Looking to migrate away from APS as it is no longer in active development.
I need a solution that will still enable me to add/remove/change passwords from an Android device, a Linux device, and have all changes sync-up. (In GNU-pass-based APS, it's achieved by a git repo that saves passwords as gpg encrypted files) Preferably, I want it to still be self hosted, F-Droidable, and maybe a migration guide or tool to ease the transition.

Thanks!

Solved : I was still on my local network instead of my LTE network, so I was accessing the global ip through the local network, and thus the access page.

Hello,

I am running OPNSense as my router for my ISP and my local network.

When I access my global ip, it lands me on the login page of my OPNSense router. Is that normal?

The only Firewall WAN Rule I added is the rule to enable my Wireguard instance (and I disabled it to test if that was the issue)

I was messing with the NAT Outbound for the Road Warrior setup as explained in the OPNSense Road Warrior tutorial, but that rule is also disabled.

I enabled OutboundDNS to override a local domain.

And I have a dynamic DNS to access my VPN with a FQDN instead of the ip directly.

But otherwise, I have the vanilla configuration. I disabled all of these rules I've created to make sure that they weren't the issue, and I can still access my OPNSense from the WAN interface.

So is that a normal default behaviour? If so, how can I

*** For anyone stumbling on this post, and is as newbie as I am right now, forward auth doesn't work with FireflyIII.

I thought that forward auth was the same as a proxy, but in this case, it is the proxy that provides the x-authentik tags.

So for Firefly, set up Authentik as a proxy provider and not a forward auth.

I haven't figured out the rest yet, but at least, x-authentik-email is in my header now.

Good luck ***

Hello,

I am trying to setup Authentik to do a forward auth for Firefly3, using caddy. I am trying to learn External authentication so my knowledge is limited.

My setup is as follows.

By looking at the Firefly doc Firefly doc, I need to set AUTHENTICATION_GUARD=remote_user_guard AUTHENTICATION_GUARD_HEADER=HTTP_X_AUTHENTIK_EMAIL in my .env file. I used the base .env file provided by Firefly and modified only these two lines

Then, in my Authentik, I made a forward auth for a single app

Hello,

I am trying to setup Authelia using apalrd tutorial.

In the configuration file, I need to setup a SMTP server to send email from.

I am currently using proton mail and they don't have smtp support out of the box, you have to go through their bridge.

I've tried to find tutorial on how to use Proton Bridge CLI to be able to use it as my SMTP locally, but the information seems scarce on that front. (keep in mind that I am no expert).

So my question is as follows : what are my option to have a functional SMTP configuration on my Authelia server?

Thank you

I'm currently trying to spin up a new server stack including qBittorrent. when I launch the web UI, it asks for a login on first launch. According to the documentation, the default user id admin and the default password is adminadmin.

Solved:

For qBittorrent ≥ v4.1, a randomly generated password is created at startup on the initial run of the program. After starting the container, enter the following into a terminal:

docker logs qbittorrent or sudo docker logs qbittorrent (if you do not have access to the container)

The command should return:

******** Information ******** To control qBittorrent, access the WebUI at: http://localhost:5080 The WebUI administrator username is: admin The WebUI administrator password was not set. A temporary password is provided for this session: G9yw3qSby You should set your own password in program preferences.

Use this password to login for this session. Then create a new password by opening http://{localhost}:5080 and navigate the menus

I have a Qnap DAS. It is set up in a raid5 configuration. The problem is that each time I reboot my machine (ubuntu 24.04 LTS), the path of the DAS will auto-increment up by one.

For example the path will automatically go from media/raid57/medialib to media/raid58/medialib. That means I need to manually redo all file paths and then re-scan my entire media library for Jellyfin, each time I reboot my machine (which is like 2-3 times a month).

It is getting pretty annoying and I'm wondering if someone knows why this happens and what I can do to fix it.

Hello! I have jellyfin+qbittorrent+radarr on my home server, but I can't make it work with hardlinks. When a download finishes, it just copies it to the /movie folder, doubling the disk space. at least, I think that it's just a copy, because the disk space is double and find ./downloads -samefile ./movies/path/to/file.mkv returns no result, meaning if I understand correctly that file.mkv is not hardlinked to any file in the download folder (but it should).

this is the docker compose:

 yml

    
radarr:
    image: lscr.io/linuxserver/radarr:latest
    container_name: radarr
    network_mode: container:gluetun
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Rome
    volumes:
      - ./radarr-config:/config
      - /media/HDD1/movies:/movies
      - /media/HDD1/downloads:/downloads
    restart: unless-stopped


  

HDD1 hard drive is formatted ext4, that supports hardlinks (in fact I can create them manually), and in the radarr settings the checkbox "use hardlinks ins

I set up Nginx Proxy Manager, and one of my services I want to serve is my Jellyfin which is hosted on another machine. Instead of Proxying the stream though, it'd be easier on the network to use the Nginx Stream module for facilitating that, I would expect.

