Chewy7324

@Chewy7324@discuss.tchncs.de

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨NixOS on Proxmox LXC: Good or Bad?⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
NixOS in LXC works great, although I switched to bare metal NixOS a few months ago. I didn’t see the need for proxmox as it hindered my ability of declaring the whole system.

Creating NixOS LXC’s is a bit of a pita. Some links that helped me two years ago:
- wiki.nixos.org/wiki/Proxmox_Virtual_Environment#L…
- web.archive.org/web/…/nixos-proxmox-lxc/
⁨Comment⁩ on ⁨Framework “temporarily pausing” some laptop sales because of new tariffs⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
What I find interesting is that they don’t increase the price and only remove those devices where they’d make a loss. I’d expected them to simply add the tariffs on top of the price and continue as usual.
⁨Comment⁩ on ⁨OpenID Connect Single Sign-On Identity & Access Management⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
It’s great to see another open source OIDC provider (with more features). I’ve set up Pocket ID which is awesome because of it’s simplicity and it’s great.
⁨Comment⁩ on ⁨What steps do you take to secure your server and your selfhosted services?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I found the guide/examples on their website a bit irritating at first (that’s on me) but it works well once understood and configured.
⁨Comment⁩ on ⁨What steps do you take to secure your server and your selfhosted services?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
127.0.0.0 is the localhost. This is the IP the container is listening on. Even if there was no firewall it wouldn’t allow any connection except from the host. If it’s set to 0.0.0.0 it means it’ll allow connections from any IP (which might not be an issue depending on your setup).

The reverse proxy runs on localhost anyway, so any other IPs have no reason to ever have access.
⁨Comment⁩ on ⁨What steps do you take to secure your server and your selfhosted services?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
It’s mostly to allow the reverse proxy on localhost to connect to the container/service, while blocking all other hosts/IPs.

This is especially important when using docker as it messes with iptables and can circumvent firewall like e.g. ufw.

You’re right that it doesn’t increase security on case of a compromised container. It’s just about outside connections.
⁨Comment⁩ on ⁨What steps do you take to secure your server and your selfhosted services?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Some I haven’t yet found in this thread:
- rootless podman
- container port mapping to localhost (e.g. 127.0.0.1:8080:8080)
- systemd services with many of its sandboxing features (PrivateTmp, …)
⁨Comment⁩ on ⁨What steps do you take to secure your server and your selfhosted services?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I do the same, but with Wireguard instead of OpenVPN. The performance is much better in my experience and it sucks way less battery life on my phone.
⁨Comment⁩ on ⁨Making sure restic backups are right⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Trying to actually restore is the best way to ensure the backup works. But it’s annoying so I never do it.

I usually trust restic to do it’s job. Validating that the files are there and are readable can be done with restic mount, and you’ve mentioned restic check.

The best way to ensure your data is safe is to do a second backup with another tool. And keep your keys safe and accessible. A remote backup has no use of the keys burned down.
⁨Comment⁩ on ⁨Internet forums are disappearing because now everything is Reddit and Discord. And that's worrying.⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Yes. I like to leave the original link in the post body for that reason.
⁨Comment⁩ on ⁨Internet forums are disappearing because now everything is Reddit and Discord. And that's worrying.⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Sadly it’s not possible to provide links using Firefox Translate. People would have to translate it themselves (i.e. opening in a browser and clicking translate). Depending on the device they likely wouldn’t bother.
⁨Comment⁩ on ⁨Internet forums are disappearing because now everything is Reddit and Discord. And that's worrying.⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Agreed. In general people seem to like centralised platforms. They don’t want to sign up on another site for a specific purpose. They stick to what they know unless there’s good reason to change (mostly peer/ad/social media pressure I feel like).

In a way Lemmy is similar in that it’s a single platform to access all types of content. Given most people don’t care about the technical “how”, I can see why they like Discord and Reddit.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
If the person would answer almost instantly, 24/7, without being annoyed: Yes. Checking important information is easier once you know, what exactly to type.
⁨Comment⁩ on ⁨If I self host mastodon and matrix, and shutdown the device, when I turn it on again, will it receive all the activity that happened in the meantime?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Matrix won’t necessarily download all state/messages automatically, but if your client requests a non-available message your matrix server will query other matrix servers for it.

E.g. if you scroll up to older messages, it might take a a few seconds but your client should eventually show them.

Matrix server use a back-off for servers sending messages, so if your server is offline for many hours, it might take a day for your servers to get messages pushed to by other servers again.
⁨Comment⁩ on ⁨Email provider for home server alerts⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Given it seems to be a single guy doing his thing I don’t expect them to get bought out.

It’s a great service and incredibly cheap. With advanced pricing I’m only paying ~0,40€ per month. My domain + purelymail is less than I’d pay for other providers email only.
⁨Comment⁩ on ⁨Are there cheap refurbished HDD resellers in Europe, like ServerPartDeals?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Mindfactory is selling Factory Recertified Seagate Exos and Ironwolf Pro.

They were also reportedly on of the shops (unknowingly) selling used HDDs with SMART values reset as new.

www.mindfactory.de/Produkte/…/box_top_cats
⁨Comment⁩ on ⁨Good mail server for selfhosting⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
A project ending as abandonware is always a possibility. One reason projects get abandoned is losing funding, which can be secured by using dual licensing and selling some features to businesses.

They use AGPL so even if they broke their promise and restricted features, it could still be developed further (even if no new features got added). NGINX also uses a dual license.
⁨Comment⁩ on ⁨Bad UX is keeping the majority of people away from Lemmy⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Well I do like new Reddit. It has a dark mode and works well with different screen/window sizes. Sadly it’s slow and equires JS to load the content (makes it slow).

Imo Lemmy web is most of the good parts of old Reddit and some of good parts of new Reddit. Though it’s not the best UI. My favorite UI for Reddit is Redlib [1]. It’s fast, works well on desktop and mobile, and looks great imo.

[1] github.com/redlib-org/redlib
⁨Comment⁩ on ⁨Don (Novaspirit Tech) passed away⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
It’s sad to hear about his passing. His videos about the Pi3 were great for me at the time. It’s been about 8 years and looking at the thumbnails of his videos brings back memories.
⁨Comment⁩ on ⁨Let's Encrypt is 10 years old today !⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I remember taking my first selfhosting/Linux steps a year or so after the launch of Let’s Encrypt with a Pi 3. At the time, most tutorials didn’t set up https at all, and if they did, they were self signed certificates (resulting in browser warnings).

Self-signed certificates are annoying and creating them was a series of copy pasting long, weird commands, usually using long exspiration dates (manual renewing sucks).

Not long after, guides started recommending certbot. Nowadays reverse proxys like caddy set up TLS automatically.

At least that’s how I remember it, given my complete lack of knowledge about Linux/networking at the time.
⁨Comment⁩ on ⁨how can i self host my music?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Yes, the restriction to a single VPN client is annoying.

Blocking ad/telemetry domains can be done by adding Adguards DNS servers in the OS settings. Sadly blocking apps Internet permissions completely is not possible (except on OS like LineageOS, CalyxOS or GrapheneOS).
⁨Comment⁩ on ⁨how can i self host my music?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Symphonium is a great Android music player which connects to a Subsonic or Jellyfin server (or any other protocol like SMB).

Navidrome is a music server which implements the Subsonic protocol. This means apps like Symphonium can connect to it.

Any old PC is enough, even a Raspberry Pi is fast enough for a music server.
1. Install Navidrome on the server/pc
2. Configure Navidrome (open ports, add your music library/folder)
3. Connect a subsonic-compatible music app to to the server (I.e. type in IP or domain as well as the port).
Anything more like SSL (https) and a domain is optional for getting it working, and only a benefit if used outside of your home network. Using Tailscale makes a domain/SSL unnecessary and also no longer needs messing around with networking (e.g. no opening ports on the router).
⁨Comment⁩ on ⁨2024 Self-Host User Survey Results⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
The survey was originally sent out on reddit /r/selfhosted, so I expect most respondents are from there.