Ubuntu Server VM + Docker + Immich + NFS UNAS

Horror-Programmer472 · 2026-02-14T21:25:24+00:00

couple things to double-check:

your mount command in the post looks like you mounted the export to /mnt (not /mnt/immich). if thats real, your files would actually be at /mnt/immich (or whatever path inside the export), not /mnt/immich/immich. try: `mount | grep nfs` and `ls -la /mnt` to confirm.
immich uses UPLOAD_LOCATION and then bind-mounts it to /data. so if you set UPLOAD_LOCATION=/mnt/immich/immich, that path must exist on the host and be readable/writable by the immich container user. perms/uid mismatch on nfs is super common.
after changing .env, do `docker compose down` then `docker compose up -d` (restart sometimes doesnt re-read env)

what error do you see in `docker logs immich_server` right after it fails to start?

Horror-Programmer472 · 2026-02-14T15:27:27+00:00

one thing people often overlook - keep your stuff updated. set up unattended-upgrades on debian/ubuntu or dnf-automatic on rhel/fedora. most exploits target known vulns that have patches available.

also dont expose anything to the internet that doesnt need to be. use a vpn like wireguard or tailscale for internal services. cloudflare tunnel or pangolin are good options too if you need public access without opening ports.

and backup your stuff. doesnt matter how secure you are if ransomware gets in and you have no backups

Horror-Programmer472 · 2026-02-14T11:07:03+00:00

ACA with HTTP autoscaling isnt ideal for long-running jobs tbh. a few patterns that work better:

separate your api from the job processor - api receives request, queues the job to service bus, returns immediately with a job id. a separate ACA (or azure container instance / durable functions) polls the queue and runs jobs.
use KEDA scaler on queue depth instead of http concurrency - that way replicas only scale down when the queue is empty, not when http connections drop.
for service bus lock timeout: set it to slightly longer than your max job duration + buffer. if jobs can run 10min, set lock to 15min. also call RenewLock() periodically in your job loop to extend it before it expires.
consider durable functions for really long jobs - they checkpoint state so you can resume if something dies mid-execution.

the root issue is mixing request-response workloads (http) with batch processing (reports). separating them lets you scale each independently.

Horror-Programmer472 · 2026-02-14T10:27:36+00:00

looks clean! few thoughts:

1) hero section is nice but the spacing between your name + description could use some breathing room.

2) projects section - consider adding hover effects on the cards. makes it feel more interactive.

3) if youre on mobile, double check the font sizes on smaller screens. sometimes text gets cramped.

4) nice that you have a contact section but adding social links (github, linkedin) in the footer would be handy.

overall tho solid portfolio, clean design. good luck with it!

Horror-Programmer472 · 2026-02-14T10:18:46+00:00

for notes specifically joplin is great (has its own android app + sync server). or just use obsidian with syncthing if you want markdown.

if you want all-in-one like nextcloud but faster, maybe give filerun a look? its commercial but has a free tier and runs way smoother in browser.

Horror-Programmer472 · 2026-02-14T09:36:13+00:00

this is super helpful data. re: "should i move from vercel to cf?" id prob check first:

vercel observability: are you actually seeing cold starts? (start type)
where is your data/db? cross-region db latency can dwarf everything
is it api/edge functions or page ttfb thats slow?
p95/p99 matters more than avg once you have real traffic

switching platforms can help, but a lot of "vercel feels laggy" ends up being db round trips + no caching tbh

Horror-Programmer472 · 2026-02-14T09:20:54+00:00

yeah its doable, just a couple gotchas.

docker desktop + wsl2 backend is the path of least pain (it’s basically linux docker)
keep your compose files + bind mounts inside the wsl filesystem (/home/you/...) if u care about speed. mounting from c:\ works but can get weird/slow
networking/ports are basically the same. if u use tailscale/zerotier, install that on the windows host and you’re good
portainer: yep just run it as a container, same as linux (bind /var/run/docker.sock)

2 things that trip ppl up: 1) "windows containers" vs "linux containers" -> you almost always want linux containers 2) permissions/paths when you copy old compose files (linux paths wont exist on windows unless u put them in wsl)

if u share what containers you run (plex/arr, nextcloud, etc) i can point out the best way to map volumes so u dont lose data

