[HN Gopher] Tipi - A personal homeserver for everyone ___________________________________________________________________ Tipi - A personal homeserver for everyone Author : thunderbong Score : 279 points Date : 2022-09-09 04:35 UTC (1 days ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | wyldfire wrote: | I have now stumbled onto "libreddit" [1]. | | > cloud Light: no JavaScript, no ads, no tracking, no bloat | | I have been an addicted reddit user since before they had user | accounts. I never had any desire to block reddit ads until the | last ~6-12 months or so when it would autoplay ads when I scroll. | I have "no thumbnails" so it doesn't show me the ad other than a | line of text or so. I have "old" reddit enabled on my account -- | this works for desktop. And now I've started using the explicit | "old.reddit.com" on mobile. But I would prefer mobile-optimized | reddit without audio ads. I will probably give libreddit a try. | | [1] https://github.com/spikecodes/libreddit | | EDIT: of course, since it's privacy focused I can't login to my | account and reddit is unbearable if you try and use it without | your account to curate the subreddits. Whoops, scratch that idea! | jneumann004 wrote: | With libressit you can subscribe to subreddits. It saves to | your browsers localhost (just like their settings), nothing is | sent to their server. | grimgrin wrote: | Just bookmark a multireddit url, ala: | https://teddit.net/r/mud+dcss+cataclysmdda (in this thread I | show you teddit, another privacy focused frontend) | | teddit does actually have a subscription concept, accountless, | but in general the multireddit solution would work for your | libreddit example | | https://teddit.net/about Teddit is a free and | open source alternative Reddit front-end focused on privacy. | Teddit doesn't require you to have JavaScript enabled in your | browser. The source is available on Codeberg at | https://codeberg.org/teddit/teddit. No JavaScript | or ads All requests go through the backend, client | never talks to Reddit Prevents Reddit from tracking | your IP or JavaScript fingerprint Lightweight (teddit | frontpage: ~30 HTTP requests with ~270 KB of data downloaded | vs. Reddit frontpage: ~190 HTTP requests with ~24 MB) | mawise wrote: | You can even aubscribe to an rss feed of a subreddit, I think | each has a rel="alternate" link to the feed url | visiblink wrote: | On an Android device, Slide allows you to add subreddits | without logging in. I follow several subreddits but have no | account. I don't see any ads. | | Go to the hamburger menu > settings > manage your subreddits. | | Another mobile option is i.reddit.com. | entropie wrote: | Did you know there is a rss feed for every subreddit? | | https://www.reddit.com/wiki/rss | visiblink wrote: | Yes, but if you want to read the comments associated with a | post, the link takes you right back to the regular reddit | site. | entropie wrote: | You can also read comments via rss, but I see that might | just be to much effort. | visiblink wrote: | I think so too. IIRC, you'd have to add a new feed for | each thread. | bityard wrote: | RedReader is also a great choice on Android, I wish there was | a native desktop version of it. | thekingshorses wrote: | You can use my personal reddit site. https://reddit.premii.com | | It has JS. Optimized for mobile. No tracking from my side. | | Open in congnito for NSFW subreddits. Enable pictures/NSFW mode | to load all pictures in line. Close it when you are done. | sorenjan wrote: | I find that old.reddit.com is ok on desktop (with uBlock | origin), and for mobile there's several third party apps that | make for a better experience than a website. I personally like | "Relay for reddit". | whalesalad wrote: | Apollo is a perfect example of a 10/10 iOS app. | nebul wrote: | > mobile-optimized reddit without audio ads | | I don't know if you've tried it already, but | https://i.reddit.com might fit the bill. | kornhole wrote: | Infinity is found in F-droid store. | Karrot_Kream wrote: | I never understood why so many of these Reddit viewers have no | JS in them (well it's generally a cultural preference among a | certain crowd, but still feels irrational.) I usually open a | forum like Reddit and have it open all day, I'd be fine with | loading a SPA and having it make background requests to fetch | API output and render them in page and give nice functionality, | as long as the code is open and there's no ads. I've been | building this myself because both Libreddit and Teddit don't | use JS. | PontifexMinimus wrote: | How does this compare with Umbrel (https://umbrel.com/) which | appears to be a similar project? | ocdtrekkie wrote: | Umbrel isn't open source, for one, and is heavily crypto | focused, as it started as a Bitcoin miner and expanded out into | being a selfhosting platform. | | Otherwise, pretty similar, it's Docker plus fancy glue. :) | PontifexMinimus wrote: | Would it make