publication croisée depuis : https://lemmy.world/post/448925

Hi there, I was looking for combinations of switching hardware and open source switching software. Stratum and Cumulus Linux caught my attention, but these seem to be focussed towards the industry and would likely be very difficult to run in a homelab. I'm not going to touch the likes of Ubiquity, but as of now the only choice seems to be closed-source software from TPLink and/or Cisco. I'm going to try and harden the inside of my network too with ACLs and any other features I find on the switches, and having an open source OS with regular updates would be very nice to have.

Any suggestions? I was trying to find something to run on a MikroTik switch, since I find their L2 OS a bit lacking.

Cheers!

Edit: a kind user mentioned OpenWRT, which I should have looked into more seriously before posting this. I'm going through it right now, any suggestions are welcome!

I know everyone is still fiddling around with setup, but I have tried and tried to get my own compose working but have had no luck. If anyone can share their working compose, it would be really helpful. I have an existing Nginx Proxy Manager container serving as my reverse proxy, so I don’t want to install the nginx container in the sample compose either. Thanks!

Just wanted to say thank you to everyone in the community for being awesome, this is not a help request just me being super happy that I have finally overcome one of the biggest challenges I set for myself with self-hosting, making a media server that I can add media to at any time from anywhere in the world so that my family and I, located on different continents, can immediately enjoy it!

My Raspberry Pi started out as just a simple Nextcloud box that I could access outside the home to escape from the Dropboxes and Google Drives of the world.

I ended up finding out everything that I can do with it and became more and more enthralled and tried to challenge myself. I learned so much about NFS, config files, iptables, and Linux/networking in general that I feel the knowledge itself was worth the struggle.

While I have more than a few programs on there, the most challenging thing has been this (which I just now put the final touches on accomplishing):

1. Have a Jellyfin server on the Pi which can be accessed from anywhere in the world.

2. Be able to add media to Jellyfin via torrent.

3. Used a separate (very old, Windows XP era) 32-bit computer only to be a torrent box (running latest Debian). I connect to my VPN provider via openvpn on the command line with transmission-daemon running behind that. However, I want to be able to add a torrent from anywhere in the world at any time and I cannot do that if transmission-daemon is hiding behind a VPN. Therefore I need to be able to create an ssh tunnel, but I can't do that if the entire server is behind a VPN! Therefore I had to learn to mess with iptables and ip rules, but I was able to make SSH use the default network while everything else uses the VPN, and so now I can ssh tunnel from outside the home network and open transmission in a browser that way.

4. Since I am using two separate machines (the torrent box for downloading torrents and the Raspberry Pi for hosting the media server), I created an NFS share on the Raspberry Pi where the media would sit and mounted it on the torrent box, having all finished media files be placed in there.

5. I set up Jellyfin to refresh every 6 hours to update the media that I now have.

If anybody here is trying to do this and is having issues, I'm happy to answer any questions!

I have a Raspberry Pi with a 2TB SSD on which I store all of my media. That media sits in a directory that is capable of being mounted on other computers via NFS.

I have that directory mounted on another computer via NFS in /mnt. I am able to create directories, create files, move files there, and they show up instantaneously on the Raspberry Pi (I do this without sudo because I gave my user write permissions via chown).

However, when I attempt to download a torrent via Transmission and have it automatically save to the NFS-mounted share, it does so for a few seconds, then gives me one of the two following errors:

Error:  Permission denied (/mnt/....)

or

Error: Read-only filesystem (/mnt/....)

My Transmission Daemon user is set up to be my normal user.

Anybody have any ideas? I followed these three tutorials to set it all up:

• https://pimylifeup.com/raspberry-pi-transmission/
• https://pimylifeup.com/raspberry-pi-nfs/
• https://pimylifeup.com/raspberry-pi-nfs-client/

Thank you in advance for any help you can provide.

I am wondering what can be done in Linux to reduce CPU power consumption. In Windows, I'm familiar with setting and testing power limits and undervolting using Throttlestop (amazing tool), but to my knowledge no such tool (command line or otherwise) exists for Linux.

I've recently acquired an HP Mini G6 with a full fat i7 10700, which came as a surprise as it was advertised as 10700T when I went to pick it up.

