This definitely took me way longer than it should have… but at least I finally have Homepage & Nebula Sync working with Pi-Hole v6 Some of the “tricky"parts that caused me a few hours of troubleshooting & headaches was because I use nginx as my reverse proxy & instead of Pi-Hole having a different setup that the rest of what’s running on that device, I wanted it to use nginx too. The first thing I had to do was update my nginx config to include the below: ...

Most of today’s posts are things I’m noting from Ethan Sholly’s site: selfh.st by Ethan Sholly: This Week in Self-Hosted (21 March 2025) GitHub: LukeGus \ Termix: Termix is an open-source forever free self-hosted server management panel GitHub: orayemre \ Notemod: Note-Taking App Free & Open Source GitHub: hamzasaleem2 \ subra-local: Manage and track all your subscriptions in one place. Take control of your recurring expenses with Subra’s powerful subscription management tools. GitHub: jt196 \ vanilla-cookbook: Vanilla Cookbook is a self hosted recipe manager built with Svelte(kit). It is designed with complexity under the hood, keeping the user experience as vanilla as possible. GitHub: openbao \ openbao: OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Homepage: Hoarder Widget: A Hoarder widget is now available, so I was trying to get that setup. widget: type: hoarder url: http[s]://hoarder.host.or.ip[:port] key: hoarderapikey Akash Rajpurohit: n8n — Powerful automation for your homelab services YouTube: Lawrence Systems: Getting Up & Running with Ollama YouTube: Christian Lempa: My NEW Homeserver for AI + Power efficiency YouTube: John Hammond: ms teams is now a C2 (command-and-control) GitHub: ronaldl29 public-domain-recipes: A recipe website with no backstories, ads, or trackers. Not really tech \ g33k related, but i thought it was interesting, so here it is 🙃 Arducam Wiki: 16MP IMX519: I picked up this camera to try & use with my RasPi5 with AI HAT+ since I seem to be having issues with the original one i bought: Amazon: Freenove 8MP Camera. We’ll see if that makes a difference & if i can come up with an actual use for the HAT since it’s not meant for local LLM’s. Again… if I had done more research ahead of time, could have found things like this: /r/ollama: Ollama models on Raspberry Pi AI Hat & Pi 5. And specifically about the Hailo-10H M.2 Generative AI Acceleration Module Buy Zero: DeepSeek on Raspberry Pi 5 (16GB): A Step-by-Step Guide to Local LLM Inference Check for processes listening on a specific port: lsof -i :$portNumber Having to fix Pi-Hole + nginx: I had to edit the nginx config to get icons working. In the server {} block, I added this line: add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'nonce-{notSureIfThisNonceIsUniqueToMeOrPiHoleSoRemovingIt}='; style-src-attr 'self' 'nonce-{notSureIfThisNonceIsUniqueToMeOrPiHoleSoRemovingIt}'"; I will be moving soon & have been trying to plan out my home network… Going from a /24 & think I’ll go with a /16, & split by client type. i.e.: Networking infrastructure, servers, clients, wireless, guests, etc. After upgrading Pi-hole to version 6, i can’t get my Homepage Pi-hole widget working anymore. So I’m still digging into that… widget: type: pihole url: http://pi.hole.or.ip version: 6 # required if running v6 or higher, defaults to 5 key: yourpiholeapikey # optional, in v6 can be your password or app password I rebuilt the “server” where I was running Proxmox just because i wasn’t getting any benefit out of it. I’m sure running it on actual server hardware would have made it more worth it, but for now I’m just going back to Ubuntu Server on that host, & directly use Docker. Previously I was running Proxmox, then an Ubuntu VM, then Docker in there… so this is just taking the overhead out. I did run into some trouble at first, but manually wiping the partitions before starting the Ubuntu Server install seemed to have fix the problem. Used my usual guide for setting up nginx + ModSecurity: LinuxBabe: How to Set Up ModSecurity with Apache on Debian/Ubuntu. Some of the versions are out-of-date, but after updating those parts it is extremely helpful each time I’ve used it. I had setup Docker in rootless mode, so I’m not sure if that’s what lead to issues with me trying to get Portainer running. Looks like I’ll be reviewing that this weekend =]

So i picked up a 16GB Raspberry Pi 5 with the AI HAT+ to play around with AI a bit, before seeing that it’s meant to mainly be used with identifying objects or positions through the camera? I was having a problem getting the camera working anyway, but I was really hoping I would be able to use it for a local LLM with Ollama, & point something like Hoarder at it to see how it did. Unfortunately, because I didn’t read enough ahead of time, it doesn’t look like that is currently possible… so i’m going to have to try & figure out another use for the device.

