Goofed Home

Hey guys, so I’ve been self hosting for 2 years, making small upgrades until I reached this point where I replaced my router with one of those Chinese fanless firewalls running Intel n150 and running a proxmox homelab.

I am self hosting headscale with many of my buddies connected, including ny own services. Everything was working great until I setup OPNsense.

The firewall was not easy to setup, but after I set it up, I discovered odd behaviors from tailscale.

The firewall was blocking all connections from the ip 100.60.0.0/24, I had to explicitly allow it and change the forewall state to hybrid

What happens is that my LXC containers running tailscale would receive requests from tailscale0 interface but respond via LAN.

Apparently as I understood, consumer routers have assymetric NAT so that works fine, but not with opnsense.

Every guide I read online talks about installing tailscale on the opnsense router directly but I do not want to expose it to the tailscale network.

For now temporarily I set an ip route to tailscale0 and resolved it that way temporarily, but I still cannot get a solution that can help without compromising the firewall.

It’s also very cumbersome to do this for 50+ LXC containers over and over, even with running systemd scripts a problem might happen in the future

If you guys have any experience with this it would help a lot.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

[Thread #136 for this comm, first seen 6th Mar 2026, 09:50] [FAQ] [Full list] [Contact] [Source code]

I might have a solution for you by doing what I’m doing. I’m running OPNSense as my firewall as well. I have one NAT:Port Forward rule for torrents (I really am seeding linux iso torrents) and that is it. Any services I’m hosting outside the network are done using Cloudflare tunnels from either a Cloudflared instance or from the LXC itself. This method has fixed my issues with Plex outside of my network since I was able to turn off “Remote Access” and make it available to my friends/family through a “Custom server access URL” (in the network settings, looks like: https://plex.domain.url,http://192.168.1.xx:32400/). No messy NAT rules to complicate things.

I am also using tailscale, but I don’t terminate it on my firewall. I terminate Tailscale on another host inside my network, you could probably use an LXC container. It’s a Debian system with Tailscale installed, routing enabled (https://tailscale.com/docs/features/subnet-routers), and set up as an exit node and subnet router. On OPNSense, I set up a Gateway on the LAN interface pointing to my Debian Tailscale router node. Then I pointed the remote networks of my family to the Tailscale router using the routes in OPNSense. Fortunately, for me (and because I set them up), they are all different networks.

The benefit to this method is also that when remotely reaching my services, the traffic looks to the services on my network as if they are coming from the Tailscale router and so return there instead of trying to go out my firewall. Tailscale maintains the tunnel through the firewall so it really isn’t a participant in the tailnet. The only issue I’ve really had had been DNS with the Tailscale Magic DNS wanted to respond instead on my internal DNS servers. I’ve got MagicDNS disabled. but it always messed stuff up. The way I fixed it was to put tailscale on my Adguard container and make it’s tailscale IP the first DNS server, followed by the internal IP addresses of my DNS servers (192. addresses). This has worked for me pretty well.

Please let me know if you want any follow up info. I’ve been doing this for a long time. It’s my main hobby (and directly congruent to my job).

I am interested in self hosting a Personal Health Record (PHR) system. I don’t need my own EMR/EHR, I just want to be able to pull down my own data, host it, and navigate it.

For example, I’d like to be able to pull down my vitals/labs from my provider and look at trends over time. I’d like to be able to pull down my prescriptions to see when I went on/off different medications. I’d like to pull down doctor’s notes, so I can see when I first started complaining about poor sleep, to see if it correlates to any of my medications or some other health change.

I have tried Mere Medical, and it was able to pull down my information from my provider (who uses Cerner), but the functionality is quite lacking. You basically get a timeline view, but nothing to really organize or search through notes (they are mostly just linked documents), or anyway to pull down lab results and see trends.

FastenHealth has also come up in my search, but it seems the onprem is a very stripped down, limited version of their paid product.