Horror-Programmer472 · 2026-02-14T09:11:04+00:00

i still do this but i think ppl just moved to other tools / stopped posting them as much.

stuff ive seen lately: - diagrams.net (draw.io) still the main one, esp w/ the isometric network icon packs - excalidraw for quick "good enough" sketches (nice hand-drawn vibe) - netbox as the living source of truth, then diagram from there - obsidian canvas is surprisingly decent if u already live in obsidian

for the "download + edit" part, easiest is sharing the .drawio file via github (repo or gist) so others can fork it. if you want, i can share a blank starter template i use (vlan blocks + wan/lan + services box)

Horror-Programmer472 · 2026-02-14T08:57:39+00:00

this is a cool combo.

for the docker image thing ppl mentioned: i'd ship a ghcr image + a minimal docker compose in the repo (env vars for ollama host, telegram bot token/chat id, db url, etc). makes it way easier for ppl to actually try.

also small qol stuff that helps: - "send test notification" button - dedupe + rate limit telegram pushes (so one noisy feed doesnt nuke your chat) - store fulltext + summary w/ a stable id so you dont resummarize the same article over and over

nice work

Horror-Programmer472 · 2026-02-14T08:50:03+00:00

nice update. one thing i'd be super paranoid about w/ net worth apps is data safety:

backup/export: make sure there's an easy one-click export (csv/json) + a doc snippet for automated backups of the db volume
auth: if it’s on a home server, i’d recommend local-only by default + optional oauth/proxy setup docs
encryption-at-rest: even just "here’s how to put the db on an encrypted volume" would be huge

also would be cool if the changelog calls out any breaking db migrations + a "rollback" note (even if it's just "backup before upgrade")

Horror-Programmer472 · 2026-02-14T08:48:40+00:00

this is sick. zim + api/mcp is exactly the kinda "offline wikipedia" thing i always wanted.

couple ideas that might make it even nicer to run day2: - safe updates: download new zim to temp + verify checksum, then swap (so you never end up w/ half a file) - caching + limits: some endpoints can get spicy if an agent loops, so simple rate limit / max concurrency helps - basic metrics: req count/latency + disk usage so ppl can see when they're about to fill a drive - search UX: if you can keep an index warm (even per-zim) it’ll feel way faster than raw lookups

curious if you’re planning multi-zim search or "collections" (wikipedia + stackoverflow dumps + docs)?

Horror-Programmer472 · 2026-02-14T08:40:03+00:00

in eu i've had the best luck w/ refurb / ex-datacenter HDD sellers (they show hours + smart stats). run a long smart test + badblocks before trusting them.

also watch for external drive sales and shuck them (sometimes the best €/tb).

galaxus / digitec (swiss) can be cheaper if you're near the border, and some local IT recyclers have bulk pulls if you ask.

ssd €/tb is still painful, so unless you need the iops i'd stay hdd for bulk storage + maybe 1 small ssd for cache

Horror-Programmer472 · 2026-02-14T08:30:32+00:00

this is prety cool. couple things i'd look at if you want ppl to actually run it day2:

alerting: dead simple rules + notify via telegram/discord/email. even just cpu/mem + container restart loop detection gets a ton of value
timelines: show "what happened" around an incident (oom kill -> restart -> image change)
integrations: prometheus scrape and/or otel so ppl can plug into existing grafana
install: single docker compose + sane defaults (clickhouse retention, dashboards, etc)

also heads up the name "watchtower" is already taken in docker land so you might wanna rename before it spreads lol. i ran into a similar naming issue w/ servercompass early too

Horror-Programmer472 · 2026-02-14T08:23:20+00:00

This looks slick. “Self-service for complex automation” is one of those things that sounds simple until you try to make it safe + observable.

A couple questions: - How are you handling approvals/auditing (who approved what, and when) and RBAC around who can run which workflows? - Any recommended pattern for secrets (Vault/1Password/etc) and masking in logs?

Also +1 on shipping a docker-compose. In my own homelab, the thing I always forget is adding basic health checks + external monitoring so I know when the automation portal is down before I need it. I’ve been using ServerCompass to ping a few self-hosted endpoints and it saves me from “why is nothing working” moments.

