

How do you enforce consistent backups of the database? Do you dump the data periodically? Copying the data on the docker volume won’t give you consistent ( and possibly corrupted ) backups IIRC if the database itself isn’t stopped.


How do you enforce consistent backups of the database? Do you dump the data periodically? Copying the data on the docker volume won’t give you consistent ( and possibly corrupted ) backups IIRC if the database itself isn’t stopped.
Email notification and the like usually don’t work out of the box and require SMTP configuration. This is usually available in the app admin consoles or configurable through Environment variables in the console.
I’m not running it ( and I haven’t checked it for Monica HQ ), but those would be the first things I’d look for.
The .env.example file shows SMTP settings. The example file notifies to a logfile rather than an email.
https://github.com/monicahq/monica/blob/main/.env.example
# Mailing
# Set the MAIL_MAILER to 'smtp' if you want to send emails.
MAIL_MAILER=log
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=hello@example.com
MAIL_FROM_NAME="${APP_NAME}"
MAIL_REPLY_TO_ADDRESS=hello@example.com
MAIL_REPLY_TO_NAME="${APP_NAME}"
I have no clue as I’ve not set this up myself unfortunately. :(
There are also certain Linux distros have SElinux enabled ( like red hat or fedora ). This could also block docker from accessing the file if it is enabled.
You’d have to search online how to set a policy in selinux to allow it.
SElinux does not appear in Ubuntu/Debian based distros.
Easiest check would be to run getenforce. If it works and it returns 1 it’s enabled and possibly the culprit.
You can try running your docker after running setenforce 0. This will temporarily disable it until a restart IIRC. You can enable it again by setting it to 1.
I wouldn’t recommend disablint it permanently
I think if the source path doesn’t exist, docker will mount a directory ( IIRC, but not 100% sure ).
Can you triple check if the path to your wg0.conf file on your host actually exists and that the path is definitely correct?
stat /home/docker/test/Wireguard/wg0.conf


That’s cool. I’ll look into that


Here’s an alternative: https://www.opendesk.eu/en No guarantees though. But it looks nice.
I’m not affiliated with opendesk in any of way


Interesting. Thanks for that insight :)


Personally? No I’ve never bought a cert before. Given there’s free alternatives and it’s a homelab it doesn’t make sense. Otherwise I’ve used them on AWS, where ACM also just provides them for free.
What you’re saying is that certificate providers will still charge you and provide certificates for a year, but just provide you with N certificates to span that year?
E.g. if the duration is 45 days then they will give you 365/45 certificates ?


Don’t worry they’ll reduce the cost of certificates proportionally to the longevity of the certificate.
Right? Anybody?
<< Cricket noises >>
Edit: obviously not LE, but other certificate vendors.
Hetzner has been solid for me ( and eu based if that is relevant for you ).


Connections timing out have always been a firewall issue for me.
Client sends packet, firewall drops packet, client waits for a reply that’ll never come. Client times out.
I would check firewall logs or temporarily disable it to see if it works without it.
so yeah check the firewall on the server, the client and in between ( if any ). That’s what I would do.


