Self-hosted nutrition + wellness tracker. Latest release rolls up two weeks of work.

New features (rc.21 → rc.26):

• Recipe yields — declare "this makes N servings" and per-serving math flows through the diary
• Intermittent fasting tracker — custom presets, history, recurring schedule that auto-starts at a chosen time on chosen days
• Adaptive TDEE — learns your true daily expenditure from a rolling 35-day window of weight + diary instead of a static estimate
• Android biometric sign-in — fingerprint / face unlock in server-connected mode
• Per-serving Open Food Facts import — when a barcode-scanned product has serving data, prefill nutrition per-serving instead of per-100g
• Health Connect → web — Android-synced Health Connect data now reaches the server and renders on the web Wellness page
• Sharing rework — per-category sharing form, source filter on Meals/Recipes, zxcvbn-backed password-strength policy

Bug fixes: cross-pollinated food images on diary entries, duplicate foods on rapid barcode scans, scheduler crash, Mealie Test button.

Repo: https://github.com/TraceApps/nutritrace Release: https://github.com/TraceApps/nutritrace/releases/tag/v1.0.0-rc.26

Single docker compose, SQLite, signed APK on the release page.

Finally managed to get my hands on 2x1TB NVMe's. Budgets are tight these days ... :-) They are Crucial P310 ... hope they are reliable, although I suspect nowhere near Samsung stuff.

I have a little Proxmox installation running a VM on a 256GB NVMe, which as you can imagine is tight. Is there a way of cloning this installing on one of the new NVMes?

Reason why I have 2x new NVMe is that I want to eventually get myself to Proxmox HA, so that the two machines (two little Optiplex 5070, one of which has the 256GB install) provide me with redundancy.

First thing is to clone the 256GB install to the larger NVMe. Would it be an idea to go this way: a) install 1TB new NVMe on spare Optiplex b) install Proxmox on this new machine c) find a way to replicate the whole 256GB install on the second machine (need to read the docs to see if/how this can happen) d) once second machine is up and running as a clone, remove machine with 256GB (current machine) and install the 1TB NVMe. e) do the same above process the other way around.

Do you think this will work or am I going to hit a wall? Is there a simpler way of doing this?

My homelab is essentially my own passion project and only really I access it except for when I spin up the occasional game server for friends.

I'm currently running Proxmox and run a debian LXC container for each docker stack I have, and have OpnSense routing incoming traffic with Haproxy with ssl offloading. My currently running LXCs are: mediawiki, amp game server(2 Minecraft servers), freshrss, and currently playing around with n8n.

I'm looking to collapse my LXC's to just VMs. I'd like to be able to have 3 VMs running in a Docker Swarm together so I can upgrade a VM at a time and just swing my running containers to another docker node and then swing back when the VM is stable again.

I've looked at k0s, k3s, and k8s and it just seems way too much work and overhead for what I'm willing to do. I also want to keep using docker compose and want a decent webgui to manage my containers/nodes/swarm. I'm using DockHand right now, but need to research swarm support.

Anyone have any advice for something like this? Any specific terms, tech, software I should look into?

Also, gonna throw a curveball, but what would the effects be of running 3 different distros as my nodes in my swarm? Like a Debian node, Rocky Linux node and potentially arch node? I'm guessing I shouldn't due to docker engine differences potentially.

I'm just trying to have fun with things, break things, fix them, learn, etc.

In the latest episode of "they will always sell you out" - they sold you out! Who would've thought.

Hoping for a good alternative client to appear, the writing is on the wall. Vaultwarden can't exist without "leeching" off of Bitwarden.

https://kb.synology.com/en-global/DSM/tutorial/Docker_container_cant_access_the_folder_or_file#x_anchor_idcd3f1170a3

Why allow "everyone" to have read write permission to shared folders in order to run container manager? Wouldn't this be insecure?

So here is my dilemma. I have a Truenas server that basically acts as a file server. I also have a little machine running Proxmox. I have an NFS share on the Proxmox machine for saving VM backups so that they are secure. On the Proxmox VM, I want to install docker instances. Some of them require large data repositories so I can't have the data stored on the VM. I'm thinking of creating an "apps" dataset on the Truenas machine, then exporting it via NFS and mounting on the VM. Then I redirect all the Docker volumes on this NFS share. Say I have Docker_App1 on the Proxmox VM, then I would create a folder in the /mnt/Truenas_share/Docker_App1. Do you think this will work? The alternative is to create an individual dataset on the Truenas machine for each Docker_App but this feels overkill and a nightmare to setup and maintain. How are you managing Docker volumes over NFS?

