Hello!

Recently started selfhosting FreshRSS - and while it is really good, i have a few hicks with some of the feeds im fetching from, for instance Its Foss. As seen in the extremely long screenshot below(Picture2), to illustrate what I mean, the feed is extremely cluttered with addtional small icons and pictures. Just to clarify, this is the default view - I have not clicked to expand it or whatnot.

While I normally dont mind this, the feeds from Its Foss are always loading in at full length, e.g. the full article - and they are quite lengthy. Even though my settings are set to not unfold by default;

Other articles who only have a title, picture and first sentence of the post, see Picture1. Is there a way to force articles not loading at full? I have a vague memory of somone linking a RSS filter tool a while back but not able to find back to it, and not sure it solves what I am looking for. Or have I just configured my settings wrong, and not able to find the setting that makes It's foss load in full?

Let me know :)

Picture1 (How I wish for all posts to be like):

Picture2 (How I do not want it to be like): External View link here

Hey everyone

I've got an old Mac Mini running Proxmox, right now all it has is a LXC for Plex and a Debian VM for Docker (OpenVPN/Transmission and Screeps server).

What is everyone's preferred monitoring solution?

I'm mostly interested in getting easy access to syslogs, seeing CPU/RAM/Disk space for the Proxmox host, VM and LXC. I have a Mac app called Daisy Disk that shows me all my data on my disk in a nice UI, something with similar capability would be great.

I randomly installed Netdata, didn't love it. Ran into issues with Cockpit and gave up, but I'd try it again if it's considered the best. But I'd love to hear options, preferably with minimal setup and maintenance (wish is probably wishful thinking). Don't hate Proxmox VE, but I feel like I can do better.

I want to create a custom dashboard web app thing for the purpose of learning and to make it avalaible for selfhosted servers.

The plan is to use existing linux cli tools as much as possible.. Which of them do you think are appropriate for that purpose?

There is a nice list in this blogpost but I dont have any experience with any of them: https://www.brendangregg.com/blog/2024-03-24/linux-crisis-tools.html

I've tried a few jellyfin plugins that are supposed to sync metadata and thumbnails from tube archivist, but it's just not working right.

I can see some thumbnails, but then the titles are just random gibberish. Or the titles somewhat work, but no thumbnails.

Any secret I'm missing?

Both are running in docker containers on a synology nas.

whenever I try to run a podman container, it'll through:

Error: running container create option: container has joined pod 4f[long_string]b1f and dependency container 34[long_string]9cd is not a member of the pod: invalid argument

An example of a dependent container compose file looks like this:

services:
  # https://docs.linuxserver.io/images/docker-qbittorrent
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - WEBUI_PORT=8090
      - PUID=0
      - PGID=0
    volumes:
      - ./config:/config:Z
      - ./files:/media:z
    restart: always
    depends_on:
      - gluetun
    network_mode: "container:gluetun"

services:
  # https://github.com/qdm12/gluetun
  gluetun:
    image: docker.io/qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8001:8000 # gluetun
      - 8090:8090 # qbittorrent
    volumes:
      - ./config:/gluetun:Z
    environment:
      - KEYS=REDACTED
    restart: always
    privileged: true

It worked until yesterday. I updated to fedora 40. I am not sure if that is just a coincidence or if that's the reason. Should I downgrade to 39?

6 servers were decomissioned, Iwas able to only get the disks, RAM, CPUs and Network Card.

The total of this is : 88 x 8TB SAS disks 44 x 16GB RAM sticks (half 2133, half 2400) 6 x v3 Xeon e3 2630 6 x v4 Xeon e5 2640 3 x 10 GB PCIe dual port cards 12 x 1U heatsink

I'm really lucky to have all of these, even if I don't have a use for all of that for now (except some of the disks)

EDIT: Forgot to mention: All of this for free, I work in a datacenter!

