Tinkerer
@Tinkerer@lemmy.ca
- Comment on Netbird The GOAT 2 weeks ago:
Oh yeah I know. I’m mostly only able to use deep servers and that’s why I switched because j wanted to be able to use my own deep server and not have to rely on tailscales.
- Comment on Netbird The GOAT 2 weeks ago:
I actually had the opposite and the tailscale app would drain my battery when using one of my exit nodes. I will say the netbird app needs some love. My biggest issue is that it doesn’t stay connected or is able to reconnect when I change WiFi networks or go from WiFi to cellular.
- Comment on Netbird The GOAT 2 weeks ago:
I could never get the self hosted stun server to connect so I was always using tailscales derp servers. Netbjrd is also full opensource as far as I know so that was the main reason I wanted to switch.
- Submitted 2 weeks ago to selfhosted@lemmy.world | 12 comments
- Comment on Easiest to set up IAM solution? (OIDC, OAuth2, SSO, etc.) 2 weeks ago:
I just setup authentik in podman quadlet and got a lot of my services setup with it. Their documentation is actually very good and thorough. It covers a ton of services with easy to follow instructions.
- Comment on Netbird podman and traefik 4 weeks ago:
Ok looks like I figured it out, turns out Netbird doesn’t like wildcard certificates, I spun up a quick NPM reverse proxy in docker and everything is now working fine.
- Submitted 4 weeks ago to selfhosted@lemmy.world | 1 comment
- Comment on Netbird is king. 5 weeks ago:
I’ve been looking at this. I’m currently hosting headacale which is super easy and nice. I might five this a try I just need to get over the hurdle of adapting this to work with podman like I have with headscale.
- Comment on Looking for FOSS server monitoring UI 1 month ago:
I’m also looking for something. I just tried netdata but looks like there is a 5 node limit now? I’m green on netdata but seems like a lot of people are mad about it lol. I’ll give beszel a try but doesn’t look like it does logs? Any thoughts on Foss options for system logs and alerting as well?
- Comment on Sharing a single netbird account with multiple people? 2 months ago:
From what i know about netbird(which is not a lot). Buy its a beast to setup. I could never even get their standard docker compose file to work.
That being said I’m rocking headscale and love it, super easy to setup and tons of documentation. I’ll need to give netbird a other try when I get time though.
- Comment on Hey look, a giant sign telling you to find a different job 3 months ago:
Jenny should do a grammar check for your and you’re
- Comment on [Proxmox] Jellyfin w/ NAS mount + iGPU passthrough 4 months ago:
Yeah I would say so. You still having issues?
- Comment on [Proxmox] Jellyfin w/ NAS mount + iGPU passthrough 4 months ago:
Did you go here and look at the supported codecs for encoding and decoding?
- Comment on [Proxmox] Jellyfin w/ NAS mount + iGPU passthrough 5 months ago:
Ah OK what GPU are you using? are you using the integrated graphics of your CPU?
- Comment on [Proxmox] Jellyfin w/ NAS mount + iGPU passthrough 5 months ago:
This is most likely because of encoding. Did you change any settings in jellyfin for hardware acceleration? Have you passed theough your GPU? You will need to find out what codecs your GPU supports and enable those in the jellyfin hardware encoding spot.
- Comment on [Proxmox] Jellyfin w/ NAS mount + iGPU passthrough 5 months ago:
I run jellyfin in an LXC, so first get jellyfin installed personally I would separate jellyfin and your other docker containers, I have a separate VM for my podman containers. I need jellyfin up 100% of the time so that’s why its separate.
Work on the first problem, getting jellydin installed I wouldn’t use docker, just follow the steps for installing it on Ubuntu directly.
Second, to get the unprivileged lxc to work with your nas share follow this forum post: …proxmox.com/…/tutorial-unprivileged-lxcs-mount-c…
Thirdly, read through the jellyfin docs for hardware acceleration. Its always best practice to not just run scripts blindly on your machine.
Lastly take a break if you can’t figure it out, when I’m stuck I always need to take a day and just think stuff over and I usually figure out why its not working by just doing that.
If you need any help let me know!
- Comment on Arr Podman Quadlets Setup 5 months ago:
I’m going down this rabbit hole right now and porting all my docker containers to quadlets on rocky Linux 10 as well. Haven’t done arr stack yet but everything else has been a pretty smooth transition.
Don’t give up its worth it to be able to run rootless!
- Comment on Tailscale difficulties 6 months ago:
Proxmox does say docker isn’t supported in LXC but I’m running 10 docker containers with no issues on an LXC. That being said I have recently had some weird database not connecting issues and other strange new docker containers not working in an LXC for some reason. If you can I would try the same setup but in a VM and see what happens.
I recently was trying to get authentic setup via docker and it just wouldn’t work. I gave up and spun up a VM, ran the same docker compose file and it worked right away.
Hopefully this helps?
- Comment on Tailscale difficulties 6 months ago:
Sorry I’d this has been answered but are you running this in docker on a VM or LXC?
- Comment on Help setting up a selfhosted VPN at home 7 months ago:
I’ve just setup headscale in docker and it worked right away. It’s even faster than when I was using tailscale. It was very easy to setup and I’ve been using it for about a month with no issues. Doesn’t really help but I haven’t used gluetun myself.
- Comment on Anyone tried cloud gaming? 7 months ago:
I’m using sunshine on my main Linux gaming rig with my own head scale instance running and use moonlight on my client PC and its very nice and smooth. I use it to access my main LAN gaming rig from another remote network. Not sure if that’s your use case but I’ve also used sunshine and moonlight within my lan so I can remotely play on my bedroom TV.
- Comment on [deleted] 8 months ago:
I’ve also tried to run the docker compose file with not changes from the Zitadel documentation, zitadel.com/docs/self-hosting/deploy/compose
This is what shows:
[+] Running 3/3 ✔ Network root_zitadel Created 0.0s ✘ Container root-db-1 Error 60.8s ✔ Container root-zitadel-1 Created 0.0s dependency failed to start: container root-db-1 is unhealthy
docker ps -a then shows the root-zitadel-1 container created but not started, I can’t get any logs to show on the root-db-1 container even though it shows as running…
I start the root-zitadel-1 container and restart the root-db-1 container and this is what I get in the logs:
time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:46Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:46Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:47Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:47Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:48Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:48Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
- Comment on [deleted] 8 months ago:
Here is the compose file I’m using:
services: postgresql: image: postgres:16-alpine container_name: postgresql restart: unless-stopped networks: - authentik healthcheck: test: ["CMD-SHELL", "pg_isready -d authentik -U postgres"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - ./database:/var/lib/postgresql/data ports: - 5432:5432 environment: POSTGRES_PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert POSTGRES_USER: postgres POSTGRES_DB: authentik redis: image: redis:alpine container_name: redis command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - ./redis:/data networks: - authentik server: image: ghcr.io/goauthentik/server:2025.6.4 container_name: authentik-server restart: unless-stopped command: server environment: AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: postgres AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert volumes: - ./media:/media - ./custom-templates:/templates ports: - 9000:9000 - 9443:9443 networks: - authentik depends_on: postgresql: condition: service_healthy redis: condition: service_healthy worker: image: ghcr.io/goauthentik/server:2025.6.4 container_name: authentik-worker restart: unless-stopped command: worker networks: - authentik environment: AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: postgres AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates depends_on: postgresql: condition: service_healthy redis: condition: service_healthy networks: authentik:
- Comment on [deleted] 8 months ago:
Here are the logs when starting up Authentik docker compose:
authentik-worker | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364156.1238139} authentik-worker | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364157.1261947} authentik-worker | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": authentik-server | {"event":"Loaded config","level":"debug","path":"inbuilt-default","timestamp":"2025-07-24T13:35:48Z"} authentik-server | {"event":"Loaded config","level":"debug","path":"/authentik/lib/default.yml","timestamp":"2025-07-24T13:35:48Z"} authentik-server | {"event":"Loaded config from environment","level":"debug","timestamp":"2025-07-24T13:35:48Z"} authentik-server | {"event":"Starting HTTP server","level":"info","listen":"0.0.0.0:9000","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"} authentik-server | {"event":"Starting Metrics server","level":"info","listen":"0.0.0.0:9300","logger":"authentik.router.metrics","timestamp":"2025-07-24T13:35:49Z"} authentik-server | {"event":"Starting HTTPS server","level":"info","listen":"0.0.0.0:9443","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"} authentik-server | {"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.613906, "file": "/authentik/lib/default.yml"} authentik-server | {"event": "Loaded environment variables", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.6143358, "count": 6} authentik-server | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364149.953862} authentik-server | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364150.955268} authentik-server | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger":
