Shimitar

Shimitar OP , 2 months ago

Yeah, looks interesting but way too overkill i guess?

Shimitar OP , 2 months ago

Nah, moving away from NextCloud, it worked fine, but again overkill only for this

Shimitar , 2 months ago

Untrue, all my devices support av1 at this point, so that's only your mileage.

I am happy with av1 and its awesome space savings over h264.

Shimitar , 2 months ago

In my experience the saving over h265 is still consistent and given that hardware h265 is less common that av1 on new devices, from h264 there is no need to go h265 but directly to av1 is better if you need to do the job.

Keep h264 otherwise.

Shimitar , 2 months ago

I use a laptop and external jbod covered with a low power ups. As other said, the point is to bridge powergaps now long term working powerless. I live in the countrisied, so small powergaps happens specially when my photovoltaic don't produce (no, i have no battery accumulators, too expensive)

Shimitar OP , 3 months ago

Yes, you are right, I have updated the information.

Shimitar OP , 3 months ago

Fully agree

Shimitar OP , 3 months ago (edited 3 months ago)

I think NPM is useless (in my use-case...) and can get things more messy, but I plan to check on cockpit later on indeed.

NPM isn't bad in itself, but NGINX configuration is basically static and IMHO don't require a dedicated GUI.

Shimitar OP , 3 months ago

One of the risks associated with wildcard SSL certificates is the increased attack surface they introduce. If one subdomain becomes compromised, it opens the door for potential attackers to gain unauthorized access to all subdomains secured under the wildcard certificate.
(first google link)

Shimitar OP , 3 months ago

As already stated, it's Dokuwiki. I tried a few and this was the best compromise between features and complexity for my needs.

Shimitar OP , 3 months ago

Yeah, i kind of wrote badly. I mean NGINX configuration is simple enough and static enough not to need a dedicated service for my use case. I don't feel the need to mess with NPM. I have a neat folder structure under nginx config so that adding one service is pretty clean and simple and editing one too.

Shimitar OP , 3 months ago

Now the big question is: are you an Arch or a Gentoo lover?
Just joking.

Good job! Keep it up

Shimitar OP , 3 months ago

Using let's encrypt certbot is so easy and automated that I never bothered for wildcards anyway, so.

Shimitar , 3 months ago

Stessa tua situazione: a valle del coso di Fastweb ho il mio server linux con due schede di rete: una è usb-c.

Shimitar , 3 months ago

Ho lasciato lo scatolo Fastweb! Tanto anche lo zte è già dietro cg-nat per cui tanto vale.

Shimitar , 3 months ago

Vabbè fai come ti pare, dovrai perlomeno clonarne il mac e sperare che non ti becchino o rischi la cancellazione del contratto.

Lo scatolo è sostituibile con un tuo prodotto solo se hai fttc.

Shimitar , 3 months ago

I have external usb3 and usb-c raid arrays.... You need to buy expensive enclosures, something that cost 100€+ to be safe, then it will work for a long time.

My older usb3 array (4 disks in a jbod) is almost 7 years old and kicking.

Shimitar , 3 months ago

I am writing this https://wiki.gardiol.org feel free to take a look then ditch it and go your own way.

Its a bit of different take to today's trends (docker and such).

Shimitar , 3 months ago

No idea how to put a nice heart emoticon here... But assume I did!

Shimitar , 3 months ago

Some of you guys are nahive.

The true and best open source stuff is not developed for profit. Once it is, its only a matter of time because, guess what, software development is never really profitable no matter how much you piss off your user base.

Don't get me wrong: nothing bad in seeking profit, I do it myself too, I don't live of thin air...

But true open source projects are not developed by seeking sustainability and profit out of it. I steer away from any such project because it's doomed sooner or later and history is full of those projects.

Shimitar , 3 months ago

Yes, naïve :)

Shimitar , 3 months ago

Thats a good one!
But I am not French.

Shimitar , 3 months ago

For it to be, you need a solid paying user base. Which is not the case at hand.

Very often also at.enterprise level the big money is in training, support and courses rather than in the software licenses per se.

Shimitar , 3 months ago

This looks very cool and promising.

Iove that you can deploy on bare metal, immich doesn't allow that.

Does it support base-url? I mean can I host it on xxx.mydomain.com/gallery for example?

Shimitar , 3 months ago

Please add support for it, it would be greatly useful

Shimitar , 3 months ago (edited 3 months ago)

It's a work in progress, but https://wiki.gardiol.org (which is OFC self-hosted)

Anyway, beefy HP laptop with 32gb ram and Xeon CPU to run all services. 3 RAID-1 (Linux sw raid) usb3 volumes to host all services and data.

Two isp's: Vodafone FVA 5G (data capped) for general navigation and Fastweb FTTC (low speed but uncapped) for backup access and torrent/Usenet downloads.

Gentoo Linux all the way and podman, but as much limited as possible: only immich (that's impossible to host on bare metal due to devs questionable choices).

Services: WebDAV/webcal/etc wiki, more stuff, arrs, immich, podfetch, and a few more.

All behind nginx reverse proxy.

99% bare metal.

Self developed simple dashboard

External access via ssh tunnels to vps

Shimitar , 3 months ago

Why?