I would like to have a central Calendar that I could sync everything to it, from my email calendars and my to do list, is there something like that selfhosted or not, that is FOSS?

Interesting problem here. So I self host jellyfin, happy to share my (owned) movies with my family. Well, my mother has asked me to digitize her collection too and have me host it. Originally, fine, you give your movies to me, I host them, same thing.

However, what I didn't bet on was the amount of garbage, terrible movies she would give me. There's a few that are fine, but the vast majority are, well I'll just put it bluntly, christian propaganda. I don't think any of them are as terrible as some of the worst case, but think "My life was horrible until I found god now look and see how fulfilled I am" type propaganda - and they make for horrible plots. Left Behind with Kirk Cameron is a good example. Even removing the blatent boring christian plots - it's just a horribly made movie. Cheap, not thought out well, and honestly I read the book decades ago, it's a horrible adaptation too.

Not that I keep only top tier movies in my libraries, but these are, well they just bring a pit to my stomach.

What would you do in my situation? (And I'm going to go ahead and say the pure atheist comments aren't needed, yes of course I could burn them, or dance around them, but I'm not looking to just burn the bridge between my mother and myself over a lifetime of her indoctrination and bad taste in movies). I'm more looking for generic, how do you handle your users asking you to put content you don't find appealing on your server?

I have two cameras in Frigate.

One is a Raspberry Pi 3 running Monocle server, and this stopped working in Frigate some time back (driveway). The second is a Galayou G7 (nursery). The nursery camera is the one I am concerned about with this post.

Problem: Up until a month or two ago (I must have ran an update but I don't know) the audio from the Galayou camera worked in Home Assistant. I'd like to get that working again. Some searching led me to try setting up go2rtc in my config.

Here is my config before making any changes:

mqtt:
  host: 192.168.1.10
cameras:
  nursery:
    ffmpeg:
      inputs:
        - path: rtsp://redacted:redacted@192.168.1.241:554/live/ch1
          roles:
            - detect
    detect:
      width: 1280
      height: 720
  driveway:
    ffmpeg:
      inputs:
        - path: rtsp://192.168.1.240:554/recording/7824851880350319106/replay?trackid=8836591
          roles:
            - detect
    detect:
      width: 1920
      height: 1080

This currently provides only jsmpeg video in Frigate. If I add something like this to the end:

go2rtc:
  streams:
    nursery:
      - rtsp://redacted:redacted@192.168.1.241:554/live/ch1

this adds mse and webrtc as options in Frigate. But, mse plays only video, no audio. And webrtc loads neither audio nor video. I have tried adding lines like - "ffmpeg:nursery#video=h264#audio=aac" and also with opus but to no avail.

Finally, if I ffplay rtsp://redacted:redacted@192.168.1.241:554/live/ch1 it loads audio/video without a problem. I'm also able to connect via ONVIF at onvif://192.168.1.241:8899 from onvif-gui.

So, something is wrong in my Frigate config, and I don't know what. I'm hoping someone here is a little more familiar and can give me a pointer or two here?

After getting fed up with TrueNAS (after it borked itself for the third time and I would have had to set it up AGAIN) I decided to learn Ansible and write a playbook to setup my homeserver that way.

I wanted to share this playbook with you in case someone might find it useful for their own setup and maybe someone has some tips on things I could improve.

This server will not be exposed to the public/internet. If I want to access a service on it from outside my home network I have Wireguard setup on my router to connect to my home network from anywhere.

Keep in mind that I'm relatively new to sysadmin stuff etc so don't be too harsh please 😅

Hey everyone, I'm building a new server to run Jellyfin (with a few other services like Pi-hole) and I'm stuck on GPU or CPU transcoding.

My main concern is smooth 4K HDR transcoding for 1 stream. I've been reading mixed advice online – some people say a strong CPU with good single-core performance can handle it, while others recommend a dedicated GPU.

Should I focus my budget (~$1000AUD/$658USD) on a good CPU, or spend some of it on a dedicated GPU?

