Based on recent comments this feels like a discussion we should have. So..topic, basically.

I'm not looking to be chief noisemaker on this, but I stand by what I wrote in !privacy and what's in my post history.

https://lemmy.ml/post/48724623/26190950

Let's have at; do we want a [AI] and [NOT AI] tag. Why or why not?

Hey everyone,

I wanted to run high-fidelity network canaries in my homelab, but I couldn't justify enterprise pricing, and I wasn't a fan of managing custom orchestration across all my VMs to make available oss solutions work.

So, I built HoneyWire. It’s a completely free, open-source distributed deception platform.

It uses a point-in-time CLI wizard to deploy hardened, distroless Docker traps. You run the command once, it spins up the decoy, registers it to your centralized Hub dashboard, and the setup agent completely exits. No persistent background daemons.

Features:

Zero-Agent: No ongoing background overhead on your hosts.

Centralized UI: View fleet health, uptime, and lateral movement alerts in dark mode.

Alerting: Built-in push notifications and SIEM forwarding.

Privacy: 100% free, open-source, and strictly zero telemetry.

GitHub Repo: https://github.com/andreicscs/HoneyWire Landing Page: https://honeywire.dev/

Would love to hear your thoughts on the architecture or any feedback if you test it out!

Our family has a bunch of people whose birthdays we need to keep track of. Those birthdays matter to everyone, so we would like to have one shared birthday calendar. The calendar should come with an android app that at least sends reminder notifications about birthdays.

What selfhosted solution are you using for this? What can you recommend?

I've tried NextCloud before and didn't really love it and I'm now happy with a combination of syncthing and LibreOffice. But my wife wants the full google drive, with sheets, docs etc. without the google, and I think NextCloud is my best option for that.

I'm and experienced *nix admin and already have a Linux server running with both VMs and docker containers and also have a working OpenVPN setup for remote access. But I found the NextCloud setup frustrating. We had a discussion about it (here I think) and determined that this was because NextCloud would rather sell their hosted service, so they don't go out of their way to make the self hosted option easy. I get that and don't hold it against them at all.

But, now that I'm wanting to try it again, I'm looking for pointers to guides for setting up self hosted NextCloud. I've searched, but nothing I found seemed like "the one".

I'm looking into setting up https for my local services. Everything is currently set up using the official caddy docker image.

I want to use now connect caddy to cloudflare to resolve the DNS 01. It looks like this is possible with a drop in replacement for caddy from either https://github.com/CaddyBuilds/caddy-cloudflare or https://github.com/serfriz/caddy-custom-builds

Is anyone here using these builds? Are they reliable? Is there an alternative I havent considered?

I’m trying to find an app for iOS that supports the nested feeds of comma feed. Anyone got any ideas? I have three level nested folders. It’s peri unruly trying to manage my feeds without the nested folders as I have a LOT of feeds

TIA

Re: the recent meta discussion and ongoing chats about self hosting, open vs closed source, AI etc, I wanted to share some food for thought.

I'll explain why this is related to self hosting at the bottom (section bolded): our lovely new mods can call it. I hope it inspires some out loud thinking.

Disclosure: I am not the content creator nor am I paid by them to signal boost. I just like their stuff and think this is an important topic, from multiple angles.

"The future of AI depends on the moral compass of five people."

I've been watching "AI in context" for a few weeks (they make long form biopic content on current state of AI - really good stuff).

This dropped today; it's about the wheeling and dealing behind closed doors at OpenAI re: Sam Altman's firing. It's a lot more watchable than that sounds :)

https://www.youtube.com/watch?v=_eYTkvZqbnQ

The line that brought me to a stand still was "the future of AI depends on the moral compass of like 5 people".

I think folks here (and Lemmy generally) are more savvy about AI then the gen pop (though Lemmy is famously FuckAI)....but even if you're training a nanoGPT model from scratch on hardware you own ...you're still beholden to outside forces.

Eg: the people's champion - Qwen - seems to have split or gone closed weights for 3.7. That's not a good sign.

Reason for post

In the recent [Meta] chat, I noted an undercurrent of "no man is an island" - that is, yes, you might host your own X, but you're still dependant on external Y (eg: SearXNG).

Self hosting / FOSS / forking mitigates some of the "we changed the terms of service after the sale" enshittification we see occurring in related spaces (eg: right to repair). But there's only so much leverage you can enact before it becomes pyrrhic.

I would like to believe "fuck you, I won't do what you told me" is our bulwark against market forces.