sense to merge the 2 projects, given that there | is considerable overlap? | ocdtrekkie wrote: | From my experience everyone who makes their own has some | reason they want it done their way. While I'd like to see | more selfhosting platforms collaborate, I think it's also | good we don't have a strong monoculture in the space. | electrona wrote: | 'OpenMediaVault + Portainer + Docker Compose' is my favourite | setup. | [deleted] | kevincox wrote: | There UI is frustrating to use because none of the links are | actually <a> tags but JS divs. It makes it hard to open links in | new tabs or copy them. | wnscooke wrote: | Not a fan of the name, and the image they use isn't _even_ a | tipi. | dudeinjapan wrote: | It comes from the Lakota language. | mr_woozy wrote: | chrismorgan wrote: | In their title, they use the character U+26FA TENT, which could | be depicted as any kind of tent. In the body, GitHub replaces | emoji with images for some reason, in this case a particularly | weird thing that isn't even obviously a _tent_. (I presume this | is what you're remarking on.) | | The screenshot shows what I presume is actually the logo, which | is a tipi. | croes wrote: | Do you see something different than I do? I see a typical | orange two-man tent | sakras wrote: | I feel bad that whenever I read the name I think "I AM | CORNHOLIO, I NEED TIPI FOR MY BUNGHOLE"... | croes wrote: | Just a github issue. Here it's a tipi | solarkraft wrote: | I've seen many of these, but none that were all that promising. | All I'm looking for is a thin layer over docker-compose - maybe | this is that. | singhrac wrote: | Is there a reason it needs to be started as root? In similar | self-hosted apps I've run into many issues from having scripts | run as root. Often the individual apps don't play nicely enough | with each other. | | Otherwise it looks interesting, I like the UI and the demo | instance shows the UX well. | Terretta wrote: | Agree, I feel as though it should, itself, be a container, that | manages a docker-compose file, then manages the apps using | appropriate docker-compose commands. All tested against podman | as well. | | Then the tool could be used readily on the many docker | appliances (Synology, Qnap, etc.). | feet wrote: | My guess would be docker is the reason | hatware wrote: | You don't need to run a script with sudo to use docker. This | is targeted at tech-agnostic users, really odd misalignment | of goals to ask folks who don't know what they're doing to | 'sudo run.sh'. | feet wrote: | Standard docker installation requires sudo to start | containers | unixhero wrote: | Wohey, this seems like a freebie version of https://cloudron.io | of which I really love. Can't wait to run Tipi at home. Cloudron | will still run my businesses which is has been with incredible | stability for 3 years, that includes email (sic). Not related to | cldrn only a happy customer and impressed. | kinnth wrote: | i've always wanted to get my homeserver setup to really work for | sabnzb/xbmc/kodi and all video files but it ALWAYS has never | turned out quite right. Theres always some plugin or unzip that | screws it up. | | This looks good but still doesn't look proper home media server | enabled. | chirau wrote: | ELI5: What does a homeserver allow me to do? | | I am confused as what homeservers are. It seems this one is | allowing me to run some apps. Does this mean I would otherwise | not be able to use these apps if I did not have a homeserver? | Also is there a difference between a homeserver and localhost? | kornhole wrote: | There is a saying that the cloud is just somebody else's | computer, but with your own server, it can be your computer. | You always need to trust the admin or company of any | server/cloud service you use to not abuse you in some way, but | if you are the admin, you only need to trust yourself. | | Some of these server apps are made available to others by hosts | of servers. The more people hosting servers for their friends | and family, the less we all rely on the big central services. | | I will let you lookup the definition of localhost. You will | need to learn some networking if you decide to host your own | services, and I encourage you to do so. It is fun and | empowering. | brudgers wrote: | http://localhost a loopback address for network addressing. | | It means send this from my network connection to my network | connection. | | This homeserver is kind of like a smartphone loaded with | default apps (and kinda not like that, too). | | What I mean is that this homeserver is essentially a bunch of | apps and a platform for running those apps all bundled together | to make setup easier. | | You can setup and run all the same apps yourself if you want, | but it might be a lot of melodrama for little, no, or negative | advantage (or it might not). | | The same applies to the homeserver itself. It might not make | your life easier and might make it worse. | | Which