Tywele

joined 1 year ago
[–] [email protected] 2 points 4 weeks ago

I agree. And if you want some level of convenience and some level of privacy I think Apple is the way to go.

For example I have the skills to use GrapheneOS but I just don't want to deal with it and I want to still be able to use NFC payments. So iOS is the next best thing.

[–] [email protected] 6 points 1 month ago

No, you are correct. If you are the only person accessing the service you don't need to open any ports since you access your network via Wireguard anyway.

[–] [email protected] 7 points 1 month ago (1 children)

Well, Microsoft has at least.

[–] [email protected] 17 points 1 month ago (2 children)

This hurts to read

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (7 children)

What is the best practice currently?

[–] [email protected] 6 points 1 month ago* (last edited 1 month ago) (1 children)

Where do you live that you HAVE to learn manual? Here in Germany you have a choice of either learning manual or automatic. If you learn automatic though you are only allowed to drive automatic cars and if you learn manual you are allowed to drive both.

[–] [email protected] 1 points 1 month ago

Due to YouTube Music being included in that it's way too expensive for just removing ads. They need to add a tier that's cheaper to just remove ads.

[–] [email protected] 1 points 1 month ago

It took me about a month maybe.

[–] [email protected] 1 points 1 month ago (1 children)

It tries to install the associated package when given a path to a configuration file.

17
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
 

Solution: I just had to create the file

I wanted to install Pi-Hole on my server and noticed that port 53 is already in use by something.

Apparently it is in use by systemd-resolved:

~$ sudo lsof -i -P -n | grep LISTEN
[...]
systemd-r    799 systemd-resolve   18u  IPv4   7018      0t0  TCP 127.0.0.53:53 (LISTEN)
systemd-r    799 systemd-resolve   20u  IPv4   7020      0t0  TCP 127.0.0.54:53 (LISTEN)
[...]

And the solution should be to edit /etc/systemd/resolved.conf by changing #DNSStubListener=yes to DNSStubListener=no according to this post I found. But the /etc/systemd/resolved.conf doesn't exist on my server.

I've tried sudo dnf install /etc/systemd/resolved.conf which did nothing other than telling me that systemd-resolved is already installed of course. Rebooting also didn't work. I don't know what else I could try.

I'm running Fedora Server.

Is there another way to stop systemd-resolved from listening on port 53? If not how do I fix my missing .conf file?

[–] [email protected] 21 points 1 month ago (2 children)

It's not impossible for them to do. They just don't want to do it.

[–] [email protected] 2 points 2 months ago (1 children)

I can't remember the last time I connected my phone to my computer via USB to transfer files. I bet the vast majority are the same.

[–] [email protected] 12 points 2 months ago

Don't spend energy on things you can't change anyway. Don't let perfect be the enemy of good (enough).

 

I'm a beginner in networking things but due to my ISP I can only open a certain range of ports in my router to be accessible from the outside of my network (something like ports 11000-11500).

That means I can't open port 443 to access my reverse proxy from the outside. Is it possible to redirect all traffic that's coming from one of the ports in the range to port 443 of my server?

I haven't found that possibility in my router (Fritzbox 7530) so is there a way to do this on my server (running Fedora Server)?

 

Link them and write a short sentence to describe what they are about.

 

I have used FreshRSS before but I was always annoyed that some sites don't provide RSS feeds and that even if they provide feeds they don't provide the whole content through it and only a preview.

What do you recommend for the perfect RSS setup? What are you using? Which app are you using to read them?

 

After getting fed up with TrueNAS (after it borked itself for the third time and I would have had to set it up AGAIN) I decided to learn Ansible and write a playbook to setup my homeserver that way.

I wanted to share this playbook with you in case someone might find it useful for their own setup and maybe someone has some tips on things I could improve.

This server will not be exposed to the public/internet. If I want to access a service on it from outside my home network I have Wireguard setup on my router to connect to my home network from anywhere.

