1
110

As a review, I want to highlight the constructive feedback:

  • Overwhelming majority support some kind of tagging to identify AI projects and discussions
  • A small portion have mentioned a preference for a "Not AI" tag, specifically for project promo posts to make it an active choice
  • Too many tags would make it too complicated
  • A tag for AI topics as well as a tag for AI projects would be helpful
  • A variation of [AI] is preferred by folks who commented on tag naming
  • A tag is not enough, how they used AI is important
  • A tagged post should not have drive-by comments that don't add to the conversation

For those who want "no AI ever", that isn't really possible. I'd recommend starting a new community, as so many critical pieces use AI in some capacity (linux, openssl, mariadb, curl, node, go, etc) that it would be a very different, hyper-specific community.


My recommendation based on what was said:

  • Three tags:
    • [CBH] - Code By Human - A promo post with a project that did not use AI in any capacity.
    • [AIP] - AI Project - A promo post with a project that used AI in development in any capacity. Disclosure is required for how it was used.
    • [AIT] - AI Topic - A discussion topic that includes AI. This is for items like "I want to customize a model to evaluate fish happiness based on CV captures" or "I'm having trouble configuring this MCP"

Posts that are not promotional and do not involve AI would not require a tag.

All promo posts would require a tag, making it an active decision to put [CBH] or [AIP], and would become kind of an extension of rule 7.

For [AIP], there would be a disclosure followup. I'm thinking something akin to the candor.md/ai-declaration.md approach, and this structure is based on that. The poster would need to identify which part of the process used AI:

  • Design - architecture, system design
  • Implementation - production code
  • Testing - writing tests, test plans, and QA.
  • Documentation - Docs, comments, readmes, changelogs
  • Review - Code review and pull request feedback
  • Deployment - CI/CD configuration.

And then the level (human only elements can be skipped):

  • Hint - AI suggested solution, human does the task.
  • Assisted - AI acts on part of a task, but a human handled the bulk.
  • Pair - About a 50/50 split of human made and generated.
  • Generated - a human prompted, the llm generated. (I see no substantial differentiation between Copilot and auto from ai-declaration.md for our use case, so I renamed to 'generated')

The requirement would be to call out only the parts which used AI, and the level of AI involvement for that process. So lets say there was an post tagged [AIP], and lets also assume there was a working automod to make this comment:


It looks like you've posted a project with the [AIP] tag.

Please reply to this comment with your AI Disclosure as described in the [AI RULES POST] (this will be a link), required for all [AIP] posts.

Identify which parts of the process involved AI (Design, Implementation, Testing, Documentation, Review, Deployment) and the level of AI involvement (hint, assist, pair, generated). See the [AI RULES POST] for details. Additional notes on use are welcomed if you'd like to provide them.


The [AI Rules Post] would contain the details above, just like the expanded rules post/explanations.

Failure to provide a disclosure after using the tag would mean removing the post. It could be locked, but I would have to assume the majority of the spam-type postings that happened to make it past the rule 7 criteria are the ones who will not provide the requested disclosure. I think it makes for a good filter this way, but please comment if you think otherwise.

In terms of timing, I'd say an hour should be more than enough time to provide a reply. If there isn't one, then the post should be reported so it could be removed. Removals, as always, will be by a person, so they will be at some point after the hour limit.

I'll likely make a crappy little bot in python to handle the tag check, check post_id to make sure it hasn't already replied (this way if it gets edited in it will still comment) specifically for the [AIP] tag only. It won't do a single thing otherwise. If you know of an existing (and good) bot for this, please share, or be subjected to the roughly 50 lines of code I wrote this morning. If I do use mine, I'll put it up on codeberg so everyone can see exactly what its doing.... and then get mad and tell me there is a better way.

Speaking of, I've made a repo for /c/selfhosted, currently with just the detailed rules post. I'll put other information there later, such as the AI rules post, the comment bot (if applicable), etc. This will also go into the sidebar once I've had time to update the README and other details.

Please respond with your questions, comments, and criticisms

2
378
submitted 3 years ago* (last edited 3 years ago) by devve@lemmy.world to c/selfhosted@lemmy.world

Hello everyone! Mods here 😊

Tell us, what services do you selfhost? Extra points for selfhosted hardware infrastructure.

Feel free to take it as a chance to present yourself to the community!

