Hey guys!

I want to convert my now corebooted Thinkpad T430 into a Nextcloud server and possibly more (Syncthing, maybe Tor, maybe more)

1 500GB SSD, 1 1TB SSD

Currently runs Fedora Kinoite, I could rebase to something like secureblue uCore, Fedora IoT, uBlue uCore, ...

Not sure if those would have broken configs though.

Maybe I would prefer something with slower pace, but tbh the pace of CentOS bootc becoming a thing is quite frustrating. This would likely be the perfect 'install and forget' distro for many, a KDE Image would be there in no time.

I wouldnt want to use a traditional distro, even though a base Debian or AlmaLinux/ Rockylinux (what the hell was that of a hydra? Cut off one head, spawn 2? what are the differences??) could just be fine. I used Debian in the past, it really just works.

I would like

• Nextcloud AIO docker image, maybe with podman? It is supposedly more secure but the world runs on Docker, and all is fine. Podman is a pain quite often.
• some nice management like Cockpit
• dyn DNS, for example with NoIP, best free
• secure ssh, that should be no issue
• btrfs? or zfs? with backups to a secondary drive
• automatic updates with snapshot creation. Atomic system would be easiest here.
• easy to use and secure reverse proxy, with DynDNS for reliable address on the internet. NGINX, Traefik, Caddy, what is the best here??

Here I am not sure if I should use 1TB + 1TB, or 500GB used and 1TB backup. BTRFS backups can be incremental.

while I made a list of BTRFS tools I still have no idea what the best tool for this job is.

cross-posted from: https://lemmy.pierre-couy.fr/post/653426

This is a guide I wrote for Immich's documentation. It features some Immich specific parts, but should be quite easy to adapt to other use cases.

It is also possible (and not technically hard) to self-host a protomaps release, but this would require 100GB+ of disk space (which I can't spare right now). The main advantages of this guide over hosting a full tile server are :

• it's a single nginx config file to deploy
• it saves you some storage space since you're only hosting tiles you've previously viewed. You can also tweak the maximum cache size to your needs
• it is easy to configure a trade-off between map freshness and privacy by tweaking the cache expiration delay

If you try to follow it, please send me some feedback on the content and the wording, so I can improve it

cross-posted from: https://programming.dev/post/18360806

Hi everyone,

I would like to enable Cross-Origin Resource Sharing on my Nginx server. for few origins (cors requestor)/domains.

I've found this article https://www.juannicolas.eu/how-to-set-up-nginx-cors-multiple-origins that is nice, but not complete and on my browser seem really hard to read due to the layout 🤮

So I've opened a CodeBerg git repository for the good soul that want to perfect this piece of code the allow the most of use to use CORS with Nginx.

https://codeberg.org/R1ckSanchez_C137/BestOfxxx/src/branch/main/Nginx/CORS_MultiDomains.py

If you don't want to create an account on codeberg feel free to post your code here !

server {
    # Server

    map "$http_origin" $cors { # map in Nginx is somewhat like a switch case in a programming language.
        default ''; #Seem to set $cors to '' empty string if none of the follwing rexeg match ?
        "~^https:\/\/([\w-_\.]+\.)?example.com$" "$http_origin";
            #regex domain match
            # ~ mean I suppose the string is RegEx ?
            # Need to come with a RegEx expression that match https://anything.example.com[optional ports and Query string ?X=Y]
        "~^https:\/\/([\w-_\.]+\.)?example2.com$" "$http_origin"; #regex domain match
        }
               

    location /static {
        
        # if preflight request, we will cache it
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Max-Age' 1728000; #20 days
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204; #https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/204 }

        if ($cors != "") {
            add_header 'Access-Control-Allow-Origin' "$cors" always; # <-- Variable $cors
            add_header 'Access-Control-Allow-Credentials' 'true' always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With' always;}

       # configuration lines...

    }
}

}

does anyone here have experience hosting a Signal proxy and/or a Tor relay? there's a blog post on signal.org asking for folks to help, and i can but i don't know enough about network security to feel safe/confident doing some of this stuff. same with Tor - i've always wanted to host an exit relay (and in fact have this whole long theory about how every public library in the US should host an exit relay, but that's for another post someday maybe).

do any of you have experience with doing this? what kind of best practices would you recommend? any good resources on protecting your network that you might point me to? i will be getting my Net+ cert within the next year but for now i am starting from "enthusiastic beginner" and want to be helpful, but careful.

This may be deemed slightly off topic but I felt like this community might know the answer to this. I'm looking for a way to permanently embed information about who is in a photo, but when I search Google I just get some forum posts from 10 years ago. Surely there is something more recent? How would you go about doing this? Let's assume they are JPG.

I thought about this when looking through photos from my grandparents, where the names are written on the back of the photo. I have many digital photos from ten years ago and I've already forgotten the names of some of the people so imagine what it will be like in another 30 years.

Obligator is a relatively simple and opinionated OpenID Connect (OIDC) Provider (OP) server designed for self-hosters.

GoToSocial is an ActivityPub social network server, written in Golang.

Basically a modernised PCengine APU4, which sadly got discontinued.

I'm looking to buy a router for home use, on which I plan to install OpenWRT. After some research, I have come across the TP-LINK Archer AX23, which checks all of the boxes I have:

• [x] Comparatively low price
• [x] Supports WPA3
• [x] Supported by OpenWRT
• [x] Has at least three LAN ports

However, before I and my dad go and buy one, it has to pass the final test: the forums.

Has anyone used this router before? What was your experience? Can I do better, or have I found the best router ever made? Please share your thoughts.

Hello Lemmy! Yesterday I released the first version of an alternative frontend for Threads: Shoelace. It allows for fetching posts and profiles from Threads without the need of any browser-side JavaScript. It's written in Rust, and powered by the spools library, which was co-developed between me and my girlfriend. Here's a quick preview:

The official public instance (at least for now) is located at https://shoelace.mint.lgbt/, if y'all wanna try it out. There's also instructions to deploy it inside the docs you can find in the README. Hope y'all enjoy it!

Cockpit shows some PCP metrics but Grafana is nicer and better suited for time-series data.

Describes the zrep script that uses zfs send and receive over network to keep a read-only copy of snapshots up-to-date.