Keep in mind that I'm relatively new to sysadmin stuff etc so don't be too harsh please 😅

10
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]
 

Edit: I found the solution. I was missing a few environment variables.

These are the functioning Ansible tasks to deploy Immich:

Solution

- name: create Immich network
  community.docker.docker_network:
    name: immich-network
    state: present

- name: deploy Immich-Redis
  community.docker.docker_container:
    name: immich-redis
    image: registry.hub.docker.com/library/redis:6.2-alpine@sha256:84882e87b54734154586e5f8abd4dce69fe7311315e2fc6d67c29614c8de2672
    restart_policy: always
    networks: 
      - name: immich-network

- name: deploy Immich-Postgres
  community.docker.docker_container:
    name: immich-postgres
    image: registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    restart_policy: always
    volumes:
      - "{{ nvme_mount_point }}/immich/postgres:/var/lib/postgresql/data"
    env:
      POSTGRES_DB: "{{ immich_postgres_db_name }}"
      POSTGRES_USER: "{{ immich_postgres_db_user }}"
      POSTGRES_PASSWORD: "{{ immich_postgres_db_password }}"
    networks: 
      - name: immich-network

- name: deploy Immich-Machine-Learning
  community.docker.docker_container:
    name: immich-machine-learning
    image: ghcr.io/immich-app/immich-machine-learning:release
    restart_policy: always
    volumes:
      - "{{ nvme_mount_point }}/immich/model-cache:/cache"
    networks: 
      - name: immich-network
    env:
      DB_DATABASE_NAME: "{{ immich_postgres_db_name }}"
      DB_USERNAME: "{{ immich_postgres_db_user }}"
      DB_PASSWORD: "{{ immich_postgres_db_password }}"
      DB_DATA_LOCATION: "{{ nvme_mount_point }}/immich/postgres"
      DB_HOSTNAME: immich-postgres
      REDIS_HOSTNAME: immich-redis

- name: deploy Immich-Microservices
  community.docker.docker_container:
    name: immich-microservices
    image: ghcr.io/immich-app/immich-server:release
    restart_policy: always
    command: ['start.sh', 'microservices']
    volumes:
      - "{{ hdd_mount_point}}/immich/library:/usr/src/app/upload"
      - /etc/localtime:/etc/localtime:ro
    networks: 
      - name: immich-network
    env:
      DB_DATABASE_NAME: "{{ immich_postgres_db_name }}"
      DB_USERNAME: "{{ immich_postgres_db_user }}"
      DB_PASSWORD: "{{ immich_postgres_db_password }}"
      DB_DATA_LOCATION: "{{ nvme_mount_point }}/immich/postgres"
      DB_HOSTNAME: immich-postgres
      REDIS_HOSTNAME: immich-redis

- name: deploy Immich-Server
  community.docker.docker_container:
    name: immich-server
    image: ghcr.io/immich-app/immich-server:release
    restart_policy: always
    command: ['start.sh', 'immich']
    volumes:
      - "{{ hdd_mount_point}}/immich/library:/usr/src/app/upload"
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "2283:3001"
    networks: 
      - name: immich-network
    env:
      DB_DATABASE_NAME: "{{ immich_postgres_db_name }}"
      DB_USERNAME: "{{ immich_postgres_db_user }}"
      DB_PASSWORD: "{{ immich_postgres_db_password }}"
      DB_DATA_LOCATION: "{{ nvme_mount_point }}/immich/postgres"
      DB_HOSTNAME: immich-postgres
      REDIS_HOSTNAME: immich-redis

I'm trying to install Immich via Ansible and so far so good. The containers are all running and as long as I don't try to access it the logs all look fine but as soon as I try to access the GUI I get the following error spammed in the immich-server container log and the browser just shows a timeout and doesn't connect to the GUI.