🦎

3
5

I'm looking for some actually working examples of using Flux to deploy at least Immich and Jellyfin with Traefik ingress using Flux CD preferably that use NFS shares for storing data and/or configs, and prometheus monitoring. I've found a few just from searching, but usually it seems like they aren't actually working, just demonstrating something.

Also, what UI do you use for Flux?

Some background: I use k0s with MetalLB and Longhorn and all db storage on a separate postgres server. I've gotten a good repeatable installation of all of that as well as the FluxCD Operator via kOsctl and helm charts which allows me to simply launch k0sctl and provide it a single config that is well documented that deploys all of that across all of the servers. But Flux has been a challenge, especially since I don't really care to learn Kustomize. I already have lots of other things to learn, LOL.

I want to avoid having to use lots of CLI commands that I then have to make sure to document and takes a while to remember all of the issues that can come up and all of that. I'm basically looking for easy disaster recovery. All files and configs are stored on a NAS that is then a single point of all offsite backups. It has worked well with docker, but I want better dynamic distribution of services to take better advantage of the few small servers I have. And docker Swarm ended up being difficult to implement with a lot of applications, and I don't trust Docker not to further enshitify as well as the number of GUIs that support it well is limited, mostly just to Portainer which has been also enshitifying lately. So I've been looking to k8s.

4
4

Language warning.

Documented my journey backing up my Oracle Cloud server. With their latest changes to always free, I don’t think my instance will last very long. This isn’t a tutorial, there are probably many much better ways to do this.

5
2

WordPress multisite in selfhosting: one fail, one success

@selfhosted

Starting with the fail: selfhosted site doesn't associate to the official automattic WordPress mobile app; I've (temporarily?) commented the "location xmlrpc.php deny all" rule on /etc/nginx/conf.d/plusbrothers.net'd/wordpress__3.conf

The app correctly generates the "application password" but then returns "impossible to load WordPress site details" (no idea if it's the correct English word).

SUCCESS:
Ulysses and Drafts, two iPhone/iPad writing apps, successfully publish my texts on WordPress posts, as a draft; I can use those and write what I want. I'll try to uncomment xmlrpc deny rule again, then retry.

My goal is to write contents on the app, then finalize it on the site.

OTHER SUCCESS:
site works, both with pure "plusbrothers.net" address and physical WordPress location "plusbrothers.net/wp" - applies to /english as well. Before concretely re-posting old contents and writing new ones, I prefer to have a very solid structure.

I have no idea though, about how vulnerable my website is, hostinger vps YunoHost-driven.

It's been long, long time I didn't work till late in the night, at the moment I'm writing, it's 10 minutes to 3 in the morning!

I promised to my best friend (and content writer) that on July 3rd, the walls of our sentient HIV's house, should have been ready.
And I kept the promise. 3rd July, 3 in the morning, the house stands up. Still dirty, still stinks of building, no possibility to live in it, but at least we won't fall dead with collapsing ceiling.

Blind selfhoster journey continues.

#blind #experience #selfhost #selfhosting #website #WordPress #YunoHost

6
24
New Articles Dump! (www.pragmaticcoding.ca)

First off, I any of you have been waiting for me to get around to publishing parts 2 & 3 of my SnapCast series, I apologize for the delay. I've finally got my homelab to a state where I can start transitioning my wife over from some of the cloud services we've been using to my self-hosted alternatives. The final push on that was to get backups working properly. Anyways, time just disappeared on me.

So here's those two articles:

Part II

Part III

I've had a whole bunch of infrastructure type articles in progress for months now. I finally took the time to wrap a bunch of them up. Part of the issue is that so much of the content is inter-related that it feels wrong to publish a single article when a whole bunch of the information depends on understanding some other concept that is covered in a different article that hasn't been completed yet.

What am I trying to accomplish here?

As someone who has always considered himself primarily a programmer, I've also had to be "The IT Guy" for decades, and also "The Unix Guy". This meant that I ended up with a lot of practical experience with networking and data centre configuration and planning. I was in charge of configuring the rulebase on a CheckPoint FW1 firewall before some of you were born.

At the same, I never really wanted to do this stuff, but somebody had to, and it had to be done right. But it was all "hands-on", and I would have killed myself before I'd go through the misery of getting something like a Cisco certification.

On top of that, as a programmer I was quite a bit more involved with the business of the company than any of the networking guys we eventually ended hiring. This meant that my role morphed into being the guy that could help the network techies understand how their plumbing was going to be used by the business.

I look at what it takes me to build a homelab, and I realize just how much I lean on the things I learned over decades of being "The IT Guy", and I wonder how hard it must be for people without that kind of a background.

I've read through much of the FUTO article, and i can only think that even that is a hard slog for non-technical beginners. I thought that if I could share some of the things that I've learned about putting together a homelab over the past year or so, while trying to explain the underlying concepts involved, then it might help someone...and it keeps me busy and off the streets.

Back to the article dump...

Next is an article about DNS servers and, specifically, Technitium.

Going hand-in-hand with that, is an article about how You Need a Public Domain.

Finally, an article I've been sitting on forever that talks about the Lenovo M910Q Servers that I have been using in my Proxmox cluster.

In case you're interested, I'm also working on articles about systemd, a Proxmox introduction, resilency and recovery, network security, accessing services, VPN integration and linux basics.

As always, I'm interested in any feedback you may have, including stuff I got wrong or missed out, and whether there's any content you'd like to see. Thx.

7
167
submitted 10 hours ago by avidamoeba@lemmy.ca to c/selfhosted@lemmy.world
8
13

Hello everyone.

I have been interested in starting to self-host, and I have just been able to set up the first useful thing for myself (apart from a PiHole that I have running).

Since I am very afraid of making security mistakes, I would like to get feedback from you if my setup is secure or not.

The simple use case: I want to be able to back up files from my main computer to a hard disk, without having the hard disk attached to my main computer.

The setup:

  • A Raspberry Pi 4 running Raspberry Pi OS Lite (64-bit).
  • The Raspberry Pi can only be accessed via ed25519 key.
  • I configured a firewall on the Raspberry Pi with ufw to allow only traffic from the local subnet.
  • I then use sshfs to mount the hard disk connected with the Raspberry Pi to my main computer.
  • I plan to use rsync to back up my files.

Now I need your help: how secure is this setup? Did I make any major mistake? Is there something I could do better?

I'd be happy to get some feedback... 🙂

9
66
submitted 12 hours ago by indidev@lemmy.world to c/selfhosted@lemmy.world

Hey everyone! Just signed up on Lemmy. I've been running self-hosted services for a while now and looking forward to learning from this community. Glad to be here.

10
41

Hello again everyone

Please let me know if my posting here is becoming too regular

I tried out the options suggested by you in the last post. I actually got it working which was a really exciting moment for me. I got home from work and starting trying to set up an authentication that only allows my email to get through and ended up getting a Error 1033, i tried to change DNS settings and then got Error 1016.

I tried restarting my browser, restarting my cloudflared instance on my machine but nothing worked at all.

In short, im very lost. Ive tried following along with afew youtube tutorials but it hasnt really worked. Feeling very defeated, this is way above my knowledge level, but hey, i guess everything ive learnt on this selfhosting journey was once way above my knowledge level so theres always time to learn.

If anyone could point me in the right direction that would be appriciated

I also had a question, do you create a new tunnel for each application? Or do you just use a separate route and have them all on the same tunnel?

11
105

Hi everyone

Thanks for all the advice on buying a domain. Its a big week for me. Getting on grapheneos, buying a domain, and I also recently started self hosting my contacts and calendar. I love this way of life.

My original plan was to one of the xyz 1.1111b domains for $1 a year but most of the feedback I got said just go with cloudflare. Its a lot more money than I had planned but all the security features are baked in and I feel that's worth the extra money.

Here are my questions. I use the latest version of truenas community

  1. How do I connect my domain to my server apps? I've got a series of apps I'd love to he able to access without tailscale and solely use the domain.
  2. I have heard the term DNS a million times but don't really understand it. What do.I need to know about DNS to keep security up and stay protected
  3. I'd like to let family access my media server, are there any considerations I need to make?
  4. How can I use one domain to access multiple services on my server? Do I need to pay extra for subdomains?

Thank you for any advice

12
17

The other day I was looking for lyrics to a song. I went to a lyrics website and was hit with a wall of ads, despite my pi-hole! I then went to another site that put me into a redirect loop. It got me thinking about privately self hosting a lyrics site. I started thinking that lyrics are just a type of simple static content, and what would be ideal is an application in which you can upload multiple directories of markdown files. Perhaps the directory should be in a standardised .mds (markdown share) format for instance. It would essentially be a zip file with directories of markdown files and a yml file for indicating how it would ideally be displayed. Perhaps with an a-z, or perhaps text-searchable, or both. The styling would be configurable in the app and independent of the mds files completely. Does this kind of standard for sharing simple text or markdown in bulk exist in any capacity that encourages a known file format? I'm aware that static site generators exist, but they seem to be aimed at the creation of documentation, not at sharing it in bulk. I'm imagining easily downloadable recipe books, wikis, lyrics databases. Does this sound like something anyone would be interested in or am I over/under thinking it?