I assume it's not nvidia. Yet I have no idea how to differentiate between them and neither do I know what a good price is.

Let's say I don't want to think about what the video type is. I just want a smooth experience.

Edit: thank you guys!

Jellyfin is very unreliable with live tv in my experience. It takes ages to reload a playlist and sometimes the old channels still appear in library. Is there a better alternative?

I'm looking to replace my Rock 5B running Android TV (the OS jank has finally gotten to me) with an x64 Linux HTPC coupled with an Rii remote.

What distro would one recommend for a "Jellyfin native" client setup? I've run Kodi with the Jellyfin plugins before and not been a fan of the experience.

The primary OS for this disk was Unraid. Its formated in BTRFS. I don't think either of those matter. The disk spins and worked before the reboot. But now. No matter what machine, port or cable I use its not mountable. Is there anything I can try? I was going to attempt Spinrite on it however it doesn't see anything either. Thanks! Its a HGST drive dated May2019

This used to be a lot easier, Youtube had an export function to OPML and you could just import it.

Its quite useful being able to follow all your Youtube channels with your RSS reader if you want to pick which you want to watch then also Metube and the browser plug-in makes it a right click and select to send it for download.

cross-posted from: https://lemmy.cloudhub.social/post/347779

I am running a Kubernetes cluster for this domain, and I'm looking at more services to run (right now I have Mastodon and Lemmy).

I was considering WriteFreely and PixelFed, but they don't seem to have an easy solution for running on Kubernetes (WriteFreely doesn't even have a production-ready docker image).

Is anyone else running federated services in their lab? Do you run any of them on Kubernetes?

I have an openwrt router at home which also acts as my home server. It's running a bunch of services using docker (Jellyfin, Nextcloud, etc.)

I have set up an SSH tunnel between my openwrt router and VPS and can access jellyfin successfully.

I understand that I need to set up a reverse proxy to access multiple services and have https.

But I'm confused if I should set up this reverse proxy on the VPS or on the router itself. Is nginx the easiest option? Should i add subdomains in cloudflare for every service?

Pease don't recommend vpns since they are all blocked where i live (wireguard, tailscale openVPN, etc.) I'm limited to using ssh tunneling only.

Thanks

I have a few servers running some services using a custom domain I bought some time ago.
Each server has its own instance of caddy to handle a reverse proxy.
Only one of those servers can actually do the DNS challenge to generate the certificates, so I was manually copying the certificates to each other caddy instance that needed them and using the tls directive for that domain to read the files.

Just found there are two ways to automate this: shared storage, and on demand certificates.
So here's what I did to make it work with each one, hope someone finds it useful.

Shared storage

This one is in theory straight forward, you just mount a folder which all caddy instances will use.
I went through the route of using sshfs, so I created a user and added acls to allow the local caddy user and the new remote user to write the storage.

setfacl -Rdm u:caddy:rwx,d:u:caddy:rwX,o:--- ./
setfacl -Rdm u:remote_user:rwx,d:u:remote_user:rwX,o:--- ./
setfacl -Rm u:remote_user:rwx,d:u:remote_user:rwX,o:--- ./

Then on the server which will use the data I just mounted it

remote_user@<main_caddy_host>:/path/to/caddy/storage /path/to/local/storage fuse.sshfs noauto,x-systemd.automount,_netdev,reconnect,identityfile=/home/remote_user/.ssh/id_ed25519,allow_other,default_permissions,uid=caddy,gid=caddy 0 0

And included the mount as the caddy storage

{
	storage file_system /path/to/local/storage
}

On demand

This one requires a separate service since caddy can't properly serve the file needed to the get_certificate directive

We could run a service which reads the key and crt files and combines them directly from the main caddy instance, but I went to serve the files and combine them in the server which needs them.

So, in my main caddy instance I have this:
I restrict the access by my tailscale IP, and include the /ask endpoint required by the on demand configuration.

