chat.positive-intentions.com

https://github.com/positive-intentions/chat

I'm excited to share with you an instant messaging application I've been working on that might interest you. This is a chat app designed to work within your browser, with a focus on browser-based security and decentralization.

What makes this app unique is that it doesn't rely on messaging servers to function. Instead, it works based on your browser's javascript capabilities, so even low-end devices should work.

Here are some features of the app:

• Encrypted messaging: Your messages are encrypted, making them more secure.
• File sharing: Easily share files using WebRTC technology and QR codes.
• Voice and video calls: Connect with others through voice and video calls.
• Shared virtual space: Explore a shared mixed-reality space.
• Image board: Browse and share images in a scrollable format.

Your security is a top priority. Here's how the app keeps you safe:

• Decentralized authentication: No central server is required for login, making it harder for anyone to gain unauthorized access.
• Unique IDs: Your ID is cryptographically random, adding an extra layer of security.
• End-to-end encryption: Your messages are encrypted from your device to the recipient's device, ensuring only you and the recipient can read them.
• Local data storage: Your data is stored only on your device, not on any external servers.
• Self-hostable: You have the option to host the app on your own server if you prefer.

The app is still in the early stages and I'm exploring what's possible with this technology. I'd love to hear your feedback on the idea and the current state of the app. If you have any feature requests or ideas, I'm all ears in the comments below!

Looking forward to hearing your thoughts!

The live app

About the app

Docs

Speaker: Martin Kleppmann, University of Cambridge, Inc & Switch

We have come a long way since my colleagues and I published the local-first essay five years ago. In this talk I'll review where the local-first idea came from, where we are now, and what I hope the local-first community can work towards in the future.

cross-posted from: https://lemmy.world/post/16959253

I got this AP for free, and had some fun trying to configure it, and I decided to look at the inside of this thing. It has a PowerPC processor, pretty cool!

It is a Cisco Aironet 1131AG

More pics:

It's an old AP from around 2007, I managed to get the latest firmware thanks to some guy on the Internet Archive (thank god they exists) ! ( https://archive.org/download/cIOS-firmware-images/ )

Good day, friends. Since catching the self-hosting bug, I've set up a couple of Proxmox home servers with a bunch of services I enjoy.

Now I'd like to set up a server and local network on my sailboat so I can self-host servarr, pihole, and other services while traveling. The tricky part is that everything on the boat is 12V and I would rather not use an inverter, if possible. Also, it needs to be ultra-low power so I can leave it on at all times and not to deplete my batteries too much.

Criteria:

• ultra-low power
• Small form factor
• runs on 12V
• 10 TB of storage plus ability to make full local backup
• Capable of hosting servarr, audiobookshelf, freshrss, etc. via docker
• HDMI output
• Full local mirror/backup of the entire file system, including the media library.
• We will have two laptops and two Android phones to access the server, so the server doesn't need to run a desktop environment.

I'll have a mobile wifi router and a cellular signal booster (or maybe Starlink eventually) for internet access. Since internet bandwidth will be limited and expensive while traveling, I don't want to have to re-download a massive media llibrary if the storage media fail. Thus, I want the media library to be mirrored or fully backed up or synced locally.

What hardware and Linux distro would you use in this situation?

Hi! I'm starting out with self-hosting. I was setting up Grafana for system monitoring of my mini-PC. However, I ran into issue of keeping credentials secure in my Docker Compose file. I ended up using Docker Swarm since it was the path of least resistance. I've managed to set up Grafana/Prometheus/Node stack and it's working well.

However, before continuing with Docker Swarm, I want to check if this is a good idea or will I potentially dig myself into a corner? Some of the options I've found while searching:

• Continue with Docker Swarm and look into automation of stack/swarm in future

  • Ansible playbook has plugins for Docker Swarm.

• Self-hosted vault: I want to avoid hosting my own secret/password manager at the moment.

• Kubernetes (k8s / k3s) - I don't wanna 😭

  • More seriously, I'm actually learning this for work but don't see the point of implementing it at home. The extra overhead doesn't seem worth it for a single node cluster.

• ~~Live dangerously - Store crdentials in plaintext. Also use admin as password for everything~~

Edit: Most of the services I'm planning on hosting will likely be a single replica service.

Centralization is bad for everyone everywhere.

That bring said... I just moved my homeserver to another city... and I plugged in the power, then I plugged in the ethernet, and that was the whole shebang.

Tunnels made it very easy. No port forwarding no dns configuration no firewall fiddling no nothing.

Why do they have to make it so so easy...

I understand that people enter the world of self hosting for various reasons. I am trying to dip my toes in this ocean to try and get away from privacy-offending centralised services such as Google, Cloudflare, AWS, etc.

As I spend more time here, I realise that it is practically impossible; especially for a newcomer, to setup any any usable self hosted web service without relying on these corporate behemoths.