13
50
submitted 23 hours ago* (last edited 19 hours ago) by xavier666@lemmy.umucat.day to c/selfhosted@lemmy.world

I am in the process of setting up a virtualized OPNsense firewall on Proxmox on a Thinkcentre 720q. The proxmox host has 3 network interfaces.

  • A dual NIC gigabit card where one interface is for WAN and other for LAN, say eth1 and eth2
  • Another interface which came with the PC itself, say eth3

PS: I also have a switch for all my other devices.

After some research, I have understood that

  1. Passing (pass-through) the NIC to the OPNsense VM is better for performance
  2. Passing it through removes the interface from the host OS
  3. If passing is not done correctly, you may lose access to Proxmox.

My questions are

  1. How do I set eth2 to be the LAN port and also use it connect to proxmox?
  2. If I use point #1 (eth2 for LAN), how much will the throughput of eth2 be affected? (My ISP provides me symmetrical 320 Mbps link speed)
  3. If I use point #1, will local traffic (traffic handled by my switch) be affected?
  4. (Optional/Experimental) Since I have a spare port (eth3), can I use it for special purpose (a dedicated management port which will work even if OPNsense is down)?
  5. If I use point #4, my switch will have two ethernet connections from the proxmox host. Will this cause loops and kill my network?

You can answer this selectively by mentioning the question number.

If you have a better idea regarding how to setup OPNsense on Proxmox, please share.

Edit: Thank you for all your responses! It seems I have to study a lot. Let me answer a few questions

  1. I am not managing workloads for a dozen of people with strict SLAs. I'm just doing it for my family and myself.
  2. I understand the point that something as critical as a firewall should have its own hardware. However, I just want to experiment with few VMs on Proxmox. I want to setup Proxmox once and let it be.
  3. I eventually want to get into VLANs but that is not a priority right now. My future plan is to integrate this with some Omada access points.
  4. I've added a diagram of what I want to do. Please forgive my crude drawing as it's the best I can do for now.

Please let me know if you want some more information

14
40
submitted 1 day ago* (last edited 1 day ago) by gedaliyah@lemmy.world to c/selfhosted@lemmy.world

Anywherelan (styled AWL) is a direct peer-to peer-to-peer LAN solution for self-hosting and accessing services remotely without a server infrastructure.

Tailscale connections require an account identity (or OAuth authentication through services run by Google, Microsoft, etc.) I currently use it because it's codebase is open, and there are self-hosted forks (that I have considered as a future fallback), and it is dead easy to set up and use. It "just works."

However, this just popped up on my radar and I'd never seen it before or even heard of this technology. I couldn't find any posts about it, but if it works as promised, this would be a huge improvement in terms of my overall infrastructure. It seems like a somewhat young project with very active development, but the first release goes all the way back to 2022.

Has anyone here tried it? Is it any good?

15
34

Hiya, looking the a firewall for my homelab, mostly to experiment but also for a added layer of security. There are just two of us in this household with a few laptops, phones and my servers, so nothing much. Therefore looking for something affordable and not "overkill".

Anyone got any recommendations for this? Also how do you run your opensense/pfsense instance?

Appreciate any tips!

16
63

Hey guys, so I have been searching for the different ways to self-host a music-server and don't really know whats the best/most elegant way to go.

I know that there is navidrome and many also use jellyfin for it. Now I have a few questions:

  • Are there any good apps for android for navidrome/jellyfin respectively?
  • how easy can I add songs to them/do they pull metadata from somewhere (like jellyfin does for movies)
  • how do they (or any other options) compare in terms of ease of setup/maintainability?
  • do you have any overall recommendations?

Thanks a lot for any tips/recommendations and your help :D

17
261
Addiction.... (thelemmy.club)

I think I officially have a hoarding problem...

18
78

These are for ten years on a 1.1111b xyz domain

Godaddy $17 (unsure if includes protection) Dynadot $11.50 (with whois protection) Xyz $19.90 (with whois protection)

Its all very confusing. I just want to get a domain for my server as cheap as

19
17
submitted 1 day ago* (last edited 1 day ago) by jobbies@lemmy.zip to c/selfhosted@lemmy.world

What is the best way to provide internet access to guests on a Proxmox VXLAN? Is it:

  1. One node (host) in the cluster is the default gateway, all traffic is routed through it. Sounds clean and simple but there's multiple layers of jank to get it working, if it works at all
  2. Have a guest (lxc or VM) on the VXLAN act as a gateway. Give it two NICs - one on the vnet and another on the hosts bridge (physical lan), route traffic through the second.