- Comment on [deleted] 8 months ago:
time=“2025-07-23T20:49:22Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75” time=“2025-07-23T20:49:22Z” level=fatal msg=“unable to initialize the database” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:68” error=“failed to connect to
user=root database=postgres:\n\t127.0.0.1:5432 (localhost): dial error: dial tcp 127.0.0.1:5432: connect: connection refused\n\t[::1]:5432 (localhost): dial error: dial tcp [::1]:5432: connect: connection refused” time=“2025-07-23T20:49:23Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75”Here is my docker compose file:
`[___](services:
Caddy reverse proxy
caddy:
image: caddy
restart: unless-stopped
networks: [ netbird ]
ports:
- ‘443:443’
- ‘443:443/udp’
- '80:80’
volumes:
- netbird_caddy_data:/data
- ./Caddyfile:/etc/caddy/Caddyfile
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
UI dashboard
dashboard: image: netbirdio/dashboard:latest restart: unless-stopped networks: [netbird] env_file: - ./dashboard.env logging: driver: “json-file” options: max-size: “500m” max-file: "2"
Signal
signal: image: netbirdio/signal:latest restart: unless-stopped networks: [netbird] logging: driver: “json-file” options: max-size: “500m” max-file: "2"
Relay
relay: image: netbirdio/relay:latest restart: unless-stopped networks: [netbird] env_file: - ./relay.env logging: driver: “json-file” options: max-size: “500m” max-file: "2"
Management
management: image: netbirdio/management:latest restart: unless-stopped networks: [netbird] volumes: - netbird_management:/var/lib/netbird - ./management.json:/etc/netbird/management.json command: [ “–port”, “80”, “–log-file”, “console”, “–log-level”, “info”, “–disable-anonymous-metrics=false”, “–single-account-mode-domain=netbird.selfhosted”, “–dns-domain=netbird.selfhosted”, “–idp-sign-key-refresh-enabled”, ] logging: driver: “json-file” options: max-size: “500m” max-file: "2"
Coturn, AKA relay server
coturn: image: coturn/coturn restart: unless-stopped #domainname: netbird.relay.selfhosted volumes: - ./turnserver.conf:/etc/turnserver.conf:ro network_mode: host command: - -c /etc/turnserver.conf logging: driver: “json-file” options: max-size: “500m” max-file: "2"
Zitadel - identity provider
zitadel: restart: ‘always’ networks: [netbird] image: ‘ghcr.io/zitadel/zitadel:v2.64.1’ command: ‘start-from-init --masterkeyFromEnv --tlsMode external’ env_file: - ./zitadel.env depends_on: zdb: condition: ‘service_healthy’ volumes: - ./machinekey:/machinekey - netbird_zitadel_certs:/zdb-certs:ro logging: driver: “json-file” options: max-size: “500m” max-file: "2"
Postgres for Zitadel
zdb: restart: ‘always’ networks: [netbird] image: ‘postgres:16-alpine’ env_file: - ./zdb.env volumes: - netbird_zdb_data:/var/lib/postgresql/data:rw healthcheck: test: [“CMD-SHELL”, “pg_isready”, “-d”, “db_prod”] interval: 5s timeout: 60s retries: 10 start_period: 5s logging: driver: “json-file” options: max-size: “500m” max-file: “2” volumes: netbird_zdb_data: netbird_management: netbird_caddy_data: netbird_zitadel_certs:
networks: netbird:)`
- Comment on [deleted] 8 months ago:
Yeah I’ll grab some logs and post my files tonight when I get time :)
- Comment on [deleted] 8 months ago:
I definitely can’t connect to the container as it doesn’t start. I’ve also tried without the .env file and that doesn’t work either. I’ve even setup a new LXC and started from scratch with the same result.
- Comment on What are your VPN recommendations for accessing self-hosted applications from the outside? 8 months ago:
Can I ask how you have this setup? Do you also have a reverse proxy setup or just WG on your router and everything gets routed via your router?
- Comment on What are your VPN recommendations for accessing self-hosted applications from the outside? 8 months ago:
I used wireguard self hosted for a bit but my work network is pretty locked down and I couldn’t find a UDP port that wasn’t blocked. How are you guys setting up wireguard in your home network? Or is it better to host it on a cloud VM?
I’m using tailscale right now because it punches through every firewall but I don’t like using external providers and I’m worried it will eventually enshittify. I have a cloudflare domain but I can’t really use any UDP port for my VPN as it’s blocked.
- Comment on Bambu Lab Controversy Deepens: Firmware Update Sparks Backlash 9 months ago:
I blocked my printer from having internet access and blocking its random DNS attempts as well 2 months after I bought it. They are amazing printers for beginners and priced very well IMO. I love my printer bit will never update the firmware because of this enshittification.