https://www.youtube.com/@cooptonian His Authentik videos are top notch and they (Authentik) have also had him make some for them. One of those videos, I can’t recall shows you how to do this, I think it may be the 2FA/MFA one. I use Authentik and can login with fingerprint login without using my UN/PW first. It’s pretty slick.

I am a former IT Desktop drone…er…support worker… I used to swap towers for my local municipality back when Windows XP was being replaced with 7. I saw passwords on post-its attached to the monitor, mouse pad, and even under the keyboard or keyboard drawer (I had to get under desks to do the swap). Our policy was to remove those whenever we saw them and trash them in a different can across the building or a different one. They have a standard 90 day password cycle and most people couldn’t handle that. I would answer the phone often to 'unlock" their account after 3 attempts. My all time favorite when I would help an end user with software was when I would encounter someone’s “God Mode” icon for some of the registry hacks that used to float around. Everyone had Admin privileges (ironically), so it wasn’t really needed anyway.

Their primary server admins and IT folks in the main office were Top notch though. Never any downtime and the main security guy was very strong in making sure everything was adhered to. We, as desktop support didn’t have the master password to decrypt a laptop which was GPG protected and had to bring it to him if we had a user which locked themselves out. With great consternation, only a few machines would be allowed to XP and those were VLAN’d and isolated from the outside world.

The rest of the server admins handled everything with ease seemingly. The fun part was when they had a third party come in and do a security audit. No problems on the server side, but it wasn’t a success. They did the 'ol drop a flash drive randomly in different locations test. Knowing human nature, they knew someone would pick it up, plug it in and be baited with an excel file which looked like it had financials. Unbeknownst to the user, it sent a ping to their reporting server and the drive ID. Which was later reported back. They also did physical security penetration tests - walk in behind you type of thing. I remember seeing a group of guys non company ID badges try to follow me into the main IT office. I stopped them and asked who they were and what they wanted (this was a Govt building), and the look of confusion mixed with satisfaction from them that I stopped them was priceless. I let the head IT guy know who was at the door and left it up to them to unlock it for them.

I now work in a help desk position for a software company and miss those days of desktop support. But, I know for a fact that I.T. Guys an Gals don’t get enough recognition. They are the understated backbone of a company’s well-being especially when holidays and weekends are prime time for systems to fail and they are practically on call no matter what.

I am testing it and it seems to run every 5 minutes to sync. Handles standard IMAP and POP inboxes. No auth for main page, so they caution appropriately to avoid public facing web exposure. They are planning on adding more support for Gmail and the like:

https://github.com/bandundu/email-archiver/issues/6

It installs by default in debug mode which may or may not be a red flag depending on your security model.

The email search is fast, but could use work, I will say it is VERY early in development. But for downloading email for later storage, it should do. It stores your e-mails in a SQLite database in the same directory as the installer, so if you want to manipulate the compose file a bit, it should be able to point to your desired storage directory. With that said, I also was able to add a TZ= directive so my logs at least are a bit cleaner with timestamps to match my timezone, something they have not added.

If you wish to access this remotely before they add a public facing login, protect it with a SSO solution or other front facing login setup so it would not be accessible. Or securely access it via Wireguard, TailScale, or Headscale.

I use Proxmox and don’t use Truenas. My setup is basically to install Cockpit on the host server via apt-get and then the 45 Drives cockpit-sharing plugin. This provides the NFS and Samba sharing I need and use. I host Home Assistant in a VM and Docker containers in a few LXC containers which host about 10 containers each. Then, in combination with https://tteck.github.io/Proxmox/ you can set up pretty much anything you need from there.

This is on in computer terms, ancient; a 13 year old Dell Optiplex 990 with 16gb Ram and software such as Authentik and Vaultwarden from different dedicated LXC containers. Never have any issues with overload of the system resources or running out of memory. It’s pretty much rock solid.

Tailscale is but since you already tried them, maybe headscale that’s supposed to be the self hosted version of Tailscale that someone wrote, so you have better odds at less latency! https://headscale.net/

Zerotier? Not sure -https://www.zerotier.com/ can speak more to this.

If behind CGNAT and forwarding is not an option, Headscale, Tailscale or ZeroTier may be an option. I use Tailscale and it have ZERO forwarding on and can access anything on my network when connected through it. Think of these as Wireguard on Steroids. :)

As Another Proxmox user - I’ve been doing well with it. I use these scripts for the LXC’s which has been fantastic:

https://tteck.github.io/Proxmox/

I also can log into it from the web as it’s secured by Authentik, SSO OIDC login when Away from home and need to manage it. Rare! But the option is there! :)

The older IDE drives with the 5.25" platters and smaller ones make great wind chimes. The laptop ones are a bit .ore fragile due to thinner material. Years ago, we used to do this with a few of them.

If the app supports SSO and allows user creation, then it’s just a matter of passing the user claims such as username or email which the app expects from your provider.

I use Authentik as my solution, which uses a GUI for user management and supports all major SSO options, from MFA, to OIDC, SAML, LDAP and more.

Xpipe https://xpipe.io/ is an alternative it runs and stores your data locally on your machine and not web based. I’ve been playing with that a bit, it does auto discover Containerized apps and you can sort of exec into them to run commands and also browse the directories of your containerized apps with a simple click in a File type GUI. It uses your OS’s default Terminal application so it won’t bring any extra with you so it’s more native to your OS.