Is anyone familiar with anything like this? Ideally, it’s be combined with a fitness tracker to pull my health data from my phone/wearables too.

Sure. But I’d also not host it publicly on the Internet, just on my local lan!

Mere was interesting, but it runs entirely offline in a browser (which is pretty cool). But, this means all data lives in your browser’s localStorage (or indexdb), which would make it hard to sync between devices.

A lot of people simply don’t have time to go the extra steps.

Instead you should be focused on secure by default design. E.g. not setting a static router password to admin admin.

It’s stupid in this day and age to continue to see default logins occur still.

simply don’t have time

Sorry, but that is no reason. That’s a bit akin to having a dog and saying: “Nah I don’t have time to walk the dog now”. Selfhosting something that is publicly available (not as in “everyone can use it” but “everyone can access it”) bears some level of responsibility. You either make the time to properly set up and maintain it, or you shouldn’t selfhost stuff.

Statistics for Strava is a self-hosted, open-source dashboard for your Strava data.

Features and improvements worth mentioning since we lasted posted here:

• Dark mode
• Added a timeline view of your key achievements and milestones over time.
• Added statistics for recording devices, giving you more insight into which devices you use for your activities
• You can now view Eddington metrics in both metric and imperial units, regardless of your default unit system
• Use compression algorithms to store data. This results in a 70% drop in used storage space
• A lot of bug fixes and quality of life improvements

As always, thanks for your feedback and I’m looking forward to more feature requests! Stay fit, stay healthy 💪

• Example: https://statistics-for-strava.robiningelbrecht.be/dashboard
• GitHub: https://github.com/robiningelbrecht/strava-statistics
• Docs: https://statistics-for-strava-docs.robiningelbrecht.be/#/--

You may want to look at the supported devices on this project. It’s an app to get data to/from wearables.

Two of the supported devices are bangle.js and bangle.js 2. These are open source smart watches with GNSS and HR, which have different apps available already that I believe can record data without your phone connected, and then sync later, either to your phone or computer (not sure on that one). And you can develop your own apps too of course.

I don’t really know much more than that. I do want to get back into exercising regularly, and would like to track my progress, so I may get one myself at some point.

I’ve already looked into gadgetbridge, but all supported devices unfortunately have fairly limited functionality. I get that it’s the premise with the reverse engineering they do to make things almost work.

The bangle.js models are a fucking ugly apple watch clone, I’d never wear that thing. And I’m not looking to get an actual smartwatch, I have no need for any of that clutter or a desire to charge my watch daily or every other day.

I’ve used a coros pace 2 for a long time, definitely not private but very limited smartwatch bullshit and >week of battery with +1h of daily GPS tracked running. Not supported by gadgetbridge though.

Continuwuity - a self-hostable Matrix Homeserver - just got a new release.

Sorry, but I find it immature of you to judge a book by its cover.

Fully within your right.

Hello everyone!

Journiv is a self-hosted private journaling application that puts you in complete control of your personal reflections. Built with privacy and simplicity at its core, Journiv offers comprehensive journaling capabilities including mood tracking, prompt-based journaling, media uploads, analytics, and advanced search. All while keeping your data on your own infrastructure.

Journiv beta.21 is out with many new requested features:

• Daylio Import (#58). Watch demo
• Detailed mood, activity and goal tracking (#218, #57)
• Moment first architecture which allow users to do quick log and then add narrative later. Blogpost
• Automated goal tracking based on logged activities
• HEIC support (#215)
• OIDC Only support (#91)
• and much more…

Learn More

• Spin up Journiv
• Github
• Watch other demo videos
• Want to just try a demo? https://demo.almostadatacenter.com/ (Thanks to JasonFieldz for hosting a demo instance): username: demo@test.com password: Demo1234

I’ll be getting this as soon as it has speech journals with transcripts! Looks amazing.

