Reminds me of the group limit attribute in nextcloud. You could try looking at the ‘Custom profile scope’ section of https://docs.goauthentik.io/integrations/services/nextcloud/ to see if it helps to work out what to do

Exactly. I’m already thinking about pulling my pension pot out of any US investments. It’s a tiny amount but maybe we can start a movement to keep pension investments in countries and systems you believe in, not whatever mix are typically used

If we rolled back a decade, Putin wasn’t around and something happened like idk, China invaded western Russia, I can imagine us helping Russia.

I should change it to “your population is mostly white so yes you can count on us”. I say this as an English born non-white person who has seen the differences in public reactions to Ukraine and other conflicts (Syria, various African ones, Gaza etc). Can’t say for certain it’s because of this reason but certainly feels like it!

That’s a very good point and can’t believe I didn’t think of that! Surely the British army would have to protect “his majesty’s realm” or some bollocks like that.

I just read that Canada hosts Britain’s largest overseas base, although it seems to be for training purposes.

From the UK and personally, 100% yes but not sure I feel the rest of the population would agree. I mean, a lot of us turned our backs on the EU and there’s a lot of cross over with US right wing nutters.

However, I would believe that when push comes to shove, we would be generally willing to defend Canada, Australia and NZ over anyone else, and then European countries at the next level. The reaction in support for Ukraine was pretty universal here and there are still lots of donations and support that is not shared with any African, Asian or Central/South American countries having similar problems.

Basically, you’re white so yes you can count on us!

From a UK or German IP address, Google maps has it as Gulf of Mexico (Gulf of America).

We’re being dragged into this mess so will look to report it

Thanks for taking the time to reply. Will have to reconsider my choices here!

Why is it shitty? I am not trying to deny it, just really curious what it is about

After some research on here and reddit about 6 months so, I settled on Borgbase and its been pretty good. I also manually save occasionally to proton drive but you’re right to give up on that as a solution!

The hardest part was choosing the backup method and properly setting up Borg or restic on my machine properly, especially with docker and databases. I have ended up with adding db backup images to each container with an important db, saving to a specific folder. Then that and all the files are backed up by restic to an attached external drive at well as borgbase. This happens at a specific time in the morning and found a restic action to stop all docker containers first, back them up, then spin them back up. I am find the guides that I used if it’s helpful to you.

I also checked my backups a few times and found a few small problems I had to fix. I got the message from order users several times that your backups are useless unless you regularly test them.

Theres a lot of different things going on here although it sounds simple, you’re actually touching many different technologies. I started a few years ago to self host and it took me a while to get my head around these and still have issues so don’t worry too much!

Im not familiar with caddy but the ports look wrong. It would be looking for 80 and 443 presumably on the docker host (right hand side / “RHS Ports”. You could use any ports on the left hand side (“LHS Ports”).

The section “DOMAIN}:1443” might be telling caddy to be looking on port 1443 inside docker, which means the port need to be flipped around. The RHS Ports are what the service inside docker is looking to use (often these are set by the developer but they can be changed in settings, it’s easier to leave these as default and only change the LHS Ports). The LHS Ports are what you choose to expose on the actual server itself. https://docs.docker.com/get-started/docker-concepts/running-containers/publishing-ports/

Theres no mention of the router settings so the problem might be there. Are you forwarding the right ports through? You would need to forward ports 80 and 443 to the LHS Ports you choose for caddy. These port forwards would also need to point to your servers internal address. (Search “<your router name> port forward settings”)

What do you have on port 80 as I would recommend to change that to something else and have caddy on ports 80 and 443. I would also suggest trying nginx proxy manager which is available on docker, has a nice web interface to add reverse proxy’s, and can handle your SSL certificates (inc automatic renewals). This would replace caddy and would use ports 80 and 443 on your server. https://nginxproxymanager.com/

Also, just to mention, your safest option is not to expose vaultwarden to the internet unless your very sure you need to and add other protections (firewalls, fail2ban etc). If it’s just you/a few people, look into using a VPN like tailscale (easiest but relies on external party) or Wireguard (fully yours to control but pretty complicated).

You would still need an SSL cert but your can do this through DuckDNS using https://github.com/maksimstojkovic/docker-letsencrypt. You could also buy a cheap domain and never have to expose anything, as they would give you a certificate to download (cloudflare or porkbun are good - https://kb.porkbun.com/article/71-how-your-free-ssl-certificates-work) and you manually upload it to caddy or nginx proxy manager. the best option is to use nginx proxy manager or certbot to handle these as the certificates expire. You can set up “DNS challenge” in your SSL certificate manager which needs details from your DNS to obtain the SSL certificates on your behalf.