@certificate host cert.localhost
handle @certificate {
	@blocked not remote_ip <requester_ip>
	respond @blocked "Denied" 403

	@ask {
		path /ask*
		query domain=my.domain domain=jellyfin.my.domain
	}
	respond @ask "" 200

	@askDenied `path('/ask*')`
	respond @askDenied "" 404

	root * /path/to/certs
	@crt {
		path /cert.crt
	}
	handle @crt {
		rewrite * /wildcard_.my.domain.crt
		file_server
	}

	@key {
		path /cert.key
	}
	handle @key {
		rewrite * /wildcard_.my.domain.key
		file_server
	}
}

Then on the server which will use the certs I run a service for caddy to make the http request.
This also includes another way to handle the /ask endpoint since wildcard certificates are not handled with *, caddy actually asks for each subdomain individually and the example above can't handle wildcard like domain=*.my.domain.

package main

import (
	"io"
	"net/http"
	"strings"

	"github.com/labstack/echo/v4"
)

func main() {
	e := echo.New()

	e.GET("/ask", func(c echo.Context) error {
		if domain := c.QueryParam("domain"); strings.HasSuffix(domain, "my.domain") {
			return c.String(http.StatusOK, domain)
		}
		return c.String(http.StatusNotFound, "")
	})

	e.GET("/cert.pem", func(c echo.Context) error {
		crtResponse, err := http.Get("https://cert.localhost/cert.crt")
		if err != nil {
			return c.String(http.StatusInternalServerError, "")
		}
		crtBody, err := io.ReadAll(crtResponse.Body)
		if err != nil {
			return c.String(http.StatusInternalServerError, "")
		}
		defer crtResponse.Body.Close()
		keyResponse, err := http.Get("https://cert.localhost/cert.key")
		if err != nil {
			return c.String(http.StatusInternalServerError, "")
		}
		keyBody, err := io.ReadAll(keyResponse.Body)
		if err != nil {
			return c.String(http.StatusInternalServerError, "")
		}

		return c.String(http.StatusOK, string(crtBody)+string(keyBody))
	})

	e.Logger.Fatal(e.Start(":1323"))
}

And in the CaddyFile request the certificate to this service

{
	on_demand_tls {
		ask http://localhost:1323/ask
	}
}

*.my.domain {
	tls {
		get_certificate http http://localhost:1323/cert.pem
	}
}

I have forgot the password to the dashboard and want to change it.

How do I go about to change it? I tried to hash another in the terminal using apache-utils2, then to paste (the new password) in "the middleware.traefik-auth.basic auth.users=" Section of the compose file. Didn't work.

I restarted the container to no avail, even removed the container and spun up another. Nothing worked.

Is it really that hard to change password in traefik?

Any hint or advise is welcome, although I really want to access the dashboard via https.

Thanks!

Hello there,

I'm proud to share a major development status update of XPipe, a connection hub and remote file manager that allows you to access your entire server infrastructure from your local machine. It works on top of your installed command-line programs and does not require any setup on your remote systems. So if you normally use CLI tools like ssh, docker, kubectl, etc. to connect to your servers, you can just use XPipe on top of that.

Here is how it looks like if you haven't seen it before:

Coherent desktops

XPipe now comes with support for remote desktop connections. VNC connections are fully handled over SSH and can therefore be established on top of any existing SSH connection you have in XPipe. RDP support is realized similar to the terminal support, i.e., by launching your preferred RDP client with the connection information. X11-forwarding for SSH is also now supported.

With support for remote graphical desktop connection methods as well now in XPipe 9, the big picture idea is to implement the concept of coherent desktops. Essentially, you can launch predefined desktop applications, terminals, and scripts on any remote desktop connection, regardless of the underlying connection implementation. In combination with the improved SSH tunnel and background session support, you can launch graphical remote applications with one click in the same unified way for VNC over SSH connections, RDP connections, and X11-forwarded SSH connections.

SSH X11 Forwarding on Windows via WSL

You can now enable X11 forwarding for an SSH connection.

XPipe allows you to use the WSL2 X11 capabilities on Windows for your SSH connection. The only thing you need for this is a WSL2 distribution installed on your local system. XPipe will automatically choose a compatible installed distribution if possible, but you can also use another one in the settings menu.

This means that you don't need to install a separate X11 server on Windows. However, if you are using one anyway, XPipe will detect that and use the currently running X11 server.

SSH connection improvements

• All tunneled and X11-forwarded custom SSH connections are now properly detected and can be toggled on and off to run in the background

• The connection establishment has been reworked to reduce the amount of double prompts, e.g. for smartcards or 2FA, where user input is required twice

• The custom SSH connections now properly apply all configuration options of your user configuration file. They also now correctly apply multiple options for the same key correctly

• Any value specified for the RemoteCommand config option will now be properly applied when launching a terminal. This allows you to still use your preexisting init command setup, e.g. with tmux

• There is now support defining multiple host entries in place in a custom SSH connection. This is useful for cases where you want to use ProxyJump hosts in place without having to define them elsewhere

Terminal improvements

The terminal integrations have been reworked across the board. The kitty terminal is also now fully supported with tabs on both Linux and macOS. The Warp terminal integration now correctly enables all Warp features on remote shells. On macOS, other third-party prompts also now work properly in the launched terminals.

Password manager improvements

The password manager handling has been improved, and some potential sources of errors and confusion have been eliminated. There are also now a few command templates available for established password managers to quickly get started.

A note on the open-source model

Since it has come up a few times, in addition to the note in the git repository, I would like to clarify that XPipe is not fully FOSS software. The core that you can find on GitHub is Apache 2.0 licensed, but the distribution you download ships with closed-source extensions. There's also a licensing system in place as I am trying to make a living out of this. I understand that this is a deal-breaker for some, so I wanted to give a heads-up.

The system is designed to allow for unlimited usage in non-commercial environments and only requires a license for more enterprise-level environments. This system is never going to be perfect as there is not a very clear separation in what kind of systems are used in, for example, homelabs and enterprises. But I try my best to give users as many free features as possible for their personal environments.

Outlook

So if you gave this project a try a while ago or it sounds interesting to you, you can check it out on GitHub! There are still more features to come in the near future. I also appreciate any kind of feedback to guide me in the right development direction. There is also a Discord for any sort of talking.

Enjoy!

I cannot stand google news any more, too much spam, clickbait and advertisement. So I decided to try to selfhost an RSS aggregator to make myself a news feed that I would be comfortable with. Being RSS such an "ancient" thing I thought there will be many mature systems, but I'm not sure that's the case..

As far as my investigation goes there are two main options out there** TT-RSS (tiny tiny RSS) and FreshRSS**. There seems to also be miniflux but it supposedly have very few features.

So I tried the both main ones and I ended up kind of disappointed, I hope that I'm missing something. My requirements are:

1-Have a nice interface, card view, phone friendly. Basically being able to look the same as google news looked. So both have a pretty dated interface. And terrible responsive UI for phones. I was kind of able to make a "card view" with TT-RSS but looked hideous and didn't really work on phone screen, also applying themes broke TT-RSS, this will be recurring theme but it looks like TT-RSS is constantly breaking a rolling release system makes it very unstable and many plugins, themes and third party apps don't work right now because some new update broke everything. So native theming wasn't going to be a thing, so I tried third party apps. I found many that worked with FreshRSS and settled on Feedme, it looked exactly as I wanted, great. One point for FreshRSS. Feedme was supposedly compatible with TTRSS but I could not login, I have the suspicion that one update broke integration. I'm not even try to attempt to ask in their forums as I see that some time ago somebody asked the same question and got banned from their forums.