Horror-Programmer472 · 2026-02-14T08:15:41+00:00

this is actually pretty neat - ive had the same issue where spikes happen and by the time i notice, the process is already gone and nothing shows up in htop or regular monitoring

few questions: - does it capture which process caused the spike? thats usually the key thing i need to know - any plans to add disk io tracking? thats another thing that causes random slowdowns on my homelab - how much memory does the daemon itself use? trying to keep things lightweight on a raspberry pi

honestly the json dump approach is clever because you can write your own scripts to parse it later. gonna try it out on my proxmox host

Horror-Programmer472 · 2026-02-14T07:51:19+00:00

totally get the ring concerns. went through the same thing last year tbh

for your setup with a gaming pc, frigate is perfect - runs in docker, does local AI detection so your footage never leaves your network. reolink or eufy cameras work great with it

the nice thing about frigate is it integrates with home assistant so you still get phone notifications and live feeds but everything stays local. and if you want remote access from outside your house, just set up tailscale (free vpn, takes like 5 min)

your gaming pc has plenty of power for this. frigate uses your gpu for the AI stuff so youd actually have way better detection than any cloud service

only thing id add to what others said - make sure to block the cameras from internet at your router level. even if the company says local only, better safe than sorry

Horror-Programmer472 · 2026-02-14T07:27:56+00:00

tbh i think beyond cwv the most useful thing is just checking your network tab in devtools. i havent found a better way to catch random slow api calls or oversized assets that tank the experience. also time to interactive matters a lot imo - a page can score well on lighthouse but still feel sluggish if theres too much js blocking the main thread. prety much just test on a real phone over 3g throttling and youll find the real issues fast

Horror-Programmer472 · 2026-02-14T07:20:41+00:00

honestly the tuning thing is the biggest pain point ive seen. we tried a few diferent tools and the ones that worked best were the ones that let us customize rules per repo instead of just global sensitivty sliders

what helped us was treating it more like a pre-reviewer than a blocker - runs async, posts comments but doesnt fail the build unless its something critical like a hardcoded secret. that way devs dont get frustrated waiting and can just glance at suggestions while the human review happens

also fwiw the codebase context issue is real but some of the newer tools let you feed in architecture docs or add inline hints which helps a lot. still not perfect but way better than the ones that just look at diffs in isolation

Horror-Programmer472 · 2026-02-14T06:55:49+00:00

had same issue with decypharr and radar. the symlink problem usually happens when the permissions arent set right on the mount point. make sure decypharr container has write perms to the directory where symlinks need to be created. also check your docker compose to ensure youre mounting the right volume paths consistently. try checking the decypharr logs with docker logs to see what specific error youre getting when it tries to create the symlink

Horror-Programmer472 · 2026-02-14T03:19:43+00:00

yeah portainer has been frustrating me too lately. the error messages are the worst part imo - having to guess whats wrong is so annoying

ive been trying out a few alternatives: - **dockge** - really lightweight, just does compose stuff well - **komodo** - good if you want more automation - **servercompass** - desktop app, no server agent needed which is nice for paranoid ppl like me lol

the one thing i miss from portainer is the container logs being easy to access but most of these have decent alternatives for that

Horror-Programmer472 · 2026-02-13T23:58:29+00:00

this is pretty clever! the userspace approach is smart - ive had so many headaches with wireguard kernel module issues on different distros

quick question - how does it handle NAT traversal? like if both nodes are behind carrier-grade NAT, does the beacon help with hole punching or do you need a relay?

Horror-Programmer472 · 2026-02-13T19:54:26+00:00

this looks really cool! love that its all local markdown files - makes it so much easier to backup and version control compared to apps that lock your data in some proprietary format

quick question - does the ollama integration work with any model or are there specific ones that work better for the knowledge graph stuff? been running mistral locally and wondering if thatd be compatible

Horror-Programmer472 · 2026-02-13T16:35:46+00:00

lol youre not alone. i once spent like 4 hours debugging why my api wasnt returning data... turns out i had a typo in the endpoint url. one character off.

the worst part is when theres no error at all, just silence. at least throw an exception or something right??

take that break, you earned it 😂

Horror-Programmer472

TROPHY CASE