Oh yeah rust tooling is insanely good ootb

I’m too lazy to insert the “look what they need to mimic a fraction of our power” meme here, so… Please imagine it instead.

I’m switching jobs in a couple of months, and I am SO glad to be leaving a (very well maintained!!) python codebase with type hints and mypy for a rust codebase.

It is just not the same.

Alright, thank you!

Hey, we’re also thinking about setting up authentik. Could you answer the following, where I haven’t found answers to yet: does introducing SSO impede logging into Jellyfin on a TV / phone app at all?

At this point, package management is the main differentiating factor between distro (families). Personally, I’m vehemently opposed to erasing those differences.

The “just use flatpak!” crowd is kind of correct when we’re talking solely about Linux newcomers, but if you are at all comfortable with light troubleshooting if/when something breaks, each package manager has something unique und useful to offer. Pacman and the AUR a a good example, but personally, you can wring nixpkgs Fron my cold dead hands.

And so you will never get people to agree on one “standard” way of packaging, because doing your own thing is kind of the spirit of open source software.

But even more importantly, this should not matter to developers. It’s not really their job to package the software, for reasons including that it’s just not reasonable to expect them to cater to all package managers. Let distro maintainers take care of that.

Now if Eelco Doolstra wasn’t fucking around, we could have had a super LTS NixOS - but NOOOO.

My exact thoughts lol

I am a bit confused tbh 😅

The link you send links to docker projects, the link I sent is the second one of those. Seems pretty straightforward?

But to be fair, I have never used docker for any of this. In my nix config, it’s literally just:

    services.prowlarr.enable = true;
    services.prowlarr.openFirewall = true;

There’s not really anything you need to configure host-side. Prowlarr needs to be able to communicate with sonarr and radarr (same as jackett), but otherwise it’s basically stateless.

This?

Yep, this is the answer. Set it, forget it, accidentally have your hard drive destroyed irrecoverably, and re-set everything up to the exact working state you were used to in under 15min.

It’s a fair bit of initial setup and learning, but afterwards, the word “stable” takes on a new meaning.

Yes - but I have no idea about docker, sorry. Have it running baremetal (or rather, in a proxmox VM).

Just a hunch, but in case you “only” share the directory where Sonarr puts Episode files with Jellyfin via some mount point or whatever, and not the directory where Sonarr gets them from (where the torrent client downloads to), then I can see hardlinks breaking in unexpected ways

Sorry to hear that that’s been your experience! :( My installation has been running for ~5 years without any problems

Yeah no worries - I discovered Prowlarr from that exact same comment years ago so jumped at the opportunity to post it here 😆

Real question is, why Jackett instead of Prowlarr? 😄

Take a look at Kavita for selfhosting bools!

Named mine after “objects” from Iain M. Banks’ Culture Novels.

Currently I have:

• gsv
• hub
• excession
• drone

Nice and short, and map roughly to the “power level” of the hardware, so to speak.

And my Yubikeys are named after Special Circumstances agents 😄

In that case I can really highly recommend it. Nixos on the server is fantastic anyways, and the only hurdle to recommending simple-nixos-mailserver is that most people are not familiar with nix… 😄

It’s a bit unconventional maybe, but I vote simple-nixos-mailserver - IF you are curious / willing to learn nix. It’s essentially just sanely configured dovecot, postfix, rspamd.

My config for those three combined is about 15 lines, and I have never had an issue with them. Slap on another 5-10 lines for Roundcube as a webmail client.

Since it’s Nix, everything is declarative, so should SOMETHING happen to the server, you can be up and running again super quickly, with the exact same setup.

Fail2ban allows you set different actions for different infringements, as well as multiple ones. So in addition to being put in a “local” jail, the offending IP also gets added to the cloudflare rules (? Is that what its called?) via their API. It’s a premade action called “cloudflare-token-multi”

We expose about a dozen services to the open web. Haven’t bothered with something like Authentik yet, just strong passwords.

We use a solid OPNSense Firewall config with rather fine-grained permissions to allow/forbid traffic to the respective VMs, between the VMs, between VMs and the NAS, and so on.

We also have a wireguard tunnel to home for all the services that don’t need to be available on the internet publicly. That one also allows access to the management interface of the firewall.

In OPNSense, you get quite good logging capabilities, should you suspect someone is trying to gain access, you’ll be able to read it from there.

I am also considering setting up Prometheus and Grafana for all our services, which could point out some anomalies, though that would not be the main usecase.

Lastly, I also have a server at a hoster for some stuff that is not practical to host at home. The hoster provided a very rudimentary firewall, so I’m using that to only open necessary ports, and then Fail2Ban to insta-ban IPs for a week on the first offense. Have also set it up so they get banned on Cloudflare’s side, so before another malicious request ever reaches me.

Have not had any issues, ever.

Might even be worth checking if https://github.com/NixOS/nixos-hardware has a straight-up fix for the issue.