Maybe that’s what we all need right now in our journalling

Hi to everyone. I’m looking for a self hosted ntfy alternative which allows file attachment to notifications on iOS, I’m already hosting ntfy but unfortunately the iOS app is very basic and it does not support attachments.

I have to try this, thanks.

That has not been my experience. I use this as described saved to the Home Screen. It notifies me as I’d expect and I regularly send attachments across devices.

So basically, I will be away from home for several weeks. Unfortunately, this became the perfect time for our home router to start acting out and factory resetting itself. We are awaiting a new router for replacement, but the time is tight.

My stuff is ethernetted in, so that connectivity isn’t an issue - the issue is that I couldn’t actually connect to the router to restore services even if it had internet by fixing all the settings including port forwarding.

What I would like would be the ability to have a VPN connected to my homelab, so I can hop on the router and restore the settings if this issue happens while I’m away. Any ideas?

To delegate the responsibility of securing login data. You can also use an external OIDC provider.

Thank you, I set this up and it works 🙂

Progress so far - https://mander.xyz/post/47833580

My next objective is configuring Jellyfin for secure external access. It is fully operational on my LAN and is performing significantly better than the Windows instance I previously ran.

I have installed Tailscale on the Proxmox VE host shell to enable remote access and have also enabled multi-factor authentication on my proxmox account. While everything appears to be functioning properly, I am still relatively new to Tailscale and want to ensure I am implementing this securely.

My initial assumption was that I would also need to install Tailscale within the Jellyfin LXC container. However, I have encountered conflicting information suggesting this may introduce security concerns, particularly when dealing with container privileges and root access. As a result, I am uncertain whether this is the appropriate approach.

What is the recommended and secure method to provide external access to Jellyfin in this setup?

I can open the required port without issue. However, I would like to further educate myself on reverse proxy configurations, as I believe this would be the most secure and appropriate approach. Thank you!

What is the use case? Share with family and friends?

Please forgive any typos, my brian is still very much recovering. I’m not promoting anything cause nothing I’ve made yet is really worth much to anyone but my self,and everything is far from polished. I’m just sharing what I’m doing. In November ‘24, I had a mid level stroke. I’ve had issues with motor skills, headaches, and short term memory, but for the most part I’m doing quite well. For the last 6-8 months, I build a home server, (AMD 3700x, 64GB of RAM, 6TBNvME, and 2x 12TB HDD, old NVIDIA 2060. I setup up Jellyfin, ripped our 400ish Blu Rays, DVDs, and TV Shows. Setup Navidrone, and ripped our CDs, Home Assistant, AudoBookshelf, ConvertX, MeTube, and several other apps mostly discovered here. I also wrote my own app to track our large physical Media Collection that has a few api calls for pulling info about the items., a dashboard app in the style of the old iGoogle, and I’ve started working on 2 other apps, one to track medical information like blood pressure, glucose, doc appts, care team, medications, etc. The other app is for TTRPG GMs to run games that will basically be a digital GM Screen with a dozen or so tools.

I was a web developer for 20 years before the stroke so I had some previous entry level experience with this type of stuff, but not on this level. Mine was more for like corporate websites. My doctor believes this process has indeed sped up my recovery significantly. So this is just a post to say thanks for this community that has given me tons of ideas for things to try.

I hope you get better! Im not active in community, not even a tech savy. I also didnt come up with something to share with community but I like the homelabing hobby (or movement if I can call this like that).

Jellyfin is such a badass app! I borrowed huge DVD’s collection from my grandpa (he had a store back in days) so I have like a bunch of movies only on my Pi5 with Radax (wchich is my only homelab device lol).

Again. I hope you get better fellow stranger from the internet!

https://lemmy.wtf/pictrs/image/892020a1-63a3-45c3-b42b-722ab84085d7.gif

Been there done that. It’s much harder than it seems from this post. Your brain suffered severe damage, getting it to work again as good as possible takes huge amounts of energy and will power. Good job bro! (Watch yourself, don’t over do it)