Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)LE
Posts
15
Comments
512
Joined
2 yr. ago

  • Security in layers.

    All your services should be using https. Vaultwarden in particular won't even run without https unless you bypass a bunch of security measures.

    This is how to setup local only and external https, I highly recommend this as a baseline setup for every homelab. It allows you to choose how much security you want on a per app basis and makes adding new apps trivially easy.

    https://youtu.be/liV3c9m_OX8?si=TSWXoN_8SJDpAHaW

  • Https is end to end encryption and doesn't need to be on their road map

    Encryption at rest could be an option but seeing as how many other projects have trouble with it (nsxtcloud), its probably best to have this at the fike system level with disc encryption

  • I've got multiple apps using LDAP, oauth, and proxy on authentik, I've not had this happen.

    I also use traefik as reverse proxy.

    I didn't manually create an outpost. Not sure what advantage there is unless you have a huge organization and run multiple redundant containers. Regardless there might be some bug here because I otherwise have the same setup as you.

    I would definitely try uploading everything to the latest container version first

  • For people wanting the a very versatile setup, follow this video:

    https://youtu.be/liV3c9m_OX8

    Apps that are accessed outside the network (jellyfin) are jellyfin.domain.com

    Apps that are internal only (vaultwarden) or via wireguard as extra security: Vaultwarden.local.domain.com

    Add on Authentik to get single sign on. Apps like sonarr that don't have good security can be put behind a proxy auth and also only accessed locally or over wireguard.

    Apps that have oAuth integration (seafile etc) get single sign on as well at Seafile.domain.com (make this external so you can do share links with others, same for immich etc).

    With this setup you will be super versatile and can expand to any apps you could every want in the future.

  • The same as for anything else if your phone gets stolen. You restore from backups.

    Aegis allows you to make a backup that you can keep yourself on your computer, your own cloud storage etc.

    Every OS has some kind of built in vault/encryption feature. Put the file in there. It only needs to be updated when you add another 2fa account (so very infrequently)

  • Does anyone know if dockge allows you to directly connect to a git repo to pull compose files?

    This is what I like most about portainer. I work in the compose files from an IDE and the check them into my self hosted git repo.

    Then on portainer, the stack is connected to the repo so only press a button to pull the latest compose and there is a check box to decide if I want the docker image to update or not.

    Works really well and makes it very easy to roll back if needed.

  • Use aegis, export the keys and then reimport them every time you switch. Trusting your second factor to a cloud is a disaster waiting to happen.

    If you want to get fancy setup your own cloud server (nextcloud, Seafile, owncloud etc) and set the backup folder for aegis to the self hosted cloud for easy restore every time you switch ROMs.

  • deleted by creator

    Jump
  • FWIW collabora and open office can integrate with other clouds like Seafile and owncloud Infinite scale. So even without NextCloud it can be used. It can also be used stand alone.