My default approach is the first but despite hours of tinkering and forwarding tricks it never works. I'm leaning more to the second but having a dedicated gateway guest seems like a waste of resources - logically the host should be doing it.

And yes, SNAT is enabled 😅

20
27

I'm using Vaultgarden. Things are okay after losing my SSD yesterday morning. My strategy worked... HDD for data, SSD for the OS. I promptly found an available drive, installed Linux mint and recovered.

But that was scary. I keep a backup on another computer. The only way to actually run it and see the passwords needed to do anything was thru my phone. I was lucky that somehow the database was available offline. But if I had run out of battery I would be extremely screwed.

So I've decided the Vaultgarden is encumbered by not really having a local reliable copy. Maybe I'm wrong, but as I understand, if your server goes down and you log out, you're screwed... No more passwords until your server is up again. I find that to be extremely stupid unless I was protecting my severed testicles... No wait, that would be way worse.

So I'd there a server + local system? Like Joplin... You can write notes all day with no server at all. The server just Synchronizes it all. In the past I used syncthing and I will continue using it. One thought was to have an automated backup from Vaultgarden that was automatically synced to my various devices as a Keypass database.

21
13
Setting up local Caddy with Porkbun (wiki.livingcartoon.org)

cross-posted from: https://discuss.online/post/41958206

Open to suggestions for managing Caddy for domains from Porkbun.

  • Porkbun itself is using Cloudflare.
  • Their Caddy module is confusing to setup due to API changes and older documentation.
  • I'd like to use a declarative json configuration, but first I just need Porkbun to play nice enough to work when adding subdomains via wildcard.

The Goal

Setup legit Let's Encrypt as wildcard locally to test services at *example.domain.com, then put them into production on mainsite wildcard *.domain.com on VPS or similar.

Seeking Advice

Can anyone advise on setup recommendations. I'm currently using Nginx, which I had no difficulty setting up with ACME challenge. Perhaps I'm approaching Caddy in the wrong way. Thanks for any ideas!

22
159
submitted 3 days ago by Smurfi@lemmy.zip to c/selfhosted@lemmy.world

Hey all you beautiful selfhosters,

What are your suggestions for frugally obtaining HDDs in the current economic climate? Specifically the EU (Netherlands).

I'm looking at second hand drives, but even those go for €100+ now, with bad sectors and all.

Can we organise a collective AI datacenter robbery and doll out some stolen drives? 😁

23
192

Hey Hosters!

Just wanted to share that I got Jellyfin installed and set up on my Windows 2022 Server, and it’s working great! I didn't even know there was a version for WIndows. How do you like that?

I know this is probably “the usual” for everyone here, but I’m genuinely excited that I managed to get it all running smoothly.

After getting the server up, I went through the basics (users/permissions, library paths, and making sure everything was reachable on the network) and it all just worked. The interface is super clean, playback is nice and responsive, and it feels like I’ve been missing out on this until now.

Huge thanks to the Jellyfin team and the community! This project is awesome!! If anyone is stuck, please don’t give up. keep poking at the configuration and it’ll pay off. Now I just need to spend some time organizing my libraries!

Happy Hosting!

24
46

Self hosting: real game starts today

@selfhosted

So, it's done: my main domain has finally got its transfer to Hostinger, new provider where I have the VPS I'm experimenting in.

Real game with WordPress multisite/multilingual and self-hosted Fediverse starts TODAY!

#activitypub #selfhost #selfhosting #wordpress #yunohost

25
75
submitted 4 days ago* (last edited 4 days ago) by BlackEco@lemmy.blackeco.com to c/selfhosted@lemmy.world

Breaking change in #FreshRSS for those of you with feeds on your local network such as RSS-Bridge or RSSHub: for improving security (SSRF), local addresses must be added to your allowed list. There are a Web UI and an environment variable INTERNAL_HOST_ALLOWLIST, whichever is easiest. Breaking changes in FreshRSS are rare, but this has been made default since not everybody is able to properly isolate their services. This has just landed in the rolling release (edge). Tests welcome.

view more: next ›

Selfhosted

60366 readers
757 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS