- 4 Posts
- 145 Comments
Vaultwarden itself is actually one of the easiest docker apps to deploy…if you already have the foundation of your home lab setup correctly.
The foundation has a steep learning curve.
Domain name, dynamic DNS update, port forwarding, reverse proxy. Not easy to get all this working perfectly but once it does you can use the same foundation to install any app. If you already had the foundation working, additional apps take only a few minutes.
Want ebooks? Calibre takes 10 mins. Want link archiving? Linkwarden takes 10 mins
And on and on
The foundation of your server makes a huge difference. Well worth getting it right at the start and then building on it.
I use this setup: https://youtu.be/liV3c9m_OX8
Local only websites that use https (Vaultwarden) and then external websites that also use https (jellyfin).
See me comment above
https://lemmy.ca/comment/11490137
I don’t like that obsidian not fully open source but the plugins can’t be beat if you use them. Check out some youtube videos for top 20 plugins etc. Takes the app to a whole new level.
The real power of obsidian is similar to why Raspberry Pi is so popular, it has such a large community that plugins are amazing and hard to duplicate.
That being said, I use this to live sync between all my devices. It works with almost the same latency as google docs but its not meant for multiple people editing the same file at the same time
Same with jellyfin.
They basically don’t accept recurrent donations on purpose
I’ve got multiple apps using LDAP, oauth, and proxy on authentik, I’ve not had this happen.
I also use traefik as reverse proxy.
I didn’t manually create an outpost. Not sure what advantage there is unless you have a huge organization and run multiple redundant containers. Regardless there might be some bug here because I otherwise have the same setup as you.
I would definitely try uploading everything to the latest container version first
For people wanting the a very versatile setup, follow this video:
Apps that are accessed outside the network (jellyfin) are jellyfin.domain.com
Apps that are internal only (vaultwarden) or via wireguard as extra security: Vaultwarden.local.domain.com
Add on Authentik to get single sign on. Apps like sonarr that don’t have good security can be put behind a proxy auth and also only accessed locally or over wireguard.
Apps that have oAuth integration (seafile etc) get single sign on as well at Seafile.domain.com (make this external so you can do share links with others, same for immich etc).
With this setup you will be super versatile and can expand to any apps you could every want in the future.
Does anyone know if dockge allows you to directly connect to a git repo to pull compose files?
This is what I like most about portainer. I work in the compose files from an IDE and the check them into my self hosted git repo.
Then on portainer, the stack is connected to the repo so only press a button to pull the latest compose and there is a check box to decide if I want the docker image to update or not.
Works really well and makes it very easy to roll back if needed.
I don’t remember all the details. They never went closed source, there was a difference in opinion between primary devs on the direction the project should take.
Its possible that was related to corporate funding but I don’t know that.
Regardless it was a fork where some devs stayed with owncloud and most went with NextCloud. I moved to NextCloud at this time as well.
OwnCloud now seems to have the resources to completely rewrite it from the ground up which seems like a great thing.
If the devs have a disagreement again then the code can just be forked again AFAIK just like any other open source project.
Oh never mind, I saw this finding announcement for 6M and assumed it was the same company. Looks like they have many corporate investors…doesn’t inspire too much confidence.
Although they are still using the Apache 2 license and you can see they are very active in github. It does look like it’s a good FOSS project from the surface.
Ya it was bought by kiteworks which provides document management services for corps (which explains why that mention traceable file access in their features a lot).
That being said, they bought them in 2014 it seems and it’s been a decade now
Correcting: they were bought very recently, they have been accepting corporate funding for more than a decade however. That’s not bad in and of itself.
Did not know this. Thanks!
Looks like Kiteworks invested in OwnCloud in 2014 and they still seems to be going strong with the OSS development which is a good sign.
This probably explains why there are so many active devs on the project and how they got a full rewrite into version 4 relatively quickly.
Already seems to have more features than Seafile.
Exactly, Seafile is the best I’ve found so far but a clean re write of the basic sync features would be great.
Seafile for example has full text search locked behind a paywall even though tools like Elasticsearch could be integrated into it for free. Even the android app as filename search locked behind a paywall. You have to log into the website on your phone if you need to search.
Pathetic state of affairs.
- @Lem453@lemmy.ca to
- •
- owncloud.com
- •
- 3M
- •
When I was starting out I almost went down the same pathway. In the end, docker secrets are mainly useful when the same key needs to be distributed around multiple nodes.
Storing the keys locally in an env file that is only accessible to the docker user is close enough to the same thing for home use and greatly simplifies your setup.
I would suggest using a folder for each stack that contains 1 docker compose file and one env file. The env file contains passwords, the rest of the env variables are defined in the docker compose itself. Exclude the env files from your git repo (if you use this for version control) so you never check in a secret to your git repo (in practice I have one folder for compose files that is on git and my env files are stored in a different folder not in git).
I do this all via portainer, it will setup the above folder structure for you. Each stack is a compose file that portainer pulls from my self hosted gitea (on another machine). Portainer creates an env file itself when you add the env variables from the gui.
If someone gets access to your system and is able to access the env file, they already have high level access and your system is compromised regardless of if you have the secrets encrypted via swarm or not.
Not to mention the advantage of infrastructure as code. All my docker configs are just a dozen or so text files (compose). I can recreate my server apps from a bare VM in just a few minutes then copy the data over to restore a backup, revert to a previous version or migrate to another server. Massive advantages compared to bare metal.
There is an issue with your database persistence. The file is being uploaded but it’s not being recorded in your database for some reason.
Describe in detail what your hardware and software setup is, particularly the storage and OS.
You can probably check this by trying to upload something and then checking the database files to see the last modified date.
Thanks! Makes sense if you can’t change file systems.
For what it’s worth, zfs let’s you dedup on a per dataset basis so you can easily choose to have some files deduped and not others. Same with compression.
For example, without building anything new the setup could have been to copy the data from the actual Minecraft server to the backup that has ZFS using rsync or some other tool. Then the back server just runs a snapshot every 5 mins or whatever. You now have a backup on another system that has snapshots with whatever frequency you want, with dedup.
Restoring an old backup just means you rsync from a snapshot back to the Minecraft server.
Rsync only needed if both servers don’t have ZFS. If they both have ZFS, send and recieve commands are built into zfs are are designed for exactly this use case. You can easily send a snap shot to another server if they both have ZFS.
Zfs also has samba and NFS export built in if you want to share the filesystem to another server.
I use zfs so not sure about others but I thought all cow file systems have deduplication already? Zfs has it turned on by default. Why make your own file deduplication system instead of just using a zfs filesystem and letting that do the work for you?
Snapshots are also extremely efficient on cow filesystems like zfs as they only store the diff between the previous state and the current one so taking a snapshot every 5 mins is not a big deal for my homelab.
I can easily explore any of the snapshots and pull any file from and of the snapshots.
I’m not trying to shit on your project, just trying to understand its usecase since it seems to me ZFS provides all the benefits already
Start with this to learn how snapshots work
https://fedoramagazine.org/working-with-btrfs-snapshots/
Then here the learn how to make automatic snapshots with retention
https://ounapuu.ee/posts/2022/04/05/btrfs-snapshots/
I do something very similar with zfs snapshots and deduplication on. I have one ever 5 mins and save 1 hr worth then save 24 hourlys every day and 1 day for a month etc
For backup to remote locations you can send a snapshot offsite
The proper way of doing this is to have two separate systems in a cluster such as proxmox. The system with GPUs runs certain workloads and the non GPU system runs other workloads.
Each system can be connected (or not) to a ups and shut down with a power outage and then boot back up when power is back.
Don’t try hot-plugging a gpu, it will never be reliable.
Run a proxmox cluster or kubernetes cluster, it is designed for this type of application but will add a fair amount of complexity.
- @Lem453@lemmy.ca to
- •
- 4M
- •
- @Lem453@lemmy.ca to
- •
- 5M
- •
- @Lem453@lemmy.ca to
- •
- forums.servethehome.com
- •
- 8M
- •
https://youtu.be/liV3c9m_OX8
This should help