Ideas Track Awesome Selfhosted Updates Daily: Checking this is usually the highlight of my Friday, since I get can new ideas here. GitHub: revenz \ Fenrus: If i wanted to try out a new home page option. GitHub: notclickable-jordan \ starbase-80: Might want to look into this if it kind of watches Docker. Librum: Maybe an easier alternative to Calibre \ Calibre-Web? GitHub: Librum-Reader \ Librum-Server Leon: “Leon is your open-source personal assistant who can live on your server. He does stuff when you ask him to.” GitHub: leon-ai \ leon

AI \ LLM With all the hype around DeepSeek, I wanted to give it a try but wasn’t interested in providing my Apple or Google accounts for sign-in, nor providing my phone number… so i just looked into running the model locally. I had run Ollama in the past but didn’t do much with it, so I had to look into that again: It’s FOSS: I Ran Deepseek R1 on Raspberry Pi 5 and No, it Wasn’t 200 tokens/s: I believe I ordered the Raspberry Pi AI HAT because why not… but don’t have it yet to test. It’s FOSS: Run LLMs Locally on Raspberry Pi Using Ollama AI One reason I was trying to run an AI model locally was to try & get something where I could put all of my personal build notes, & be able to ask questions against it if I came across similar problems in the future. So that will likely be the next project I start on… It’s FOSS: Setting Up PrivateGPT to Use AI Chat With Your Documents PrivateGPT: Quickstart Docker Since i setup my Proxmox install with a VM meant for Docker, I tried to find something simple to run out of there as a test. I decided to go with Watcharr & things seemed to have gone well. The VM took a little bit of setup because I wanted to get my nginx configs, certbot, etc running, but now that it’s all setup, it was worth the work. After getting all my Docker instances into Homepage, I wanted to start looking into securing the API instead of leaving it open… I’m going to have to revisit this because it seems like it’s more complicated than it should be, but here i am. Until I can get that secured, I’m using the Portainer Agent in places where that’s possible. Linux Handbook: How to Set Up Remote Access to Docker Daemon [Detailed Guide]: The problem with this guide is that it looks like this is just to setup one remote host. What if I have multiple? GitHub: portainer / portainer: Support connecting to endpoint via integrated SSH client #431

I wish I could find something between my “original” one & something like this:

For the last week(?) or so, I noticed that i was no longer seeing icons in my Bitwarden client that is connected to my Vaultwarden install. This morning I finally decided to look into it & see how to fix it. It actually took shorter than I was expecting. I have my local services behind nginx, & just needed to make a quick update to my config, thanks to a comment by BlackDex here: GitHub: dani-garcia / vaultwarden No Icons in Desktop Clients with Vaultwarden 1.33.0 #5452 ...