I wanted to have my own little static website and alongside that run Immich, but I find that without Cloudflare, Google, and AWS, I run the risk of getting DDOSed or hacked. Also, since the physical server will be hosted at my home (to avoid AWS), there is a serious risk of infecting all devices at home as well (currently reading about VLANS to avoid this).

Am I correct in thinking that avoiding these corporations is impossible (and make peace with this situation), or are there ways to circumvent these giants and still have a good experience self hosting and using web services, even as a newcomer (all without draining my pockets too much)?

Edit: I was working on a lot of misconceptions and still have a lot of learn. Thank you all for your answers.

I'm new to self hosting and just got CasaOS setup following up to part two of Tech DB's guide. The SMB works on my Linux computer, I can create documents, etc. However I'm having trouble accessing it on my Android phone. I'm using Material Files, Search for SMB shares, and find "CASAOS" but it's under a different IP address as the server. Then when I click on it, it prefills some of the lines such as "Hostname: CASAOS" and "Port: 445". I have added my login info as either my CasaOS login and SSH login but both don't work and I've changed the port to 80 as that's CasaOS default but every combination I try fails with "java8... UnknownHostConnection... and more" Any ideas?

Hi,

not sure where else to post this. For a while now, I've unsuccessfully been trying to get WireGuard to work with Crunchyroll.

Setup is as follows:

• dedicated server hosts a wg-quick instance in [neighboring country]
• OPNSense acts as peer on a single IP
• I have a rule for routing the entire traffic of some source device via that IP

This works just fine. Handshake successful, traffic is routed via the server. traceroute shows the server as the hop immediately after my device's local gateway. The connection is stable, and fast.

...except for Crunchyroll. The site / app itself is fine, but I can not, for the life of me, get a video to play. It just keeps loading forever.

I don't think this is an issue with CR recognizing that I'm not where I say I am - looking online, it seems pretty easy to use CR with a VPN. I've also tried from multiple other devices, all with the same symptom.

If anyone has suggestions, I'd love to hear them 😅

EDIT: ~~It was MTU. Had to manually set it to 1500 on both devices.~~

Nope, still the same issues. I was using the fallback interface there briefly.

Hey all,

I have given up hope of hosting my own mail server but was hoping for one that would serve as an archive -

• downloads new emails via IMAP from my mail provider on a regular basis
• allows my mail clients to connect via IMAP to view and search emails

Any suggestions for a docker solution for this?

Thanks

Hello,

I'm trying to setup an online computer store via YunoHost installed on my VPS. I'm okay with payments to be handled via a third party payment processor (who preferrably also has no JS, but I understand that is probably unlikely). I also have my domain up and running, so I'm ready to test whatever I can get.

TIA!

I’ve made a few posts in the past about my experimentation with connecting various devices and servers over a VPN (hub and spoke configuration) as well as my struggles adapting my setup towards a mesh network.

I recently decided to give a mesh setup another go. My service of choice is Nebula. Very easy to grasp the system and get it up and running.

My newest hurdle is now enabling access to the nebula network at the same time as being connected to my VPN service. At least on iOS, you cannot utilize a mesh network and a VPN simultaneously.

TLDR: Is it a bad or a brilliant idea to connect my iOS device to a nebula mesh network to access for example my security camera server, as well as route all traffic/web requests through another nebula host that has a VPN such as mullvad on it so I can use my phone over a VPN connection while still having access to my mesh network servers?

Figured I would hopefully save others from the annoyances I've had with their service. I experienced daily high packet loss to both my VPS and their website, including the control panel (greater than 50%, typically). The control panel was broken and couldn't tell me the status of my VPS. When I asked for a root cause and fix for the packet loss issue the "senior admin" response to both of these issues is "It's intermittent and under control". It's still happening daily, so not really under control. They never even addressed the control panel issue.

I decided it was best to just give up on it, and requested a refund a few days ago after experiencing the same issue every day for 3 days after my purchase. I'm still waiting for a response to that request, 4 days later.

Avoid Virpus like the plague.

I want a centralized way to manage keys and secrets. And some service users with little privileges over a subset of the secrets. Ideally, a service user only should be able to read its own subset of secrets. So, let's say, if a container gets pwned it will only read its secrets and no more. It should be FOSS and self-hostable.

And a beautiful nice-to-have feature would be access log, to know who read what and when.

My only experience with something similar is Hashicorp Vault, but I don't want to be near any Hashicorp stuff ever again.

Do you know a FOSS alternative to Vault?

Just stumbled across this (overly dramatic?) article and thought I'd just post it here...

It's more to act as a reminder that if you've got a NAS that is serving content to the interwebs, then make sure it's behind a proxy of some kind to prevent weaknesses (ie in the management Web UI) being exposed.

Obvz, this article is pointing to Zyxel, but it could be your DIY home-built NAS with Cockpit: CVE-2024-2947 - just an example, not bashing that project at all.