The issue I'm facing is it seems like the only way to set up Nginx Stream is based on port, rather than by domain, and if I want to do it based on domain, I'd be proxying the data instead.

Is there any way to Stream to my Jellyfin rather than Proxying?

Thanks!

cross-posted from: https://lemmy.dbzer0.com/post/19310012

Hello,

I need some help here. I've been trying to write my own Ansible playbook to setup my homeserver. The storage devices on this server are 1 NVMe SSD and 2 HDDs which I want to setup as a mirror. I want to setup all storage devices as either BTRFS or ZFS but I'm having trouble finding the correct modules to use in Ansible for this.

I have also found some roles in Ansible Galaxy but those are either not explained enough for me to use and seem overwhelming to use (especially in comparison to the terminal commands that are needed to setup the BTRFS volumes or ZFS pools). But just using the builtin command module in Ansible somehow feels wrong and not the right way to go about this.

Can someone point me in the right direction? Right now I think I will prefer using BTRFS.

Hi all,

I have two servers - one is an IBM System x3650 M3 that I’ve been using for a while and the other is an x3550 M5 that I would like to move everything to. I have 6 drives which I think were configured as RAID 1 on hardware level. (MegaRAID, I think)

Is there a way that I can “just move” the drives from the old to the new - and just let it boot and continue where it left off - without making a mess of things or would that just screw up the RAID configuration?

I’ve been searching for answers, even asking ChatGPT (lol) for some answers but can’t seem to find any concrete answers.. All the data is backed up but I’m worried that I’ll spend days (trying to remember how to) reconfigure everything if something goes wrong.

Anyone has experience with anything like this?

Hey guys.

Having a bit of a headache trying to get wireguard working properly through my pfsense router.

Configuration overview: VPS wireguard server set to forward all traffic from peers (it's operating as a self-hosted VPN). I have a port on my router we'll call OPT1 that I want to traffic all connections through wireguard to the VPN.

So far I have the VPS and pfsense connected successful through wireguard. They are making active handshakes and I can ping between them perfectly fine.

I followed the documentation, but my windows PC connected directly to OPT1 can't access the internet. From the PC I can ping the DHCP server of OPT1 as well as the wireguard tunnel, but I can't ping anything outside of that. I'm passing all traffic from OPT1 subnet to the wireguard interface in both OPT1 firewall rules and the wireguard interface rules.

I'm sure many of you have dealt with this configuration before. Does this issue sound familiar?

So, I have a Home Assistant VM that I need to bridge to my LAN, it’s network interface “vnet1” is a member of bridge0, I tried adding eno1 (Host NIC) to bridge0 but I lose LAN access to my server. How should I do it ?

Hello :)

If you don't want to read everything just jump to the target state/help section below :)

Introduction

Roughly a year ago, I got my hands on a used but good quality 20U server cabinet. Since then, despite containing my running home server and my network gear, it remained in a quite unfinished state on my parent's attic. In the near future, it could appear that I have to share my home office/gaming room with it (so several hours a day). Therefore, I would like to implement proper sound (and dust) proofing measurements and cooling. Sadly, I am not that knowledgeable about server hardware and accessory yet, so I seek help here :)

Current state

Right now, the cabinet contains the following devices:

• Router/modem (passively cooled)
• Managed switch (passively cooled)
• Home server with four hard disks running all my services

The bottom is open.

On top, there are four m

So I'm currently away from home and now I'm using the internet from another router.

