1
102

As a review, I want to highlight the constructive feedback:

  • Overwhelming majority support some kind of tagging to identify AI projects and discussions
  • A small portion have mentioned a preference for a "Not AI" tag, specifically for project promo posts to make it an active choice
  • Too many tags would make it too complicated
  • A tag for AI topics as well as a tag for AI projects would be helpful
  • A variation of [AI] is preferred by folks who commented on tag naming
  • A tag is not enough, how they used AI is important
  • A tagged post should not have drive-by comments that don't add to the conversation

For those who want "no AI ever", that isn't really possible. I'd recommend starting a new community, as so many critical pieces use AI in some capacity (linux, openssl, mariadb, curl, node, go, etc) that it would be a very different, hyper-specific community.


My recommendation based on what was said:

  • Three tags:
    • [CBH] - Code By Human - A promo post with a project that did not use AI in any capacity.
    • [AIP] - AI Project - A promo post with a project that used AI in development in any capacity. Disclosure is required for how it was used.
    • [AIT] - AI Topic - A discussion topic that includes AI. This is for items like "I want to customize a model to evaluate fish happiness based on CV captures" or "I'm having trouble configuring this MCP"

Posts that are not promotional and do not involve AI would not require a tag.

All promo posts would require a tag, making it an active decision to put [CBH] or [AIP], and would become kind of an extension of rule 7.

For [AIP], there would be a disclosure followup. I'm thinking something akin to the candor.md/ai-declaration.md approach, and this structure is based on that. The poster would need to identify which part of the process used AI:

  • Design - architecture, system design
  • Implementation - production code
  • Testing - writing tests, test plans, and QA.
  • Documentation - Docs, comments, readmes, changelogs
  • Review - Code review and pull request feedback
  • Deployment - CI/CD configuration.

And then the level (human only elements can be skipped):

  • Hint - AI suggested solution, human does the task.
  • Assisted - AI acts on part of a task, but a human handled the bulk.
  • Pair - About a 50/50 split of human made and generated.
  • Generated - a human prompted, the llm generated. (I see no substantial differentiation between Copilot and auto from ai-declaration.md for our use case, so I renamed to 'generated')

The requirement would be to call out only the parts which used AI, and the level of AI involvement for that process. So lets say there was an post tagged [AIP], and lets also assume there was a working automod to make this comment:


It looks like you've posted a project with the [AIP] tag.

Please reply to this comment with your AI Disclosure as described in the [AI RULES POST] (this will be a link), required for all [AIP] posts.

Identify which parts of the process involved AI (Design, Implementation, Testing, Documentation, Review, Deployment) and the level of AI involvement (hint, assist, pair, generated). See the [AI RULES POST] for details. Additional notes on use are welcomed if you'd like to provide them.


The [AI Rules Post] would contain the details above, just like the expanded rules post/explanations.

Failure to provide a disclosure after using the tag would mean removing the post. It could be locked, but I would have to assume the majority of the spam-type postings that happened to make it past the rule 7 criteria are the ones who will not provide the requested disclosure. I think it makes for a good filter this way, but please comment if you think otherwise.

In terms of timing, I'd say an hour should be more than enough time to provide a reply. If there isn't one, then the post should be reported so it could be removed. Removals, as always, will be by a person, so they will be at some point after the hour limit.

I'll likely make a crappy little bot in python to handle the tag check, check post_id to make sure it hasn't already replied (this way if it gets edited in it will still comment) specifically for the [AIP] tag only. It won't do a single thing otherwise. If you know of an existing (and good) bot for this, please share, or be subjected to the roughly 50 lines of code I wrote this morning. If I do use mine, I'll put it up on codeberg so everyone can see exactly what its doing.... and then get mad and tell me there is a better way.

Speaking of, I've made a repo for /c/selfhosted, currently with just the detailed rules post. I'll put other information there later, such as the AI rules post, the comment bot (if applicable), etc. This will also go into the sidebar once I've had time to update the README and other details.

Please respond with your questions, comments, and criticisms

2
377
submitted 3 years ago* (last edited 3 years ago) by devve@lemmy.world to c/selfhosted@lemmy.world

Hello everyone! Mods here 😊

Tell us, what services do you selfhost? Extra points for selfhosted hardware infrastructure.

Feel free to take it as a chance to present yourself to the community!

🦎

3
12
submitted 2 hours ago* (last edited 1 hour ago) by gedaliyah@lemmy.world to c/selfhosted@lemmy.world

Anywherelan (styled AWL) is a direct peer-to peer-to-peer LAN solution for self-hosting and accessing services remotely without a server infrastructure.