I've used Squid and HAProxy over the years (mostly on my pfSense box) - but I'd be interested to know if there's other options that I've not heard of

Hi! I’m currently using navidrome, but eventually I will probably need support for multiple users (each user has access to different music or the same music) which isn’t supported in navidrome right now. I don’t really want to run two containers of the same thing if I can avoid it. Thanks

I know that the answer is yes, I should, but outlets near the setup are not grounded (even though they look like they are) and I don't want to have wires running though my living room.

The real question is what are potential problems ? Occasional system reboots? Permanent damage to PSU? Permanent damage to other components?

Dockge allows you to start/stop containers and edit your compose files from a handy ui.

Pros: if something goes wrong while you're away, it would give you a tool to restart a service or make some changes if necessary.

Cons: exposing that much control to the outside world (even behind a log in) can potentially be catastrophic for your stack if someone gets in.

I have a small self hosted setup at home with a RaspberryPi and an external HDD, just enough for what I need.

Some time ago I found a pretty sweet app which from the name implies its mostly working when you use a RPI OS, to monitor the RPI from your android phone: https://github.com/eidottermihi/rpicheck

Its called RaspiCheck (picture in the post is the one from github), and unfortunately it is seriously outdated and development ceased. It is still working on my current phone but I am well aware that's not going to last.

So I am wondering what else is out there that could fill the gap it would leave.

I am using it for 2 things mostly:

1. monitor system stats, like simply seeing the system is running (I know, like ping), but at the same time also showing memory, average load, temperature and so on.
2. sending SSH commands, and this is where the app really shines. Using a terminal on the phone is not impossible, but boy is it annoying. In RaspiCheck you can define commands, with placeholders, which allows you to send those to the RPI just by tapping them. So for example I got my backup set up that I can mount the backup drive with one tap, a second tap runs the right backup script (I have several I can choose from by filling the placeholder I leave in that command) and then unmount with a third tap.

I got other commands I like to reuse a lot set up in it and its really useful to me, let's me manage the RPI from my phone in an easy way.

So back to the question at hand, is there anything else like this out there for Android? If possible one app, FOSS preferred. I am pretty sure there are browser-based solutions, if there is no dedicated app other than this, then I guess that's the next best thing. What are you using in your setup that you can recommend?

So maybe I am missing something obvious, but here goes:

I've got a small server at home, and I have simply.com pointing various domains to it. Works fine, nginx routs the traffic where it needs to go.

But whenever I am at home and connected to wifi I have to use the internal address and port to reach my server, e.g. 192.168.0.192:8096 for my Jellyfin server. If I use the public URL at home, i hit the login page to my router.

This is annoying when I use apps, as I need to switch between the public URL and the internal address as I come and go from my home...

What are my options for doing something about this? I want to use the public URL at home too....

Hello !

We have been discussing at work about hosting (internally) some work related stories that we find funny.

I've been looking for tools to do that should be quite simple, and display one story at a time nothing fancy.

Couldn't find anything quite like that, was wodnering if you guys knew one ? If not, i might develop it then and share it.

Thanks !

Hey, I have to „draw“ or make notes of my selfhosting stuff. It runs so smooth that I sometimes really forget where a service is running or how to reach the web-Interface.

For sure I have a password- and link-manager, but I would like another independent note with the structure of my selfhosting.

Usually I use Joplin. Is there a plugin that shows me a kind of a map?

Or are there other apps - maybe wikis - that do it much easier/better than that?

How do you document your selfhosting?

cross-posted from: https://lazysoci.al/post/14973880

So I thought I would give apprise a whirl, but I can't get it working. I installed the LinuxServer Docker container and when I tried to verify my API status, it said ATTACH_PERMISSION_ISSUE. So I thought okay, lemme try the developer's image, I switched to that and added the additional environment variables, and now it says CONFIG_PERMISSION_ISSUE too. Okay, so that gives me something to look into, I check and the config directory is empty. At this point, I just feel myself getting more and more confused. What am I not getting?

Hello nerds! I'm hosting a lot of things on my home lab using docker compose. I have a private repo in GitHub for the config files. This is working fine for me, but every time I want to make a change I have to push the changes, then ssh to the lab, pull the changes, and run docker compose up. This is of course working fine, but I want to automate it. Does anyone have a similar setup and know of a good tool? I know I could use watchtower to update existing images, but this is more for if I change a setting or add a new service.

I've considered roughly four approaches.

1. A new container that mounts the whole running directory and the docker socket. It will register a webhook in GitHub to receive notifications when I push to the repo, run git pull and docker up. My worries here are the usual dind gotchas.

2. Same as 1, but don't mount anything, instead ssh from container to host and run the steps there. This solves any dind issues, but I don't love giving the container an ssh key to the host.

3. Have a service running on the host outside of docker. This is probably the correct approach, but very annoying since my host is a Synology nas and it doesn't have systemd or anything like that afaik.

4. Have a GitHub action ssh to the machine and do the steps. Honestly the easiest way but I would prefer to not open ssh to the internet.

Any feedback or tips are much appreciated. I don't feel like any of my options are very good and I feel like I am probably missing something obvious.