My problem is that I can't access my services because the default DNS from this router is 192.168.1.1 and the DNS that I use to access my services through wireguard is also 192.168.1.1

The wireguard service comes from my own router using Opnsense and I have setup unbound+Adguard DNS as 192.168.1.1 by default so I don't know how can I solve this problem

I tried setting my computer to listen to 1.1.1.1 when connected to this wifi but when I enable my wireguard it still doesn't connect to my services I also tried enabling my Adguard to listen to All interfaces so it would enable the IP 10.50.50.0 as a DNS but I don't know much about Opnsense so it also didn't work when I changed the wireguard config file to listen to 10.50.50.0

My wireguard tunnel IP is set to 10.50.50.&& when connected to my router and the default IP when connected directly at home is the 192.168.1.&&

My phone can co

I'm not sure where to start with to troubleshoot this. I segregated my network into a few different VLANs (servers, workstations, wifi, etc...). I have VMs and LxC containers running in Proxmox, routing is handled by Opnsense, and I have a couple tplink managed switches. All of this is working fine except for 1 problem.

I have a couple systems (VM and LxC) that have interfaces on multiple VLANs. If I SSH to one of these systems, on the IP that's on the same VLAN as the client, it works fine. If I SSH to one of the other IPs it'll initially connect and work but within a minute or so the connection hangs and times out.

I tried running ssh in verbose mode and got this, which seems fairly generic:

 undefined

    
debug3: recv - from CB ERROR:10060, io:00000210BBFC6810
debug3: send packet: type 1
debug3: send - WSASend() ERROR:10054, io:00000210BBFC6810
client_loop: send disconnect: Connection reset
debug3: Successfully set console output code page from 65001 to 65001
debug3: Successfully set conso
  

I would like to back up my nextcloud data using duplicati, but I absolutely can‘t figure out how to give Duplicati access to the Nextcloud volume. Both are running fine in separate Docker containers. I can’t figure out how to properly mount the volume, below is my current compose for duplicati. Do I need to mount the volume as source? Does it need to be declared or mapped separately?

 undefined

    
---
version: "2.1"
services:
  duplicati:
    image: lscr.io/linuxserver/duplicati:latest
    container_name: duplicati
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=XXX
      - CLI_ARGS= #optional
    volumes:
      - /path/to/appdata/config:/config
      - /path/to/backups:/backups
      - /path/to/source:/var/lib/docker/volumes/073ac2751cd65ffd84750e578c38482905c3c7e4851a8cbb0bbbc5c33a285e84
    ports:
      - 8200:8200
    restart: unless-stopped

  

(crossposted from c/Cloudflare on lemmy.ml) The Cloudflare community doesn't appear to be active yet, so I was hoping some fellow self-hosters might have a good suggestion. Thanks in advance for any and all suggestions!

https://lemmy.ml/post/3723540

To be clear I'm a beginner and I'm a bit overwhelmed with all the information I found and not completely sure if the information I found is up to date or outdated and I figured I would just ask here to get some clear answers.

What I want to achieve:

• have TrueNAS Scale web GUI and installed apps like Nextcloud or Photoprism be remotely accessible
• have that remote access be secure
• use my registered domain instead of the IP address of my server to access the TrueNAS Scale web GUI and the installed apps
• don't have certificate warnings when accessing all this over HTTPS

Can someone explain to me how I achieve this or point me to a guide that walks me through it? I appreciate any help I can get.

I already managed to setup Tailscale and managed to access my server through that but then I got stuck on how to set it up to use my registered domain name to access the server.

So the next thing I tried was using the DynDNS of my Fritzbox but unfortunately it seems that Cloudflare (where

cross-posted from: https://lemmy.procrastinati.org/post/27277

According to the documentation to change the Portainer address and Edge agent talks to, you have to redeploy the Edge agent. If I understand properly this is going to assign the agent a new ID and will blow away the configuration.

Does anyone know how to do this while retaining the stack configurations?

I'm used to cloudflared CLI, and would prefer to keep the config files server-side.

My docker-compose.yml file is:

 YAML

    
version: '3.9'
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    environment:
      - WEBSOCKET_ENABLED=true
    volumes:
      - ./vw-data:/data
  tunnel:
    container_name: cloudflared-tunnel
    image: cloudflare/cloudflared
    restart: always
    command: tunnel --config /etc/.cloudflared/config.yml run
    volumes:
        - ./cloudflared:/etc/.cloudflared

  

My config.yml is:

 YAML

    
tunnel: [tunnelid]
credentials-file: /etc/.cloudflared/[tunnelid].json
ingress:
 - hostname: [mydomain]
   service: http://localhost:80
 - service: http_status:404

  

I've noticed online people setting an env variable TUNNEL_TOKEN, but since I'm using self-hosted files, my token is a cert.pem.

Another issue however is that when I run this and try to browse to the page, I get the error `ERR Request failed