This should help
Vaultwarden itself is actually one of the easiest docker apps to deploy…if you already have the foundation of your home lab setup correctly.
The foundation has a steep learning curve.
Domain name, dynamic DNS update, port forwarding, reverse proxy. Not easy to get all this working perfectly but once it does you can use the same foundation to install any app. If you already had the foundation working, additional apps take only a few minutes.
Want ebooks? Calibre takes 10 mins. Want link archiving? Linkwarden takes 10 mins
And on and on
The foundation of your server makes a huge difference. Well worth getting it right at the start and then building on it.
I use this setup: https://youtu.be/liV3c9m_OX8
Local only websites that use https (Vaultwarden) and then external websites that also use https (jellyfin).
See me comment above
https://lemmy.ca/comment/11490137
I don’t like that obsidian not fully open source but the plugins can’t be beat if you use them. Check out some youtube videos for top 20 plugins etc. Takes the app to a whole new level.
The real power of obsidian is similar to why Raspberry Pi is so popular, it has such a large community that plugins are amazing and hard to duplicate.
That being said, I use this to live sync between all my devices. It works with almost the same latency as google docs but its not meant for multiple people editing the same file at the same time
Futo voice to text works nice and fast on my pixel 8 pro. Fractions of a second slower than google. Also that’s with the slower English 74 library (more data point, slower). They have an even larger one but the default is the smaller and faster English-39 model
This is the correct answer for the selfhosted crowd
For people wanting the a very versatile setup, follow this video:
Apps that are accessed outside the network (jellyfin) are jellyfin.domain.com
Apps that are internal only (vaultwarden) or via wireguard as extra security: Vaultwarden.local.domain.com
Add on Authentik to get single sign on. Apps like sonarr that don’t have good security can be put behind a proxy auth and also only accessed locally or over wireguard.
Apps that have oAuth integration (seafile etc) get single sign on as well at Seafile.domain.com (make this external so you can do share links with others, same for immich etc).
With this setup you will be super versatile and can expand to any apps you could every want in the future.
This right here. I tried to join Mastodon today.
Download the most recommended app, Moshidon
Open app and get asked which instance i want to join. There are no suggestions.
Do a search for instances and pick one, go to the website and register with email and password. Requires email confirmation. Still waiting on the email confirmation link, 4 hrs later and 2 resends.
Literally haven’t been able to sign up yet.
Even if it had worked, the workflow would have been to change back to the app, type out the instance then re-login.
I’m not sure how anyone expects anyone other than the most hardcore to sign up for these services. Maybe that’s the point but if the point is to grow the user sign up process to significant overall
The general principle is called single sign on (sso).
The idea is that instead of each all keeping track of users itself, there is another app (sometimes called an identity provider) that does this. Then when you try to log into an app, it takes to the to login of your identity provider instead. When the IP says you are the correct user, it sends a token to the app saying to let you access your account.
The huge benefits are if you are already logged into the IP on a browser for example, the other apps will login automatically without having to put in your password again.
Also for me the biggest benefit is not having to manage passwords for a large number of apps so family that uses my server have 1 account which gives them access to jellyfin, seafile, immich, freshrss etc. If they change that password it changes it for everything. You can enforce minimum password requirements. You can also add 2FA to any app now immediately.
I use Authentik as my identity provider: https://goauthentik.io/https://goauthentik.io/
There’s good guides to settings it up with traefik so that you get let encrypt certificates and can use traefik for proxy authentication on web based apps like sonarr. There are many different authentication methods an app can choose to use and Authentik essentially supports everything.
SSO should really be the standard for self hosted apps because this way they don’t have to worry about ensuring they have the latest security for user management etc. The app just allows a dedicated identity provider to worry about user management security so the app devs can focus on just the app.
Thank you for including oAuth options for sign on. Makes a big difference being able to use the same account for all the things like freshRSS, seafile, immich etc.
And something like this can be used as the docker server to hold the repository
https://github.com/huncrys/docker-borg-server