I’m trying to wrap my head around your comment to understand. What exactly do you mean by supply chain sploit risk?
The tool is using 3rd party libraries and those libraries could be used to introduce vulnerabilities in the app?
I think it’s MAC based, but I’m not sure
Specifically talking about the FireTV, 99% sure the app doesn’t have a Killswitch, I’ve checked. I use it all the time on PC and Mobile though :)
Ah! I can’t get a fire stick here so no experience with that.
Setting up the VPN on the router sounds great, but can home routers (I have Cox) flash VPN software on them (thought they couldn’t)?
The asus router I have has a feature called VPN fusion. I specifically bought a set of routers for my home that are in front of my ISP router because I wanted a single SSID and wanted to set my own DNS servers without having to specify them per device . They (ISP) keep restricting features on their router ( can barely do anything on them nowadays ). Also switching ISPs became easier as any config is done in my devices rather than theirs.
Also is it MAC or IP filtering (would I have to set a device to static IP) for deciding which devices use the VPN tunnel? How good is it about switching servers (like if a server I’m connected to is on maintenance or is overloaded)? Not too worried about the web issues, can always hop back on the regular Wi-Fi and use the app.
I THINK it’s Mac based, but I really can’t say. I named the devices on my router and they keep reconnecting as the same device. Either that or it uses some combination of info from the device to identify it.
E.g.: my work MacBook should switch MAC addresses every time it connects to a WiFi, but it’s consistently identified by my router.
Additionally, they have some routers that are supported by custom firmware ( asuswrt-merlin ). Mine don’t support it unfortunately. https://www.asuswrt-merlin.net/
Protonvpn has a Killswitch: https://protonvpn.com/support/what-is-kill-switch
A kill switch is available to all Proton VPN users on Windows, macOS, Linux, iOS and iPadOS. Newer versions of Android now have built-in kill switch feature, as explained below.
Please note that our regular kill switch feature can’t protect you if you intentionally disconnect from a VPN server. However, the feature does protect you while switching servers with Proton VPN.
Our Windows and Linux apps now also feature an Advanced kill switch. In addition to protecting you from accidental VPN disconnections, this prevents you from accidentally using the internet without the VPN turned on, and it will persist when you shut down and restart your device. You will not be able to connect to the internet if you manually disconnect the VPN without also disabling Advanced kill switch.
or are you in a different scenario where that doesn’t work?
I’ve configured my router to set up a VPN connection to proton ( wireguard config ). I then decide which devices gonout without vpn and which with VPN. ( Default being with VPN ). If the wireguard tunnel happens to go down, the devices can’t surf the web.
RDBMS shines on getbyId queries. Queries where the value starts with should also work well. But queries where the word is in the middle of the value or column generally don’t perform well. Since it’s just for personal use that might not matter too much. If you’re querying on exact values it’ll go pretty smooth. If you’re querying on ‘deniro’ while the value contains ‘bob deniro’ and others it’ll be less performant. But it’s possible it works well enough for your case.
Elasticsearch is well known for text searches and being incredibly flexible with queries and filtering. https://www.elastic.co/
Manticore is one that’s been on my check-it-out for I don’t know how long. It looks great imo: https://manticoresearch.com/
Open search: https://opensearch.org/
Disclaimer: I haven’t really used any RDBMS systems extensively for years so it’s possible there are some that added support for full text searches being more performant.
Aleph also seems to be able to cross reference data between documents. I don’t think any of the ones listed above do this. But I also don’t know if this is part of your requirements.
If just one or those passwords gets leaked you might find a lot of other ones get cracked as well.
It may not be sites that you care about. But using a password manager is a lot less effort and a lot safer than whatever technique the average Joe will come up with.
Any password that leaks which could indicate a potential system ( e.g.: sitename in lower/upper/leetspeak) makes the whole thing even more vulnerable.
Just use something. Bitwarden, vault warden, keepassxc, …
Knowing my social circle I’d recommend bitwarden. Even paying for it costs a measly 10$/year, while the free version is very usable in itself. And generating passphrases or 32char passwords will be a lot safer than whatever the hell they can come up with.
Just avoid the default browser ones, big tech and LastPass.


Maybe one of these is interesting? I have no actual experience with them though:
https://github.com/DumbWareio/DumbBudget
They should all be self-hostable.
Edit: I don’t know of these all match your criteria. Maybe finance looks pretty Sleek imho. I just dread the thought of exporting my transactions and importing them because my bank is forking horrible w.r.t. integrations.
And logging in every time to do a CSV export is just annoying.
Edit 2: formatting


Huh. Didn’t even know about this. Maybe I’ll browse their episode list to see if there are some episodes that are interesting.
deleted by creator
There is also this: https://github.com/alangrainger/immich-public-proxy
I think your immich gallery can even be private ( though the public proxy would need to be able access it ).
I have no experience with it though.