Tailscale connections require an account identity (or OAuth authentication through services run by Google, Microsoft, etc.) I currently use it because it's codebase is open, and there are self-hosted forks (that I have considered as a future fallback), and it is dead easy to set up and use. It "just works."

However, this just popped up on my radar and I'd never seen it before or even heard of this technology. I couldn't find any posts about it, but if it works as promised, this would be a huge improvement in terms of my overall infrastructure. It seems like a somewhat young project with very active development, but the first release goes all the way back to 2022.

Has anyone here tried it? Is it any good?

4
14

Hiya, looking the a firewall for my homelab, mostly to experiment but also for a added layer of security. There are just two of us in this household with a few laptops, phones and my servers, so nothing much. Therefore looking for something affordable and not "overkill".

Anyone got any recommendations for this? Also how do you run your opensense/pfsense instance?

Appreciate any tips!

5
50

Hey guys, so I have been searching for the different ways to self-host a music-server and don't really know whats the best/most elegant way to go.

I know that there is navidrome and many also use jellyfin for it. Now I have a few questions:

  • Are there any good apps for android for navidrome/jellyfin respectively?
  • how easy can I add songs to them/do they pull metadata from somewhere (like jellyfin does for movies)
  • how do they (or any other options) compare in terms of ease of setup/maintainability?
  • do you have any overall recommendations?

Thanks a lot for any tips/recommendations and your help :D

6
228
Addiction.... (thelemmy.club)

I think I officially have a hoarding problem...

7
16
submitted 20 hours ago* (last edited 20 hours ago) by jobbies@lemmy.zip to c/selfhosted@lemmy.world

What is the best way to provide internet access to guests on a Proxmox VXLAN? Is it:

  1. One node (host) in the cluster is the default gateway, all traffic is routed through it. Sounds clean and simple but there's multiple layers of jank to get it working, if it works at all
  2. Have a guest (lxc or VM) on the VXLAN act as a gateway. Give it two NICs - one on the vnet and another on the hosts bridge (physical lan), route traffic through the second.

My default approach is the first but despite hours of tinkering and forwarding tricks it never works. I'm leaning more to the second but having a dedicated gateway guest seems like a waste of resources - logically the host should be doing it.

And yes, SNAT is enabled 😅

8
75

These are for ten years on a 1.1111b xyz domain

Godaddy $17 (unsure if includes protection) Dynadot $11.50 (with whois protection) Xyz $19.90 (with whois protection)

Its all very confusing. I just want to get a domain for my server as cheap as

9
25

I'm using Vaultgarden. Things are okay after losing my SSD yesterday morning. My strategy worked... HDD for data, SSD for the OS. I promptly found an available drive, installed Linux mint and recovered.

But that was scary. I keep a backup on another computer. The only way to actually run it and see the passwords needed to do anything was thru my phone. I was lucky that somehow the database was available offline. But if I had run out of battery I would be extremely screwed.

So I've decided the Vaultgarden is encumbered by not really having a local reliable copy. Maybe I'm wrong, but as I understand, if your server goes down and you log out, you're screwed... No more passwords until your server is up again. I find that to be extremely stupid unless I was protecting my severed testicles... No wait, that would be way worse.

So I'd there a server + local system? Like Joplin... You can write notes all day with no server at all. The server just Synchronizes it all. In the past I used syncthing and I will continue using it. One thought was to have an automated backup from Vaultgarden that was automatically synced to my various devices as a Keypass database.

10
11
Setting up local Caddy with Porkbun (wiki.livingcartoon.org)

cross-posted from: https://discuss.online/post/41958206

Open to suggestions for managing Caddy for domains from Porkbun.

  • Porkbun itself is using Cloudflare.
  • Their Caddy module is confusing to setup due to API changes and older documentation.
  • I'd like to use a declarative json configuration, but first I just need Porkbun to play nice enough to work when adding subdomains via wildcard.

The Goal

Setup legit Let's Encrypt as wildcard locally to test services at *example.domain.com, then put them into production on mainsite wildcard *.domain.com on VPS or similar.

Seeking Advice

Can anyone advise on setup recommendations. I'm currently using Nginx, which I had no difficulty setting up with ACME challenge. Perhaps I'm approaching Caddy in the wrong way. Thanks for any ideas!

11
158
submitted 2 days ago by Smurfi@lemmy.zip to c/selfhosted@lemmy.world

Hey all you beautiful selfhosters,

What are your suggestions for frugally obtaining HDDs in the current economic climate? Specifically the EU (Netherlands).

I'm looking at second hand drives, but even those go for €100+ now, with bad sectors and all.