I was after the T CPU due to the lower power consumption for an always on home server that sees occasional use (media server, file sharing, image backup, etc)

Also, I don't actually know if the idle power consumption between the 10700 and the 10700T is actually any different, or if the T only prevents the CPU from boosting as hard - if anyone could clear that up! Cheers.

My use case is I’m transferring large already encrypted files between two servers connected via wireguard.

Is there any benefit to SFTP over FTP in this case?

I have a self hosted server running yunohost that I use for a few services for my own use all of which require login to use so they're safe enough.

However I'm increasingly uncomfortable with the fact that anyone can discover my home IP via my domain name. Especially if I decided to install something like Lemmy or Mastodon.

Yunohost installs dyndns as part of it's setup but, aside from buying a fixed IP from a VPN provider that allows incoming connections I'm not sure what other options I have

I can't change very much on the modem router either. I can forward ports but that's about it.

I can add and manage new domains if necessary.

Any and all ideas welcome but, as you can guess from the fact I'm using yunohost, my networking knowledge is limited so please eli5 :)

In the past few days, I've seen a number of people having trouble getting Lemmy set up on their own servers. That motivated me to create Lemmy-Easy-Deploy, a dead-simple solution to deploying Lemmy using Docker Compose under the hood.

To accommodate people new to Docker or self hosting, I've made it as simple as I possibly could. Edit the config file to specify your domain, then run the script. That's it! No manual configuration is needed. Your self hosted Lemmy instance will be up and running in about a minute or less. Everything is taken care of for you. Random passwords are created for Lemmy's microservices, and HTTPS is handled automatically by Caddy.

Updates are automatic too! Run the script again to detect and deploy updates to Lemmy automatically.

If you are an advanced user, plenty of config options are available. You can set this to compile Lemmy from source if you want, which is useful for trying out Release Candidate versions. You can also specify a Cloudflare API token, and if you do, HTTPS certificates will use the DNS challenge instead. This is helpful for Cloudflare proxy users, who can have issues with HTTPS certificates sometimes.

Try it out and let me know what you think!

https://github.com/ubergeek77/Lemmy-Easy-Deploy

The github docker-compose file calls out pixelfed:pixelfed as the image, but nothing exists when trying to pull it: https://hub.docker.com/r/pixelfed/pixelfed/tags

Is there a official (or unofficial) image that should be used that is compatible with the sample docker-compose setup (and runs on ARM): https://github.com/pixelfed/pixelfed/blob/dev/docker-compose.yml

Hi All, I know it was asked multiple times but I'm a noob.

What is the best way to access my server from external network? I know I can open a port on router (not recommended), Tailscales, Wireguard or Direct VPN. I will access from android phone and maybe from other devices.

What I want to try to access (mainly docker on NAS)

• bitwarden
• calibre
• setup home assistant
• possibly RSS server
• nextcloud
• plex server (already remote access)
• maybe docker apps too

Thanks

Hi guys, I am trying to bring a lemmy instance up but I have no idea why it freezes on "building lemmy"

This is what I get: https://i.imgur.com/GjcHPkd.png

and when I check my $ docker images https://i.imgur.com/wIUw54R.png

This is my docker-compose.yml for refenrece:

version: "3.7"

x-logging: &default-logging
  driver: "json-file"
  options:
    max-size: "50m"
    max-file: 4

networks:
  # communication to web and clients
  lemmyexternalproxy:
  # communication between lemmy services
  lemmyinternal:
    driver: bridge
    internal: true

services:
  proxy:
    image: nginx:1-alpine
    networks:
      - lemmyinternal
      - lemmyexternalproxy
    ports:
      # actual and only port facing any connection from outside
      # Note, change the left number if port 1236 is already in use on your system
      # You could use port 80 if you won't use a reverse proxy
      - "1236:1236"
      - "8536:8536"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro,Z
    restart: always
    depends_on:
      - pictrs
      - lemmy-ui
    logging: *default-logging

