While speaking with a colleague who is working in a small company he told me, that the lost track about user right management. They had a an excel table where they tracked all user groups and special rights users in the company have. But depending on some changes in the company structure, they got problems.

Is there any selfhosting software to manage usergroups, teams and userrights in a modern UI? It should be abe to set also data owner and so may keep track on non Active-Directory data.

1. Use an Identity Provider (IDP)*. Other people have mentioned LDAP, which can play this role.

2. Use groups within the IDP to declare who has what privileges.

3. Apps using the IDP for auth can read the groups and allow/deny permissions based on groups.

*Or Identity and Access Management if you are in the cloud ig.

For open source solutions, I would recommend:

• Authentik (what I use)
• Kanidm (doesn’t have web ui)
• Nubus by Univention

These three solutions all have invites, ldap, and can act as oauth providers. (Oauth is single sign on), which are the features I want. There are also integrated, including it all in the one app.

There is also LLDAP, which is a web ui for ldap, and then you could use a service that connects to that, like authelia or keycloak, to add oauth on top.

Second post, but also check out midpoint by evoloum: https://docs.evolveum.com/iam/

It is a modern web frontend on top of Active Directory.

Hey,

Some of you may know me for Jotty and Cr*nmaster, been quiet with my head down lately improving my apps and trying to build a searxng alternative for myself.

https://lemmy.world/pictrs/image/a70266bc-f67b-4dc1-b516-86166c8e4080.png

Whilst I have used searxng for about a year now, I have had quite a few personal gripes with it so in the past few weeks I have decided to make my take on it and ran it happily locally. Since publishing the beta to my discord server I ended up building a fairly extensive tool.

Degoog is actually pretty minimal, there’s no much to it aside from a very comprehensive plugin/extension system. The idea being users can create their own engines, themes and plugins that hook into the core application and do.. pretty much anything, from adding stuff to the result page (e.g. speedtests, tmdb information, ip retrieval, rss feeds embedded on the home page) to full on OIDC systems.

This is still very much in beta and I figured the best way to get it out of beta would be to publish it to a wider audience (currently some users in our discord server have been testing it fairly successfully and i’ve been on top of bug fixing).

Repo: https://github.com/fccview/degoog

Official extensions: https://github.com/fccview/fccview-degoog-extensions

Docs: https://fccview.github.io/degoog

You can install custom plugins/extensions. You can make your own repo and add it to the store page in the settings, or you can just have your own plugins locally for yourself.

Let me know what you think, and feel free to ask any questions and feel free to join our discord (link in releases page on any of my apps) for a more direct chat about things <3

Madness, wasn’t expected to get any coverage for it until it was out of beta 😆

Thank you, that helped :)

I am not entirely sure why you need to do all that but I am trying a different approach and allowing a small entrypoint to set PGID and PUID (which you should be able to set as env variables in the docker-compose.yml file).

This should allow you to run the app as whatever user you wish. It works for me locally, it’s currently on the develop image if you wanna give it a spin and report back. Otherwise it’ll be added in the next release.

Defaults are still 1000:1000.

Hej lemmings!

Quick question for you all: do you stick with the same distro across your PC, laptop, and server, or do you pick different ones based on the device and what you’re doing?

For me, I’ve been mixing and matching depending on the use case, but I’m starting to think it’d be nice to just have one distro (or at least one family like Fedora or Debian) running everywhere. That way I wouldn’t get confused about default settings or constantly have to look up flags for different package managers.

Right now my setup is:

• Gaming rig: CachyOS
• Laptop: AuroraOS
• NAS: Unraid
• Various project servers: DietPi, Debian, Alpine etc..

I feel like NixOS might be the only distro that could realistically handle all these use cases, but I’m a bit scared of the learning curve and the maintenance work it’d take to migrate everything over.

Am I the only one who feels like having “one distro to rule them all” would be nice? How do you guys handle your setups? All ears! 😊

Yeah, that post was getting way too long, so I made some cuts here and there. The issue was in the way SE2 detects hardware… or more like doesn’t detect my GPU at all, throws an error about it and refuses to start. Under Bazzite it starts the game first 🎉, then complains that my hardware might not be good enough to run this game 🤯, but the beautiful graphics say otherwise. It’s still in early access, so I guess this kind of strange behavior will be ironed out sooner or later.

I got tired of researching this issue in Debian, so once I got it up and running in Bazzite, I stopped reading about it. Honestly, I have no idea what’s the key difference here. Is it the driver version, Proton-GE or something else? Who knows.

Anyway, I would recommend trying Bazzite. It has some pre-configured tricks that seem to handle weird cases like this.

I just use Debian

So I’m moving away from apple because of all the trump bootlicking Tim Apple is doing.

Anyways, anyone got any self hosted notes app that has a flat file structure?

The most important part is the flat file structure. I want flat files because it makes it a LOT easier to back up than a db.

So any suggestions?

TIA

SNotepad + Syncthing

I’ve liked using standard notes.

Hey gang, do you have any suggestions for moving data from my phone to my jellyfin server? I tried using the daemon tools on F-Droid and could not for the life of me figure them out.

I just saw this on F-Droid, will need to test it, but sounds like it could be really good: https://f-droid.org/packages/lu.knaff.alain.saf_sftp

I’m hoping, it works like mounting or FUSE on proper Linux, where you can just use normal applications to transparently access network files. Then you’d be able to use any old file manager app to actually work with the files…

Yea, that’s a challenging part for sure, one that I still deal with.

It can be done, but you need to configure the sync jobs “just so”. Send only from the phone, don’t sync deletions, etc.

Hello!

I’ve spent a lot of time struggling with Hetzner’s KVM console, there are a lot of problems causing severe issues with settings up passwords and passphrases. I just thought I’d create this “guide” to get things rolling, for everyone who faces the same issues I’ve faced.

Step 1 - Firewall

Set up a firewall and only open port 22 with your IP (you can look it up using ip.me).

Step 2 - Installation

Perform the installation procedure as normal, setting very simple passwords and passphrases for the user accounts and the disk encryption. Set them to something like 123. These will be changed later!

I’m using Debian 13, the steps may or may not be the same for your choice of distribution.

Step 3 - SSH access

Unmount the ISO and reboot. Enter the console again, log in as root with your simple password. Now, if you have the same problem as me, keys like /, CTRL etc. won’t work, so I used tab completion and vi to to modify the config file.

# cd ../etc/ssh/
# vi sshd<TAB>

Inside vi, press o to create a new line and enter insert mode. Add:

PermitRootLogin yes
PasswordAuthentication yes

Press ESC and then <SHIFT>-yy (so holding shift and pressing y twice). This will save the file and exit vi.

Step 4 - Dropbear

ssh into your VPS. Now you have full keyboard access like usual. Install dropbear-initramfs, which is an SSH server that’s placed in the initial RAM filesystem so that you can ssh into your VPS during start up so you can easily enter your encryption passphrase.

Generate a new key pair and add the public key to /etc/dropbear/initramfs/authorized_keys

Run update-initramfs -u and reboot. You should now be able to ssh into your VPS using the key you just generated. The following command lets you unlock the encrypted disk:

cryptroot-unlock

This will probably disconnect you from the tunnel, simply re-establish the SSH tunnel again.

Step 5 - Changing passwords and passphrases

To change the encryption passphrase:

# cryptsetup luksAddKey /dev/sdXY
# cryptsetup luksRemoveKey

Lock the root user and change the password of your user (don’t forget to add the user to the sudo group!):

# passwd -l root
# passwd user

Done!

At this point you might want to use some other means to access the server, such as Netbird or Tailscale or Wireguard. Regardless of how you decide to access the server, you should revert the changes to sshd_config.

P.S.

I have no idea if this is a secure or good way to do this. Use at your own risk!

They might care if it’s 69420 since the max port number is 2^16 = 65536

You can fire packets as fast as you like, but if my end can’t process them that fast, either they’ll get dropped or you’ll knock me offline. Neither makes a valid scan.