Can we organise a collective AI datacenter robbery and doll out some stolen drives? 😁

12
46

Self hosting: real game starts today

@selfhosted

So, it's done: my main domain has finally got its transfer to Hostinger, new provider where I have the VPS I'm experimenting in.

Real game with WordPress multisite/multilingual and self-hosted Fediverse starts TODAY!

#activitypub #selfhost #selfhosting #wordpress #yunohost

13
192

Hey Hosters!

Just wanted to share that I got Jellyfin installed and set up on my Windows 2022 Server, and it’s working great! I didn't even know there was a version for WIndows. How do you like that?

I know this is probably “the usual” for everyone here, but I’m genuinely excited that I managed to get it all running smoothly.

After getting the server up, I went through the basics (users/permissions, library paths, and making sure everything was reachable on the network) and it all just worked. The interface is super clean, playback is nice and responsive, and it feels like I’ve been missing out on this until now.

Huge thanks to the Jellyfin team and the community! This project is awesome!! If anyone is stuck, please don’t give up. keep poking at the configuration and it’ll pay off. Now I just need to spend some time organizing my libraries!

Happy Hosting!

14
73
submitted 3 days ago* (last edited 3 days ago) by BlackEco@lemmy.blackeco.com to c/selfhosted@lemmy.world

Breaking change in #FreshRSS for those of you with feeds on your local network such as RSS-Bridge or RSSHub: for improving security (SSRF), local addresses must be added to your allowed list. There are a Web UI and an environment variable INTERNAL_HOST_ALLOWLIST, whichever is easiest. Breaking changes in FreshRSS are rare, but this has been made default since not everybody is able to properly isolate their services. This has just landed in the rolling release (edge). Tests welcome.

15
81
submitted 3 days ago* (last edited 3 days ago) by eddyizm@lemmy.world to c/selfhosted@lemmy.world

Tempus is an open-source and lightweight music client for Subsonic, designed and built natively for Android.

This app works with any service that implements the Subsonic API, including:

https://github.com/eddyizm/tempus/releases/tag/v4.20.0

My last release post was for v4.12.0 so I've included whats changed since that post.

What's Changed

Highlighting these 5 features that people have wanted for some time and were well received.

And a ton of bug fixes, performance improvements and other features -> Full Changelog: https://github.com/eddyizm/tempus/compare/v4.12.0...v4.20.0

note app-tempo* <- The github release with all the android auto/chromecast features

app-degoogled* <- The izzyOnDroid release that goes without any of the google stuff.

As usual, any dev contributions appreciated as I am not actually a java/mobile dev, so my progress is significantly slower than those who do this on the daily.

Big thanks to all the folks who have been contributing.

16
6
17
50

Does anyone know if it's possible to achieve this? Possibly with an external service that syncs the two?

Basically, the last feature immich can't do that google does is to share albums. Sometimes my family wants to have albums after events, and my ones live in a silo.

18
22
submitted 3 days ago* (last edited 3 days ago) by glizzyguzzler@piefed.blahaj.zone to c/selfhosted@lemmy.world

I have a single Podman stack & Podman network - ingress via Caddy with crowdsec that forwards stuff to the various things I've got going. All self-contained in the Podman network.

I want to put Caddy in a VM to establish a "DMZ" (separate kernel) as I've seen recommended for directly internet-facing infrastructure. But to do that, I'll break my single Podman network across two "servers".
Because it is across two "servers", I need to publish the ports for the services on the non-VM server so that the VM can address them externally - which allows the services to talk to the internet (even if they don't need it) and allows the services to talk to each other on published ports (before I could have separate networks for each service, so BookOrbit can't talk to Jellyfin for instance).

How can I have the Caddy in the VM that deals with the WWW forward things to the server running everything but retain that closed Podman network topology?

And ancillary Q, what other things should be in that "DMZ" VM? Auth ODIC? Headscale? Just Caddy?
Edit: Caddy forwards everything to the Auth OIDC which forwards it along if the connection attempt is logged in. Will be adding mTLS to bypass that check eventually. That's why I'm thinking Auth ODIC should be in the "DMZ" VM too.

And lastly, Podman networking works just like Docker networking, so any topology is transferable if you've solved this in Docker!

WRT = with respect to

19
27
submitted 3 days ago* (last edited 2 days ago) by jws_shadotak@sh.itjust.works to c/selfhosted@lemmy.world

I have some subdomains that go to my home address (I know I should put it through a VPS first but I'll get to that when I have time).

If I connect to example.domain.tld and DNS records point back to my own IP, where does that data go to reach back to my device?