[Nest] 7  - 05/02/2024, 9:20:45 AM   ERROR [TypeOrmModule] Unable to connect to the database. Retrying (5)...
Error: Connection terminated due to connection timeout
    at Connection.<anonymous> (/usr/src/app/node_modules/pg/lib/client.js:132:73)
    at Object.onceWrapper (node:events:632:28)
    at Connection.emit (node:events:518:28)
    at Socket.<anonymous> (/usr/src/app/node_modules/pg/lib/connection.js:63:12)
    at Socket.emit (node:events:518:28)
    at TCP.<anonymous> (node:net:337:12)
Error: connect ETIMEDOUT
    at Socket.<anonymous> (/usr/src/app/node_modules/ioredis/built/Redis.js:170:41)
    at Object.onceWrapper (node:events:632:28)
    at Socket.emit (node:events:518:28)
    at Socket._onTimeout (node:net:589:8)
    at listOnTimeout (node:internal/timers:573:17)
    at process.processTimers (node:internal/timers:514:7) {
  errorno: 'ETIMEDOUT',
  code: 'ETIMEDOUT',
  syscall: 'connect'
}

Here are my Ansible tasks to deploy Immich:

Ansible tasks with missing ENV variables

- name: create Immich network
  community.docker.docker_network:
    name: immich-network
    state: present

- name: deploy Immich-Redis
  community.docker.docker_container:
    name: immich-redis
    image: registry.hub.docker.com/library/redis:6.2-alpine@sha256:84882e87b54734154586e5f8abd4dce69fe7311315e2fc6d67c29614c8de2672
    restart_policy: always
    networks: 
      - name: immich-network

- name: deploy Immich-Postgres
  community.docker.docker_container:
    name: immich-postgres
    image: registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    restart_policy: always
    volumes:
      - "{{ nvme_mount_point }}/immich/postgres:/var/lib/postgresql/data"
    env:
      POSTGRES_DB: "{{ immich_postgres_db_name }}"
      POSTGRES_USER: "{{ immich_postgres_db_user }}"
      POSTGRES_PASSWORD: "{{ immich_postgres_db_password }}"
    networks: 
      - name: immich-network

- name: deploy Immich-Machine-Learning
  community.docker.docker_container:
    name: immich-machine-learning
    image: ghcr.io/immich-app/immich-machine-learning:release
    restart_policy: always
    volumes:
      - "{{ nvme_mount_point }}/immich/model-cache:/cache"
    networks: 
      - name: immich-network
    env:
      DB_DATABASE_NAME: "{{ immich_postgres_db_name }}"
      DB_USERNAME: "{{ immich_postgres_db_user }}"
      DB_PASSWORD: "{{ immich_postgres_db_password }}"

- name: deploy Immich-Microservices
  community.docker.docker_container:
    name: immich-microservices
    image: ghcr.io/immich-app/immich-server:release
    restart_policy: always
    command: ['start.sh', 'microservices']
    volumes:
      - "{{ hdd_mount_point}}/immich/library:/usr/src/app/upload"
      - /etc/localtime:/etc/localtime
    networks: 
      - name: immich-network
    env:
      DB_DATABASE_NAME: "{{ immich_postgres_db_name }}"
      DB_USERNAME: "{{ immich_postgres_db_user }}"
      DB_PASSWORD: "{{ immich_postgres_db_password }}"

- name: deploy Immich-Server
  community.docker.docker_container:
    name: immich-server
    image: ghcr.io/immich-app/immich-server:release
    restart_policy: always
    command: ['start.sh', 'immich']
    volumes:
      - "{{ hdd_mount_point}}/immich/library:/usr/src/app/upload"
      - /etc/localtime:/etc/localtime
    ports:
      - "2283:3001"
    networks: 
      - name: immich-network
    env:
      DB_DATABASE_NAME: "{{ immich_postgres_db_name }}"
      DB_USERNAME: "{{ immich_postgres_db_user }}"
      DB_PASSWORD: "{{ immich_postgres_db_password }}"

The variables are:

immich_postgres_db_name: immich
immich_postgres_db_user: postgres
immich_postgres_db_password: postgres

for testing purposes.