I’ve been a Konsole user on KDE for a few years now and it’s pretty much what I’ve been used to. Trying out Xpipe now and Termius about a year ago, I can say that Xpipe is stronger in it’s ability to interface with my containerized apps (Docker), but lacks the polish that Termius has visually. They both get the job done, but at the end of the day, I still reflexively just hit my Ctrl+Alt+T key combo to log into my machines.

Then, for a whole different take, SSWifty! https://github.com/nirui/sshwifty - Instead of launching an app, deploy this on your server, and then use your browser’s session to securely access your sites.

I got lost with setting up a nice inbox downloader to store all my emails on a HDD attached to my RPI4, but haven’t quite mastered the SMTP server part or found the right software to run on it. It’s currently powered off waiting for a reflash of the SD Card so I can try again. The end goal for mine is to set up fetchmail and have it grab from my inboxes then imap capabilities so I can read it in Thunderbird. (Don’t talk to me about webmail, I know it’s the way but I’m older than Star Wars (Original one) and am stuck in my ways. Now get off of my lawn!

Seriously though, I have tinkered with it before as an AdguardHome Server, but somehow, my latency increased so I dropped that. Most of it’s life was spent hosting Home Assistant on it until I moved that to the umm…more controversial Proxmox VM method. I’m also on the fence about setting up the Raspberry Pi Nextcloud on it. (Maybe).

Here is a good resource for 36 different things you could possibly do with yours.

Anytype is amazing, but when they give you these super long passkeys to decrpyt? That makes having to either memorize the something like 12 short words, and keep them in the exact order they tell you, you sort of have to put them in a notebook (ironically), password manager or whatever you choose to store it.

It needs to be self hosted - no docker containers that I can find.

https://github.com/streetwriters/notesnook-sync-server

Based on this, it’s not yet available. I use Joplin server for my stuff and have been wanting to move away to a web based platform as I tend to reinstall my OS every few months and like to be able to dial in my self hosted instance and reference for what I need.

I live in a suburb of Portland and in an apartment. Our management is nice enough to provide a covered space (a luxury!) for a single car. I got to thinking about EV’s and if all of a sudden everyone here was driving them, there would be no place to charge them, but then why not place a charger in front of each parking space? Problem solved. Then, the managers would probably assess an additional fee on top of the already high rents for monthly charging privileges.

Living in this area does have it’s advantages, you can drive just a short distance to the local library and hit up the chargers, there, or go to the stores and always find an open charger or two

I get and will readily admit that most cities don’t have this so I appreciate the concern over EV charging stations. I don’t know much about them as I drive a dinosaur powered Honda so it’s not yet in my radar. :)

Since you didn’t include a link to the source for your recommendation:

https://github.com/canonical/lxd

I’ve been on Proxmox for 6 or so months with very few issues and have found it to work well in my instance, I do appreciate seeing another alternative and learning about it too! I very specifically like Proxmox as it gives me an actual IP on my router’s subnet for my machines such as Home Assistant. So instead of the 192.168.122.1 it rolls a nice 192.168.1.X/24 IP which fits my range which makes it easier for me to direct my outside traffic to it. Does this also do this? Based on your screenshots, maybe not, IDK.

Constructively speaking, when I see this in almost every change log, it scares me away. :)

[BREAKING CHANGE]

But I will check it out sometime this week or next. :)

Probably the only true way of knowing is by setting up an EXTERNAL host somewhere on a VPS or maybe a reputable VPS provider. Then, on that provider, set up Uptime Kuma, or if you don’t want to go through that trouble and don’t mind a potential 10 minute gap in knowing, https://uptimerobot.com/ which checks every 5 minutes and sends an alert.

Once you do this, unless you have a Static IP, you will want to register with a DDNS provider so you can then tell the uptime service to ping your DDNS host which should echo back . If your internet is down, it won’t echo back and then it will trigger their alert. Of course, this won’t work if your IP changes, so staying on top of that is key unless you use a router which auto updates it which a lot do now days.

Or, if you use Cloudflare Tunnels, it can be configured to alert you when the tunnel is down or unhealthy (A.K.A. No internet or the server is rebooted).

I will update my OP soon, but with the help of Dave811@lemmy.today here I was able to resolve my domain to my machines at least through Cloudflare using the ‘’’ --accept-routes’‘’ tag in my tailscale up command. This then, allowed me to point the A Record to the IP for the machine which Tailscale gives. I will have more details on this later this weekend or maybe sooner. I’m still working on resolving my password manager being exposed through Tailscale which I figured out this morning, so I need to migrate that over to a new LXC container. Then, after that - I’m ready to move away from CF once I copy my existing tunnel mappings over to the A name records with Porkbun. (shoot! I might just write a new post about this so anyone can glean from it when I’m done). Its still very much a Work in Progress.

Understood! I have subnet routing enabled as well. First thing I did when I realized my phone couldn’t access my local server once connected to Tailscale. :)

Simply put - I won’t risk making my work’s IT mad by logging into my machinename.tailscale-defined.ts.net. I don’t know if it’s blocked there, but you never know with IT polices and such. I’ve already been able to get through to my foo.example.com address without issue so I’m letting a sleeping dog alone so to speak.

Also, I think it’s easier to tell someone to go to videos.example.com than machinename.tailscale-defined.ts.net. :)