  lemmy:
    # image: dessalines/lemmy:dev
    # use this to build your local lemmy server image for development
    # run docker compose up --build
    build:
      context: ../
      dockerfile: docker/Dockerfile
      # args:
      #   RUST_RELEASE_MODE: release
    # this hostname is used in nginx reverse proxy and also for lemmy ui to connect to the backend, do not change
    hostname: lemmy
    networks:
      - lemmyinternal
      - lemmyexternalproxy
    restart: always
    environment:
      - RUST_LOG="warn,lemmy_server=debug,lemmy_api=debug,lemmy_api_common=debug,lemmy_api_crud=debug,lemmy_apub=debug,lemmy_db_schema=debug,lemmy_db_views=debug,lemmy_db_views_actor=debug,lemmy_db_views_moderator=debug,lemmy_routes=debug,lemmy_utils=debug,lemmy_websocket=debug"
      - RUST_BACKTRACE=full
    volumes:
      - ./lemmy.hjson:/config/config.hjson:Z
    depends_on:
      - postgres
      - pictrs
    logging: *default-logging

  lemmy-ui:
    image: dessalines/lemmy-ui:0.17.1
    # use this to build your local lemmy ui image for development
    # run docker compose up --build
    # assuming lemmy-ui is cloned besides lemmy directory
    # build:
    #   context: ../../lemmy-ui
    #   dockerfile: dev.dockerfile
    networks:
      - lemmyinternal
    environment:
      # this needs to match the hostname defined in the lemmy service
      - LEMMY_UI_LEMMY_INTERNAL_HOST=lemmy:8536
      # set the outside hostname here
      - LEMMY_UI_LEMMY_EXTERNAL_HOST=localhost:1236
      - LEMMY_HTTPS=false
      - LEMMY_UI_DEBUG=true
    depends_on:
      - lemmy
    restart: always
    logging: *default-logging

  pictrs:
    image: asonix/pictrs:0.4.0-beta.19
    # this needs to match the pictrs url in lemmy.hjson
    hostname: pictrs
    # we can set options to pictrs like this, here we set max. image size and forced format for conversion
    # entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp
    networks:
      - lemmyinternal
    environment:
      - PICTRS_OPENTELEMETRY_URL=http://otel:4137
      - PICTRS__API_KEY=API_KEY
      - RUST_LOG=debug
      - RUST_BACKTRACE=full
      - PICTRS__MEDIA__VIDEO_CODEC=vp9
      - PICTRS__MEDIA__GIF__MAX_WIDTH=256
      - PICTRS__MEDIA__GIF__MAX_HEIGHT=256
      - PICTRS__MEDIA__GIF__MAX_AREA=65536
      - PICTRS__MEDIA__GIF__MAX_FRAME_COUNT=400
    user: 991:991
    volumes:
      - ./volumes/pictrs:/mnt:Z
    restart: always
    logging: *default-logging

  postgres:
    image: postgres:15-alpine
    # this needs to match the database host in lemmy.hson
    # Tune your settings via
    # https://pgtune.leopard.in.ua/#/
    # You can use this technique to add them here
    # https://stackoverflow.com/a/30850095/1655478
    hostname: postgres
    command:
      [
        "postgres",
        "-c",
        "session_preload_libraries=auto_explain",
        "-c",
        "auto_explain.log_min_duration=5ms",
        "-c",
        "auto_explain.log_analyze=true",
        "-c",
        "track_activity_query_size=1048576",
      ]
    networks:
      - lemmyinternal
      # adding the external facing network to allow direct db access for devs
      - lemmyexternalproxy
    ports:
      # use a different port so it doesnt conflict with potential postgres db running on the host
      - "5433:5432"
    environment:
      - POSTGRES_USER=lemmy
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=lemmy
    volumes:
      - ./volumes/postgres:/var/lib/postgresql/data:Z
    restart: always
    logging: *default-logging

cross-posted from: https://lemmy.death916.xyz/post/9829

Heard about his on the self hosted podcast and just installed it and it works great. Dont use the given compose file just make your own with the linuxserver image. Here's mine and it works over tailscale and through my reverse proxy.

version: "3"
services:
  snapdrop:
    image: "linuxserver/snapdrop"
    
    volumes:
      - /nasdata/docker/volumes/snapdrop/:/data
    
    ports:
      - "8090:80"
      - "4430:443"
  

Hey guys, I'm currently studying computer science and have used Google domains for a while to host my own website. In lieu of domains being discontinued by Google I'm thinking about moving every service I've used there to a Debian VM, which would be hosted by a company in my country, but I would have root access.

