this post was submitted on 15 Feb 2025
192 points (99.0% liked)

Selfhosted

42631 readers
356 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
192
What's up, selfhosters? - Sunday thread (slrpnk.net)
submitted 5 days ago by [email protected] to c/[email protected]
228 comments fedilink hide all child comments
 

It's Sunday somewhere already so why wait?

Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.

I'll post my ongoing things later/tomorrow but I didn't want to forget the post again.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 4 days ago (2 children)

I have a family member across the country that wants to break from Google and really isn't the type to self-host themselves, and I connect to my self hosted NextCloud solely through TailScale.

NextCloud permissions seem easy enough, but I'm researching how to add them to my Tailnet safely to avoid potential compromise of my network if something happens to their system.

Presuming this involves ACLs, which look intimidating, but I'm doing some research on that.

[–] [email protected] 6 points 4 days ago* (last edited 4 days ago) (1 children)

ACLs are not a bad as they look.

Get your nextcloud instance hooked into tailscale

You just need a sample file

Group for admins, add yourself

Tag owner for internal is admins Tag owner for nextcloud is admins

Action accept, src admin, dst *:*

Action accept, src nextcloud, dst nextcloud *.

Then tag your nextcloud ts connection as nextcloud in the webadmin

Tag all your other clients admin in the webadmin

Note: you can't just paste what I put here you need to find a viable template and then follow along. I'm on a mobile device where I would give you something more finalized

Edit: tag your fam client as nextcloud

Something like this:
I stripped down one of my configs, I took out SSH, I don't think it requires it

{
	"groups": {
		"group:admins": [
			"[email protected]",
		],
	},

	"tagOwners": {
		"tag:admin":    ["group:admins"],
		"tag:nextcloud": ["group:admins"],
	},

	"acls": [

		{
			"action": "accept",
			"src":    ["tag:admin"],
			"dst":    ["*:*"],
		},

		{
			"action": "accept",
			"src":    ["tag:nextcloud"],
			"dst":    ["tag:nextcloud:*", "autogroup:internet:*"],
		},

	],

}
[–] [email protected] 2 points 3 days ago (1 children)

Thanks! This is very helpful! I really appreciate it! :D

[–] [email protected] 3 points 3 days ago

No problem. They really should spend about 10 hours having somebody make a GUI for it

[–] [email protected] 2 points 4 days ago (2 children)

Is exposing it to the internet not an option? Boarding more family members on could be cool.

[–] [email protected] 2 points 3 days ago

It might be some way, however not easily. My mega-corpo ISP blocks incoming connections on common hosting ports, because they want to ~~keep the network safe~~ sell expensive home-business plans. Lol

I'm also very amateur at this as I go along, and I'm not sure I'm ready to deal with the fallout of missing some security step and getting my server botted or ransomwared lol.

I haven't done the hardware stuff with setting up my own router/firewall box either, for instance.

So Tailscale works really well for me by seemingly magically bypassing a lot of that nonsense and giving me less to worry about. They allow 3 users for free, but have a relatively inexpensive family plan for like 6 users as well, if that becomes necessary.

I mainly just need to tell them not to try and use my server as an exit node if they're across the country 😂.

But yeah definitely, I'm using this as a way to test the waters for running service alternatives as the web we knew collapses around us lol. I'm not ready to be running something people really rely on yet, though. :)

[–] sugar_in_your_tea 4 points 4 days ago

I expose mine for convenience, and I use multiple layers of security to reduce risk:

  • Cloudflare protections at edge
  • IP filtering at VPS
  • connection from VPS to NAS is over Wireguard
  • TLS handled in my network (so no snooping at VPS)
  • all exposed services are in containers with minimal access

That cuts most of the issues.