2-Being able to filter or prioritize feeds The problem is that I would love to suscribe to very diverse feeds, some would post maybe over a 100 post per day and others maybe one post every week or even month. So if let everything by default the former would flood the feed and I would never see the post from the little feeds. Here both offer categories that I could use but ideally I would love to have a curated main page. FreshRSS supposedly have a priority system but it seems quite simple and not effective for my needs, AFAIK you can put some feeds in "important feeds" but it only would show those feeds in that category then. TTRSS does have an advance filter system that is complex enough and with some fiddling I think I could make a set of rules that satisfy my needs. One point for TTRSS.

3-Being able to suscribe to any feed or even scrape webs that doesn't provide feeds. Here FreshRSS wins, I have zero issues subscribing to everything I wanted. With TTRSS I couldn't even subscribe with some pages that did provide with a feed, even if it was in an unconventional way. TTRSS devs say that is the webpage problem (even if FreshRSS had no problem with it). Here another point to FreshRSS.

And that is it, I do not exige that much. But I wasn't able to find a system that ticks those three checkboxes. FreshRSS was so close. But unless I am missing something you can't really create a curate feed that prioritizes and sorts feeds and posts in the way you can do with TTRSS sorting, if there is a way please let me know. And without that the whole thing becomes useless from the flooding feeds. And while I'm in love with TTRSS filters and sorting system, the whole app seems to unstable and with so many bugs to be usable, at least in my desired usercase (and I've seem many people complaining about TTRSS updates breaking things all the time).

My two main questions are:

-Am I missing some other self-hosted app that could do all I wanted?

-Am I missing some FreshRSS feature or extension that could curate a main feed with my own rules?

Any thoughts?

Hi everyone!

I'm looking into self-hosting, and I currently have dynamic DNS set up to point to my home IP.

My question: is it worth getting a dedicated IP through a VPN?

I'm pretty technically savvy, but when it comes to networking I lack practical experience. My thought is that pointing my domain to a dedicated IP and routing that traffic to my home IP would be safer - especially if I only allow traffic on certain ports from that IP. Just curious if that idea holds up in practice, or if it's not worth the effort.

I saw an appreciation post for Gluetun on here in the last couple of weeks. I'd set it up before my server died and I had to reinstall everything, but then gone for the easy method when I was reinstalling.

So my easy method install had a VM as a server running Plex and Docker and a second VM with Mullvad installed running anything that needed a VPN in Docker.

Yesterday I opened up a program behind the VPN and it wasn't working again. I had to restart the VM to get it going and it annoyed me. So before work I set up Gluetun.

I had previously used this walkthrough https://youtu.be/9dJPOd0XbN8 so I went back to it, looked in the notes and found his GitHub, then his docker compose under Torrent-VPN.

I stole his initial Gluetun config and the qBittorrent part, but then went into Portainer and took all my running containers and added them to the file. I took the ports out of each compose file and added the "network mode" and "depends on Gluetun" bits from the qBittorrent part of his config and added them to each compose file I added to the file.

Then the ports I had removed I added to the Gluetun part of his compose file.

Downloaded a config file for Mullvad and added the IP and private Key to the Gluetun compose.

Then launch the stack and it worked.

Now for the Gotchas. I had to go into Portainer to get the IP address that the whole stack used. This IP address was required to get containers talking to each other. If you need Sonarr to connect to Prowlarr it needs this IP address.

Also the downloader (he uses qBittorrent and I used RDT client) needed to be mapped using "localhost" for each container and the port

But other than those Gotchas it was quite easy and I managed to get everything set up an hour after finishing work. This was because I just used backups of my already running containers and restored them in the new ones, then edited the bits that had changed (IP addresses in my Gotchas)

The upside is that I'm now only using the one VM, meaning I've saved 4gb of RAM.

I can use that ram for something else now. Nextcloud? Immich?

Hope this helps someone else.