At the same time, it's sad to see so many "Don't be Evil" mission statements not survive contact with reality (watch the vid: OAi was founded on the ideal of "don't let AGI kill us")

I think what happens upstream has effects down stream too (see prior X vs Y examples)...

Not sure where this leaves us. It's a weird time to be alive.

Enjoy the video (and their others - Ai2027 is eye opening). Look forward to any productive chat this post might inspire.

I am one of a network of academic researchers from around the world working on collecting media market data. One problem is that referenced sources often disappear which makes validation later difficult or impossible. So, I thought I would recommend self-hosting something like archive.org that would allow affiliated researchers to submit their web references and have their sources efficiently archived in a central project repository. That would allow validation and continuity for when web-hosted text and files disappear or researchers leave.

I have been looking at ArchiveBox. If you have experience of this or a similar solution, would that fit the bill? The important thing is efficiency for researchers submitting/retrieving pages and files, and openness in structure and formats so that the archive would remain useful if ArchiveBox or similar disappears. FOSS of course means you can't be locked out anyway.

Hi all!

I started my self-hosting journey a bit ago and currently host my own instance of Immich. With almost 30k pictures I feel like I want to find the best pictures and print an actual album for each event/trip/etc whenever it makes sense. I was wondering if there are any self-hosted options for this where I can, given a specific album (or folder assuming there is no Immich integration) it will choose the "best" pictures for printing (I understand that "best pictures" is very subjective).

I'm trying to understand the bot problem in the internet and finding more ways to defend myself. One thing that I can't seem to understand is why most bots, scrapers and crawlers seem to have residential IPs.

• Is it that ISPs are being paid by tech-bros to assign them these IPs?
• Is it that residential devices have been hacked /contain malware that does this?
• Is it trivial for companies to assign themselves residential IPs?
• Paid volunteers are doing this for AI companies?

Or is there is some other reason for this?

Obviously this is a problem because one can rotate / cycle through residential IPs and if I aggressively block each offender in my logs permanently, then the next person assigned this IP who may be a legitimate user will be unable to access my site.

A number of brand new accounts have popped up shilling their paid for applications.

Is this within the rules? Is the community happy with this? Could mods clarify this in the rules?

Either allowing advertising, or banning it entirely.

my point is - there is a difference between an open source homegrown project that might be useful, vs closed source paid for projects from brand new accounts

some replies are misunderstanding, somehow.

I am against

brand new accounts who:

1. first post is a brand new project
2. project is closed source
3. project will cost money
4. is asking for free testing
5. the post is literally an advertisement

RedMemo — a self-hosted Reddit front-end (Redlib's UI, Go back end) that archives what it serves, so it keeps working when Reddit doesn't. Repo (Go + Postgres, AGPL-3.0): https://github.com/Meeks233/Redmemo Live demo (/settings is TOTP-gated, treat as read-only): https://redmemo.meekslab.cc/

Reddit`s funking constraints. Reddit caps each OAuth identity at ~100 API requests per 10 minutes, and IP-bans addresses that push too hard. The one mercy: media (images/video) is served from a CDN and doesn't count against that quota — only the JSON posts/listing/comment calls do.

Why Redlib runs out. Stateless and unauthenticated — every page view is a fresh upstream hit with nothing kept. Each request pulls only a handful of posts, so the 100-call budget drains in minutes, and there's no outbound rate limiting to pace it. Worse, it still ships a 2023-era official-app fingerprint; against an unchanged, years-old fingerprint, who else would Reddit block first?

Why RedMemo lasts. I supercharged everything.

• HR outbound rate-limit — Main gate for your poor API credits, sync with the dynamic ring at the topbar, which could help you easily estimate remaing credits.
• Control — 100 users rush to your instance, eveyone just clicks one link and your instance is completely disabled for 10mins...? Why couldn`t I just lockdown my instance and leave room for NP ? You can disable upstream service completely at env/settings. (env will persist)
• 5-layer NP (Natural Prefetch) — L1: main cycle (Pull 100 posts at once) , L2: media, L3: comments, L4 sub icon, L5 audio remux(under construction). I try my best to mimic real human behaviour and disperse those requests, so Redmemo just looks like a real user to Reddit.
• Archive — Reddit cant hack your homelab or vps to erase your records at Postgresql. What NP gets will come here and ready to serve.
• Scored cache — You could define cache size (like 1G at env), large and small media are run through a scoring function (LRU+Size) ; eviction is an incremental, low-IO sweep that drops the lowest-value items.
• Fresh fingerprint — Use the TLS fingerprint from reverse-engineering the official client and auto-derive the User-Agent from Reddit's official-app release cadence, so it never goes stale. (However Android version is now pinned to 15)

It's a derivative of Redlib/Libreddit, AGPL-3.0, not affiliated with Reddit.

To be honset, I used a lot of AI — Claude Code (4.6 through 4.8). But core codes were reviewed. The designs (NP, HR, the scored cache) are mine. If you could write better code, we will be very glad to see a new project inheriting from Redlib. Our beloved Redlib just lacks maintenance for almost 3 years, I just try to prolong its life. Anyway I`m just a college student using as much spare time as possible in the last 2 months just try to do something for community...😥

I've heard about Kavita and CWA. Kavita can't fetch metadata sadly and it has too much behind the "+" service and CWA, as far as I know, is not very good for managing Manga and Comic.

Any recommendations? I would prefer it to be able to get it on the same app so I don't have to constantly change IP on Kindle.

Hi /c/selfhosted,

it's been some time since I have posted an update about PdfDing, the selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. It’s designed be to be minimal, fast, and easy to set up using Docker. You can find the repository here.

Since my last post the following features were added to the app:

• Share PDF collections with the public with a link and QR code. Optionally, shares can be protected with a password and a deletion date. Until now only single PDFs could be shared.
• Use bulk actions for managing multiple PDFs at once. Available bulk actions include adding, deleting, starring + tag and collection adjustments. It's no longer necessary to waste time by processing one PDF after another.
• Multi-Factor Authentication. Users that aren't using SSO can now secure their accounts by using a second factor (webauthn + TOPT)
• Other than this there are several minor UI and quality of life improvements that (hopefully) make the app a bit more beautiful and easier to use.

If you are using PdfDing I would appreciate it greatly if you would take a couple of minutes to complete the small survey. This will help me to improve PdfDing in a way that benefits you most.

Last but not least I am quite happy about the nice and steady growth of PdfDing. By now it has almost 300k image pulls and over 1.7k stars. Since the popularity is increasing but not exploding I am not overwhelmed with feature requests and the general maintenance. It also means that I am spared from the attack of AI slop PRs that target more popular projects.

cross-posted from: https://discuss.online/post/41558684

Setup listmonk and now wondering about suggestions for how to maintain a basic list and campaign. Wondering about a few things:

• Privacy. All I want to know is if people are actually able to read the posts.
• Any thoughts from others who've been managing their own lists / campaigns.
• Basic idea is to use for email and RSS to post updates on latest happenings, maybe once a month.

Just want this to be both successful and not annoying. 😄

I've been racking my brain the whole afternoon trying to figure out why when I try to access my Pihole over Web GUI suddenly I'm met with SEC_ERROR_UNKNOWN_ISSUER error.

My setup:

• Nginx (SWAG) runs on my server and routes all apps on the server, plus two separate devices (Unifi and Pihole)
• Pihole runs on a Raspi with a fixed IP
• Nginx conf points to Pihole's IP on port 80 over http protocol.

This worked perfectly fine until several days ago (well, that's when I noticed the issue). Now whenever I try to access Pihole over its FQDN (https://pihole.my.domain/), I get the above error. The reason is mismatched certs, i.e. my browser fetches Pihole's self-signed cert and doesn't see my domain's cert at all. However, this shouldn't be happening at all. Nginx conf points to Pihole's port 80, not port 443. To further confirm this, I temporarily disabled port 443 on the Pihole and only served on port 80, which made Pihole web inaccessible over Nginx. I thought maybe Unifi is the culprit, but I can still reach the Web GUI over http://pihole.my.domain/ and http://pihole-ip/ through my browser. I have several other apps on the server that use port 80, and Nginx has no issue routing them.

Anyone has any idea what might be happening here?

Hi fellow selfhoster,

Im a bit lost on the following scenario and im unable to find any documentation about it so i was hoping some smart people here could point me in the right direction.

I have a linux software raid 6 that contains a LUKS partition with ext4 in it. I would like to automount the ext4 when im rebooting. The root partition is also using LUKS and i have successfully setup the decryption for this parition but im uncertain on how to do this with this raid setup since im not sure where in the boot process linux recognizes my raid and when the decryption happens.

This is what i have:

[root@nfs-rocky-1 ~]# cat /etc/mdadm.conf
ARRAY /dev/md/server1:0 metadata=1.2 UUID=3e198408:2236ed3d:1dc13a8e:e5f91e52

On a reboot the raid does get automaticly recognizes but i still have to do cryptsetup luksOpen /dev/md0 raid & mount /dev/mapper/raid /mnt/data.

What would be the best way to do this? Im a bit scared of doing this im not certain of since i don't want my machine to be stuck at a boot.

Just a like to an article that dicusses something like this already would help me greatly.

Hey, folks. The Jellyfin and Komga media servers running on my NAS are going great locally. I invested in a firewall and some managed switches, and from preliminary VLAN tests, I'm confident that I've got what I need to section off the self hosted services from my primary network. I was hoping to get a recommendation for the next couple of steps.

I've got a mini PC running Bazzite that had been a portable console/fighting game setup that I'm ready to retire from that role so that it can serve as a server and reverse proxy. I'm not sure what OS to put on it. If I have to manage it entirely by command line, it will take 10 times longer for me to do anything I want to do, and I'd really prefer a GUI. That said, I know it also takes resources to power a GUI that I won't be touching most hours of the day. I was curious what distro you folks might recommend for this purpose. In some of my research, I also came across Apache Guacamole, but I'm not sure if that requires a proper desktop environment to already be present in order to get that kind of remote access with a GUI. Am I overthinking this? Is this going to be just fine with a normal desktop distro installed on it? If normal desktop distros work just fine, I need something that can sit there without updating until I tell it to; since introducing snaps, this is something Ubuntu has been a pain about, so I might want something else.

The next thing I was curious about was order of operations for the reverse proxy. There are SSL/TLS certificates that are needed for HTTPS, but I need a domain for that, and a lot of tutorials just skip on past this step in the domain configuration screens where you "enter your DNS servers" as though I know why I'd need other DNS servers, where to get them, how to select them, etc. And ideally, I'd want to test that the reverse proxy is working locally with HTTPS and all before it's exposed to the internet in the first place, so I'm not sure what order to do those steps in: DNS servers, buying a domain, getting certs, configuring reverse proxy.

As with most things, I'm sure this is far less complicated than it looks to me right now, and once it's in the rearview, it will make a lot more sense, but I'd appreciate any advice folks here can offer.

I've been building PRISM - a self-hosted OSINT toolkit you run yourself instead of pasting investigation targets into someone else's web service.

Give it a domain, IP, email, phone, or username and it runs 22+ modules in parallel into one dashboard: WHOIS, DNS, crt.sh subdomains, GeoIP, threat intel (Shodan/VirusTotal/AbuseIPDB/Censys), breach data, username search across 3000+ sites (Blackbird + Maigret), dark-web mirror checks, and more. Results come with an entity graph, a GeoIP map, an OPSEC exposure score (0–100), and HTML/PDF/CSV/Markdown exports.

14 of the 22 modules work with zero API keys (missing keys degrade gracefully instead of erroring).

Stack: FastAPI + Next.js 14, runs with one docker compose up. MIT licensed.

Demo: https://getprism.su/ Github: https://github.com/NovaCode37/Prism-platform

Built it solo - feedback welcome, especially on which modules you'd want added.

So I guess you can just hook up IPTV directly into Jellyfin. But there also seem to be helper apps like xTeVe, Dispatcharr, Threadfin, and others?

Are these helper apps worth an install? I'm curious if anyone has a favorite.

Two days ago, I posted to this community asking for help with managing subtitles and audio tracks on my media server (and removing the ones I don't need). @ohulancutash@feddit.uk suggested I try Muxarr which looked promising, so I set it up yesterday.

First impressions were good, the setup was really easy and I set up the profile I wanted in around 10 minutes (only keeping the English and original audio tracks, and only English subtitles). I enqueued all my files (there's a big green button in the top left which I somehow missed for a few seconds, but that's on me) and it started doing its thing. It did take a while to process my nearly 3000 files so I left it running overnight. I came back this morning to find it had worked perfectly and all my media had the unwanted tracks removed.

What's possibly even more impressive though, and something I wasn't expecting, was that removing all that unneeded data had freed a whopping 135GB of storage!! I only have 8tb available total and with storage prices as they are right now, that's really quite a significant amount to just be sitting there holding data that will never be used.

I just wanted to take a few minutes out of my day to write this and thank @ohulancutash@feddit.uk and this community for recommending Muxarr to me and spread the word to others who didn't know about it like me two days ago

I'm looking to expand into having a online library and looking for some real world experiences and opinions. Ideally, looking for someone that worked well with docker and the various arrs.