Recently I've installed luci-app-banip on my OpenWrt router and blocked most countries from accessing my services on my network. Not seeing why I would want any of that traffic I also blocked the whole of the ARIN registry, responsible for IP addresses from Canada and the United States.
Edit: Note this is only for inbound traffic. Outbound traffic is allowed no matter the target country.

Fast forward a few weeks and my certbot renewals fail with the following error: Failed to renew certificate enter.domain.here with error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

Confused af I start looking for solutions and as so often only find useless or completely ridiulous solutions (lowering my MTU to 1300, what? WHY?). Finally I find some enlighted figure that says they recently enabled a blocklist for certain countries and that was the issue for them.
Now I make the connection to my use of banIP, re-allow the USA and my cert renewals start working again. Hooray!

However, there are two things bothering me:

1. Why would such a block even interrupt my renewals? I'm using DNS challenges and the ACME servers should only check the DNS entries, not where those entries actually redirect to. The DNS server/root isn't in my home network, so isn't affected by any firewall shenanigans I do here.
2. How can I make an exception for the Let's Encrypt ACME servers while blocking the rest of the ARIN IP space?

I see there's the option for ASN selection and external allowlists:

Does anybody have an idea on how to configure this so that Let's Encrypt continues to work without compromising on my network security?

(Edit: And just for clarity, I do not live in the US or anywhere on the American continent.)

Hi all, for my own selfhosting needs i looked into many different dashboards, but none really fit my bill.

I want a dashboard that:

• super lightweight
• has no server-side requirements
• can be edited with a single text file
• simple CSS to adapt to your style

and so, of course, i developed my own. After a few years of usage, i upgraded it to AlpineJS (previously uglier code on jQuery) and i am proudly making it public for anybody who might be interested.

Here it is: https://github.com/gardiol/dashboard/

(the project was released on github long ago, but i never wrote about it anywhere IIRC, also i might migrate to Codeberg in the future, so do not bash me for Github)

There is a quite long readme, it's GPLv3, and aboslutely zero lines of AI / Vibe coding. I used AI for research and quick support specially on how to format CSS (which i kind of despise) but nothing else.

As a bonus, there is also a CGI system made in bash (totally optional) that i use for local monitors, but it's kinda messy and really not ready for broader use, so you can ignore the "monitor" subfolder or delete it completely.

Anyway, here it is, hope someone could make use of it.

Is there a good android app thats dedicated to reading epubs from your ABS instance? I dislike a lot of things about the native reader in the native app and was wondering if there is something ('Still' seems good but its just for ios)

I usually use ReadEra for reading epubs (which is awesome) but i like the aspect of having my own cloud, not having to download every file manually and syncing my reading status.

Does not need to be free, I am willing to do one-time-payments for a good android reader app that connects to my ABS.

Do you have any advice or suggestions about it?

• Hardware (what should be enough for a local PC, or VPS...)
• Software (OS [Debian, Yunohost, other...], "containerization" (Docker, virtual machines?), dashboard, management, backups, VPN tunneling...)
• "Utilities" to host (Lemmy, Peertube, Matrix, Mastodon, Actual Budget, Jellyfin, Forgejo, Invidious/Piped, local Pi-Hole, email, dedicated videogame servers like for Minecraft, SearXNG, personal file storage like Drive, AI [in the future, when I can afford a rig that can run a local model decently]...)

I'm aware it's a lot of stuff to take on, so, do you have any advice on where to start? (how to find a cheap PC to experiment with, if not get a VPS, what to test on it, what "utilities" to try self-hosting first...)

Update your nginx instances

cross-posted from: https://lemmy.world/post/46851448

• Affected an non-affected versions https://nginx.org/en/security_advisories.html
• CVE record https://www.cve.org/CVERecord?id=CVE-2026-42945
• CVE details https://nvd.nist.gov/vuln/detail/CVE-2026-42945
• PoC https://github.com/DepthFirstDisclosures/Nginx-Rift

CVE - Common Vulnerabilities and Exposures system
RCE - Remote Code Execution
PoC - Proof of Concept

cross-posted from: https://sh.itjust.works/post/60171730

Hey y'all, looking to land my first DevOps Engineering role soon, and figured I should use enterprise software as much as possible for some resume building and personal practice. For reference, I've set up a NAS server once before but haven't got too much experience outside of that. Basing this on some DevOps Engineers I've talked to IRL and some friends who hire engineers, but wanted extra community feedback.

Use case: parents are data hoarders, probably have at least 4tb saved composed of every type of media you can think of, so hopefully the whole family can use this when I'm done with it all. Otherwise, aiming to be able to claim experience with enterprise grade DevOps software.

Some of this is personal research, a lot of Reddit research, and some LLM comparisons used to choose between two software systems. Please let me know what you'd keep or change! I'm still kinda new to this :p

Hardware: (old gaming pc)

• Intel i5-9600K
• 32GB DDR4 RAM
• GTX 1070
• Gigabyte Z370XP SLI
• Seagate IronWolf 12TB 3.5" SATA

Hypervisor & OS:

• Proxmox VE (type-1 hypervisor)
• Ubuntu Server 24.04 LTS (VM operating system)
• cloud-init (VM provisioning automation)

Infrastructure as Code & Automation:

• Terraform (infrastructure provisioning)
• Proxmox Terraform Provider (VM automation)
• Ansible (configuration management)
• GitHub Actions (CI/CD pipelines)

Containerization & Orchestration:

• Docker (container runtime/builds)
• Kubernetes/k3s (container orchestration)
• Helm (Kubernetes package manager)
• ArgoCD (GitOps continuous deployment)

Networking & Ingress:

• Traefik (ingress controller/reverse proxy)
• MetalLB (bare-metal load balancer)
• cert-manager (TLS certificate automation)
• WireGuard (VPN software)
• Surfshark (VPN service)

Secrets & Security:

• HashiCorp Vault (secrets management)
• External Secrets Operator (Kubernetes secret syncing)
• SSH hardening (secure remote access)

Observability & Monitoring:

• Prometheus (metrics collection)
• Grafana (monitoring dashboards/visualization)
• Loki (centralized log aggregation)
• Promtail (log shipping agent)
• Alertmanager (alert routing/notifications)

Storage & Backups:

• ZFS (filesystem/storage management)
• NFS (network storage)
• Persistent Volumes/PVCs (Kubernetes storage)
• Restic (encrypted backups)
• Velero (Kubernetes backup/disaster recovery)

Container Registry & CI Infrastructure:

• GitHub Container Registry or Harbor (container registry)
• GitHub Runner (self-hosted CI runner)

AWS Emulation:

• LocalStack (AWS cloud emulation)
• Terraform AWS Provider (AWS IaC practice)
• MinIO (S3-compatible object storage)

Self-Hosted Applications:

• Prowlarr (indexer manager)
• Sonarr (TV show management automation)
• Radarr (movie management automation)
• LazyLibrarian (book management automation)
• Lidarr (music management automation)
• Homarr (application dashboard)
• Seerr/Overseerr (media request management)
• Jellyfin (media server)
• qBittorrent (torrent client)
• NZBGet (Usenet downloader)
• Immich (photo gallery & backup)
• Mealie (meal planner)
• Moonlight (low-latency remote gaming)
• Kavita (ebook/manga/audiobook reader)
• Funkwhale (music streaming)
• Grafana (monitoring dashboards)

Alright so my lab is pretty much functionally complete; it does everything I was hoping it would and much more.

OK so now what :D Do you know of any projects that are self-hostable and serve no functional purpose whatsoever and exist just for fun? Could be silly projects, could be games. I'd like to add a "silly things" section to my publicly facing list of web services.

For instance, I was thinking of hosting a web version of nethack. Also I enjoyed hosting a node of hypermind for a little while just because it was so silly.

Our family watches TV trough IPTV and via streaming services and it's been fine enough for quite some time. However, now one of our broadcast companies got in a fight about streaming contract with our IPTV provider and we lost a few of the channels. Not that big of a deal for me personally, but apparently there's some shows the rest of the family wants to see. This isn't the first time and likely it won't be the last.

However, all the free channels are available over air as well (and that's one excuse for IPTV operators to exclude offerings, "you can watch it anyway"). We have an antenna, but previous house owners just left the cable loose at the outside wall and brough it trough a hole in window frame. I've removed the cable and patched the hole for it and it'd be pretty difficult to run antenna cable to our TV set cleanly. However, I could pull a new cable nearby to my server stack with reasonable effort.

It's been quite a while since I've played with capture cards and any kind of streaming, so maybe hive mind here has some ideas. TV already has Android TV box connected, so anything that works with it is a bonus, but not a requirement.

So, what software (and hardware) I could use to pull video from DVB-T2 and stream that over local network?

Does anyone run one of the above on a Pi 4 and can share their experience how good or bad they run?

If course, transcoding won't be any good and OCR probably cannot run in parallel, but aside from that - is it okay?

Currently running everything on a mini ITX with a i5-6600 which handles this easily for my small use cases, but also draws 20-30W idling most of the day... I'm eyeing a Pi 4b with 8gb RAM but don't want to spend the money and then realizing that it doesn't run smooth enough

This release brings three main changes.

1. The ability to filter links.
2. Support for an optional notes field.
3. Ability to edit expiry time and notes.

I try not to too many new features to avoid bloat, but it seemed like these were pretty useful for a link shortener, especially when managing thousands of short links. (To my surprise, some people even use it to manage millions of links.)

