w33k in g33k: July 04, 2025

Miscellaneous

• Getting Docker API working on a new host:
  • Needing the certificate – create the CA first:

openssl genrsa -aes256 -out Docker_API-CA.key.pem 4096
openssl req -new -x509 -days 365 -key Docker_API-CA.key.pem -sha256 -out Docker_API-CA.cert.pem

- Getting a client certificate:

openssl genrsa -out $service-client.key.pem 4096
openssl req -subj '/CN=$service-client' -new -key $service-client.key.pem -out $service-client.csr
echo extendedKeyUsage = clientAuth > extfile-$service-client.cnf
openssl x509 -req -days 365 -sha256 -in $service-client.csr -CA Docker_API-CA.cert.pem -CAkey Docker_API-CA.key.pem \
  -CAcreateserial -out $service-client.cert.pem -extfile extfile-$service-client.cnf

- Running the docker API on :2376 & local socket. If running rootless, this file needs to be edited: "~/.config/systemd/user/docker.service". This will use the new TLS certificate created, run the API on port 2376, AND run the local socket as well.

… Environment=DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2376:2376/tcp" ExecStart=/usr/bin/dockerd-rootless.sh
–tlsverify
–tlscacert=/.docker/certs/Docker_API-CA.cert.pem
–tlscert=/.docker/certs/Docker_API-Server-$hostname.cert.pem
–tlskey=~/.docker/certs/Docker_API-Server-$hostname.key.pem
-H unix:///run/user/1000/docker.sock
-H tcp://127.0.0.1:2376 …

• GitHub: notclickable-jordan / rainhold: “Seattle self-hosted server configuration”
  • I thought this might be useful if it details how to setup different services, especially ones i typically had issues with.
• Windows Central: A Microsoft engineer made a Linux distro that’s like a comfort blanket to ex-Windows users — I finally tried it, and I’m surprised how good it is
  • AnduinOS: “AnduinOS is a custom Ubuntu-based Linux distribution that aims to facilitate developers transitioning from Windows to Linux by maintaining familiar operational habits and workflows.”
  • Maybe could give this a shot with some family that uses Windows but could get away with Linux…
• GitHub: immich-app / immich: [BUG] Android version don’t lets you enable self-signed SSL certificates #5472
• GitHub: linuxserver / docker-brave: “Web accessible Brave running on top of Debian”
  • I’m already running Firefox, so might see how Brave does as well.
    • I might not have saved it, but i thought i recently saw a post on Lemmy about reasons not to use Brave… so maybe I will stay away
• EFF: Protect Yourself From Meta’s Latest Attack on Privacy: “Meta’s tracking pixel was secretly communicating with Meta’s apps on Android devices. This violates a fundamental security feature (“sandboxing”) of mobile operating systems that prevents apps from communicating with each other. Meta got around this restriction by exploiting localhost, a feature meant for developer testing. This allowed Meta to create a hidden channel between mobile browser apps and its own apps. You can read more about the technical details here.”
• Immich Frame: I was able to get this working with my Frameo frame. Needed to setup nginx to have an HTTP \ 80 entry because I couldn’t load the SSL certificate to the frame, but otherwise it’s working great.
• selfh.st: Self-Host Weekly (4 July 2025)
  • selfh.st: My Favorite Apps Launched in 2025 (So Far)
    • Papra: “Papra is the new kid on the document management block with a minimalist approach to handling important records (at least when compared to its much larger peers, Paperless-ngx and Papermerge). And while a smaller feature set may be a turn-off for some, the simplicity of the app can be a bit of a relief in the never-ending pile of documents that require scanning and organization at any given point in time.”: Website | Source Code
    • LoggiFly: “LoggiFly is a lightweight service for generating notifications based on log patterns with support for virtually every notification service via its built-in Apprise integration. The app is straightforward to deploy and makes a great alternative to some of the more complex monitoring solutions.”: Source Code
  • GitHub: maxdorninger / MediaManager: “A modern selfhosted media management system for your media library”
    • I want to give this a try if it’s meant to compete with or replace the *arr stack.
  • GitHub: Mozzo1000 / booklogr: “A simple, self-hosted service to keep track of your personal library 📚”
  • GitHub: TwiN / gatus: “⛑ Automated developer-oriented status page”
  • GitHub: jamcalli / Pulsarr: “Pulsarr: Real-time Plex watchlist monitoring and content acquisition tool. Seamlessly sync Plex watchlists with Sonarr and Radarr, featuring intelligent predicated content routing, multi-instance support, Discord, and Apprise notifications. Automate your media library management with a modern, user-friendly interface.”
  • GitHub: 7ritn / VaulTLS: “Selfhostable web app to make managing mTLS certificates a breeze”
  • GitHub: caddymanager / caddymanager: “Easily manage your Caddy2 servers using a modern web-UI, built on the MEVN stack.”
  • GitHub: Fhy40 / clarionCRM: “A simple CRM written in python flask to help manage networking opportunites. Starting off small but hoping to add more features”
  • GitHub: bluegoosemedia / composetoolbox: “Open source and self hostable docker compose editor and configuration tool”
  • GitHub: danylo829 / containery: “Powerfull, fast and lightweight container managment web application”
  • GitHub: codewec / dashlit: “DashLit is self-hosted startpage for your server.”
  • GitHub: sottey / dashuni: “Welcome to Dashuni — your universal dashboard config converter for the homelab world!”
  • GitHub: kalfasyan / desto: “tmux session manager made with nicegui”
  • GitHub: BansheeTech / HomeDockOS: “An intuitive, versatile, and powerful home server operating system for self-hosting. Featuring a curated app store and seamless multi-platform support, it’s designed to empower your personal cloud on Raspberry Pi, x86 systems, or your preferred setup.”
  • GitHub: kuvasz-uptime / kuvasz: “Kuvasz (pronounce as [ˈkuvɒs]) is an open-source uptime and SSL monitoring service, built in Kotlin”
  • GitHub: openfiletax / openfile: “A free tax tool based on IRS Direct File”
  • GitHub: RA341 / dockman: “Yet another compose manager for homelabs”
  • GitHub: RazgrizHsu / immich-mediakit: “An extension toolkit for Immich enabling advanced management capabilities through AI-powered similarity detection”
  • GitHub: Cleanuparr / Cleanuparr: “Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent, Deluge and Transmission.”
  • GitHub: sheshbabu / zen: “Selfhosted notes app. Single golang binary, notes stored as markdown within SQLite, full-text search, very low resource usage”