irmadlad

@irmadlad@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

Incessant tinkerer since the 70’s. Staunch privacy advocate. SelfHoster. Musician of mediocre talent. soundcloud.com/hood-poet-608190196

⁨Comment⁩ on ⁨the self-hosting rabbit hole is a bottomless pit, isn't it?⁩ ⁨⁨5⁩ ⁨hours⁩ ago⁩:
I mean, at one time I went a bit overboard, but now, not so much, With newer technology happening, you don’t really need a lot to accomplish a lot.
⁨Comment⁩ on ⁨The 'just one more service' pipeline has claimed another victim: my entire weekend. What was your gateway drug into self-hosting EVERYTHING?⁩ ⁨⁨5⁩ ⁨hours⁩ ago⁩:
Probably about the time BBS became more popular. I guess there was arpnet, and all these nets, mostly for science, academics, or governmental. Then they essentially rolled it all into one and viola! The internet was born. (It’s a bit more involved) I’ve hosted BBS, forums, chats, irc, a fully licensed/automated internet radio station with live shows with requests et al, <deep breath> services, websites, you name it.

Unfortunately, my brain is shit now, and I’ve forgotten so much. So, sometimes I have to re-learn on a cyclical basis. Plus, the technology is moving now at such a blinding speed, what I did even 5 years ago is old school. Needless to say, I keep copious notes. Somebody is gonna go through all my stuff when I’m gone and think ‘What the devil? This looks like some weird kind of manifesto in some sort of long forgotten code.’ LOL
⁨Comment⁩ on ⁨Using Fail2ban to protect exposed services⁩ ⁨⁨8⁩ ⁨hours⁩ ago⁩:
Do you have any tutorials or guides on this handy?

Now that’s a deeeeep rabbit hole. I tend to go overboard on hardening and security, however, one good place to start is installing Lynis and run a scan. Lynis will spit out a rather extensive list of areas you need to harden or adjust and a score for your server. It will also give links where you can go and read up on the specific item in question. Now, not every one of the bullets in the list will apply, but you should give each careful consideration. Lynis is Free and Open Source Software (FOSS).
- Site: cisofy.com/lynis/
- Install: apt-get install lynis
- Run: lynis audit system
I ran a scan just for demonstration purposes so you can see what the end results are. This is just a snippet:

spoiler
* Configure minimum password age in /etc/login.defs [AUTH-9286] https://cisofy.com/lynis/controls/AUTH-9286/ * Configure maximum password age in /etc/login.defs [AUTH-9286] https://cisofy.com/lynis/controls/AUTH-9286/ * Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328] https://cisofy.com/lynis/controls/AUTH-9328/ * To decrease the impact of a full /home file system, place /home on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * To decrease the impact of a full /var file system, place /var on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/

Be mindful of where you get your hardening tutorials. There are hundreds of thousands out there. I would stick with authoritative sources.
⁨Comment⁩ on ⁨Cr*nmaster 1.5.0 - Major update⁩ ⁨⁨12⁩ ⁨hours⁩ ago⁩:
which crontab

Should’ve included that. My bad.
```
~# which crontab

/usr/bin/crontab
```
if that makes sense

I’m always down to learn from those more knowledgeable than I.

⁨Comment⁩ on ⁨Cr*nmaster 1.5.0 - Major update⁩ ⁨⁨13⁩ ⁨hours⁩ ago⁩:

crontab

Hmmmm…

systemctl status cron

● cron.service - Regular background program processing daemon
     Loaded: loaded (/lib/systemd/system/cron.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2025-11-12 17:09:55 UTC; 1 day 2h ago
       Docs: man:cron(8)
   Main PID: 996 (cron)
      Tasks: 1 (limit: 47901)
     Memory: 358.5M
        CPU: 59.110s
     CGroup: /system.slice/cron.service
             └─996 /usr/sbin/cron -f -P

I’ll dick around with it some more. I don’t want to hammer you right in the middle of your promo.

⁨Comment⁩ on ⁨Cr*nmaster 1.5.0 - Major update⁩ ⁨⁨15⁩ ⁨hours⁩ ago⁩:
First, thank you so much for including screenshots on your github. I am a visual kind of guy, and knowing what the WUI looks like really helps sell the app. I am immeasurably disappointed when devs do not include, at the very least, a screen shot of the WUI. Then I have to do a image search, and sometimes there just aren’t any. It just seems like a menial task to snap a few shots and upload them. But then again, I’m not a published dev. Just my two cents.

Anyways, I have this on my dashboard. I am sure I have something misconfiguration or something missing permissions. To do a quick test run:

spoiler
- Create your first task - User is root - Schedule: 0 6 * * * - I’m using ‘Check Disk Space’: bash /volume1/docker/cronmaster/scripts/check-disk-space.sh # Check disk space # Alert if disk usage is above 90% DISK_USAGE=$(df -h / | tail -1 | awk ‘{print $5}’ | sed ‘s/%//’) if [ $DISK_USAGE -gt 90 ]; then echo “Disk usage is ${DISK_USAGE}%” | mail -s “Disk Space Alert” admin@example.com fi - Gave it a description: Check Disk Space - Click ‘Create Task’ - Receive error: ‘Failed to create cron job’

I am using the provided docker compose. Full Docker logs are full of errors. LOL:

spoiler
at genericNodeError (node:internal/errors:984:15) at wrappedFn (node:internal/errors:538:14) at ChildProcess.exithandler (node:child_process:422:12) at ChildProcess.emit (node:events:524:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5) at Process.callbackTrampoline (node:internal/async_hooks:130:17) {
code: 127, killed: false, signal: null, cmd: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -”, stdout: ‘’, stderr: ‘sh: 1: crontab: not found\n’ } Error writing host crontab for user root: Error: Command failed: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -” sh: 1: crontab: not found at genericNodeError (node:internal/errors:984:15) at wrappedFn (node:internal/errors:538:14) at ChildProcess.exithandler (node:child_process:422:12) at ChildProcess.emit (node:events:524:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5) at Process.callbackTrampoline (node:internal/async_hooks:130:17) {
code: 127, killed: false, signal: null, cmd: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -”, stdout: ‘’, stderr: ‘sh: 1: crontab: not found\n’ } Error executing host crontab command: Error: Command failed: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -” sh: 1: crontab: not found at genericNodeError (node:internal/errors:984:15) at wrappedFn (node:internal/errors:538:14) at ChildProcess.exithandler (node:child_process:422:12) at ChildProcess.emit (node:events:524:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5) at Process.callbackTrampoline (node:internal/async_hooks:130:17) {
code: 127, killed: false, signal: null, cmd: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -”, stdout: ‘’, stderr: ‘sh: 1: crontab: not found\n’ } Error writing host crontab for user root: Error: Command failed: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -” sh: 1: crontab: not found at genericNodeError (node:internal/errors:984:15) at wrappedFn (node:internal/errors:538:14) at ChildProcess.exithandler (node:child_process:422:12) at ChildProcess.emit (node:events:524:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5) at Process.callbackTrampoline (node:internal/async_hooks:130:17) {
code: 127, killed: false, signal: null, cmd: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -”, stdout: ‘’, stderr: ‘sh: 1: crontab: not found\n’ } Error executing host crontab command: Error: Command failed: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -” sh: 1: crontab: not found at genericNodeError (node:internal/errors:984:15) at wrappedFn (node:internal/errors:538:14) at ChildProcess.exithandler (node:child_process:422:12) at ChildProcess.emit (node:events:524:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5) at Process.callbackTrampoline (node:internal/async_hooks:130:17) {
code: 127, killed: false, signal: null, cmd: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -”, stdout: ‘’, stderr: ‘sh: 1: crontab: not found\n’ } Error writing host crontab for user root: Error: Command failed: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -” sh: 1: crontab: not found at genericNodeError (node:internal/errors:984:15) at wrappedFn (node:internal/errors:538:14) at ChildProcess.exithandler (node:child_process:422:12) at ChildProcess.emit (node:events:524:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5) at Process.callbackTrampoline (node:internal/async_hooks:130:17) {
code: 127, killed: false, signal: null, cmd: nsenter -t 1 -m -u -i -n -p sh -c “echo ‘MCA2ICogKiAqIC92b2x1bWUxL2RvY2tlci9jcm9ubWFzdGVyL3NjcmlwdHMvY2hlY2stZGlzay1zcGFjZS5zaAo=’ | base64 -d | crontab -u root -”, stdout: ‘’, stderr: ‘sh: 1: crontab: not found\n’ }

Like I said, I’m sure I’ve misconfigured something, not taken into account something, or otherwise, as is my modus operandi, just screwed everything up and need to restart the deployment process a few more times to get it right. I’ll keep whacking away at it. Looks like a solid cron scheduler with a very pleasing WUI.
⁨Comment⁩ on ⁨Portainer Issues With Docker Update FYI⁩ ⁨⁨19⁩ ⁨hours⁩ ago⁩:
Awesome. Thanks
⁨Comment⁩ on ⁨Portainer Issues With Docker Update FYI⁩ ⁨⁨19⁩ ⁨hours⁩ ago⁩:
Alright! Alright! More ways to skin a cat. Thanks.
⁨Comment⁩ on ⁨Nginx Jellyfin, both Docker containers⁩ ⁨⁨19⁩ ⁨hours⁩ ago⁩:
This isn’t a solution to your issue, but a suggestion:

Since you are already using Cloudflare for your domain name, and I assume they gave you some nameservers to use, why not explore the Cloudflare Tunnels/ZeroTrust? Cloudflare Tunnels don’t care if you are behind a dynamic IP, or cgnat. Cloudflare is unconcerned with what ports you open on your router/firewall. You don’t even have to adjust your UFW firewall settings. Cloudflare punches through all that with a tunnel in to your server and tunnel out to the internet.

Admittedly, it did take me a couple tries to get everything worked out, but once I did, it’s easy peasy from there. If you decide this route, I’d be more than happy to clean up some of my notes and share them with you. Might help…might not. LOL
⁨Comment⁩ on ⁨Got my robot vacuum running Valetudo the other night...⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

These things get hella filthy inside.

LOL Reminds me of when my Jack Russel was a pup, training him to poop outside. Well, one day early in his training, he decided to poop under the dinning room table and I didn’t see it. Turned the vaccum loose, and sure enough, it found the poop, smeared it all over the floors and made a complete mess of the guts. I spent the day with a toothbrush and some cleaner. So, yeah…can confirm they do get filthy.
⁨Comment⁩ on ⁨Portainer Issues With Docker Update FYI⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

add an override for the docker.service file

Can you elaborate? I made the post hoping to save someone a couple hours banging their head on the keyboard like I did. LOL

So something like :

sudo nano /usr/lib/systemd/system/docker.service

What was the format of your entry to specify min api version 1.24? I’m curious and always down to learn new tricks.

'presh
⁨Comment⁩ on ⁨Got my robot vacuum running Valetudo the other night...⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

Valetudo is not a 3rd party firmware - it’s a cloud replacement that’s hosted on the robot itself, and also runs a webserver which gives you access to the actual controls and relevant firmware options.

Yeah but can it run Doom? That’s the burning question
⁨Comment⁩ on ⁨Got my robot vacuum running Valetudo the other night...⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

And then it dawned on me - I now have a completely autonomous robot roaming my house, not attached to any cloud services

I have one of the older model rumba’s. It does have wifi capabilities, but I’ve never connected it. Do the newer models require you to connect to wifi? Valetudo looks interesting tho.
Portainer Issues With Docker Update FYI
Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨6⁩ ⁨comments⁩
⁨Comment⁩ on ⁨what would you do with an old dell server?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:

Another worth while consideration is heat generation.

Indeed. I put my rack in the closet. Cut in a 500 cfm inline exhaust fan to the attic. Then I wired it to a thermostat. That way it’s not constantly sucking 500 cfm of AC into the attic in the summer and heat in the winter. Then sound bat and insulation to keep the drone of the fans to zero with the door closed. Seems to work nicely. But yeah, when you step up to enterprise equipment and legacy at that, associated cost are worth considering.
⁨Comment⁩ on ⁨Map of services⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
I used Drawio.com and there is Excalidraw.
⁨Comment⁩ on ⁨Tenfingers WEB links (WIP)⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
No no no…I tracked you down. LOL No harm no foul. So, this is some kind of P2P or maybe filesharing like Funkwhale? I gotcha bookmarked for now to read this evening.
⁨Comment⁩ on ⁨I'm unsure what to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Pangolin is pretty awesome as well and combines a lot of services all in one package such as reverse proxy, SSO, Crowdsec waf, etc.
⁨Comment⁩ on ⁨Tenfingers WEB links (WIP)⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
tenfingers.org in case others, like my dumbass self, wonder what TenFingers is/does.
⁨Comment⁩ on ⁨I'm unsure what to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Well, I…er… haven’t gotten around to it. LOL TBH I’ve seen the name in the wild, but never really gave it a serious look see. However, I did a cursory search just now for Kiwix and that looks very intriguing, so I put it on the list. Next time I spam my list to the community, you’ll see Kiwix. LOL

Thanks for the prompt.
⁨Comment⁩ on ⁨I'm unsure what to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Riiight. Imma let you go on that one.
⁨Comment⁩ on ⁨what would you do with an old dell server?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
I agree with the advice of finding out how much electricity it will consume. When you step to this level, power consumption becomes a reality. Just looking at specs and doing some swag, it’s probably going to cost anywhere from $15 to $25 +/- USD monthly. A $500 entry fee seems a little rich for my blood. Second, you’re going to have to put that thing in a closet. Those fans are loud. Other than that, rock on bro! Git sum!
⁨Comment⁩ on ⁨I'm unsure what to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
So, you run your own ISP?
⁨Comment⁩ on ⁨I'm unsure what to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Didn’t downvote ya but… Server at home, VPS in the cloud…samey samey. The end goal is the same: Privacy, security, and anonymity. I don’t know why people out here are going on about pedantic definitions. Selfhosting isn’t an exclusive club with a homelab prerequisite. It’s open to anyone regardless of the equipment they use.
⁨Comment⁩ on ⁨I'm unsure what to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:

I guess for me it kind of depends on your definition of “self host”

meh…I don’t split hairs on the definitions. Server at home vs VPS. No real difference, the end goal is the same: Privacy, anonymity, and security.
⁨Comment⁩ on ⁨I'm unsure what to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:

I have an expensive VPS at AWS which I mainly use to host my projects :D

Plenty of cheap VPS at lowendbox.com. I have several test VPS that run me $25 a year.
⁨Comment⁩ on ⁨I'm unsure what to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:

I started with a Minecraft server, once the PC was in the basement…

Man I used to be heavy into Minecraft. Had a public server which was well stocked, ran all kinds of shaders, add ons, etc. Good times.

https://lemmy.world/pictrs/image/4c5ea2f1-7ad7-4a34-bba7-594d71f65562.png
⁨Comment⁩ on ⁨I'm unsure what to self-host⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
What do you personally self-host?

Oh gosh…a plethora of things. I use probably 98% of what I self host on a regular basis, the other 2% are things I’m testing out, or learning how to do. Some of the things I host:
- beets
- BTOP-PLUS-PLUS
- btop
- calibre-web
- change-detection
- cloudreve
- codeserver
- composetoolbox
- cronmaster
- barcodebuddy
- deemix
- dozzle
- duplicati
- FileZilla
- git-sync
- gotify
- grocy
- homarr (dashboard)
- ntfy
- invidious
- it-tools
- jdownloader2
- linkwarden
- mega_nz
- n8n
- navidrome
- netdata
- network-toolbox
- nexterm
- owncloud
- pihole
- portainer
- postgresql
- Readeck
- redis
- searxng
- speedtest
- syncthing
- theme-park
- trillium
- tt-rss
- uptime-kuma
- watchtower (fork)
- Web-Check
- wg-easy
- 13ft
I do have two spare Raspberry Pi Zero 2W and one small computer with an old i5 / 8 GB RAM.

Do it OP. You got to start somewhere. 8 gb of RAM will run a nice group of apps. That’s kind of the nice thing. These apps do not run constantly, and only on demand. You’re probably not going to be able to run heavy programs like Elasticsearch, LLM/AI, or apps in that group. I haven’t found much that I need that I can’t self host.

I’m currently learning Ansible and CI/CD type environment on a test server. I’m no where close to prime time tho, but that’s the thing. You can always have something in the skunk works you’re working on, and when you get to the point you’re ready for production, you can deploy it on the production server.

Welcome to the most fun, frustrating, educational, useful hobby you’ll ever dive into.
⁨Comment⁩ on ⁨Where do I even start?⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:

Really, I’d run immich locally,

There ya go. Encrypted of course. That way OP can still learn to stand up a proper server and defenses before it almost instantaneously attracts the attention of literally any or all of the 1.5 billion known, active, automated bot accounts at this moment +/- show up at your port 22 doorstep and helping themselves to your resources.

The very first linux server I stood up on a vps, was taken over quite quickly. So, that spurred me on to read tutorials, scour chans and forums, just looking for guidance and knowledge. Now, I understand a lot more that I did way back when so it’s gotten easier. Not that I house a vast trove of wisdom or knowledge…pffffttt…that does not exist. I learn something new all the time. That’s one of the aspects I really love about self hosting.
⁨Comment⁩ on ⁨Where do I even start?⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Yup. You got to start with the tedious and the boring before you get to the glamorous where your friends ‘ooo’ and ‘ahh’ about your set up.