is to say it might not be for you -- it isn't for me, | because it seems like a bit of bother to address things I don't | really care about. | | But it might be perfect for other people anyway. | arjvik wrote: | I think your question is what does Tipi do? | | Essentially, it's a single-click installer and management | interface for a bunch of apps that you might want on your home | server. Tipi isn't a "homeserver" itself, but it's goal is to | let you turn any old computer (even if it's somebody's Windows | desktop while they're not heavily using it) into a home server | without needing server OS administration or related expertise. | | Admittedly, a better title is "Tipi - a personal homeserver | manager for everyone." But the idea behind the current title | seems to be that it enables everyone--regardless of hardware | and expertise--to run a homeserver. | turtleyacht wrote: | A home server is a separate machine from your main computer. It | may not be connected to a monitor, or it may be a used laptop | no one sits at. But it lives on your network at home. | | A server provides software _services_. Your router could be | considered a server: it helps your wifi devices get online and | manages the Internet connection. | | Tipi is an example of a pre-configured router, but as a server | for certain apps: by using it, you don't have to set it up | yourself. It comes with software that you can use, already | available, installed, and configured. But it is a server too-- | and running in your home, it is a "homeserver." | | You could likely use those same apps without Tipi, with varying | amounts of time spent configuring something similar. | | > Also is there a difference between a homeserver and | localhost? | | Yes, it would be different. If Tipi is running on a separate | machine (the server), its localhost may load some kind of web | control panel. However, when you visit localhost on your | personal machine, if a web server is not running, the browser | may just load an error page. | | See this nearby comment for some advantages of running your own | server(s) at home: | https://news.ycombinator.com/item?id=32794629 | cma wrote: | It is just a server in your home. Cloud hosts will all give | access to your data to law enforcement without any warrant, so | if you host a private message board with friends where you talk | about smoking weed or getting an abortion it isn't so private | and you can get arrested without them ever going through | getting a warrant with any kind of probable cause legal | procedures. | | In your home you are protected (this is why Hillary's email | server was self-hosted, to get the same rights against | unreasonable search and seizure you get with US Mail), on the | cloud the third-party doctrine rules and they can just give out | your private data at any time. | | (some providers have now said they won't give it out for | requests about people seeking abortion, but that could end up | in there when they search it based on a request about something | else, and I don't know if any put the restriction on sharing | abortion stuff with law enforcement in their actual legal | agreements) | micheljansen wrote: | Really liking the UI design. For the (presumed) target audience a | Raspberry Pi image would also be a nice way to get started. | mikae1 wrote: | _Exactly_ what I was researching only a few weeks ago. Did not | find anything satisfactory. This looks very promising. | mr_woozy wrote: | ignoramous wrote: | From their apps repo, https://github.com/meienberger/runtipi- | appstore/blob/c86641b...: _Install the Syncthing app on your | Umbrel and pair it with the Syncthing app on your phone or | computer for a self hosted peer-to-peer backup solution._ | | I hope meienberger here hasn't plagiarized source-available | project named Umbrel. | | The comments in this file seems _similar_ too: | | https://github.com/getumbrel/umbrel-apps/blob/eb0f119df8ed89... | | https://github.com/meienberger/runtipi-appstore/blob/c86641b... | X6S1x6Okd1st wrote: | Judging by Meienberger's license they could have forked it, but | they had to keep the license | squarefoot wrote: | > Install the Syncthing app on your Umbrel and pair it with the | Syncthing app on your phone or computer for a self hosted peer- | to-peer backup solution. | | This text is identical word for word in the Syncthing app file | at the Umbrel repo. | | https://github.com/getumbrel/umbrel-apps/blob/master/syncthi... | chromatin wrote: | Kinda looks like it | diptanu wrote: | Can this support Cal.com in the future? | https://github.com/calcom/cal.com | mthld wrote: | https://yunohost.org is a much more mature project, with a larger | app ecosystem. Give it a try, you won't be disappointed. | benou wrote: | I highly recommend yunohost. I am using it since a few years, | after a lot of years of maintaining my own "classic" mail + web | server by hand [1]. | | I deploy it in an unprivileged