overview for bjornsno

If you could "Eternal Sunshine" a piece of media so that you could listen to it for the first time again, what would it be? in c/asklemmy@lemmy.ml

[–] bjornsno@lemm.ee 4 points 2 days ago

I'm between The Black Parade (the album) by My Chemical Romance, an alt rock opera masterpiece imo, and Hamilton, the Broadway cast recording. I feel like the former might not work as well when removed from its time, but I bet it still would blow my mind.

How do I change the clipboard program that neovim uses? in c/neovim@programming.dev

[–] bjornsno@lemm.ee 4 points 4 days ago

This is exactly what happens. Actually the whole Wayland/xorg thing is not necessary, simply exiting a Wayland session and starting a new one will probably have the same effect, might depend on compositor. But it doesn't help knowing that it's the cause, I've known it for years, no closer to a solution. Obviously closing the tmux session and starting over is a "fix" in the same way that turning the machine off and on again is a fix. Kinda defeats the purpose of persistent tmux sessions.

New terminal apps: Warp and Wave in c/linux@lemmy.ml

[–] bjornsno@lemm.ee 14 points 4 days ago (4 children)

Have you tried kitty? It's seriously nice if you can live with the occasional "oh no I sshed to a server that doesn't have the correct terminfo files and now none of the normal terminal navigation features work"

What jobs in the US (Kentucky) Allow employees to wear whatever you want? in c/nostupidquestions@lemmy.world

[–] bjornsno@lemm.ee 2 points 4 days ago

I'm sorry to be the one to break it to you but every job becomes a job, if you know what I mean. I'm my own boss, work from home, doing programming which is my passion. I still love programming, but work is work. Not saying you shouldn't try to find enjoyment in it, just don't want you to expect it to be fun as shit no matter what the job description says. Just try to find one that doesn't make you miserable and focus on that work life balance.

How is your week going? in c/casualconversation@lemm.ee

[–] bjornsno@lemm.ee 4 points 4 days ago (1 children)

Pretty good, getting used to working from home while taking care of a newborn. It's tough but becoming manageable.

How is your week going? in c/casualconversation@lemm.ee

[–] bjornsno@lemm.ee 2 points 4 days ago (1 children)

Hey congrats! Is No Mans Sky good? I liked it originally but got bored, and it looked to me like all the updates were about combat, which I don't care about and would rather avoid.

Is there any easy way to install a Linux distribution directly to a USB drive? in c/linux@lemmy.ml

[–] bjornsno@lemm.ee 3 points 1 week ago

This doesn't really install it, though, you can't update or permanently edit and config, set up users, or anything like that. I would guess OP wants something more like booting the ISO in a VM, allocating a thumb drive to that VM, and then installing a full system to it with a boot loader.

Pets Sunday - how are they doing? in c/casualconversation@lemm.ee

[–] bjornsno@lemm.ee 4 points 2 weeks ago

My cat is starting to accept that my newborn is not going anywhere, and has returned to the land of the living room to chill with us. He's an extremely timid gentleman so he always runs outside at the first sign of a cry, but progress is still very promising!

Rule to allow tearing for all games launched via Steam in Sway and Hyprland in c/linux_gaming@lemmy.ml

[–] bjornsno@lemm.ee 6 points 2 weeks ago (3 children)

If I may ask, why do we want to enable tearing now? There are pages and pages across the wikis on how to fix tearing...

What is the safest way for a partially disabled person in the USA to use prison for food and shelter as an alternative to dying homeless in a gutter on a cold rainy night? in c/nostupidquestions@lemmy.world

[–] bjornsno@lemm.ee 13 points 1 month ago (1 children)

Help I'm destitute, what should I do? Step one: buy Bitcoin.

People who have studied and have applied Dialectical Materialism to resolve problems in your life/locality, could you share your experiences? in c/asklemmy@lemmy.ml

[–] bjornsno@lemm.ee 5 points 1 month ago (1 children)

Imo it's only a tool to understand and explain situations, not so much a tool to solve problems. Definitely understanding the forces that make up the conflict might help you solve a problem, but the solution will depend on what kind of forces are involved.

love how you don't have to alter serious rightwing memes to meme them in c/memes@lemmy.ml

[–] bjornsno@lemm.ee 45 points 1 month ago (14 children)

Come on, this one is funny but why pretend it was ever made by a right wing person in earnest? Everything about it screams classic mocking meme.

12

Help with authentik and traefik random drops (lemm.ee)

submitted 2 months ago* (last edited 2 months ago) by bjornsno@lemm.ee to c/selfhosted@lemmy.world

4 comments fedilink

Hello self hosters! I am hoping some of you wizards can help me troubleshoot my setup with authentik and traefik.

First about my setup. I have a synology nas that is running a docker compose stack. Synology is notoriously bad at keeping their docker version fresh, but hopefully that isn't relevant to this issue. I'm running traefik for reverse proxy, and authentik for auth. In authentik land I've split the outpost work into its own container, named authentikproxy. Any request to a service with the authentik-basic@file or authentik@file middleware labels applied should be routed through the authentikproxy service for auth. If it detects that one isn't authed, it will in turn send you to the authentik frontend for SSO.

