I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure.

My desired setup:

• 2 Sata SSDs boot drives in a ZFS mirror
• 1 NVME SSD for L2ARC and VM storage
• 3 HDDs in a RAIDz1 for backups and general large storage
• 1 (maybe more added later) HDD for Camera NVR VM.

I'd prefer every drive encrypted with native ZFS encryption automatically decrypted by either TPM 2.0 or manually by a passphrase if needed as a backup.

Guide I found:

I found a general guide on how to do something similar but it honestly went over my head (I'm still learning) and didn't include much information about additional drives: Proxmox with Secure Boot and Native ZFS Encryption

If someone could adapt that post into a more noob friendly guide for the latest Proxmox version, with directions for decryption of multiple drives, that would be amazing and I'm sure it would make an excellent addition to the Proxmox wiki ;)

My 2nd preferred setup:

• 2 Sata SSDs boot drives in a ZFS mirror with LUKS encryption and automatic decryption with clevis.
• All other drives encrypted using ZFS native encryption with ZFS key (keys?) stored on LUKS boot drive partition.

With this arrangement, every drive could be encrypted at rest and decrypted on boot with native ZFS encryption on most drives but has the downsides of using LUKS on ZFS for the boot drives.

Is storing the ZFS keys in a LUKS partition insecure in some way? Would this result in undecryptable drives if something happened to ZFS keys on the boot drive or can they be also decrypted with a passphrase as a backup?

As it stands right now, I'm really stuck trying to figure this out so any help or well written guides are heavily appreciated. Thanks for reading!

Hi there!

I‘m running a somewhat developed home server setup and add more services every month.

But this thing eludes me:

I have 2 IP cameras for my pet room (I have a couple bearded dragons in terrariums).

The cameras are fenton 351.150

I can stream many different formats to home assistant or the browser. I also tried multiple apps like viseron (which is pretty cool) and agentdvr from ispy (which always makes the hair on my neck stand up since it looks like it was cobbled together).

But what doesnt work is controlling the camera, mostly. I believe agentdvr could do that but I‘m really unhappy about that app. Also, it pushes monetization very hard albeit seeming to be open source.

I also found this: https://medevel.com/10-cctv-open-source-solutions/

Does anyone have experience with a non-jank and non-pushy cctv solution that lets me control the cameras instead of just streaming?

Have a good one!

Obviously, the closer to AGPL, the better, in my opinion. But I'll run some MIT, if the product is sufficiently better, for my use case, than the alternative. For example, I want a multilibrary photo album. Photoprism (AGPL) doesn't offer it, but Immich (MIT) does. As soon as Photoprism has that functionality, I'll switch back simply for the license.

My hard line is open source. I don't use any proprietary solutions.

I've seen that searxng has been recommended here, and after trying it out I was so impressed that I spun up a docker container on my Unraid box. Opensearch works fine with public instances, but I can't get it to work with my container. I'm using the official docker image. Is there something I should watch out for?

I set the instance name, and passed environment variables with SEARXNG_URL and SEARXNG_BIND_ADDRESS.

cross-posted from: https://lemmy.ml/post/1800585

I assume many of you host a DMS such as Paperless and use it to organise the dead trees you still receive in the snail mail for some reason in the year of the lord 2023.

How do you encode your scans? JPEG is pretty meh for text even at better quantisation levels ("dirty" artefacts everywhere) and PNGs are quite large. More modern formats don't go into a PDF, which means multiple pages aren't possible (at least not in Paperless).

Discussion on GH: https://github.com/paperless-ngx/paperless-ngx/discussions/3756

Just thought I'd share this since it's working for me at my home instance of federate.cc, even though it's not documented in the Lemmy hosting guide.

The image server used by Lemmy, pict-rs, recently added support for object storage like Amazon S3, instead of serving images directly off the disk. This is potentially interesting to you because object storage is orders of magnitude cheaper than disk storage with a VM.

By way of example, I'm hosting my setup on Vultr, but this applies to say Digital Ocean or AWS as well. Going from a 50GB to a 100GB VM instance on Vultr will take you from $12 to $24/month. Up to 180GB, $48/month. Of course these include CPU and RAM step-ups too, but I'm focusing only on disk space for now.