Edit: thanks for the responses everyone

20
82
submitted 3 days ago* (last edited 3 days ago) by FukOui@lemmy.zip to c/selfhosted@lemmy.world

My old laptop for self hosting just croaked, and I'm thinking of buying a 2nd hand mini pc, but this time I want to do it proper. I want to optimize the electricity consumption and specs needed/ future upgreadability, considering how expensive everything is now.

My use case is just for self hosting files (infrequent access and reducing reliance to google drive), and occasional dev workload via ssh. I'm thinking of buying a used optiplex with at least i6 gen cpu (SFF or micro form factor), but I want to see if there are better options.

There was a link posted in this subreddit about power consumption comparison of different mini pcs (raspberry pi, n100, etc), and I regret not saving it.

If anyone could suggest me better options it would be greatly appreciated. Thanks!

21
51
submitted 3 days ago* (last edited 2 days ago) by irmadlad@lemmy.world to c/selfhosted@lemmy.world

Recently, I saw icanhazip.com pop up in my pFsense firewall logs. It was immediately blocked but the name piqued my interest, so I did a little digging which revealed an interesting backstory.

It's owned by Cloudflare:

spoiler

spoiler

...but it hasn't always been theirs: icanhazip: How a simple IP address tool survived a deluge of users. Pretty interesting, at least to me as I have never encountered it before.

I have it still blocked as nothing I'm doing seems hampered by blocking icanhazip.com's ip range. Anyone else ever encounter icanhazip.com?

I think I found the source of the icanhazip.com block. From the Github Issues page:

2025-03-27 17:00:02] production.ERROR: Failed to fetch external IP address. [“cURL error 60: SSL: no alternative certificate subject name matches target hostname ‘icanhazip.com’ (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://icanhazip.com/%E2%80%9D]

ETA: Solved

I think I found the source of the icanhazip.com block. From the Github Issues page:

2025-03-27 17:00:02] production.ERROR: Failed to fetch external IP address. [“cURL error 60: SSL: no alternative certificate subject name matches target hostname ‘icanhazip.com’ (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://icanhazip.com/%E2%80%9D]

22
217
Selfhosted & AI (anarchist.nexus)

Yup, I'm posting another this week. Sorry.

This week I'm hoping we can wrangle a solution around AI and our selfhosted community. There are plenty of strong opinions (both pro and con), but one thing is for certain - there needs to be better disclosure in promo posts. Two options (that aren't mutually exclusive):

  • Any posts of an AI focused, AI Developed, etc software gets an [AI] tag. No, a [Not-AI] tag is not needed to accomplish this, thats kind of a "non-golfer" sort of tag.
  • Comment requiring an AI disclosure response to every promo post, if its not detailed in the post itself. Specifics (generating docs for commands, translation, whole-boat vibe-coded this app, etc) would be requested.

I will say that having disclosure and/or tagging would mean that comments that just say "slop" or "fuck ai" or whatever would be off topic at that point, that information is already provided, so its just noise (and sometimes pretty uncivil - I've been light on that for now due to the need for a rule on this).

The tag [AI] would make it easy to filter out (or search for, if that's your thing), but there is a wildly different degree of AI use out there, and from the posts with a positive score, its usually due to responsible AI use (translations, a snippet they had to do something obscure with, available to use with AI but doesn't require it, whatever), which is why I think the disclosure has a place as a benefit to everyone.

Please provide any input or alternative options on this, and I can then put it to a vote like the last one. Comments seem to be the best approach without involving something off-site, but if you have a better idea/option, please share.

23
34

This is an alternative to manually typing your password to decrypt your home server disks.

The idea is that you have a Tang server somewhere on your local network. When your server boots up, it needs to communicate with the Tang server to unlock the disk. Tang doesn't store the key and is stateless, but the client requires Tang's cooperation to compute the key.

For me, I'm thinking about someone breaking into my house and stealing my computer. Currently, I have LUKS read a keyfile from a USB drive... but I almost always leave it plugged in... so a thief would probably accidentally steal that too.

With this setup, I'm thinking maybe I could setup a Pi on the opposite side of my house, ideally hidden. And then if my home server gets stolen, LUKS wouldn't be able to reach my Tang server, and therefore not unlock anything.

24
38
Community Rules (anarchist.nexus)

In an effort to make the sidebar a bit cleaner, and allow for more thorough explanation of the rules, this post has been made. Comments are disabled, to start a discussion with the community about this post or the rules in general, please make a meta post. Please stick to one specific item to address as your post to keep discussions on topic.

If you see a rule violation, please report rather than interacting with the post/comment.

