacts. Configure what happens: set a block's visual state, change its color, create a Kanban task, prepend text to a note. Runs server-side, no open browser tab needed.

Cron block: same action set, triggered on a schedule instead of an event. Preset or custom cron expression.

LaTeX block: several people asked for it. Write $...$ or $$...$$, toggle preview, done. Turned out to look better on the canvas than I expected.

Proxy / Header Auth: probably the most relevant one for this crowd. Already running Ideon behind nginx mTLS, Traefik, or Authelia? You can now configure it to read user identity straight from the headers your proxy injects. No OAuth round-trip, no separate IdP. A few env vars, and all auth events still go to the audit log.

Still open source, still self-hosted only.

GitHub: https://github.com/3xpyth0n/ideon

Docs: https://www.theideon.com/docs

cross-posted from: https://lemmy.world/post/47534332

I have spent a long time at Synology Photos, along with my family. We have tags and albums. Is there a good way to migrate? I'm even open to migrating manually (album by album) if I could trust the process.

If you ever ran eMule or MLDonkey back in the day, this will feel familiar — but it's built from scratch in Rust on modern infrastructure.

rucio is a decentralized peer-to-peer file sharing app. No trackers, no central servers, no relay nodes for the actual data. Peers find each other and the files through a Kademlia DHT (plus mDNS on the local network), keyword search rides on Gossipsub, and bytes move directly between peers.

I started it partly out of nostalgia and partly because I wanted a P2P stack I actually understood end to end — discovery, transfer, NAT handling, the lot — instead of a black box. It grew into something I now use daily, so I'm putting it out there.

What it does today:

• Fully decentralized — Kademlia DHT over the internet, mDNS on the LAN, no infrastructure to run (though you can run a bootstrap node if you want one).
• Web control panel — manage shares, searches and downloads from the browser. It's served by the daemon itself (Leptos/WASM), no extra process.
• Command-line client — a scriptable rucio CLI for everything, locally or against a remote daemon.
• Magnet links — share any file with a single rucio:<hash> link, generated entirely offline if you like.
• Resumable downloads — interrupted transfers pick up where they left off after a restart.
• Directory sharing — point it at a folder and every file inside gets indexed, hashed and announced automatically.
• NAT-friendly — HighID/LowID-style handling so peers behind NAT can still download; publicly reachable nodes serve chunks to everyone.
• Single binary — the same rucio binary is the daemon (ruciod) and the CLI depending on how you invoke it.

The eMule/Kad bridge (the fun part): rucio can optionally talk to the eMule Kad2 network. That means you can search Kad and download ed2k:// links right alongside native rucio transfers. It's opt-in (a build feature), but it's there because a chunk of those old files are still out there and still moving.

Some screenshots:

Try it (container):

docker run -d --name rucio \
  -e RUCIOD_API_LISTEN=0.0.0.0:3003 \
  -e RUCIOD_UPNP=false \
  -v rucio-data:/var/lib/rucio \
  -p 4321:4321/tcp \
  -p 3003:3003/tcp \
  -p 4662:4662/tcp \
  -p 4672:4672/udp \
  ghcr.io/ogarcia/rucio:latest

Then open http://localhost:3003/. There are slimmer image flavors too — latest-headless (daemon only), latest-cli (standalone client), and latest-bootstrap (a DHT bootstrap node). Pre-built binaries for Linux and macOS (x86_64 + aarch64) are on the releases page as well.

Note: If you download the precompiled binary from releases, when you extract it, create a symbolic link from ruciod to rucio, and run ruciod for the daemon and rucio for the CLI.

Honest caveats (it's early):

• I work with AI, so I’m not going to lie to you—there’s some vibe coding involved. I review and go over what I’ve done, but I want to be honest. If you don’t like it, just skip this app.
• This is v0.1.0, pre-1.0 — expect breaking changes (DB schema, API, config) between releases. I'll happily break things to get them right.
• There is no built-in authentication. If you expose the daemon beyond your own machine, put it behind a reverse proxy with auth (the docs have an nginx + basic-auth example). Keep the API port private otherwise.
• It's the work of one person so far. Rough edges exist.

Links:

• Source: https://github.com/ogarcia/rucio
• Containers: ghcr.io/ogarcia/rucio
• License: GPL-3.0

Hi, so I have a little Proxmox box with two VMs: VM1 and VM2 which is a clone of VM1. I change the mac of VM2 to avoid conflict and I reset the machine ID of VM1. I then have a seperate pfSense machine machine that that acts as router, firewall and DHCP server. Proxmox is on the 192.168.20.1/24 domain. In the DHCP server, Proxmox get IP 192.168.20.8 explicitly assigned. All good to this point. I've set VMs on pfSense to get the 192.168.20.9X addresses assigned. VM1 gets 192.168.20.91 assigned, while VM2 should be getting 192.168.20.92.

But this is what actually happens:

• VM1 gets 192.168.20.106 assigned, despite telling pfSense to assign it 192.168.20.91. This happens even with VM2 shutdown. The DHCP Lease table is showing 91 up and running and does not list 106. Yet, the ARP table shows 106 assigned and no 91 assigned. This is even with me deleting the 106 entry from the ARP table several times and rebooting both the VM and the Proxmox server.

• The VM is definately getting 106 assigned as I can log into it with 106 IP but 91 doesn't respond (no route to host).

Is this something to do with the bridge configuration on Proxmox? Iv'e added a screenshot of what I see. It doesn't seem to be that complicated to setup a bridge?

I can't get my head around this so tips are welcome.

EDIT: I've just run 'sudo ip' on the VM and i see the ens18 interface with the MAC I assigned to it and the 106 IP assigned to this interface. There are then seven of 'vethXXX' interfaces. Not sure what these are. There are also four 'brXXXX' interfaces, one 'loXXXX' interface and one 'docker0' interface, the latter probably used by the docker subsystem running on the VM. I imagine the 'brXXXX' interfaces are the docker containers themselves (I think I have four running). But what are the 'vethXXXX' interfaces? Sounds like its something to do with "virtual interface". Why so many and what is creating these?

I got a banner warning today linking to this page. It was announced a while back, but I either didn't see it or forgot.

We have made the difficult decision to limit the use of LanguageTool’s browser extension to Premium users only. The rise of generative AI has made it more challenging to sustainably monetize our offering. A majority of users use our products for free, and the relatively small percentage of Premium subscribers is all that is subsidizing our continuously increasing server costs. To improve our Premium experience and to sustain our business model, we’ll be making the LanguageTool browser extension available exclusively for paying customers.

The key bit for people who can selfhost:

Yes. If you are a developer, you can still host and run your own instance of LanguageTool’s server. The browser extension will continue to work as it currently does for users who use it with their own server.