this post was submitted on 08 Oct 2024
167 points (97.2% liked)

Selfhosted

40329 readers
395 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.

My questions are to those of you who self-host, firstly: why?

And how do you mitigate the risk of your internet going down at home and blocking your access while away?

BitWarden's paid tier is only $10 a year which I'm happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn't need any additional hardware.

you are viewing a single comment's thread
view the rest of the comments
[–] jeena@piefed.jeena.net 60 points 1 month ago (5 children)

I use KeePassXC and use syncthing to sync the database to each devise I own. This way I always have the newest version if the database everywhere and don't need to worry about Internet access at all.

[–] sxan@midwest.social 12 points 1 month ago (2 children)

This is what recommend as well. The various KeePasses all to pretty good jobs of merging databases, in case of sync conflicts, and you can utterly ignore whether you're online or not. Plus, there's a really fantastic tool, written by a veritable genius of a developer, that lets you use a KeePass DB as a secret service on your desktop.

[–] downhomechunk@midwest.social 5 points 1 month ago

You delicious bastard! Thanks for the rook tip.

[–] nialv7@lemmy.world 3 points 1 month ago (1 children)

But keepassxc already provides a secret service ootb?

[–] sxan@midwest.social 1 points 1 month ago (1 children)

KeePassXC can't be run in headless mode, and the GUI is tightly coupled to the app. You have to have all of X installed, and have a display running, to run it.

Here's the runtime dependencies of KeePassXC:

linux-vdso.so.1
libQt5Svg.so.5
libqrencode.so.4
libQt5Concurrent.so.5
libpcsclite.so.1
libargon2.so.1
libQt5Network.so.5
libQt5Widgets.so.5
libbotan-3.so.5
libz.so.1
libminizip.so.1
libQt5DBus.so.5
libusb-1.0.so.0
libQt5X11Extras.so.5
libQt5Gui.so.5
libQt5Core.so.5
libX11.so.6
libstdc++.so.6
libm.so.6
libgcc_s.so.1
libc.so.6
/lib64/ld-linux-x86-64.so.2
libgssapi_krb5.so.2
libproxy.so.1
libssl.so.3
libcrypto.so.3
libbz2.so.1.0
liblzma.so.5
libsqlite3.so.0
libdbus-1.so.3
libudev.so.1
libGL.so.1
libpng16.so.16
libharfbuzz.so.0
libmd4c.so.0
libsystemd.so.0
libdouble-conversion.so.3
libicui18n.so.75
libicuuc.so.75
libpcre2-16.so.0
libzstd.so.1
libglib-2.0.so.0
libxcb.so.1
libkrb5.so.3
libk5crypto.so.3
libcom_err.so.2
libkrb5support.so.0
libkeyutils.so.1
libresolv.so.2
libpxbackend-1.0.so
libgobject-2.0.so.0
libcap.so.2
libGLdispatch.so.0
libGLX.so.0
libfreetype.so.6
libgraphite2.so.3
libicudata.so.75
libpcre2-8.so.0
libXau.so.6
libXdmcp.so.6
libcurl.so.4
libgio-2.0.so.0
libduktape.so.207
libffi.so.8
libbrotlidec.so.1
libnghttp3.so.9
libnghttp2.so.14
libidn2.so.0
libssh2.so.1
libpsl.so.5
libgmodule-2.0.so.0
libmount.so.1
libbrotlicommon.so.1
libunistring.so.5
libblkid.so.1

I don't know why it links to a systemd library. Here are the runtime dependencies of rook:

linux-vdso.so.1
libresolv.so.2
libc.so.6
/lib64/ld-linux-x86-64.so.2

Don't get me wrong: KeePassXC is one of my favorite programs. But don't leave it running all the time, and it can't be run on headless systems.

[–] nialv7@lemmy.world 2 points 1 month ago (1 children)

I see, thanks for explaining. So IIUC, rook is intended for headless systems?

[–] sxan@midwest.social 1 points 1 month ago

I use it for everything, but then, I wrote it. All of the desktop secret service tools have desktop dependencies (Gnome's uses Gnome libraries, KDE's pulls some KDE libraries) and run through DBUS; since I don't use a DE, it's a fair bit of unnecessary bloat. And I don't like GUI apps that just hang around in the background consuming resources. I open KeePassXC when I need to make changes to the DB, and then I shut it down. Otherwise, it hangs out in my task bar, distracting me.

Rook is for people who want to run on headless systems, or want to minimize resources usage, or don't use a desktop environment (such as Gnome or KDE), or don't run DBUS, or don't run systemd. It's for people who don't want a bunch of applications running in the background in their task bar. KeePassXC providing a secret service is great, but it's overkill if that's most of what it's providing for you, most of the time.

I don't think took is for everyone, or even for most people. It's for people who like to live mostly in the command line, or even in VTs.

[–] dan@upvote.au 5 points 1 month ago* (last edited 1 month ago)

don't need to worry about Internet access at all.

For what it's worth, Bitwarden caches the database for offline use, so it works fine without internet access too. When you get internet access again, it'll sync with the server.

This is the answer.

I use syncthing to sync between devices.

[–] Pika@sh.itjust.works 2 points 1 month ago* (last edited 1 month ago)

this is what I do as well, along with file staging so if I corrupt it by accident I don't lose the entire DB

Currently I have it on my server as grab only, and then normal access on my clients with staging

[–] teawrecks@sopuli.xyz 1 points 1 month ago

Agreed with using keepass. If you're one person accessing your passwords, there's no reason you need a service running all the time to access your password db. It's just an encrypted file that needs to be synced across devices.

However, if you make frequent use of secure password sharing features of lastpass/bitwarden/etc, then that's another story. Trying to orchestrate that using separate files would be a headache. Use a service (even if self-hosted).