Please take a look at the release notes for a complete list of changes.

P.S. The next thing I'll be focusing on is improving throughput under sustained load. If anyone has experience with SQLite, feel free to drop any tips. All the db related code is here. I'm mostly interested in improving insert speeds when 1000s of inserts are done per second.

Edit: There's a Codeberg mirror as well.

What to people use and recommend for this? I've read a bit about portainer, but I'm still learning - and don't know what the best solutions are.

Today I have a handful of selfhosted services running on my home machine - mostly installed directly, but a couple running as docker containers. As the scale of my selfhosting has grown, I've realized that things would be a lot easier to manage if each service was run as its own container, so that installed services are isolated.

The solution I'm looking for would make it easy (possibly a web UI) for me to monitor, modify, update, and remove containerized services, including networking and storage.

Edit: Also I would only want a FOSS solution.

I have always been intrigued by ExcaliDraw but it's a client side thing that don't store your drawings on the server, don't support authentication or multi user out of the box.

I came across ExcaliDash which embeds the tool In a fully self host able solution.

Loving it so far...

.... Not involved with the project, just a user

Cross-posted (hopefully properly) from !selfhosting@slrpnk.net

Looking for some advice on what to do with my selfhosting setup. I currently have 2 Vostro 430's (salvaged from work), and have retrieved 5(!) newer computers from work:

• 1 ThinkStation P330 (1x16gb ram),

• 2 ThinkCentre M720 SFF's (4x4gb ram each), and

• 2 ThinkCentre M73's (mixed ram amounts/brands, may salvage from the Vostro's depending)

The Vostro's are currently setup with 1 of them being baremetal Debian with a Pihole, and a Debian VM with a Headscale server, and the other being baremetal Debian with... just a few containers, and baremetal tailscale as an exit node (I don't like this, need to do better). Using Authelia with a password to block incoming connections, and Traefik as my reverse proxy. It also has 2x10TB and 1x7TB HDD's in Raid1.

My current plan is to see if the M73's are good enough for light emulation (PS1 for sure, PS2 maybe) and Jellyfin, hook 1 up to my TV (to replace the 25' HDMI that is slowly killing itself under it's own weight), and 1 for a relative, connected to my server via Headscale/Tailscale.

I currently have 1 of the M720's hosting a small webserver to learn HTML so I can replace my workplace's website (I did do a temporary replacement already, but it's not great). Trying to decide if it is staying completely separate, or if I am utilizing it in the overall setup.

Now, what I am looking for advice on, is how best to utilize what I have, and any recommendations on better software to use.

• Do I dedicate each computer to different tasks, or learn how to do a docker swarm/kubernetes cluster/something else?

• Should I set up one device as a dedicated NAS, using a NAS focused OS, or continue to use SSHFS mounts?

• Should the file storage be on the best hardware I have available, mid ranged, or should I save one of the Vostros specifically for being a NAS with nothing else running on it?

• Should I learn how to do SSO with Authelia, or is there a better program for SSO (I want to do better with security, and SSO feels like the best place to start)

• What do you recommend as a reverse proxy? I have my Traefik configs working great for automatic service discovery, but the way it stores the certs feels impossible to extract for other services that ask for them, and I have no idea what I am doing wrong with that - hasn't been a problem, but I feel like I should be doing better with this.

I had other thoughts, but they swam away while writing this. If you ask a question/make a comment and I don't answer right away, it means I fell asleep and will answer tomorrow. I am open to any and all suggestions, and am happy to answer any clarifying questions!

Hello all!

I’m one of the maintainers of Portabase, I share about it on Lemmy one month ago (https://lemmy.world/post/45042565) and I have some updates!

Repository: https://github.com/Portabase/portabase

Database homogenous migration is now built-in!

Previously, migrating meant:

• Download backup from the source DB
• Upload & restore it into the target DB

Now: no download, no upload, everything happens directly through the GUI.

It works with all supported databases, and migrations can be done within the same organization.

We also added support for Microsoft SQL Server! It still needs broader community testing to help identify bugs or edge cases we may have missed.

Quick recap : Portabase is an open-source platform for database backup and restore.

We now support 9 databases:

• PostgreSQL
• MariaDB and MySQL
• SQLite
• MongoDB
• Redis and Valkey
• Firebird SQL
• Microsoft SQL Server

What’s new since version 1.10:

• Healthchecks for both the database and the agent (with optional notifications)
• Homogeneous database migration
• Support for Microsoft SQL Server

If you’re using Microsoft SQL Server (or any other supported database), we’d really appreciate your feedback. Feel free to open issues if you find any bugs.