What’s up, what’s down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
You must log in or register to comment.
Finally installed jellyfin when I realized I could use rclone to mount 10G of free disk space from box (with client side encryption using rclone) on my server.
Very easy to install on Debian, but the plugins are a security nightmare. Jellyfin devs are kinda dumb.
A LOT of plugins in many projects are a huge concern. I say this as someone who ran security for an OS for a while. It’s just people making bad decisions for everyone and then hand-waving the risks when questioned.
I’ve been learning bash and working on scripts to automate stuff in my homelab. It’s been a lot of fun. I’m currently working on a script that will rename the movies and TV shows I rip from my DVD collection.
The script queries the tmdb api, presents me with a mwnu of matches if there’s multiple matches, renames the media files according to jellyfin spec, and then places them in the proper folders to be indexed by Jellyfin and Kodi.
Bash variable manipulation is really, really fun.
Would you mind sharing the code?
I’ve just moved and I’m setting up my machines. NIC died in my DIY router just before the move so I’m upgrading to 2.5/10 Gbps at the same time.
What NIC are you looking at and what OS have you chosen?
It’s a complete experiment with cheap network gear from China. I have a HP T730 mini PC that serves as my router. I’m installing a cheap 2.5 Gbps NIC for LAN side. Then there’s a switch with 4x2.5 Gbps Ethernet and 2xSFP+ ports. My two main machines (PC and home server) are getting 10 Gbps SFP+ cards that I’ll attach with DAC cables.
OS is OpenWRT, because I’ve been connecting over WiFi to the Internet in both old and new locations. OPNsense just will not work with any wireless adapter I’ve tried. I will try agan once I route Ethernet to my room.
I’m curious if all of this works with cheap network gear. Today I’m configuring a fresh OpenWRT installation on the router.
More incus:
- mounting persistent storage into containers (cheating by exporting NFS from my proxmox zfs into the incus host.
- wrote a pruning backup script for containers, runs daily
- passed through hardware (quicksync) into jellyfin container (it works!)
- launched an OCI container (docker home assistant) natively in incus (this is a game-changer!)
Next:
- build 2nd incus node
- move all containers from proxmox to incus
- decom proxmox
- setup Debian with NFS export
I hear about Incus being the next best thing. I’ve never played around with it. Is it all that and a bag o’ chips?
I think so.
It is LXD + KVM, so way more and finer tune control on lxc instances. It can run OCI images as well, so for docker instances with only a few configs and no persistent storage, it is actually quite handy. For docker instances that need pretty complicated compose files, I just run docker inside an lxc for now, until I figure that out.
Does Incus allow you to use a VM with a GUI? One thing that’s nice about Proxmox is I have one VM with a very basic lxqt setup for when I need that, and I can either use remote-viewer + the spice protocol to access it or access it through the Proxmox web ui. That’s been very handy.
Side question, but where are you hearing this about incus?
I’m wrapping up 9 years of using proxmox and I have very specific reasons for switching to incus, but I this is the third time I’m fielding questions in the last month about incus.
I read a lot. LOL I might not understand it all, but I read TBs of articles and stuff.
I’ve finally powered on a 15 year old machine to run a bot I’ve been writing. The thing is slow as dirt and stuck behind a flakey power line network, but it’s working. I got to write my first systemd service definition, which is kind of cool.
The computer I’m using currently, I set the BIOS in 2012. WHen I built it, I stuffed every last piece of cutting edge tech of the time into it. Dual CPU, SLI, started with 64gb ram then later on maxed the board out at 128gb. It’s still a workhorse tho. It’s one of the three I use all the time for music production, selfhosting etc.
My machine is not a workhorse. I got it second hand. It has around 8gb of RAM, and an 80gb HDD I found in a laptop.
But it’s enough to work as a testbed, so it’s fine with me.
This is the home lab creed: You do with what you have. Before I accumulated a bit of equipment, I’ve used laptops, RPi, minicomputers, at one time I had a cluster of Wyse thin clients bootstrapped together.
Firing up my NAS and Arrs. My Aoostar WTR Pro and all the components arrived, it’s all setup, and I swapped out the fan for a larger one to get more airflow into the nvme drive area since I live in a hot climate.
Spending the day configuring a vpn, sab, and qbit. Already learning a lot!
Oh, I’ve just been tinkering around with LangFlow specifically as a news aggregator.
The flow: https://i.imgur.com/5HqznQm.png
Then asking AI to go get me some news: https://i.imgur.com/ltZPBwC.png
Still needs a little tinkering and as the final step, to send said news stories to my Telegram. I really have a blast with automation platforms like N8N, Flowise, Gotify, DopplerTask, & Kestra.
Afterwards, I smoked a small bowl and worked on a couple songs I have in the works.
HBU?
This week I finally managed to route torrent traffic through a VPS that was sitting around gathering dust. I am behind CGNAT so was taking me 6 weeks to do the kind of traffic I do in a day now. I couldn’t be more chuffed.
What ratio are you at with your Linux ISOs *wink.
I really need to figure out how to get Jellyfin to use SSL certs and assigning a domain to the instance.
Caddy is the way.
Caddy! I am embarrassed to think about how long it took me to figure out caddy. I kept cracking away at it tho, and one day it was like the clouds rolled back, and the sun shone on my face, a alien ship came down and this green little dude gave me the secrets, and it was all so simple. Now I can have caddy up and dishing out certs in about 5 minutes. When I look back, I cringe.
Do you have a revese proxy setup?
I have my instance running in my k3s cluster. I have its node affinity to only run on my minisforum i9. That way, I can use cert manager to manage the certs.
When in doubt, put it behind nginx
Finally switched from plex to jellyfin, seems to be ok so far. Needed to make some small scripts for metadata management but it’s running smoothly. Finally decided I’m hosting enough software with user accounts that I’ve made an authentik instance for SSO with each (ofc jellyfin first)
The only feature I want that jellyfin doesn’t have (or I haven’t found it) is shuffle. Throwing on how it’s made or mythbusters on shuffle is great background stuff.
I see it in the default WebUI, perhaps whatever app you’re using doesn’t support it?
Ya I don’t think it’s supported on the apple tv app. Damn.
Aren’t there clients that support that?
Maybe, i haven’t seen it yet though
I do it for music
Damn ok that sucks it doesn’t seem available on the client for apple tv.
Yeah I dont know why any Dev wouldn’t choose a cross platform framework
Ann reason you choose authenik? There are a nmber of options and I’m not sure why to choose one over the other.
I’m not the person you’re replying to, but Authentik:
- Has a UI for configuring it, including adding users.
- Supports LDAP if you need it. Authelia needs a separate LDAP server.
- Supports practically every two factor auth protocol you’d need: OIDC (OpenID Connect), OAuth2, SCIM, SAML, RADIUS, LDAP, and proxying for apps that don’t support any of them (which is getting rarer).
- Supports permissions and permission groups, i.e. only allow certain users to access particular apps.
- Can be used as the source of truth for Google Workspace and Microsoft Entra. Maybe not as relevant for home use.
I haven’t tried Keycloak but I hear it’s pretty good, albeit a heavier app to deploy.
I have tried Authelia, and it’s much less powerful than Authentik. Authelia requires you to manually modify config files rather than using a web UI. It also only supports OIDC (which is in beta) and proxying. Proxying is not recommended and has several issues since it’s not “true” single sign-on.
Keycloak is very much lighter actually. Can run under half a gig ram whereas authentik uses about 1GB.
Authelia is king though in running with just about 30MB of ram.
That’s interesting… It used to be a lot heavier.
Authelia is definitely the lightest in terms of RAM, but it’s also the lightest in terms of features. As far as I can remember, they only added OIDC support fairly recently - previously it only supported proxying.
I’m considering Keycloak myself because it’s trusted by security professionals (I think it’s a RedHat project), whereas Authentik is basically a passion project.
I did no research whatsoever and picked the one I’d seen the name of more often. I figured if it didn’t work for me I’d try something else, same as when plex wasn’t working for me so I switched to jellyfin. I have no idea how it compares to the other options but it feels pretty solid so far
Doing that switch soon.
Plex doesn’t do hw accel well, which kind of defeats the purpose.
Setting up HW accel on Jellyfin was a bit more manual than a single checkbox. You have to tell it which codecs it should HW decode and encode. I had some issues with it so left it off for now
Hey, we’re also thinking about setting up authentik. Could you answer the following, where I haven’t found answers to yet: does introducing SSO impede logging into Jellyfin on a TV / phone app at all?
no, works fine. there’s an LDAP plugin for jellyfin so you can use the jellyfin internal login page and the server will verify the login against authentik. took some setting up though.
Alright, thank you!
I tried to update my lemmy instance and it all went so horribly wrong. DB never came up, errors everywhere, searching implied I updated to a dev branch sometime in the past (not a dev, don’t think I did) and it’ll be console and DB queries for a fix.
Ran out of time and overwhelmed, I restored backups and buried my head in the sand. Nope, not now. Future, yes, but oh not now.
Sometimes we get so engrossed in what we’re doing we can’t see the problem(s). I do that a lot, so I have take a break. Same with creating music. You get so deaf to what you are trying to write that nothing sounds good no matter what you do. In the words of Snoop Dog, ‘I had to back up off of it and sit my cup down. Tanqueray and chronic, yeah, I’m fucked up now.’
Take a break.
Scrubbing a little demo project I made featuring a web app behind oauth2-proxy leveraging keycloak as local idp with social login. It also uses a devcontainer config for development. The demo app uses the Litestar framework (fka starlite, in Python) because I was interested, but it’s hardly the focus. Still gotta put caddy in front of it all for easy SSL. Oh, and clean up all the default secrets I’ve strewn about with appropriate secret management.
All of it is via rootless podman and declarative configuration.
Think I might have to create my own Litestar RBAC plugin that leverages the oauth headers provided by the proxy.
It has been a minute since I worked daily in this space, so it has been good to dust off the cobwebs.
My radarr instances won’t download anything. It will search and find compatible torrents, but then it just spins and spins, nothing ever moves to the queue. If I refresh its like nothing happened at all. I confirmed that qbt is running properly and my Sonarr instances seem to be running ok.
I recently reorganized the root files to separate HD/UHD content so that I can run 2 instances for Overseerr requests, then this issue started. I had to reset the root folders and now there’s also a root folder error about collections that I can’t resolve either… got me thinking about doing a full reinstall.
The root folder error for collections. I think I know this one. You need to go into every movie and update the filepath to the use the new root folder. Radarr isn’t smart enough to do that automatically for you. Though you’d think they’d have $rootfolder as a var, but no.
What’s in the radarr log? You have your downloader configured, enabled, and tested I assume?
Email… My wife really wants to further de-google, this means moving custom domains off gsute.
Do I move to proton/tuta or go back to self hosting email again like I did for years until about 2010?
If I self host, do I do it at home or on the server that runs my lemmy instance?
I self-host my email using Mailcow, and use a VPS for it. I don’t trust my home server to be reliable enough, and the VPS providers have nicer equipment (modern AMD EPYC CPUs, enterprise SSDs, datacenter-grade 10Gbps or 40Gbps connections, etc). I use a separate VPS just for my emails - it’s the one thing I want to ensure is secure, so I didn’t want any other random software (that could potentially have security issues) running on it…
I also use an outbound SMTP relay to avoid having to deal with IP reputation. SMTP2Go has a free plan for sending <1000 emails per month.
It kind of amazes me that, in this day and age, email has turned out to be the lynchpin of security. Email as a 2FA endpoint. Email password reset systems. If email is compromised, everything else falls. They used to tell us not to put anything in email that you wouldn’t put on a postcard…how did this happen?
That and email protocols are outdated and aren’t too secure. For example:
- Neither SMTP nor IMAP have no way to use two factor authentication.
- Spam blocking is so hard because SMTP was not designed with it in mind.
- SMTP has no way to do end-to-end encryption which is why you need to layer things like GPG on top.
IMAP has a modern replacement in JMAP, but it’s not widespread. SMTP is practically impossible to replace since it’s how email servers communicate with each other.
The “solution” has been for companies to make their own proprietary protocols and apps, for example the Gmail and Outlook apps combined with a Gmail or Microsoft 365 account respectively.
I’ve been testing out immutable distros, in this case openSUSE Aeon (laptop) and openSUSE MicroOS (server).
I set up Forgejo and runners are working, all in podman. I’m about to take the plunge and convert everything on my NAS to podman, which is in preparation for installing MicroOS on it (upgrade from Leap).
I also installed MicroOS on a VPS, which was a pain because my VPS provider doesn’t have images for it, and I’d have to go through support to get it added. Instead, I found a workaround, which is pretty amazing that it works:
- Install Alpine Linux (in my case I needed to provision something else first and mount an ISO to install Alpine, which was annoying)
- Download MicroOS image on VPS (not ISO, qcow image)
- Write image to the disk, overwriting the current OS (qemu-img command IIRC)
- Reboot (first boot takes longer since it’s expanding the disk and whatnot)
The nice thing is that cloud-init works, so my keys set up in step 1 still work with the new OS. It’s not the most convenient way to set things up, but it’s about the same amount of time as asking them for an ISO.
Anyway, now it’s the relatively time consuming task of moving everything from my other VPS over, but I’ll do it properly this time with podman containers. I had an ulterior motive here as well, I’m moving from x86 to ARM, which reduces cost somewhat and it can also function as a test bed of sorts for ARM versions of things I’m working on.
So far I’m liking it, especially since it forces me to use containers for everything. We’ll see in a month or two how I like maintaining it. It’s supposed to be super low effort, since updates are installed in the background and applied on reboot.