The issue is that authentik randomly stops working for random routes, or randomly fails to start working for random routes. Every time this happens I need to restart my authentikproxy and traefik containers over and over until it randomly decides to work for all my routes. When this happens I am just sent straight to the app unauthenticated. I'll have to either input http basic credentials or use the app's login page, whichever it has. I have found nothing in the logs after months of this going on, neither authentik nor traefik seem to be aware that anything is amiss.

I suspect the issue is to do with the docker networks but that's honestly just a hunch.

My docker-compose file is hundreds of lines long, so I've stripped environment and volume info while preserving traefik labels to try to keep the info more or less concise. It is certainly still too much info but I did not want to accidentally delete something crucial. Here follows my setup.

docker-compose.yml

services:
  traefik:
    profiles:
      - prod
    container_name: traefik
    image: traefik:v2.11
    command:
      - "--entrypoints.websecure.http.tls.domains[0].main=${BASE_DOMAIN}"
      - "--entrypoints.websecure.http.tls.domains[0].sans=*.${BASE_DOMAIN}"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/middlewares.yml:/app/myconf/middlewares.yml
      - ./traefik/traefik.yml:/traefik.yml
    restart: unless-stopped
    networks:
      default:
        aliases:
          # Allow xcontainernet services to resolve authentik
          - "authentik.${BASE_DOMAIN-home}"
    ports:
      - 80:80
      - 443:443
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.redirectssl.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.rule=Host(`traefik.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.traefik.middlewares=redirectssl@docker"
      - "traefik.http.routers.traefiksecure.rule=Host(`traefik.${BASE_DOMAIN-home}`)"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"

  transmission:
    image: lscr.io/linuxserver/transmission
    container_name: transmission
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.torrents.rule=Host(`torrents.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.torrents.middlewares=redirectssl@docker"
      - "traefik.http.routers.torrentssecure.rule=Host(`torrents.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.torrentssecure.entrypoints=websecure"
      - "traefik.http.routers.torrentssecure.middlewares=authentik@file"

  sabnzbd:
    image: lscr.io/linuxserver/sabnzbd
    container_name: sabnzbd
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nzb.rule=Host(`nzb.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.nzb.middlewares=redirectssl@docker"
      - "traefik.http.routers.nzbsecure.rule=Host(`nzb.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.nzbsecure.entrypoints=websecure"
      - "traefik.http.routers.nzbsecure.middlewares=authentik@file"
      - "traefik.http.services.nzb.loadbalancer.server.port=8080"

  sonarr:
    image: ghcr.io/linuxserver/sonarr:latest
    container_name: sonarr
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.sonarr.rule=Host(`sonarr.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.sonarr.middlewares=redirectssl@docker"
      - "traefik.http.routers.sonarrsecure.rule=Host(`sonarr.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.sonarrsecure.entrypoints=websecure"
      - "traefik.http.routers.sonarrsecure.middlewares=authentik-basic@file"
      - "traefik.http.services.sonarr.loadbalancer.server.port=8989"

  radarr:
    image: ghcr.io/linuxserver/radarr:latest
    container_name: radarr
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.radarr.rule=Host(`radarr.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.radarr.middlewares=redirectssl@docker"
      - "traefik.http.routers.radarrsecure.rule=Host(`radarr.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.radarrsecure.entrypoints=websecure"
      - "traefik.http.routers.radarrsecure.middlewares=authentik-basic@file"
      - "traefik.http.services.radarr.loadbalancer.server.port=7878"

  readarr:
    image: lscr.io/linuxserver/readarr:nightly
    container_name: readarr
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.readarr.rule=Host(`readarr.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.readarr.middlewares=redirectssl@docker"
      - "traefik.http.routers.readarrsecure.rule=Host(`readarr.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.readarrsecure.entrypoints=websecure"
      - "traefik.http.routers.readarrsecure.middlewares=authentik-basic@file"
      - "traefik.http.services.readarr.loadbalancer.server.port=8787"

  bazarr:
    image: ghcr.io/linuxserver/bazarr:latest
    container_name: bazarr
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.bazarr.rule=Host(`bazarr.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.bazarr.middlewares=redirectssl@docker"
      - "traefik.http.routers.bazarrsecure.rule=Host(`bazarr.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.bazarrsecure.entrypoints=websecure"
      - "traefik.http.routers.bazarrsecure.middlewares=authentik-basic@file"
      - "traefik.http.services.bazarr.loadbalancer.server.port=6767"