I'm currently running this on a Hyper-V VM running Fedora 39 Server Edition.

I don't know how to fix this issue, can someone help me?

I found this issue on the Immich GitHub where I found a possible fix regarding the firewall that it might block something but it didn't really help.

So I'm thankful for any ideas you can throw my way. Tell me if you need any more info.

Edit: Overlooked an error in the log and added it to the post.

 

cross-posted from: https://lemmy.dbzer0.com/post/19310012

Hello,

I need some help here. I've been trying to write my own Ansible playbook to setup my homeserver. The storage devices on this server are 1 NVMe SSD and 2 HDDs which I want to setup as a mirror. I want to setup all storage devices as either BTRFS or ZFS but I'm having trouble finding the correct modules to use in Ansible for this.

I have also found some roles in Ansible Galaxy but those are either not explained enough for me to use and seem overwhelming to use (especially in comparison to the terminal commands that are needed to setup the BTRFS volumes or ZFS pools). But just using the builtin command module in Ansible somehow feels wrong and not the right way to go about this.

Can someone point me in the right direction? Right now I think I will prefer using BTRFS.

29
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

What do you use for offsite backup? Since best practice recommends 3 copies on 2 different devices where one device is offsite.

I thought about renting a storage box from Hetzner to use as an offsite backup but I was curious what you are using. And also if there might be some cheaper alternatives to my proposed solution that are equally as easy to setup.

 

Edit: SOLUTION: I had to use 127.0.0.1 and port 81 for the proxy host that points to the NPM admin page

I'm trying to follow this tutorial from Wolfgang's Channel: https://www.youtube.com/watch?v=qlcVx-k-02E but I'm using Nginx Proxy Manager (NPM) on TrueNAS Scale.

I managed to get the SSL certificate working (the challenge is successful) but after setting up the proxy host for NPM I'm unable to reach the WebUI of NPM like he does in the video after setting that up.

This is the setting for my proxy host.

But when trying to access the WebUI through the domain name all I get is 504 Gateway Time-out. Does anyone know what I did wrong?

Nginx Proxy Manager is also properly setup to use ports 80/443. So when I access the IP address without any port I get sent to the default site of NPM.

 

Hi,

I wanted to forward the port to my Traefik install on my TrueNAS server. Unfortunately I have now learned that my ISP restricts the range of ports that I can open externally to 12396-12415, so internally I can open port 443 to port 12400 externally. So far so good, but how do I point my Cloudflare DNS record to this port?

My router is a Fritzbox 7530 if that's relevant.

 

To be clear I'm a beginner and I'm a bit overwhelmed with all the information I found and not completely sure if the information I found is up to date or outdated and I figured I would just ask here to get some clear answers.

What I want to achieve:

  • have TrueNAS Scale web GUI and installed apps like Nextcloud or Photoprism be remotely accessible
  • have that remote access be secure
  • use my registered domain instead of the IP address of my server to access the TrueNAS Scale web GUI and the installed apps
  • don't have certificate warnings when accessing all this over HTTPS

Can someone explain to me how I achieve this or point me to a guide that walks me through it? I appreciate any help I can get.

I already managed to setup Tailscale and managed to access my server through that but then I got stuck on how to set it up to use my registered domain name to access the server.

So the next thing I tried was using the DynDNS of my Fritzbox but unfortunately it seems that Cloudflare (where I have registered my domain) does not provide a "update url" which the Fritzbox DynDNS GUI requires to set it up. This was to use it in combination with port forwarding and Wireguard (this is the guide I was following: https://www.wundertech.net/how-to-set-up-wireguard-on-truenas-scale/)

I also found this guide: https://notthebe.ee/blog/easy-ssl-in-homelab-dns01/ but that's for servers without TrueNAS and I don't think I'm experienced enough to transfer it and apply it to TrueNAS.

So yeah, I'm overwhelmed by information and I need help.

view more: next ›