Lem453

Lem453 , 14 hours ago (edited 14 hours ago)

If you don't want to think about your computer and just want a tool to use there is Aurora. It's a variant of fedora but it uses an immutable file system which makes it super stable and reliable. If there are any issues you can easily roll back the entire os to a previous version.

This is true of all fedora atomic desktops. Aurora is a variant that takes it to the next level by making all updates and everything require as little human interaction as possible so you don't have to worry about how the computer runs and just use the computer for your actual tasks.

https://getaurora.dev/

Lem453 , 2 hours ago

They advertise as being zero maintenance which is a huge deal with many windows and Mac users than don't want to think about the tool itself, they just want to use it. From the site:

What's the difference between Vanilla Kinoite and Aurora?
Vanilla Kinoite is a very stock experience. Aurora includes many enhancements and tweaks, like included drivers for various printers, network adapters and more as well as included codecs. Aurora also features tweaks to enhance your battery life on a laptop.

Lem453 , 1 minute ago

By zero maintenance they mean you don't even have to hit the update button. It all just happens automatically. Many Linux users won't like that but many windows and Mac users will.

Lem453 , 3 days ago

Fedora atomic or it's more streamlined cousin silverblue. They both have gnome and kde versions depending on your preference but as a base they work really well for a workstation

Lem453 , 7 days ago

I'm curious how using ansible to deploy docker containers is easier than just using docker compose?

Ansible makes sense to setup the OS the way it needs to be (file systems, folder structure etc), but why make every container through ansible instead of just making a docker compose and maybe having ansible deploy that?

Even easier is probably to just run something like portainer and run the compose file through there

Lem453 , 6 days ago

What makes butter better than btrfs for ostree systems?

Lem453 , 8 days ago

Fedora atomic with kde (kionite) has been amazing on my laptop so far (recently moved from mint)

Lem453 , 8 days ago (edited 8 days ago)

How do I install this on fedora? I'm not to keen on curling a bash script and running it. Thanks!

Edit: for fedora atomic, the answer is to download the rpm and overlay it with rpm-ostree install

Lem453 , 7 days ago

If you submit the rpm to rpm-ostree then users can just find it from there with rpm-ostree install xpipe.

That requires an overlay but the alternative is a flatpak which won't work for an app like this I think anyways.

Users that install brew can just get it from here as a proper containerized install rather than an overlay.

The script is definitely not great as he primary way to install, everyone doing that should be doing so very reluctantly. Getting the rpm into package managers will go a long way.

That being said, xpipe is amazing. Only used it for a few hours and already love it and can't believe I didn't have it sooner.

Lem453 , 12 days ago

Sounds like they actually changed it to Go language regex syntax instead of pearl syntax.

The documentation certainly makes it sounds like they just got rid of regex but this forum post seems to show otherwise.

https://community.traefik.io/t/pathprefix-regex/21819

I'm definitely in the wait for a month at least before attempting this upgrade camp...

Lem453 , 15 days ago

This seems like an issue where the wireguard is not using the correct DNS server. Does the wireguard DNS setting point to the router?

A diagrams might help me to see what is going on more clearly.

Lem453 , 15 days ago

If you're only using nextdoor for fine sync, seafile or synching will be vastly superior

Lem453 , 16 days ago

Seafile has been great for me.

400gb, multiple users. Single sign in with Authentik.

Just recently setup only office integration

Lem453 , 19 days ago

I moved form next cloud to seafile. The file sync is so much better than next cloud and own cloud.

It has a normal windows client and also a mount type client (seadrive) which is also amazing for large libraries.

I have mine setup with oAuth via Authentik and it works super well.

Lem453 , 19 days ago

Maybe 1 hr every month or two to update things.

Thinks like my opnsense router are best updated when no one else is using the network.

The docker containers I like to update manually after checking the release logs. Doesn't take long and I often find out about cool new features perusing the release notes.

Projects will sometimes have major updates that break things and I strongly prefer having everything super stable until I have time to sit down and update.

11 stacks, 30+ containers. Borg backups runs automatically to various repositories. Zfs auto snap snot also runs automatically to create rapid backups.

I use unraid as a nas and proxmox for dockers and VMs.

Lem453 , 19 days ago

Are you changing the same files at the same time?

I have multiple computers syncing into the same library all the time without issue.

Lem453 , 20 days ago

Thank you for this

Lem453 , 22 days ago (edited 21 days ago)

This looks amazing, that you for this.

Suggestions:

Use the https://authjs.dev/ library to implement SSO for user management. This will automatically give the ability to use any login protocol any user could ever want.

I have numerous self hosted apps with multiple users, running them all through authentik is very important for users that are doing something similar.

Every homelabber will have a slightly different setup but the above library will essentially just support everything right away.

You will never need to worry about users requesting whatever protocol they are using because if you check the list of providers it's basically everything.

Lem453 , 23 days ago (edited 22 days ago)

For others, beware that in a docker, each plugin needs its own docker container.

I run everything in docker except for HA which I run in a VM (HaOS) which makes it super easy to use.

Edit: by plugins I meant add-ons

Lem453 , 23 days ago

This has been a long requested feature, there are libraries out there that make this easier for apps so that if you implement the library it will allow pretty much any SSO protocol...but this would need someone with coding skills to implement

https://community.home-assistant.io/t/open-letter-for-improving-home-assistants-authentication-system-oidc-sso/494223/119

Lem453 , 24 days ago (edited 23 days ago)

Highly recommend getting a router that can accept wireguard connections. If the router goes down you're not accessing anything anyways.

Then always put ssh behind the wireguard connections.

For a homelab, there is rarely a need to expose ssh directly so best practice will always be to have multi layered security when possible.

Lem453 , 23 days ago

Who was pulling the dicker compose and just straight up running the GitHub version on their server. That seems crazy. Even pulling :latest tag seems crazy to me but this is another level.

This change is only breaking if you are running someone else's docker compose on your server without looking at it.

Also who was running their entire photo album in a docker volume rather than a mount point on the host. Another insane decision. To be fair, the default docker compose never should have had that. It should have been a mount point right from the start.

Lem453 , 23 days ago

Complete insanity.

Then again it seems like people were using a docker volume to save all their precious photos rather than a mount point on the host. Also seems insane to me.

Lem453 , 23 days ago

Exactly this, my docker host has a folder for docker data. In there are sub folders for each docker app. Borg back grabs the entire docker data folder and backs it up.

If there are any issues, I can easily see all the files.

I have no idea how people trust things like docker volumes with valuable data without the ability to just see into the filesystem easily.

Lem453 , 23 days ago

Mainly because of the number of things I have that I rely on every day and definitely don't want to break until I'm ready to upgrade it and have time to fix it if it does break.

I know many do use :latest but having a service break while I'm away or travelling really sucks

Lem453 , 22 days ago

A normal file system is something anything can access. You can open it in file browser. You can get to it via command line. You can ssh into from another computer and you can easily back it up with numerous tried and tested backup methods.

Why lock yourself into only being able to access your data via docker?

In a disaster scenario when you are trying to recover files, you will greatly appreciate being able to just see all the files super easily without anything fancy. It also means you can use any standard method to back up all those file.

Recovery is also almost as easy, copy the files back to where they were and just run the docker container.

Lem453 , 22 days ago

That last point is the important one. For important data, I want the setup to be as easily accessible and system agnostic as possible.

Lem453 , 22 days ago

Ok...so it should be easy to understand why for many people :latest is not a good idea

Lem453 , 20 days ago

It's not unusual for an update to have breaking changes that require some manual intervention to fix.

If you are on latest, it can also be hard to know which version you used to be on if you want to roll back.

For important things, I used specific version tags and then check the release notes before upgrading.

Lem453 , 24 days ago

Proxmox with zfs works so well in my homelab that I forget I'm using proxmox

Lem453 , 27 days ago

Switching from Google photos to immich was one of the best uses for server I've ever implemented. Amazing piece of software and one of the best open sources projects in a long time

Lem453 , 1 month ago

Kernels very often have file system changes, makes sense that gparted would stay at the forefront of filesystem tech.

Lem453 , 1 month ago

Any reason not to use borg base? They specialize in borg backups.

Lem453 , 1 month ago

Bought a Roku and regret it. Should have gotten a shield.

Lem453 , 1 month ago

It does allow you to found the files, just not via smb or ftp. It requires it's own filesystem but works very well.

https://manual.seafile.com/extension/fuse/

I've tested this on my backups for which I use borg backup.

First I mount a remote borg repository using one command. Then mount the seafile repository via the fuse command above.

Note that the sea drive client app does the same thing as above but in the gui and mounts the library as a virtual hard drive.

https://help.seafile.com/drive_client/drive_client_for_win10/

This is different than the actual seafile client app which is the standard folder sync / Dropbox like behavior that most users will only ever use. All the other things I mentioned above are for advanced use cases only and not normally needed but very nice to have.

BTW authentik for Single sign on works super well

Lem453 , 1 month ago

Om using it with traefik and don't havr anything special other than my standard traefik labels that i put on all docker containers.

Make sure you have added this to the config:
https://forum.seafile.com/t/csrf-verification-failed-error-after-upgrading-from-ce-9-0-10-top-11-0-4/19257

Also on first boot you might still have to login with the IP address and set the URL in the settings

Afyer that it all worked well with traefik and authentik

Lem453 , 1 month ago

Is this a fresh install? Why is there any debugging? To just connect with an ip requires no config files at all.

I only changed 1 config file add the crfs URL and also added some lines for oAuth. No config file changes are needed by default. It's all docker compose

Lem453 , 1 month ago

This is the way, immich is insanely fast and performant

Lem453 , 1 month ago

If you have everything on docker compose migrating to another host is pretty easy. I could probably migrate my 11 stacks of 36 containers in 2 to 3 hrs

Lem453 , 1 month ago

Pretty much this. Lot of padding in those numbers or waiting for some manual things to install etc

Lem453 , 1 month ago

Wireguard makes everyone one big happy family!

Lem453 , 1 month ago

I use only the depends_on along with network mode in my setup and it works but your glutun might be taking longer to load so something like this might help.

You definitely need some kind of depends on thought:

https://docs.docker.com/compose/startup-order/

Lem453 , 1 month ago

Authentik works very well and has the most flexibility if you have the resources to run it (not an rpi)

You can change the logon flow to make the username and password on the same page

Another user mention issues with password managers auto filling. There is a comparability button as well on the login flow that allows bitwarden and other to auto fill correctly.

Authentik has LDAP built in along with every SSO method that exists. Makes it super nice to integrate into as many services as possible.

I use it with oAuth, LDAP and reverse proxy authentication.

Lem453 , 1 month ago

I think I saw a tutorial on YouTube for how to do it but this page describes it as well. I edited the default login flow to include the password box

https://docs.goauthentik.io/docs/flow/stages/identification/

Lem453 , 1 month ago

I assume each square represents something specific about humans but I can't figure out most of them. Can someone list them?

Lem453 , 23 days ago

This is disappointing. I have one of their travel routers. I guess they still make travel routers that can be flashed with stock openwrt so those are still an option

Lem453 , 23 days ago

For people starting out, I highly recommend not doing this. You want to be able to mess with your server without bringing down the whole network.