LXC container [2] and went | through several upgrades already. It really worked great for | me. | | [1] https://benou.fr/www/ben/14-years-of-self-hosting.html [2] | https://github.com/bganne/yunohost | bitxbitxbitcoin wrote: | Is that read: "Why You No Host? dot org" | tomcam wrote: | A visit to the home page will give you the delightful answer | layer8 wrote: | Indeed it is: | https://yunohost.org/user/images/dude_yunohost.jpg | omgwtf1000 wrote: | Love it! | jacooper wrote: | It isnt based on docker, so it heavily depends on unofficial | packages. | indigodaddy wrote: | Yep and thusly also turns into somewhat of a spaghetti | monster. | julianlam wrote: | I hate how it's just a drive-by criticism now that something | isn't using Docker. | | You know we weren't in the dark ages before Docker, right? | piaste wrote: | Not the OP, but while I would have no problem using an | orchestrator based on a different common packaging than | Docker (e.g. RPM or AppImage), I would be very hesitant to | use one that needs its own bespoke packaging. Because | that's maintenance work and I would need to feel confident | that someone will keep packaging future app updates. | conception wrote: | Its the technobro version of "I have to install this | instead of just downloading it off the app store?? Nah | brah." | Karunamon wrote: | Comparatively speaking, going back to how we deployed | applications 10 years ago is the dark ages. Having | everything in containers is objectively easier both from a | getting started and ongoing maintenance standpoint. | | Now: making minimal edits to a provided compose file for | initial configuration, run command to spin up everything | application needs, and you're done. | | Then: install application package onto system (best: from | developer package source/better: from old version in | operating system repo/worst: by compiling from source after | locating all dependencies and running make install), | setting up any necessary databases or storage by hand, | editing configuration files that are hopefully in /etc if | the developer thinks the FHS is something to be honored, | setting up init scripts/unit files so the application | starts up in the environment it wants and when you want, | and finally running the command which starts the | application (which is probably distro specific). | | And that's not even getting into updates. I'll take pulling | the latest version of the container and restarting over app | specific update instructions any day of the week. Life is | too short for putting up with that kind of minutia. | sanitycheck wrote: | I played with YunoHost a bit yesterday, and within a couple | of hours hit a situation where a misbehaving application | froze the whole thing requiring a reboot. That's after | spending longer than I wanted figuring out why the ISO | always locked up mid-install, starting with Debian 11 + | nonfree drivers instead and installing Yuno on top. | | Really liked the concept, not the execution so much as it | turns out. | | Thinking of taking a look at CapRover next, which is docker | based. This Tipi thing might be worth a go too, though | maybe when it's a bit more mature. | wnscooke wrote: | You'll like some of the apps available on CapRover, like | PenPot. I've used CR several times just for a few apps | they supply. | nicoco wrote: | Came here looking for this reference. A comparison table with | existing similar projects would be nice. | blfr wrote: | Speaking of a multipurpose home server, how do you guys | compartmentalize it so that one faulty or vulnerable app doesn't | take the whole thing down? | | Docker/containers used to not be hardened enough. Are they now? | | Virtualization/VMs used to be the answer but it adds both | performance and management overhead. Is there a good system here? | | Or something else entirely? Like old school separate users. | kayson wrote: | Docker is the de-facto standard in the community now (and, to a | lesser extent, alternatives like LXC or podman). The daemon | should be run rootless if possible, or the containers rootless | if not. | | You can still use VMs, and some use that as an additional layer | of isolation because they're virtualizing anyways (performance | overhead is really negligible). | | I've been self-hosting on my home server for at least 5 years | now, and I think I've only seen two or three vulnerabilities | across all the services I know about, none of which were ever | really exploitable. | scrozart wrote: | Have you tried using kubernetes to manage your containers? | Wondering if the extra level of complexity is worth it for a | home server. | khimaros wrote: | it isn't | bongobingo1 wrote: | Kubernetes alone recommends at least 1gb of ram just for | itself IIRC, so that may push it out of some home servers | such as RPIs or smaller nucs depending on the actual | service load. | robertlagrant wrote: | K3s is half that. Still quite a lot, but not as