Rules:

  1. Be civil.

This is a community of collaboration. We aren't here to put each other down, but lift each other up - helping to improve efficiencies, find the right solution to deploy, or work through bugs.

Disagreement and strong opinions are welcome, being degrading or disrespectful is not.

A good reference would be the Lemmy.world Terms of Service as well as the ACoC.

Sexism, racism, ethno-supremacy, homophobia, slurs for ethnicities, genders, sexualities, etc, will not be tolerated. If you see it, report it. Don't interact, as the comment chain will likely be nuked.

  1. No spam.

Spam is not “I don’t like this”.

Spam would generally be considered:

  • Mass-posting - Posting the exact same post across a bunch of of different communities, rapidly. Cross-posting is not spam, but cross-posting to communities where it wouldn't fit, is.
  • Repetitive Content (aka karma farming) - repeatedly submitting old popular content. This is completely irrelevant on Lemmy,, but the behavior is still not permitted.
  • Bot Activity / AI Abuse - Using scripts/bots/gen AI to automate posts and comments.
  • Unsolicited DMs - Mass private messages or chats to users, completely unsolicited

Bots are allowed, but see the Rules of Use for Bots on Lemmy.World, where this community is located. Please be sure to review these rules prior to using a bot in this community.

  1. Posts are to be related to self-hosting.

Please ensure it is clear in your post how it relates to self-hosting.

If you see a post where there is a more appropriate place for the discussion to take place, such as a linux or networking community, please feel free to recommend it to the user as well as report.

From a community discussion on this rule:

  • Posts that are better off in a different community (not just intent, but also a community thats appropriately supported by activity) will be locked only after that community is noted. Posts will not be deleted though, only locked.
  • If there is an influx of simple posts about hardware, pictures of setups, etc., then we can go ahead with a weekly sticky for that content.
  • Low effort content is currently well managed with upvotes and downvotes. If there is an influx of low effort content, we can use a different approach.
  • Repeated common questions, once enough of them are being seen, will go to an FAQ post or a wiki.
  1. Don't duplicate the full text of your blog or readme if you're providing a link.

If everything you're posting is in the link, there isn't much value to adding that text. If you're going to add text, make it contextual. Summarize it, mention why selfhoster's might be interested in the news link, how you're using this software, etc.

  1. Submission headline should match the article title.

Add supporting or related information in the post itself rather than the title.

  1. No trolling.

Trolling is deliberately posting something offensive, nonsensical, or provocative to bait people into arguments or to get an emotional reaction. Its disruptive and manipulative, and is not permitted here.

A few key characteristics:

  • Baiting: Comments / posts to make people angry or confused
  • Derailing conversations: Ruining meaningful discussions by steering them off topic

Downplaying this behavior by claiming it was "just a joke" will not impact moderation decisions. See rule 1.

  1. Promotion posts require your active participation in selfhosting or related communities, and your account must be at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See this link for further details.
  • Active participation is defined by the 10% rule - no more than 10% of your posts or comments may be self-promotional, or your post will be removed. That is not per-project, but your account as a whole. If the entirety of your post and comment history is your blog and projects, then your post history is entirely self-promotional.
  • Account Age has been added as a requirement to mitigate frequent posts that were being seen within the community. This rule applies in all cases, whether you intend to post about a paid or F/LOSS project. There are no exemptions from this requirement.
  • F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, your post is exempt from the 10% requirement. The exception does not exempt you from the account age requirement.

This post will receive updates as rules are updated.

25
66
submitted 4 days ago* (last edited 4 days ago) by CorrectAlias@piefed.blahaj.zone to c/selfhosted@lemmy.world

Hi everyone.

Given some recent.. issues with Bitwarden's leadership, I've been toying with Vaultwarden. It's been great, and supports pretty much everything I need.

I currently locally host the vault, but I'm realizing that this could cause problems for my family if something were to happen to me. While not technologically inept, if my server at home crashed they would have no idea how to access it, and they would lose all of the passwords.

I was thinking that a vps might be a better choice for this, possibly with some reboot automation in case of outages. That would allow them enough time to initiate the emergency access and import everything before anything happens to the passwords.

I've also got encrypted M-disc backups of the most important passwords with timestamps of when they were last set. I've demonstrated and written down instructions on how to decrypt these. Of course I also have other backups, but I doubt they'd be able to retrieve the non-physical copies of the backups.

Anyway, is that what most people here do with Vaultwarden, use a VPS with mTLS or VPN? To add, I would only use a tunnel for this if I go this route, so no open ports.

view more: next ›

Selfhosted

60320 readers
560 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS