stratself

@stratself@lemdro.id

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Looking for a selfhostable chat service that people on phone and computers can log onto⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

due to it missing ideal features

what features do you want? kindly elaborate

XMPP with Snikket could be an easy solution. If you don’t want to talk to the wider web make sure to disable federation.
⁨Comment⁩ on ⁨Local DNS on Pihole⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Pihole runs on dnsmasq right? Maybe you could create a cronjob to copy the underlying dnsmasq.conf to other Piholes
⁨Comment⁩ on ⁨Technitium DNS v14 is released with support for clustering⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Ah, I see. Well I’m glad you found PiHole useful and stick to using it anyhow!
⁨Comment⁩ on ⁨Technitium DNS v14 is released with support for clustering⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
What issues did you have reverse-proxying? For me it was just as simple as pointing to port 5380. Other ports like 53 could be passed on with a layer-4 router

What about the login issues? I’d hope they’ll be integrating with OIDC or some other auth mechanism, but for now managing 2FA creds should make do
⁨Comment⁩ on ⁨Technitium DNS v14 is released with support for clustering⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Off the top of my head:
- Allows using DoH/DoT/DoQUIC/recursive upstreams without installing extra packages (unbound, cloudflared, etc)
- Allows acting as a DoH/DoH3/DoT/DoQUIC server alongside normal DNS over UDP and TCP
- Allows configuring SOCKS/HTTP proxies for forwarders
- Act as authoritative zone server with DNSSEC signing
- Allows custom responses via plugins (e.g. conditional responses based on client’s IP addresses)
- Accept PROXY Protocol to forward client IPs from trusted load balancers
- All the clustering and zone transfers magic
- DNS64
It really dives deep into the inner workings of DNS and does pretty much anything Pi-Hole does, with many more security and QoL features. Although the UI may feel a bit dated, I’d recommend it to anyone running their own homelab infrastructure beyond just adblocking
Technitium DNS v14 is released with support for clusteringgithub.com ↗
Submitted ⁨⁨1⁩ ⁨week⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨25⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Made an alternative to Tailscale + Gluetun⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Just found out someone else has a similar thing too:

github.com/juhovh/tailguard

It seems more flexible and can be used site-to-site, for anyone interested
Made an alternative to Tailscale + Gluetun
Submitted ⁨⁨1⁩ ⁨week⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨4⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Material for MkDocs is getting rid of MkDocs. Now: Zensical - A modern static site generator⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Thanks for posting this here. I’m not sure what to think about this, just set up mkdocs-material with huge customizations, including the macros plugin and tons of CSS. So it’d be tedious to eventually migrate to the new “component system” as they say.

Welp, should’ve gone with a barebone SSG and configured what I want. Feels like I’m kinda stuck in no man’s land now.
⁨Comment⁩ on ⁨Self-Host Weekly (31 October 2025)⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I find it odd that a report for the proprietary Github platform takes the newsletter’s spotlight, it’s not very relevant. I’d much prefer if the writer could expand his thoughts on those new version releases or featured blogposts, especially the ones he finds interested in.
⁨Comment⁩ on ⁨Is (Matrix) Element Server Suite overkill for a dozen users?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
If it ain’t broke, don’t fix it. I think it’s better hooking up Element Call to your current setup, and remove Element Web if you can BYO client.

For a more lightweight alternative, I personally find continuwuity to be reasonably stable for the specs you mentioned. It does admin tasks in an #admins room, use an embedded database, and has no client UI so less containers needed. So continuwuity + EC should be able to run under the constraints you mentioned

The lightest would still be any XMPP server, though its functionality does differ from Matrix overall
⁨Comment⁩ on ⁨How often do you update software on your servers?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
To make it even simpler, apk -U upgrade
⁨Comment⁩ on ⁨Assign privileged port to caddy running with rootless podman⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Hi,

The client IP problem is a longstanding issue in podman’s virtual bridge networks.

As a workaround I’d run HAProxy rootless, using the pasta networking mode as that one allows seeing native client IP. With pasta’s -T flag (see docs) I’d forward traffic to another caddy container binding to 127.0.0.1:8080 or something similar.

This would coincide with your firewalld/HAProxy port-forwarding setup, but it has more rootlessness to it. It’s still not perfect, but I hope it may be useful
⁨Comment⁩ on ⁨Setting up VoIP on my matrix server⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
You’ll need a TURN server to relay calls and provide signalling capabilities, which is needed most of the time. Here’s Synapse docs on it, and I’ll probably use coturn:

element-hq.github.io/synapse/…/turn-howto.html

There’s also this new technology called Element Call, which uses a diffent tool called LiveKit. You should check it out too

github.com/element-hq/element-call/…/README.md
⁨Comment⁩ on ⁨Beyond Pi-Hole⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
You should add your DNS forwarder as its own node in Tailscale, and configure the tailnet to resolve DNS through it. That way you’ll be able to resolve both MagicDNS node names and your local domains, as well as being blocklist-enabled. Besides, I think you can also define custom A/AAAA records on your Tailscale console, skipping local records on Pi-hole altogether.

I’d also recommend Technitium for a new DNS solution, mainly because they’re going to add support for clustering soon. This could be highly useful if you want to configure blocklists once and sync them between different Technitium nodes. Should it works out, I’m thinking of installing it alongside every Tailscale exit node, for the benefit of synced blocklists, local domains, and exit-node geolocated IPs for external domains.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Missed the chance to call it Jelloseerr

It’s Jellover now
⁨Comment⁩ on ⁨⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Rsync depends on OpenSSH, but it definitely isn’t SFTP. I’ve tried using it against an SFTPGo instance, and lost some files because it runs its own binary, bypassing SFTPGo’s permission checks. Instead, I’ve opted for rclone with the SFTP backend, which does everything rsync do and is very well compliant.

In fact, while the main developer published a fix for this bug, he also expressed intention to drop support for the command entirely. I think I’m just commenting to give a heads up for any passerby.
⁨Comment⁩ on ⁨Reducing buffering when accessing Jellyfin via Tailscale⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Hi, I think OP wants their sibilings to directly connect to their PC, skipping any relays, even if it’s their VPS.

But if you are comparing setting up your own VPS instead of relaying through Tailscale’s DERP, then the answer is… it depends on the distance and whether you can establish VPS->Local VM direct connections.

I found opening a specified port for Tailscale on the VPS to help with direct connections with CGNAT’d peers. I’m not familiar with Pangolin, but I think the same principle applies as long as at least one address:port combination is agreed between Wireguard peers.

If I’m being honest though, before doing all this, try asking your ISPs for IPv6 to avoid these cumbersome things together.
⁨Comment⁩ on ⁨Reducing buffering when accessing Jellyfin via Tailscale⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
If both your Jellyfin server and your siblings are behind residential CGNAT, then high chance your connections are relayed through Tailscale’s DERP servers. You can check with tailscale ping-ing your sibilings’ nodes.

If this is the case, you may consider selfhosting your own DERP somewhere close to you, but I’d argue the performance gains are minimal compared to the extra costs. Another solution may be to enable IPv6 for both you and your siblings, skipping NAT traversal.

This is all assuming you can direct play (i.e. not transcoding) your media. If you’re transcoding, then it’s good to look into hardware acceleration like the other comment mentioned, too
⁨Comment⁩ on ⁨Tailscale difficulties⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
try adding the sysctls parameters to this docker container
⁨Comment⁩ on ⁨Share single service via WireGuard⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Is there a way for a Wireguard peer to advertise AllowedIPs similar to Tailscale’s subnet routings? If that’s right, perhaps you can configure your host’s address as one of the AllowedIPs on the OpenWRT peer, and skip port forwarding too
⁨Comment⁩ on ⁨Need some help with networking - tailscale, gluetun etc⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Two separate functions should go into two separate nodes
1. Run Tailscale binary on host. Connect to Jellyfin server using that node’s IP address.
and
1. Run Gluetun + another Tailscale instance in containers. Don’t use host networking, use bridge or something else. Connect to that node as an exit node
As an alternative to Gluetun + Tailscale I propose tswg (my project)
⁨Comment⁩ on ⁨How to make a Tailscale-like mesh VPN work without the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I’ve vaguely thought about this with Split DNS.

My concern would be the need to set up some non-Tailnet mechanism to expose it to the internet and keep it secure. Either port forwarding, Pangolin, or even using Funnel… all of which would be better off on a separate device (and maybe a separate VLAN)

It’d be an interesting idea for sure, perhaps for when I can get myself the separate Headscale-dedicated device
⁨Comment⁩ on ⁨How to make a Tailscale-like mesh VPN work without the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
That’s a nice thing with Wireguard yea. I’ll keep this in mind if ever I can grok Tailscale to do such things
How to make a Tailscale-like mesh VPN work without the internet?
Submitted ⁨⁨2⁩ ⁨months⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨6⁩ ⁨comments⁩
⁨Comment⁩ on ⁨What is the current state of Matrix?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
- DNS adjustments aren’t needed if you do .well-known delegations which is easier
- Can recommend continuwuity, it runs much better on less resources. Lacks certain features compared to Synapse but overall good
- Notifications (and read markers) depend on client-specific black magic to work
- Federation do sometimes silent-fail completely, you can reset continuwuity’s cache when that happens. But full room history convergence needs patience
- Don’t join large rooms unless your server can handle the load
- Don’t host public rooms without modbots
The many small bugs make Matrix still bad - I wouldn’t recommend a non-tech user unless accompanied by a 24/7 admin. It is trying to improve but very slow because of reasons
⁨Comment⁩ on ⁨18% of people running Nextcloud don't know what database they are using⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Should’ve specifically asked the operators/hosters if they need a better answer. But this has more engagement so
⁨Comment⁩ on ⁨Alternative to NordVPN Meshnet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Worth noting that there’s an open issue to support Wireguard peers into Headscale, so you could use it with e.g. a wg0.conf file from upstream
⁨Comment⁩ on ⁨Alternative to NordVPN Meshnet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
If you can selfhost an exit node (and since you’re asking in /c/selfhosted), I wanna shamelessly plugin my solution: github.com/stratself/tswg. Basically mount a WireGuard config from Nord or any upstream VPN, and the container use it to create an exit node on that VPN for you.

There are other gluetun + tailscale solutions that are worth a look too
⁨Comment⁩ on ⁨How to selfhost with a VPN⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Ah right, completely forgot about that (80 for HTTP-01, 443 for TLS-ALPN-01)