Hi all, I’m desperate. This has been draining my brain cells one a time. I know for a fact that it is not an ABS issue, because it runs flawlessly locally and it has never even hitched once. The shit starts when I connect through my cloudflare “.com” domain that I just bought last week thinking it’ll solve all my problems (nope).

Every now and then, the frontend client I use (it doesn’t matter which one I use) just disconnects from my ABS server and things just start spinning for a very long time. Just out of nowhere and half of my books are just ghosts because it can’t reach the sever.

Sometimes it comes back, and others I have to go into my Debian server and restart the cloudflared service I have for it, in order for the service to resume. I often go to the web interface and either get a red error message complaining about websocket something something. Then I’d refresh the page and either get thrown into the login screen and get stuck there or get the “oops couldn’t find library……..”.

I’ve literally disabled everything I can on cloudflare dashboard that now probably a child can hack me. lol . I even put my audiobooks server in its own tunnel.

I’m at a point that I’m just gonna give up and deactivate all of this cloudflare shit and go back to tailscale and switching servers between home and out of home.

I’m asking for any suggestions if you’ve ever been through something similar. Searching the internet lead me to doing many things that didn’t even fix it. Don’t even get me started on AI.

Thank you in advance. Let me know if you want any details: Debian Trixie and the latest ABS server. Your average .com cloudflare domain are the things I have.

damn i do be loving how easy and robust pangolin is getting to be

Please tell me more about this forwarder thing. Right now. I have a local server that is your usual regular 192.168…..:13378 then I have my books.mydomain.com and this goes through a cloudflare tunnel on its own, and is the one giving me trouble. Anymore details on the forwarder would be great

I’m not sure anyone shares the same glee I feel when I view all the blocked IPs scrolling by in my pFsense firewall. Suricata does a lot of heavy lifting for sure.

What’s your selfhosting guilty pleasure or pleasures?

……oh you kids and your slang!! (We had plenty too) I had to look it up. Going to have to try to work that into conversation. Thanks. I have a fascination with the etymology of words, phrases, and their history.

Coming from here: https://youtu.be/d1YBv2mWll0

Actually it seems to be a twitch (or probably 4chan) meme.
Not sure and too lazy to research.
Have fun :)

Found this utility barely mentioned given how useful it is in the context of limited selfhosting resources.

I use it with Grafana. No need to run it all the time especially when it uses CPU while idle.

I know the dev that works on this haha. It really is a neat project, and the guy is brilliant!

Disclaimer: I am the developer

Long story short, after Huntarr exploded I still wanted an app that did the core of Huntarr’s job: find and fetch missing or upgradable media. I looked around for some solutions but didn’t like them for various reasons. So, I made my own.

No web UI, configured via environment variables in a similar manner to Unpackerr. It does one job and it does it (a little too) well. Even when trying a few different solutions for a few days each, Fetcharr caught a bunch of stuff they all missed almost immediately. This is likely due to the way it weights media for search.

Since you made it this far, a few notes: 1) I did still use ChatGPT on a couple of occasions. They’re documented and entirely web UI - no agents. Anything it gave me was vetted and noted in the code before publishing. 2) The current icon is temporary and LLM-generated. I’ve put out some feelers to pay an artist to create an icon. Waiting to hear back. 3) It’s written in Java because that’s the language I’m most familiar with. SSL certs in Java containers can be painful but I added some code to make it as easy as Python requests or Node 4) While it still has a skip-if-tagged-with-X feature, it doesn’t create or apply any tags. I didn’t find that portion necessary, despite other popular *arrs using it. Not sure why they do, even after developing this. 5) Caution is advised when first using it on a large media collection. It’ll very likely pick up quite a number of things initially if you weren’t on top of things beforehand. Just make sure your pipeline is set up well, or you limit the number of searches or lengthen the amount of time between searches using the environment variables.

This is great, thank you!

glad to hear it! thanks for checking it out.