Still have some time left in the week, but figured I would start to put together some of the things I was working on. Reinstalled Proxmox again on one of my hosts to see if I want to plan to move to that method of management vs. Ubuntu Server + Docker So far I haven’t done that much with it, just talking over a coworker’s setup to see if I can mirror that, but I wasn’t expecting to be leveraging VM’s + Docker within there vs. the LXC containers. If that’s the best way (because of the ability to do snapshots, etc), then I’m going to give it a try. I’m going to need to see about backups as well, since I would need to access the files on the drive of the VM vs. direct access like I have with Ubuntu Server. I did use a helper script to reconfigure a few things after the base install: GitHub: community-scripts \ ProxmoxVE I was able to get Proxmox into Homepage: gethomepage \ homepage: docs/widgets/services/proxmox.md Additional Reading: XDA: How I use Docker with Proxmox for the perfect home lab duo Tim Kye: Installing Servarr Stack with Docker Compose Got ACME working on my OpenWrt router so that it can get certificates from my internal Step-CA server on its own. Command to generate the certificate in the first place: /usr/lib/acme/client/acme.sh -d openwrt42.domain.tld --keylength 4096 --accountemail Administrator@domain.otherTLD --server https://ca.home.tld:port/acme/acme/directory --days 7 --standalone --listen-v6 --issue --home /etc/acme --pre-hook "service uhttpd stop" --post-hook "service uhttpd start" --force I’m going to have to double check the renewal process to make sure that uhttpd is stopped before & started after getting a cert, otherwise it was very similar to certbot on my other hosts. Cleaned up some of my docker-compose.yml files (well, edited through Portainer) to actually look at all my external drives for media. Since Plex likes movies to be in individual folders (instead of alphabetical, A-Z like I used to have) I had to work on that. I found the script below that will take all of the individual movie files & create folders for them, then move the file in there. the one issue is trying to get it to also move the subtitle files into that same folder so it doesn’t have to be done manually: for f in *.(mp4|mkv|avi|mov|flv|en.srt)(N); do if [ -e "$f" ]; then mkdir "${f%.*}" mv "$f" "${f%.*}" fi done I also had a command to swap colons for hyphens, just to clean that up: find . -depth -name '*:*' -exec bash -c 'mv "$0" "${0//:/-}"' {} \; Flipper custom firmware updates for my devices: GitHub: DarkFlippers / unleashed-firmware GitHub: RogueMaster / flipperzero-firmware-wPlugins Momentum Firmware I updated my Pixel Tablet to LineageOS 22.1 & even though i flashed Gapps & the Magisk-modified boot.img, I still lost root through Magisk. I did make a post on it, but I believe the issue was that I was supposed to patch init_boot.img instead of boot.img: v3ritas.TECH: Magisk-patched Boot for Pixel Tablet

Magisk-patched Boot for Pixel Tablet January 19, 2025 Just following up to an older post about getting root on the Pixel Tablet with Magisk: Upgrading LineageOS Ma Instead of using Magisk to patch & flash boot.img, you are doing it to init_boot.img. Magisk: Installation: Patching Images: Use the Magisk app to patch init_boot.img, reboot to the bootloader, flash the modified image: adb reboot bootloader fastboot flash --slot all init_boot magisk_patched-28100_<<random_string>>.img fastboot reboot When the device boots, it should now be rooted again.

January 09, 2025 I recently started setting up Cerbot to automate certificate renewals because I was tired of doing it manually, & I couldn’t figure out caddy or traefik proxy. After getting Step CA configured in Docker & playing around with that a little bit, I was able to start manually getting new certificates (created a new root CA instead of trying to import my existing) to make sure everything was working. For whatever reason, I had always run my nginx proxies on port 9443 instead of 443, which I believe did give me some problems with the verification needed by Step CA. So while updating my nginx configs to now accept traffic on port 443 for the verification, I also then had to update the certificate being used. For my “servers” that have nginx only (i.e.: Not my Pi-Hole boxes that have Apache too…), the change to 443 was not a problem. I do have some workarounds for the Pi-Hole devices. Well, after the above, I tried to start using Nextcloud on 443 but had a problem because it was not a trusted host. I run my Nextcloud instance in Docker, so it wasn’t as simple as editing config.php or straight-forward occ commands. This was ultimately how I was able to add another “trusted host”: # Check for the current list of trusted hosts: docker exec --user www-data <<container_name>> /var/www/html/occ config:system:get trusted_domains # Add a third trusted host: docker exec --user www-data <<container_name>> /var/www/html/occ config:system:set trusted_domains 3 --value <<sub.domain.tld>> # Verify the domain was added: docker exec --user www-data <<container_name>> /var/www/html/occ config:system:get trusted_domains I was able to get the details from the Nextcloud documentation (another RTFM moment) to get the exact syntax: Nextcloud Configuration: Using the occ command: Setting an array configuration value