Self hosted SSH key repository?
vegetaaaaaaa @ vegetaaaaaaa @lemmy.world Posts 8Comments 253Joined 2 yr. ago
vegetaaaaaaa @ vegetaaaaaaa @lemmy.world
Posts
8
Comments
253
Joined
2 yr. ago
Thanks, you make an interesting point, I will have another look at it.
track [...] number of contributors
That would be an interesting stat, noted https://github.com/awesome-selfhosted/awesome-selfhosted-data/issues/35. Github API rate limits will make it a bit tricky to update regularly though (https://github.com/nodiscc/hecat/issues/112), but it can definitely be done - even if it's not updated every day.
would imagine that would be scriptable - the script could be included in the awesome list repo, and run periodically.
The next version of the list will be based on https://github.com/awesome-selfhosted/awesome-selfhosted-data (raw YAML data), so much easier to integrate with scripts. There is already a CI system running at https://github.com/awesome-selfhosted/awesome-selfhosted-data/actions, and a preview of an enriched export at https://nodiscc.github.io/awesome-selfhosted-html-preview/ that take stars/last update dates and other metadata into account. This will all go live "soon".
Perhaps you could consider forks, stars, and followers as “votes” and sort each sub category based on the votes.
it’s easier for readers of the list to quickly find the “most used” options.
This would exclude (or move to the bottom of the list) all projects that are not hosted on these (mostly proprietary) platforms. Right now only metadata from Github is being parsed, in the future it will expand to Gitlab, maybe Gitea instances or similar, but it will take time and not all platforms have these stars/followers/forks features. This would also induce a huge bias as Github projects will have a lot more forks/followers/... than projects hosted on independent forges. Star counts can also (and absolutely are) manipulated by some projects that want to get "trending".
Also popularity != quality. A project whose code is hosted on cgit can be as good or even better than a project on Github (even more in the context of self-hosting...).
Just an idea off the top of my head. You may have already thought about it, and/or it may be full of holes.
It was a good idea :) But as you can see, it has its flaws.
https://github.com/awesome-selfhosted/awesome-selfhosted/issues/3558 Remember that some projects are feature-complete/mature/simple enough that they don't need much maintenance. Check if they still have active users/work as advertised before removing them.
These are usually kept for some time (or at least, not actively hunted and removed). You can also check pull requests labeled curation, or search the git log for remove.
What does that even mean?
See my reply above (https://lemmy.world/comment/1592102), that's exactly what is hard to determine objectively.
don’t I have to do another analysis and curation to decide what to use?
Yep, you do.
best
As I replied above, "best" is subjective.
But yes, alphabetical ordering is not always the most adapted.
awesome-selhosted maintainer here. This critique comes up often (and I sometimes agree...) but it's hard to properly "fix":
Any rule that enforces some kind of "quality" guideline has to be explicitly written to the contribution guidelines to not waste submitters' (and maintainers) time.
As you can see there are already minimal rules in place (software has to be actively maintained, properly documented, first release must be older than 4 months, must of course be fully Free and Open-source...). Anything more is very hard to word objectively or is plain unfair - in the last 7 years (!) maintaining the list I've spent countless hours thinking about it.
For example, rejecting new projects because an existing/already listed one effectively does the same thing would give an unfair advantage to older projects, effectively "locking out" newer ones. Moreover, you will rarely find two projects that have the exact same feature set, workflow, release frequency, technical requirements... and every user has different needs and requirements, so yeah, users of the list are expected to do some research to find the best solution to their particular needs.
This is of course, less true for some categories (why are there so many pastebins??). But again, it's hard to find clear and objective criteria to determine what deserves to be listed and what does not.
If we started rejecting projects because "I don't have a need for it" or "I already use a somewhat equivalent solution and am not going to switch", that would discard 90% of entries in the list (and not necessarily the worst ones). I do check that projects being added are in a "production-ready" state and ask more questions during reviews if needed. But it's hard to be more selective than we already are, without falling in subjective "I like/I don't like" reasoning (let's ban all Nodejs-based projects, npm is horrible and a security liability. Let's also ban all projects that are so convoluted and impossible to build and install properly that Docker is the only installation option. Follow my thoughts?)
Also, Free Software has always been very fragmented, which is both a strength and a weakness. The list simply reflects that.
Another idea I contemplated is linking each project to a "review" thread for the software in question. But I will not host or moderate such a forum/review board, and it will be heavily brigaded by PR departments looking to promote their companies software.
A HTML version is coming out soon (based on the same data) that will hopefully make the list easier to browse.
I am open to other suggestions, keeping in mind the points above...
250+ self hostable apps
1268 exactly.
You can help cleaning up the list of unmaintained projects by working on this issue
Load balancers/Reverse peoxies - Caddy, Traefik.
https://github.com/awesome-selfhosted/awesome-selfhosted#web-servers -> https://github.com/awesome-foss/awesome-sysadmin#web
Missing DNS server “blocky” which I find way better than Pi-Hole.
Listed at https://github.com/awesome-selfhosted/awesome-selfhosted#dns
- https://docs.influxdata.com/telegraf/v1.24/
- https://grafana.com/docs/
- https://community.influxdata.com/
- https://community.grafana.com/
I have a similar setup (all hosts sending logs through syslog protocol to a central collector), but the collector is graylog. A few years back it used to use Grok expressions, but now it has its own filter syntax. My notes on extractors/grok patterns are still there (unfold details). Can't help you much more than that, sorry!