If I was you, I would search for online guides and setup in this order: nginx proxy manager, SSL cert (buying your own cheap domain from cloudflare and setting up DNS challenge in nginx proxy manager), tailscale, then vaultwarden.

Im using a free Mailgun account for all my self hosted services. Happy with it so far.

Proton only has SMTP on it’s business accounts, and you have to apply for one with a good reason (ie not for spam)

Is that true though? I use always on VPN (one of the 3 mentioned) and never had issues. I have more problems with Firefox/Fennec and adblocking add ons. I am in Europe so is this more a US issue? I get blocked sometimes because of GDPR

Very investing! I think I would pay specifically to have SSO open ID implemented on different software where the developers have said it’s not a focus so definitely interested! Will check it out

My experience has taught me not to ‘apt autoremove’ unless im really sure what they are!

Take it one software at a time. See it’s running fine then move on to another. You’ll often realise something down the line will be helpful so will go back to make changes.

Keep a running list of software and the ports used.

With docker, do not automatically do :latest on important software (nginx proxy manager, SSO software, password database, anything you use regularly, etc). I did that and was burned a few times.

Also that at some point you’ll either mess up or realise it would just be easier and start again with a fresh OS install. Keep copying data (docker compose files and persistent storage) on working software before starting a new one, or before installing anything directly onto the OS, or before major updates.

I would recommend it as it is fairly easy to understand and most Foss services give you an example to use. You can also convert docker run examples to compose (search docker composeriser) although it doesn’t always work.

I found composer files easier when learning it, to digest what is going on (ports, networks, depends_on etc) and can compare with other services to see what is missing (container name, restart schedule etc). I can then easily backup the compose files, env files and data directories to be able to very quickly get a service up again (although DBs are trickier but found a docker image that I can stick on the compose files which backups the DB dumps regularly)

Surely, they are not mutually exclusive and some form of this scheme has been in place for some countries (albeit mainly white commonwealth countries) for many years, even when the UK was in the EU.

Holy shit though, I just looked up the UK’s scheme and you have to pay almost a grand in fees (mostly NHS surcharge) and have over £2,500 in savings. I don’t want rich a-holes coming over for an extended holiday instead of normal people from more different cultures. Let’s vote for better and fairer immigration polices

I use authentik but believe it’s similar. You can create accounts for people and give them passwords, or send a welcome email asking them to register to create one. I would warn you though, not every service has the ability to use it and it does take quite some effort to get it working! It’s interesting to learn about though

I tried the readarr and other options. They work sometimes but not enough to rely on it. As others mention, there’s no standard naming and also, lots of people use their library card for Libby access. I also think there’s a bit more of a direct link to authors so I’d prefer to buy the book unless theyre super well off anyway. To be honest, I can’t see the arr’s working with LibGen having looked at the open issues on integrating it, it just doesn’t allow for scraping in the same way.

For me, I self host openbooks (uses IRC) and select a download straight away, which to be fair, is about the same time as searching / finding a TV show if you are after one book. I have exposed it behind an SSO so can access it on my phone and download the book straight away when someone gives me a recommendation. Most of the time I just add to a running note on phone and go through it every few months when I need more books.

It’s fairly quick for multiple books but not sonarr levels of ease. The downloads go into a calibre monitored folder which then does the automation (naming, conversion if needed etc). I bulk email the new books to my kindle with one click. Calibre-web is on read only for a nice browsing experience and to read on other devices if I need to (althogh no page sync). It’s a bit of manual work but I find it is not too bad and in 10 minutes I can load up enough books for months.

Occasionally IRC does not have the book so try manually searching on prowlarr, and download on sab or transmission. The downloads are almost instant so I then just wait and copy them to my downloads folder (I could probably automate this step too with tags but it’s so infrequent).

I have dynamic IP and there are several ways around it. I use Cloudflared (updates DNS records regularly) and a script I found to update duck DNS as a backup. Both very simple.

Accessing the services is not the problem, the problem is keeping them safe. I’ve tried lots of different ways (although not tailscale yet) and have a few services exposed directly to the internet behind authentik \ NPM \ Cloudflare \ fail2ban \ ufw. Others, I access through my router openvpn server, with keys for my laptop and phone as clients. There are so many guides online for all VPN types. Its just finding the right approach between ease of use vs safety

A stack of 15 floppy disks for one program. Please insert the next disk to continue (I can’t remember the exact wording). Command prompt to A:\ and having to see what the install program might be called. Bring amazed that CDs could autorun programs.