This would include a Web- and a Mailserver pretty much. I'm not a beginner when it comes to handling a CLI, but I am quite rusty and would prefer a solution that I set up once and don't have to maintain weekly to keep it going.

I'm aware selfhosting entails some kind of maintenance, I pretty much just don't want to be overwhelmed and suddenly lose access to my mails by being lazy.

Serverwise I've setup Apache and Postfix already in my studies, but I'm not sure if those are the best solutions.

I'd really love a few pointers and do's and don'ts if you'd be so kind to help me out 😄

Thanks!

(I've posted this to a different community already, but this one seems more active, sorry if you see this double!)

Edit: Thanks for all the input! I'll use Ionos to register my domain and their free Mailservice they provide with it. My website is currently still hosted with firebase, but I'll move it to a Linux VM also hosted by Ionos...

I'm looking to host a lemmy instance for a small subreddit. I I am unsure if the load would be too much for my home network. In the last 30 days we got 1.7k comments, 96 posts, 95k views, with an average unique of 809.

My home internet connection is 100mb/s down, 20mb/s up. I use the network to work from home as well as general internet degeneracy when I'm off the clock. I have two roommates also using the network for personal stuff, but not working from home. Would this put too much load on my home network?

If it does, could anyone recommend a good web host service that is compatible with lemmy?

Does anyone have any good experience with a self-hosted getpocket.com alternative? I've heard about wallabag but I'm hoping to explore other options

Google strikes again!

I'm looking to register a new domain but hate how pricing is $0.01 first year, $1M renewal. It doesn't seem like a deal if it's going to cost so much to renew.

Are there any transparent registrars or any tools that will give you a cost over 3 years or something?

I'll be honest, I did Google it but you'll never guess what the top hit was. I didn't click. I'm putting this here in a small attempt to transfer some knowledge to the fediverse.

I’m interested in setting up my own instances for Lemmy, Mastodon, and Matrix.

Can I use the same https://domain.tld for all of them without any subdomains?

For example:
lemmyuser@mydomain.tld
mastodonuser@mydomain.tld
matrixuser@mydomain.tld

Will this work across all of my self-hosted instances, or do I need to append a subdomain for each, e.g., lemmyuser@lemmy.mydomain.tld?

I have a Raspberry Pi that I want to be able to run Transmission on for torrenting purposes. I have Transmission installed.

I want to have openvpn running but only for Transmission and not touching the rest of the services. I have to access many of the other services on the Pi from the web and therefore cannot have the VPN interfering with that.

I have a ProtonVPN account and downloaded all of the openvpn UDP config files.

I would like to have the VPN running but split-tunneled so that only Transmission is covered by the VPN.

I have searched for guides that explain how to do this but so far none of them are adequate or go into enough detail.

Does anybody have a guide that can explain it all in detail, or know what files to edit and what to put in them?

Thank you in advance for any help you can provide.

None of this is using Docker.

I want to set up a lemmy instance as a subreddit alternative for a community I moderate. I would be running the instance on a local machine in my home so I really want to make sure that it can't be traced to my physical location.

I already subscribe to ExpressVPN for general use, can I just install it on the local machine, press connect, and boom be anonymous? What impact would this have on users?

I have Jellyfin on my Raspberry Pi and I usually access it via my local network or via SSH tunneling when I'm outside of my local network, but I want to be able to just access it via https outside of my local network.

I am following the instructions on Jellyfin's Networking page here: https://jellyfin.org/docs/general/networking/

On the part where I input this command

openssl pkcs12 -export -out jellyfin.pfx -inkey privkey.pem -in /usr/local/etc/letsencrypt/live/domain.org/cert.pem -passout pass:

I get this error

Can't open /usr/local/etc/letsencrypt/live/domain.org/cert.pem for reading, No such file or directory

Any idea what I'm doing wrong?

Got it solved! For future people reading this, the solution is here: https://github.com/jellyfin/jellyfin/issues/6697#issuecomment-1086973795

Jellyfin's Networking guide is all wrong.