much! | chromatin wrote: | Kubernetes is 1000% overkill for a home server, but | Hashicorp Nomad is very manageable. It runs all my Docker | containers at home. | vineyardmike wrote: | 100% not worth it. If you need multi-host for some reason | (beyond "I want it" - and you don't) then try docker swarm. | | It's your home environment. You want it to be easy. You | want to use the tools you run not maintain them. If you | want to learn k8 for professional growth, learn it | separately from a home server. | | Your home server can be more pet than cattle. | enos_feedler wrote: | And yet my iphone is cattle. Treating any machine like a | pet seems like a recipe for disaster. | zrail wrote: | Proxmox + Proxmox Backup Server + external storage (I use | my NAS) means I don't really have to worry about | disaster, as such, because every VM is backed up nightly. | VMs and the hypervisor can all be pets and I can just | restore a backup if something happens. | Karrot_Kream wrote: | If you're doing something for a hobby, treat it like the | special snowflake it is to you. If you're doing something | just to get things done, treat it like the utility it is. | If you're at home playing around with machines in a | homelab, feel free to baby your servers. | | As far as disaster is concerned, it's not that difficult | to install software that really needs minimal | maintenance. But it comes down to what you want out of | the software and hardware that you run. | jyrkesh wrote: | I went with Docker Swarm on the same advice from someone | else, and tbh, it's unnecessary overhead as well. And at | least on RPis, it's very fragile and not as self-healing | as I'd hope it to be. My stacks are well | compartmentalized, but weird database locks will still | happen, or the swarm will just become unreachable, and I | gotta go power-cycle a node or two to get things back up | again. (I mean, we're talking once every few weeks or | something, but still not okay.) | | I've been moving workloads to an old gaming rig running | NixOS with varying levels of isolation (some containers, | but really just good user/group/permissions management), | and it runs super well. | | Of course, you could do the same with just Docker Compose | and no Swarm, and I think you'd still be better off than | using Swarm. | adra wrote: | I've dabbled, but really docker is way easier than k8s uses | until you start moving into multi-server workloads | onehair wrote: | I use docker containers with separate dedicated users with just | enough permissions for their purpose. For example my media | server user can't touch anything other than the media files and | isn't part of sudo. | xxpor wrote: | I use proxmox, which is more or less a VM and workflow manager | on top of KVM. | | The overhead on something like an RPi would be ridiculous, but | on modern x86 hardware with an IOMMU (VT-d in Intel speak, AMD- | Vi for AMD), the overhead of passing through HW is, for homelab | purposes, essentially 0. A lot more expensive, but the | organization and extensibility is well worth it. | | I have anything that I expose directly to the internet on a | separate VM from my "internal" services. If I were super | paranoid, I'd expose them to separate VLANs, and then use my FW | to control network traffic. The Intel 82599 can enforce | different vlans on different VFs with SR-IOV. | | I have a VM that runs flatcar for docker for things that are | too hard to set up otherwise, but I vastly prefer NixOS for | most things. | blibble wrote: | it seems to be almost impossible to find a machine that is | both low power and also supports SR-IOV ARI (more than 8 VFs) | | and the best reason to use SR-IOV with networking is you | completely avoid the awfulness that is the Linux | bridging/firewalling stack | float4 wrote: | > If I were super paranoid, I'd expose them to separate | VLANs, and then use my FW to control network traffic | | This is exactly what I did initially, but it was indeed a bit | of a pain to manage. Eventually I went with something in | between, by first compartmentalizing services and then | putting them in separate VMs with separate VLANs: | | 0. Router / FW. | | 1. WireGuard / reverse proxy. | | 2. Personal, e.g. file storage, backups. | | 3. Hosting. My personal site is reverse proxied through | Cloudflare and only their IP ranges are whitelisted. | | 4. Compute, i.e. stuff I want to compile / develop / run on | my server. Handy if I want to run a heavy simulation | overnight or need more disk space / RAM / CPU power than my | M1 MB Air has available. | | 5. Services. This runs many small tools / services that don't | need access to my RAID pool or anything like that. If this | gets infected I wouldn't really care. | | 6. VPN. This VM can only access the internet through a VPN. | Doesn't have anything installed ATM, but has been used in the | past for urlwatch and torrenting. | | 7. Test. This is where I try out new software before