  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    container_name: prowlarr
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.prowlarr.middlewares=redirectssl@docker"
      - "traefik.http.routers.prowlarrsecure.rule=Host(`prowlarr.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.prowlarrsecure.entrypoints=websecure"
      - "traefik.http.routers.prowlarrsecure.middlewares=authentik-basic@file"
      - "traefik.http.services.prowlarr.loadbalancer.server.port=9696"

  jellyfin:
    image: linuxserver/jellyfin:latest
    container_name: jellyfin
    networks:
      default:
      xcontainernet:
        ipv4_address: 192.168.0.201
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.jellyfin.rule=Host(`tv.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.jellyfin.middlewares=redirectssl@docker"
      - "traefik.http.routers.jellyfinsecure.rule=Host(`tv.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.jellyfinsecure.entrypoints=websecure"
      - "traefik.http.services.jellyfin.loadbalancer.server.port=8096"

  authentikserver:
    image: ghcr.io/goauthentik/server:2024.2.2
    command: server
    depends_on:
      - postgresql
      - redis
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.authentik.rule=Host(`authentik.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.authentik.entrypoints=web"
      - "traefik.http.routers.authentik.middlewares=redirectssl@docker"
      - "traefik.http.routers.authentiksecure.rule=Host(`authentik.${BASE_DOMAIN:-home}`)"
      - "traefik.http.routers.authentiksecure.entrypoints=websecure"
      ## HTTP Services
      - "traefik.http.routers.authentiksecure.service=authentik-svc"
      - "traefik.http.services.authentik-svc.loadbalancer.server.port=9000"

  authentikproxy:
    image: ghcr.io/goauthentik/proxy:2024.2.2
    labels:
      - "traefik.http.routers.authentik-proxy-outpost.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.${BASE_DOMAIN:-home}`) && PathPrefix(`/outpost.goauthentik.io/`)"
      - "traefik.http.routers.authentik-proxy-outpost.entrypoints=websecure"
      - "traefik.http.services.authentik-proxy-outpost.loadbalancer.server.port=9000"

  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    depends_on:
      - redis
      - immich-database
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.immich.rule=Host(`photos.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.immich.middlewares=redirectssl@docker"
      - "traefik.http.routers.immichsecure.rule=Host(`photos.${BASE_DOMAIN-home}`)"
      - "traefik.http.routers.immichsecure.entrypoints=websecure"
      - "traefik.http.services.immich.loadbalancer.server.port=3001"

networks:
  default:
    ipam:
      config:
        - subnet: 172.22.0.0/24
  xcontainernet:
    name: xcontainernet
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: "192.168.0.0/24"
          ip_range: "192.168.0.200/29"
          gateway: "192.168.0.1"

traefik/traefik.yml

providers:
  docker:
    exposedByDefault: false
    network: homeservices_default
  file:
    directory: /app/myconf
    watch: true

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
    http:
      tls:
        certResolver: dnsresolver

traefik/middlewares.yml

http:
  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https
        permanent: true

    authentik-basic:
      forwardAuth:
        address: "http://authentikproxy:9000/outpost.goauthentik.io/auth/traefik"
        trustForwardHeader: true
        authResponseHeaders:
          - Authorization

    authentik:
      forwardAuth:
        address: "http://authentikproxy:9000/outpost.goauthentik.io/auth/traefik"
        trustForwardHeader: true
        authResponseHeaders:
          - X-authentik-email
          - X-authentik-groups
          - X-authentik-jwt
          - X-authentik-meta-app
          - X-authentik-meta-jwks
          - X-authentik-meta-outpost
          - X-authentik-meta-provider
          - X-authentik-meta-version
          - X-authentik-name
          - X-authentik-uid
          - X-authentik-username

24

Help with deployment (lemm.ee)

submitted 2 months ago by bjornsno@lemm.ee to c/selfhosted@lemmy.world

19 comments fedilink

Hello nerds! I'm hosting a lot of things on my home lab using docker compose. I have a private repo in GitHub for the config files. This is working fine for me, but every time I want to make a change I have to push the changes, then ssh to the lab, pull the changes, and run docker compose up. This is of course working fine, but I want to automate it. Does anyone have a similar setup and know of a good tool? I know I could use watchtower to update existing images, but this is more for if I change a setting or add a new service.

I've considered roughly four approaches.

A new container that mounts the whole running directory and the docker socket. It will register a webhook in GitHub to receive notifications when I push to the repo, run git pull and docker up. My worries here are the usual dind gotchas.
Same as 1, but don't mount anything, instead ssh from container to host and run the steps there. This solves any dind issues, but I don't love giving the container an ssh key to the host.
Have a service running on the host outside of docker. This is probably the correct approach, but very annoying since my host is a Synology nas and it doesn't have systemd or anything like that afaik.
Have a GitHub action ssh to the machine and do the steps. Honestly the easiest way but I would prefer to not open ssh to the internet.

Any feedback or tips are much appreciated. I don't feel like any of my options are very good and I feel like I am probably missing something obvious.

5

Bug: "clear read" buttons do nothing (lemm.ee)

submitted 3 months ago by bjornsno@lemm.ee to c/boostforlemmy@lemmy.world

6 comments fedilink

I have two ways to supposedly "clear read" posts when viewing a community, however doing so has no effect. I've got the app set up to hide read posts, so clearing read posts should let me see the ones that were previously hidden but that does not happen. My only way to see those posts now is to open the community in a web browser.