Shimitar , 3 months ago

The service runs as an unpriviledged user, even if, at worst, an intruder would delete or replace the wiki itself. Even the php-fpm behind it runs as that unpriviledged user and is not shared with any other service.

I doubt an attacker could do anything worse than DoS on the wiki itself.

Shimitar , 3 months ago

You are me

Shimitar , 3 months ago

Require a subdinain should not be mandatory in 2024.

Sub paths should be such a basic feature that's ridiculous devs don't even take that into consideration.

Why? Because a software requiring absolute paths is as old and obsolete as an msdos program, and the only real reason it happens today is... Bad design choices or limited frameworks.

Shimitar , 3 months ago

Why are subpaths an a anti pattern?

Why is taking away choices a problem?

Everybody has its own usage case, why should we prevent them from using their?

Shimitar , 3 months ago

Not really...
Your attitude is the problem.

Sub paths are simpler to deploy: need only one certificate, need only one subdomain.

In any case you need reverse proxy so security is not the matter here.

Your use cases are not mine and both ways should always be possible.

You never need a subpath over a subdomain, nor viceversa, it is (or should) always be a choice.

Shimitar , 3 months ago

A all my services are behind pam-auth, so nobody unless autheorized can see any subpaths. That fix it for security.

And that make it that browser will ask you to save password and login for each subdomain... But only once for a subpaths.

But beside this, is freedom of choice such difficult to grasp? My use cases are not yours, better be free to choose rather than forced, isn't it?

I do have few subdomains as well, I know perfectly how to automatize them and in fact I do, but I don't like having two ways and specially not just because some Dev don't want to look into supporting subpaths. The number of services not supporting subpaths is the vast minority, so there must be enough people wanting to use them after all. And in all cases, they don't support subpaths because framework don't support them (immich) or because devs don't care (ha).

Stuff like gitea, gerrit, WordPress, all wiki's I ever tried, arrs, jellyfin, podfetch are just the first that pops into my mind that I use and support subpaths.

Shimitar , 3 months ago

Easy user setting, set to disabled and there you go.

Take few seconds to find, then stays that way forever.

Shimitar , 3 months ago

You are welcome! I didn't do anything, but happy I helped!

Shimitar , 3 months ago

Don't run docker, so far it has proven quite insecure, and that was by design at first because docker was created for development environments and not for deployment.

Later docker added better security, because they understood the value in deployment too. But many distro are still insecure by default and it takes both the effort of sysadmins and image developers to deploy securely docker containers.

I switched to Podman: no daemon, no socket, no root operations out of the box. And the transition is basically seamless too.

Shimitar , 3 months ago

Podman can use different tools under the hood, will check which one I am using.

Shimitar , 3 months ago

Gentoo always and for everything!

Shimitar , 3 months ago

Stable? I never had instability of any kind with gentoo like... Ever... Except for faulty hardware (dead USB Ethernet card, bad memory stick...).

Gentoo let's you build the most skinny and bloatless server you can, just what you need how you want it. No bullshit, no choices made by others (Ubuntu I look at you). And optimized for your hardware too.

Today's compile time is ridiculously small, so that's not a down point for Gentoo.

Also, its so damn adherent to the true Linux philosophy that its surprisingly logical and coherent in it's internal organization that doesn't get in your way.

Ah, and docker and podman support is piece of cake if you like that stuff.

Its even less bloated than a plain text-only fresh Debian install.

You don't even have a logger or a cron daemon by default unless YOU install it.

And there is so much great quality documentation that even navigated Linux people will learn new tricks installing Gentoo.

Check out the Gentoo Handbook online.

And I have more than once installed gentoo on another running Linux, then rebooted remotely to a fresh Gentoo. Do it with any other distro, I dare you!

Shimitar , 3 months ago

Fellow Gentooer, Gentoo rocks!

Shimitar , 3 months ago

Get a firestick. After trying literally 5 different unbranded TV boxes I gave up. Those are all shit.

Get a Shield, but out of budget, or get a fire stick. They just work, are powerful enough and support enough codecs.

They are amazon so hey, ads and shit included, but way the best hardware for the price (yes they will hard code DNS and ignore your pihole)

Shimitar , 3 months ago

I have been running two usb3 based raid-1 arrays for over 10 years and I had zero failures, zero corruption's and plenty of speed (ssd's over dedicated usb3 ports).

The disks are on a UPS (a very small one) to avoid powerlosses due to power failures.

Shimitar , 3 months ago

I use an expensive JBOD USB/e-SATA BOX to host 4 ssd's (nowadays, but those has been hdd's until 2022) connected via usb3. The box has a huge fan too.

I think the issue is not USB itself but how cheap you go with your enclosure...

No, can confirm no data corruption. Can I be 100% sure? No I cannot of course.

I use EXT4, which again never gave me issues whatsoever. So far.

Shimitar OP , 4 months ago

Nephele looks great. After some fiddling i couldn't make it work with sub-paths (/path/path) so i will keep using Apache as WebDAV server, which fits my bill so far. Unfortunately Joplin notes are NOT plain text (not even .md) as far as i can see, so that is not an option.

Shimitar , 3 months ago

Radicale. Setup was a breeze and Just Works Fine. A piece of set and forget software for me.

Shimitar , 3 months ago

Its for lucky people without CG-NAT which today means people from USA mostly....