stratself

joined 1 week ago
sorted by: new top controversial old
Alternative to NordVPN Meshnet? in c/selfhosted@lemmy.world
[–] stratself@lemdro.id 2 points 1 day ago* (last edited 1 day ago) (1 children)

Worth noting that there's an open issue to support Wireguard peers into Headscale, so you could use it with e.g. a wg0.conf file from a commercial VPN

Alternative to NordVPN Meshnet? in c/selfhosted@lemmy.world
[–] stratself@lemdro.id 2 points 1 day ago* (last edited 1 day ago) (1 children)

If you can selfhost and can use containers/docker, I wanna shamelessly plugin my solution: https://github.com/stratself/tswg. Basically mount a WireGuard config from Nord or any upstream VPN, and the container will tunnel traffic to said VPN when you choose it as an exit node.

There are other gluetun + tailscale solutions that are worth a look too

How to selfhost with a VPN in c/selfhosted@lemmy.world
[–] stratself@lemdro.id 1 points 1 day ago* (last edited 1 day ago)

Ah right, completely forgot about that (80 for HTTP-01, 443 for TLS-ALPN-01). Is a bummer unfortunately

How to selfhost with a VPN in c/selfhosted@lemmy.world
[–] stratself@lemdro.id 3 points 1 day ago (1 children)

Thanks for the guide. How did you get the VPN forwarded port? I believe this depends on the VPN provider's software?

How to selfhost with a VPN in c/selfhosted@lemmy.world
[–] stratself@lemdro.id 21 points 1 day ago* (last edited 1 day ago) (10 children)

Let's Encrypt are rolling out IP-based certs, you may wanna follow its development. I'm not sure if it could be used for your forwarded VPN port, but it'd be nice anyhow

Edit: I believe encryption helps prevent tampering the data between the server and user too. It should prevent for example, someone MITM the connection and injecting malicious content that tells the user to download malware

Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC in c/selfhosted@lemmy.world
[–] stratself@lemdro.id 6 points 1 week ago

I've poked around Homarr's setup a bit, and it seems like it can run rootless after a few tweaks!

For anyone interested, I've written a POC and feature request here - https://github.com/homarr-labs/homarr/issues/3913

Hope it can be officially supported

Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC in c/selfhosted@lemmy.world
[–] stratself@lemdro.id 3 points 1 week ago

Thanks for the advice. I'm already using podman rootless with custom subuid/subgid, which should achieve the same thing

Started hosting my own Nextcloud and its awesome! in c/selfhosted@lemmy.world
[–] stratself@lemdro.id 1 points 1 week ago

I agree that the file sync is good. They (and owncloud afaik) are the only ones supporting virtual files on windows where you only download files when needed, saving storage space.

I suppose these fancy file features (bidirectional syncing, advanced conflict resolution etc) are targeted to the enterprise, not home users. So it's natural they'd include it with a bunch of bells and whistles that are half as good

Started hosting my own Nextcloud and its awesome! in c/selfhosted@lemmy.world
[–] stratself@lemdro.id 6 points 1 week ago

Owncloud had a rewrite called oCIS (Owncloud Infinite Scale). Then it was bought by Kiteworks. Then many of the core devs switched to a new product/company called Opencloud. There's been quite some history over the past few years

37
Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC (lemdro.id)
 

Hi all. Per the title, I'm looking for something that:

  • Can run as an unprivileged user inside a container

  • Allows OpenID Connect authentication for a multiuser setup

  • Doesn't take hostage of my CPU

Homarr and Dashy are featureful solutions, but they can't run unprivileged in docker. Dashy closed this issue, but in fact it's not resolved. Meanwhile Homarr does work with UID/GID env vars, but starting as root and dropping capabilities is not the same as defining user: 1234:1234 from the get-go. Furthermore, they are really heavy node apps, which kinda deter me from deploying.

I neither wanna use my reverse proxy with forward auth or having an extra oauth2-proxy container, so Organizr (using forwarded auth headers) or Homer/Homepage/bunch of static pages behind a reverse proxy is out of scope.

Feature-wise I'm just looking for a beautified link keeper, preferably with multiple dashboard mapped to different user groups (ideally it could be done via custom OAuth metadata/claims). Fancy plugins like RSS and weather are not needed, but appreciated.

With all that said (and sorry if I'm too choosy), is there a current solution that fits the bills above? My IDP's UI is quite rudimentary, but I can resort to using it as a "homepage". I wanna thank in advance for any guidance

P/S: Seems like most dashboards fall into two categories - bloated fancy apps, or dead simple frontpages. It'd be nice to have something inbetween.

HELP: Wireguard for home network with remote exit node in c/selfhosted@lemmy.world
[–] stratself@lemdro.id 2 points 1 week ago

Hey, glad you got it working. I'm late to the party, but I got a similar solution here: https://github.com/stratself/tswg. Basically just mounts your own wg.conf to the container and get Tailscale connected over it

Since Wireguard is peer-to-peer, I suppose the "intended" way is to install Tailscale on every client. But it is possible to use the router as a VPN gateway as per this [OpenWRT guide])https://openwrt.org/docs/guide-user/services/vpn/tailscale/start#force_lan_traffic_to_route_through_exit_node). Hope you get it working anyhow