Vultr's object storage by comparison is $5/month for 1TB of storage and includes a separate 1TB of bandwidth that doesn't count against your main VM, plus this content is served off of Vultr's CDN instead of your instance, meaning even less CPU load for you.

This is pretty easy to do. What we'll be doing is diverging slightly from the official Lemmy ansible setup to add some different environment variables to pict-rs.

After step 5, before running the ansible playbook, we're going to modify the ansible template slightly:

cd templates/

cp docker-compose.yml docker-compose.yml.original

Now we're going to edit the docker-compose.yml with your favourite text editor, personally I like micro but vim, emacs, nano or whatever will do..

favourite-editor docker-compose.yml

Down around line 67 begins the section for pictrs, you'll notice under the environment section there are a bunch of things that the Lemmy guys predefined. We're going to add some here to take advantage of the new support for object storage in pict-rs 0.4+:

At the bottom of the environment section we'll add these new vars:

  - PICTRS__STORE__TYPE=object_storage
  - PICTRS__STORE__ENDPOINT=Your Object Store Endpoint
  - PICTRS__STORE__BUCKET_NAME=Your Bucket Name
  - PICTRS__STORE__REGION=Your Bucket Region
  - PICTRS__STORE__USE_PATH_STYLE=false
  - PICTRS__STORE__ACCESS_KEY=Your Access Key
  - PICTRS__STORE__SECRET_KEY=Your Secret Key

So your whole pictrs section looks something like this: https://pastebin.com/X1dP1jew

The actual bucket name, region, access key and secret key will come from your provider. If you're using Vultr like me then they are under the details after you've created your object store, under Overview -> S3 Credentials. On Vultr your endpoint will be something like sjc1.vultrobjects.com, and your region is the domain prefix, so in this case sjc1.

Now you can install as usual. If you have an existing instance already deployed, there is an additional migration command you have to run to move your on-disk images into the object storage.

You're now good to go and things should pretty much behave like before, except pict-rs will be saving images to your designated cloud/object store, and when serving images it will instead redirect clients to pull directly from the object store, saving you a lot of storage, cpu use and bandwidth, and therefore money.

Hope this helps someone, I am not an expert in either Lemmy administration nor Linux sysadmin stuff, but I can say I've done this on my own instance at federate.cc and so far I can't see any ill effects.

Happy Lemmy-ing!

Greetings, self-hosting enthusiasts and welcome to the Selfhosted group on Lemmy! I am Fimeg, your tour guide through the labyrinth of digital change. As you’re likely aware, we’re witnessing a considerable transformation in the landscape of online communities, particularly around Reddit. So let’s indulge our inner tech geeks and dive into the details of this issue, and explore how we, as a self-hosting community, can contribute to the solution.

The crux of the upheaval is a policy change from Reddit that’s putting the existence of beloved third-party apps, like Reddit is Fun, Narwhal, and BaconReader, in jeopardy. Reddit has begun charging exorbitant fees for API usage, so much so that Apollo is facing a monthly charge of $1.7 million. The ramifications of these charges have resulted in an outcry from the Reddit community, leading to a number of subreddits planning to go dark in protest.

These actions have pushed many users to seek out alternative platforms, such as Lemmy, to continue their digital explorations. The migration to Lemmy is especially significant for us self-hosters. Third-party applications have long been a critical part of our Reddit experience, offering unique features and user experiences not available on the official app.

As members of the Selfhosted group on Lemmy, we’re not just bystanders in this shift - we have the knowledge, skills, and power to contribute to the solution. One of the ways we can contribute is by assisting with the archiving efforts currently being organized by r/datahoarder on Reddit. As self-hosting enthusiasts, we understand the value of data preservation and have the technical acumen required to ensure the wealth of information on Reddit is not lost due to these policy changes.

So, while we navigate this new territory on Lemmy, let’s continue to engage in productive discussions, share insights, and help to shape the future of online communities. Your decision to join Lemmy’s Selfhosted group signifies a commitment to maintain the spirit of a free and open internet, a cause that is dear to all of us.

Finally, in line with the spirit of the original Reddit post, if you wish to spend money, consider supporting open-source projects or charities that promote a free and accessible internet.

With that, let’s roll up our digital sleeves and embark on this new journey together. Welcome to the Selfhosted group on Lemmy!