brewery

I just started using some docker containers I found on Docker Hub designed for DB backups (e.g. prodrigestivill/postgres-backup-local) to automatically dump from the databases into a set folder, which is included in the restic backup. I know you could come up with scripts but this way, I could easily copy the compose code to other containers with different databases (and different passwords etc).

I would recommend it as it is fairly easy to understand and most Foss services give you an example to use. You can also convert docker run examples to compose (search docker composeriser) although it doesn't always work.

I found composer files easier when learning it, to digest what is going on (ports, networks, depends_on etc) and can compare with other services to see what is missing (container name, restart schedule etc). I can then easily backup the compose files, env files and data directories to be able to very quickly get a service up again (although DBs are trickier but found a docker image that I can stick on the compose files which backups the DB dumps regularly)

I use authentik but believe it's similar. You can create accounts for people and give them passwords, or send a welcome email asking them to register to create one. I would warn you though, not every service has the ability to use it and it does take quite some effort to get it working! It's interesting to learn about though

I tried the readarr and other options. They work sometimes but not enough to rely on it. As others mention, there's no standard naming and also, lots of people use their library card for Libby access. I also think there's a bit more of a direct link to authors so I'd prefer to buy the book unless theyre super well off anyway. To be honest, I can't see the arr's working with LibGen having looked at the open issues on integrating it, it just doesn't allow for scraping in the same way.

For me, I self host openbooks (uses IRC) and select a download straight away, which to be fair, is about the same time as searching / finding a TV show if you are after one book. I have exposed it behind an SSO so can access it on my phone and download the book straight away when someone gives me a recommendation. Most of the time I just add to a running note on phone and go through it every few months when I need more books.

It's fairly quick for multiple books but not sonarr levels of ease. The downloads go into a calibre monitored folder which then does the automation (naming, conversion if needed etc). I bulk email the new books to my kindle with one click. Calibre-web is on read only for a nice browsing experience and to read on other devices if I need to (althogh no page sync). It's a bit of manual work but I find it is not too bad and in 10 minutes I can load up enough books for months.

Occasionally IRC does not have the book so try manually searching on prowlarr, and download on sab or transmission. The downloads are almost instant so I then just wait and copy them to my downloads folder (I could probably automate this step too with tags but it's so infrequent).

Given how important a router is and how easy it is for something to wrong with this, even with just a random update, I'd personally not even try this. I actually just use a tp link omada business router as my family wouldn't be too happy if the internet is broken. It has VPN and I just bought a couple access points so I can improve the WiFi whilst setting up vlans to compartmentalise smart home devices. Everything else is nice to have but if something goes wrong with the services below overnight and I need to work from home, at least I can just switch them off until I got time to fix them.

I got a cheap second hand thin client off eBay for pihole and home assistant (using proxmox), and another custom desktop acting as a headless server with the rest of my services running in docker (plex and arr stack, vaultwarden, nextcloud, imich, loads others etc. It allows flexibility so if the server goes down, or runs out of memory, or I'm messing around and broke it, my family's streaming isn't impacted.

You cannot put pihole on a router but yes, those are good ideas. A router with openwrt will have VPN settings, as do many proprietary ones. Alternatively, you could look into opnsense, which is router software on computer hardware (not a router), which you could also put pihole on. I'd say it's way more tricky though.

I have dynamic IP and there are several ways around it. I use Cloudflared (updates DNS records regularly) and a script I found to update duck DNS as a backup. Both very simple.

Accessing the services is not the problem, the problem is keeping them safe. I've tried lots of different ways (although not tailscale yet) and have a few services exposed directly to the internet behind authentik \ NPM \ Cloudflare \ fail2ban \ ufw. Others, I access through my router openvpn server, with keys for my laptop and phone as clients. There are so many guides online for all VPN types. Its just finding the right approach between ease of use vs safety

I'm hesitant about it too for the same reason but not sure if I'm being unreasonable given that I rely on so many other free services. However, this is one that would potentially have access to everything I do.

I'm watching headscale with interest until its safe enough for me to try breaking it!

Would you trust rsync.net to be around for a long time? They're doing a $540 lifetime 1TB offer which is interesting as I'm luckily in a position to do but would take 6 years plus to "pay off".

I'd much rather see this than any of the commercial adverts.

It is useful information too. Most people won't interrupt or help, and partly because they are not sure how. I saw this recently and it did make me think, if I did see something happening I have a better idea of how I can help.

It also creates an environment where you cannot justify not acting because you don't think you can help, and that we as a society are saying it is not acceptable. If one person challenges harassment that would not have done so before seeing that, I'd count it as a success.

I only use docker images supplied by the devs themselves or community maintained (e.g. Linux server.io) so they essentially tell docker what needs to be installed in the container, not me. It takes the hassle out of trying to figure out what I need to do to get the service running. If they update their app, they'll probably know best what else needs to be updated and will do that in the image. I guess you are relying on them to keep everything updated but they are way more knowledgeable than me and if there is a vulnerability, it is only in that container and not your other services.

Lots of little things really. Obviously I couldn't say for certain but they seemed to on top of it without causing us too much difficulty in doing our jobs.

Sometimes things were blocked like if a new email, or questioned after to check it was expected and followed policy. Policies were clear, and there were helpful prompts or warnings.

We were involved in something where we had to copy a sh*t load of files from a shared folder to a hard disk. There were like three automatic blocks that kicked in at different times, which was a pain at first to figure out but because we had a good reason, someone in IT just kept at it to get it done and looking back, that should have raised flags given the size of it all.

They changed from passwords changing every 6 months to no changes but had to be longer and mandatory 2FA. We were told to use keepass for all passwords for things that weren't SSO for various reasons.