[-] momsi@lemmy.world 2 points 10 months ago

The controller does not need to run 24/7. The controller configures the devices and the config remains on the devices. Though, when your devices are adapted by a controller, you cannot access any settings on the devices themselves, only via the controller.

Maybe should add: depending on the network set-up, I'd strongly recommend getting a hardware controller. For me, I have one server hosting all my stuff. I also hosted the controller with docker in this server. Which ends up being a single point of failure, and no way to look into your routing if your server is down/unreachable. I got a hardware controller (oc200) eventually just to separate my interner and network infrastructure from my hosting and service infrastructure.

[-] momsi@lemmy.world 3 points 10 months ago* (last edited 10 months ago)

I am very happy with my Omada setup. It's an ecosystem, not a single device. I use an er605 as router and eap610 as AP. I also have a switch, probably you don't need that, and I now have an Omada controller (you can also host that in as a docker container, so not strictly needed). For wifi you can simply throw another ap somewhere and have excellent Mesh wifi. It's more complex than a simple consumer router, but also has a lot more functionality.

[-] momsi@lemmy.world 3 points 10 months ago

Out of curiosity, why would that be a problem?

34
submitted 10 months ago* (last edited 10 months ago) by momsi@lemmy.world to c/selfhosted@lemmy.world

Hi, as the title says, when streaming to the jellyfin app an a fire TV, the video freezes every two minutes. This happens when direct streaming, so it shouldn't be a transcoding issue. Useing the website it works just fine. Any idea how I can find out what this is?

Edit: I just noticed, when forcing transcoding by limiting the quality (Bitrate) on the client to lower values, it does not freeze...

11
submitted 11 months ago* (last edited 11 months ago) by momsi@lemmy.world to c/sysadmin@lemmy.world

I thought this was the right place to ask, let me know if somewhere else was better.

I have a classroom in a public school with around 30 PCs (windows) I need to install software on (python and codium). They are all the same PCs. In the past there was a management system but due to some licensing issues that does not work anymore.

How its been done before: Go to each and every PC and setup everything manually, or do it once and mirror the HDD 30 times .... both ways very time consuming.

I thought there might be a better way to do this, do you have any idea?

[-] momsi@lemmy.world 4 points 1 year ago

Maybe have a look at urbackup. Gui, "centrally managed", free...

And please, as mentioned in another comment, have a look at Borgmatic. It makes Borg really easy to use and has some super handy features. Super easy backups to multiple locations by just adding a line in the config... And I just love the healthchecks integration. Set and forget until either healthchecks notifies you of a problem or you really need to recover data.

[-] momsi@lemmy.world 3 points 1 year ago

Can confirm Borg/Borgmatic. Was looking for something good also and Borg is hands down the best. Borgmatic is kind of a wrapper for Borg which makes things even easier. One thing that makes Borg awesome is it's excellent documentation. Maybe give cli tools a try ;)

[-] momsi@lemmy.world 2 points 1 year ago

I tried fenrus before, kinda liked it, but I remember it to be not so performant.

[-] momsi@lemmy.world 2 points 1 year ago

I had authentik before but I found it to be unnecessarily complicated. Its really a nice one stop shop, doing authentication, authorization, even reverse proxing, but the setup/UI is just ... Not very well designed. Or it's so advanced that it's very far from the no it background hobbyist user

[-] momsi@lemmy.world 2 points 1 year ago

And how do you disable the editing/configuration in Heimdall?

25

I host some services and now start to slowly let family and friends use some of those services. for myself i have a dashboard (Heimdall, just because it worked nicely first try and I didn't bother looking at others) and I want to also have one for other users. Now I imagine something like that:

  • User authenticates in authelia, which passes username in the header to the dashboard.
  • in the dashboard, the user gets presented with a, yeah, dashboard, with all the services he/she has access to. no login necessary. -no resources are shown to a user, that this user has no access to.

any ideas which dashboard could be utilized to do something like that, without hosting multiple instances or preconfiguring all dashboards for all users?

[-] momsi@lemmy.world 2 points 1 year ago

By no means an expert, bit I'll try: One technique would b asymmetric encryption. Every participant has two keys, a public and a private one. When I want to send you an encrypted message, I encrypt the message with your public key. This key you can make available in any way, it can't be used in a harmful way. The message I encrypted with you public, you can decrypt using your private key, and only with that. Like this, you only need to exchange public keys used only for encryption. So no useful information for an attacker. And private keys never need to leave your hands.

[-] momsi@lemmy.world 4 points 1 year ago

Probably it would be much easier for you to setup tailscale. Just install it on the system you host the other services, install on the other end and use the tailscale ip. It should require minimal effort to set up with the added benefit of not having ports open, and way easier maintaining.

As for wireguard, the allowed up section tells what ips should be routed through the tunnel, it's not that difficult, but hard to wrap your head around at first. A friend of mine also used to use the Fritzbox Implementation of wireguard and I remember you need to specifically setup what clients you want the tunnel to have access to.

Have a look at tailscale.

[-] momsi@lemmy.world 2 points 1 year ago

To follow up on this: I now use a combination of caddy as reverse proxy and authelia for authentication. In my opinion caddy is the best reverse proxy, it's super lightweight and the caddyfiles are super easy to read. Authelia is surprisingly easy to get setup. I was a bit hesitant because it looked a little overwhelming in the beginning. When you sit down for half a day and dig into it, it's really surprisingly straightforward.

[-] momsi@lemmy.world 2 points 1 year ago

It really does look cool. It can be deployed using Docker. I'll have a look at it.

25

I am in self hosting for a bit now, have an unraid server and a bunch of services running. Now I want to expose some services through a reverse proxy, but with authentication, preferably google oauth2. I've tried a lot of things, Authentik, Authelia, NPM, and so on. I found everything way to complicated. What I liked the most until now is Caddy with the greenpau/caddy-security module. Very easy config through the caddyfile.... Though the module has to be manually installed after every update of the caddy docker container, thats kind of a turn of for me, since everything else on my server is almost maintainance-free.

You have any suggestions?

.... also this is my first post on lemmy, since I migrated from reddit. ;)

view more: next ›

momsi

joined 1 year ago