https://lemmy.ml/u/chobeat posted on Feb 25, 2026 11:37
On my Lan I have 192.168.1.111 hosting a bunch of various services not containerized. All connections are done either from my internal lan or from wireguard going through 192.168.1.111 so no external traffic bar wireguard.
I’ve set the host name of 111 in the hosts file inside the router and 111 and it works for all devices expect the ones connecting via wireguard.
But I dont want to have to use hostname+port for every service, I’d like each service to have its own name. I’d also like certs.
Can someone point me in the right direction for what I need to do? I’m thinking maybe this requires a local DNS server which im hesitant to run because im happy using 8.8.8.8.
For certs do I create a single cert on the 192.168.1.111 and then point all the applications to it?
See the section “Personal dashboards” of this great resource page I often refer to: https://github.com/awesome-selfhosted/awesome-selfhosted
I don’t see anyone else recommending it here but you can also use Traefik, that’s what I use. I’ve sein it up so that I can automatically add any docker hosted apps based on the container tags, it makes it convenient to use.
Huh. I never realised that was the cat’s leg.
Ancient language is still the bread-and-butter of mainframe systems
Yeah give me an hour or two with the documentation and I could write COBOL, look out IBM stocks! Will it be elegant or even coherent COBOL? No. Will it at least not contain heaps of in-built time bombs in the form of bugs and security flaws? Also no, but I could write it. As the other commenter said, fuck with the COBOL wizards at your own peril.
Haven’t we figured out quantum computing? Surely lithography machines can now be liquidated.
I tried googling it, but no results listed any contact info.
LMAO
LMAO.
Hello, I am currently building an arcade machine which is intended to run indie games built natively for Linux.
For that I want to use the wayland protocol because it feels like the most sensible option I have nowadays.
Currently I am using sway as I am already using it as my daily wm and it can be configured very easily into a kiosk mode. Everything works perfect and I have no problems what so ever!
Which is why I want to ask if there is a even more bare minimum setup to run Wayland apps?
I wanted to do the same for a dedicated jellyfin player box; a defunct laptop or mini PC that boots straight into the jellyfin-media-player (jellyfin desktop nowadays) in TV mode and was looking for just the bare minimum of packages to achieve this. gave up, curious how others solved it.
Weston can be configured to use a kiosk shell, which is fairly minimal
The Huntarr situation (score 200+ and climbing today) is getting discussed as a Huntarr problem. It’s not. It’s a structural problem with how we evaluate trust in self-hosted software.
Here’s the actual issue:
Docker Hub tells you almost nothing useful about security.
The ‘Verified Publisher’ badge verifies that the namespace belongs to the organization. That’s it. It says nothing about what’s in the image, how it was built, or whether the code was reviewed by anyone who knows what a 403 response is.
Tags are mutable pointers. huntarr:latest today is not guaranteed to be huntarr:latest tomorrow. There’s no notification when a tag gets repointed. If you’re pulling by tag in production (or in your homelab), you’re trusting a promise that can be silently broken.
The only actually trustworthy reference is a digest: sha256:.... Immutable, verifiable, auditable. Almost nobody uses them.
The Huntarr case specifically:
Someone did a basic code review — bandit, pip-audit, standard tools — and found 21 vulnerabilities including unauthenticated endpoints that return your entire arr stack’s API keys in cleartext. The container runs as root. There’s a Zip Slip. The maintainer’s response was to ban the reporter.
None of this would have been caught by Docker Hub’s trust signals, because Docker Hub’s trust signals don’t evaluate code. They evaluate namespace ownership.
What would actually help:
The uncomfortable truth: most of us are running images we’ve never audited, pulled from a registry whose trust signals we’ve never interrogated, as root, on our home networks. Huntarr made the news because someone did the work. Most of the time, nobody does.
One thing that sucks about that is you might miss an upgrade that needed to happen before a large version jump later. It’s pretty rare but I believe I’ve seen a container break like that and the upgrade was misery.
Fair! I’m not giving enough credit to the fact that some applications don’t really have another option than to run root for some dependencies
“This was supposed to be my vacation, I was so excited for this gun battle, wtf?”
-US tourists maybe
As an American currently in Mexico, I lold
Airport advertising sign, looks like they forgot to make the looping video full screen.
Photographer @mosspiglet@discuss.online
i love proxying images!!! i love proxying images!!!
I cannot express into words how much a loath Lemmy’s image proxying system
Ollama is now also possible.