I tried OpenLDAP but Jesus that was very involved.
OpenLDAP is easy :) Once you understand LDAP concepts.
Check this and read through the tasks/ directory (particularly openldap.yml and populate.yml. It sets up everything needed for an LDAP authentication service (if you don't use ansible you can still read what the tasks do and you should get a pretty good understanding of what's needed, if not let me know).
In short you need:
slapd(the OpenLDAP server)- set up a base LDAP directory structure (OUs/Organizational Units, I only use 3 OUs:
system,usersandgroups) - an admin user in the LDAP directory (mine is
admindirectly at the base of the LDAP directory) - (optional but recommended) a so-called
binduser in the LDAP directory (unvprivileged account that can only list/read users/groups) (mine isbindunder thesystemOU) - (optional) groups to map users to their roles (e.g. only users in
access_jellyfinare allowed to login to jellyfin) - actual user accounts, member of one or more groups if needed
When you login to an application/service configured to use the LDAP authentication backend, it connects to the LDAP directory using the bind user credentials, and checks that the user exists (depending on how you configured the application either by name, uid, email...) , that the password you provided matches the hash stored in the LDAP directory, optionally that the user is part of the required groups. Then it allows or denies access.
There's not much else to it:
- you can also do without the
bindaccount but I wouldn't recommend it (either configure your applications to use theadminuser in which case they have admin access to the LDAP directory... not good. Or allow anonymous read-only access to the LDAP directory - also not ideal). slapdstores its configuration (admin user/password, log level...) inside the LDAP directory itself as attributes of a special entity (cn=config), so to access or modify it you have to use LDIF files and theldapadd/ldapmodifycommands, or use a convenient wrapper like the ansible modules tools used above.- once this is set up, you can forget LDIF files and use a web interface to manage contents of the LDAP directory.
- OUs and groups are different and do not serve the same purpose, OUs are just hierarchical levels (like folders) inside your LDAP tree. groups can contain multiple users/users can have multiple groups so they're like "labels" without a notion of hierarchy. You can do without OUs and stash everything at the top level of the directory, but it's messy.
- users (or other entities) have several attributes (common name, firstname, lastname, email, uid, password, description... it can contain anything really, it's just a directory service)
- LDAP is hierarchical by nature, so user with Common Name (CN)
jane.doein OUusersin the directory for domainexample.orghas the Distinguished Name (DC)cn=jane.doe,ou=users,dc=example,dc=org. Think of it like/path/to/file. - to look for a particular object you use filters which are just a search syntax to match specific entities (object classes) (users are
inetOrgPersons, groups areposixGroups...) and attributes (uid,cn,email,phonenumber...). Usually applications that support LDAP come with predefined filters to look for users in specific groups, etc.
- apache - web server/reverse proxy + PHP-FPM interpreter
- rsnapshot - remote/local backup service
- dnsmasq - lightweight DNS server
- gitea - Git service/software forge
- graylog - log capture, storage, real-time search and analysis tool
- custom homepage/dashboard
- jellyfin - media center
- jitsi - video conferencing and screen sharing
- libvirt - virtualization toolkit
- dovecot - IMAP mailbox server
- matrix + element-web - real-time communication server and web client
- netdata - lightweight real-time monitoring and alerting system
- rsyslog/lynis/debsecan/fail2ban/various log and security scanners...
- mumble - low-latency VoIP/voice chat server
- nextcloud - file hosting/sharing/synchronization and collaboration platform
- openldap + ldap-account-manager + self-service password - LDAP directory server and web management tools
- postgresql - database server
- samba - cross-platform file sharing server
- shaarli - bookmarking & link sharing
- ssh/sftp - remote access and file transfer
- transmission - bittorrent client/web interface
- tt-rss - web-based news feed reader
- wireguard - fast and modern VPN server
All running on Debian 11/12 physical hosts, VMs or VPS, deployed and managed through https://xsrv.readthedocs.io
what I voted for and how
I think you're mistaken, as far as I understand, any server that federates with your home lemmy instance has access to what posts/comments you've up/downvoted: https://lemmy.world/comment/704895
This by itself makes it very easy for "malicious" server operators to profile users.
kbin makes it very clear through the /votes/up /votes/down pages attached to each post/comment - lemmy doesn't show this information in the UI, but you can get it easily by federating your own server with the instance of the user you want to profile.
Agree with the rest.
I run two nextcloud instances for this exact purpose (set up using this role so it's not more complex to manage than just one instance).
Personal instance on home server, shared instance on rented VPS. When I want to share a file/folder I just copy it to the VPS instance and use the "share by link" feature.
A plain postgres database with one of the many database management/airtable-like user interfaces on top?
https://github.com/awesome-foss/awesome-sysadmin#monitoring
I use netdata (agent only, not the cloud/SaaS stuff)
gitea switching to a for-profit
It did not "switch to a for-profit". The company structure only exists to provide a way to hire gitea developers for paid work. The project owners are still elected by contributors: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md#technical-oversight-committee-toc
File synchronization is not a backup.
I use ansible for that: https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html
Keys stored alongside my playbook in a git repository.