actually | installing it on the correct VM. Once I've concluded testing | I rollback this VM to a clean install. | | It takes a weekend to install Proxmox and set up the VMs / | VLANs, but after that it easy to use. | lostlogin wrote: | Another option is the free tier of ESXi. It works well, but | having tested Proxmox recently, I really liked it. | the_third_wave wrote: | ProxMox running containers wherever possible - which is nearly | everywhere except for when you need to run different OSs | (Windows, Android, etc.). Even the router runs in a container | with all the other containers connecting to it through bridges. | These bridges are assigned VLANs which are brought out tagged | on one of the Ethernet ports which connects to a managed switch | which takes care of untagging to specific ports and/or trunking | VLANs to the different buildings on the farm. | melony wrote: | I miss sandstorm. | ocdtrekkie wrote: | It's still here and we're still working on it! It's 300th | release just rolled out. I'm personally working on packaging | three different apps right now. | ryukafalz wrote: | I still use Sandstorm! Some of the apps are a bit outdated | but the security model means that mostly doesn't matter. | | The WordPress Sandstorm app is slow enough at rebuilding the | static side of our large site that I've been meaning to try | forking it or building my own though. But Sandstorm itself | has been great. | dontlaugh wrote: | I use Unraid, which manages storage for you and lets you run | Docker containers for apps. | Spivak wrote: | Containers are fine for this unless you reach the popularity | where you are attracting dedicated attackers. | | Use userns-remap. Run the docker daemon rootless if you want | but don't stress about it. Set up auth to the docker socket. | Don't bother with running the processes in the container as not | uid 0, with remap it's effort for little gain. | | Now breaking containment means having a local privesc on your | Linux distro or breaking the auth on the docker socket. Like | that's plenty for drive by attackers. | sekh60 wrote: | I use one VM per component. The overhead is pretty minimal and | VMs I think are still more secure than containers. Maybe I am | just a tech dinosaur though. I run my VMs on OpenStack for the | networking flexibility, and use Ceph for block and file system. | NexRebular wrote: | SmartOS with zones. Mostly native but some LX thrown in for too | linux-specific software. | LaputanMachine wrote: | I create a separate user for each app, and use the systemd exec | configuration [1] for sandboxing [2]. Some apps only get read- | only access to their own files, and no Internet access, for | example (along with many other restrictions). I have some | systemd drop-in units that I frequently reuse. | | For standard services, I use Apparmor with the default | `apparmor-profiles`, as well as fail2ban with some additional | firewall rules. | | [1]: https://man.archlinux.org/man/systemd.exec.5 | | [2]: | https://wiki.archlinux.org/title/User:NetSysFire/systemd_san... | ocdtrekkie wrote: | You're looking for Sandstorm containers. They are much more | hardened and purpose-built for self-hosting. To my knowledge, | nobody's ever reported a container escape that affects | Sandstorm. | indigodaddy wrote: | Will this work on ARM? Wanted to try this on Oracle Cloud | ed25519FUUU wrote: | Nothing in here for email sadly. I think we're giving up on self- | hosted email. | jmconfuzeus wrote: | I run my own email server with Postfix, Dovecot, Rspamd, | Roundcube webmail, and a Sqlite database. | | I use it for my personal mail along with some clients. | | It was quite easy to setup by following this guide: | https://workaround.org/ispmail/buster/. | | There's also an ansible playbook by the author to automate all | of that for you. | | Other solid solutions include Mail-in-a-box and Mailcow. | DuckDuckGo them to learn more. | | A lot of people say that you shouldn't waste your precious time | hosting email. Then, these same people won't hesitate to spend | countless hours browsing Pornhub or Netflix and playing video | games. | | Forget about these losers and roll your own email for fun. The | last thing you want is to be on your deathbed regretting not | having had your own personal mail server. | unstatusthequo wrote: | Yes, life is too precious to self host email. Get a reasonably | secure provider and don't put super sensitive information in | it. Better channels for that type of information anyway. | mfashby wrote: | maddy.email could be a good addition | djbusby wrote: | I've recently found mxroute.com , next best thing to self | hosted | lordfosco wrote: | Honestly, way better than self hosting if you're not an | absolute expert in that field. I am a customer for years and | Jarland is a legend when it comes to superb email delivery. ___________________________________________________________________ (page generated 2022-09-10 23:00 UTC)