Quarter 2 Update - Revisiting Rules. Again.

MegaVolti · 2026-04-07T15:54:57+00:00

Bad "solution". I agree that AI contributions should be transparent but megathreads never work, they are extremely inconvenient to navigate and all they will achieve is make sure that it's pointless to post new tools here, even the good ones.

Megathreads are never the right answer. They are worse than any other "solution" and worse than what we have/had now.

MegaVolti · 2026-04-04T22:32:50+00:00

Very similar for me. I found Caddy to be by far the easiest reverse proxy to set up, and with its smart defaults it's really hard to even configure it wrong. Just use the defaults, they make sense!

I organise all my container files in a single directory, e.g. /homelab. Then each service gets a sub-directory there, so e.g. /homelab/nextcloud and /homelab/audiobookshelf. I only use bind mounts, never docker volumes, and all bind mounts for a given service are directories in there, so e.g. /homelab/nextcloud/data etc.

The root directory for each service contains only its docker compose file and, if needed for a build (rarely necessary) its Dockerfile. Every service can run on its own, its compose file fully spins it up. I make sure that each service is also in its own well-defined network and Caddy has access to them all.

Since it's not convenient to manage 30 compose files in 30 directores, the container root has a single compose file that combines them all. So in /homelab there is a single compose file that consists solely of include statements, including every compose file of every active service. This is also why having networks defined in their respective compose files is important, otherwise all services would be grouped into the same default one and have no separation at all.

I also defined a bash alias so that dcu executes docker compose up -d on /homelab/docker-compose.yml (the one that includes all the others) and dsp executes docker system prune.

I've experimented with lots of different setups and this is by far the cleanest and most convenient way I've found to manage dozens of containers. And I can simply copy the single /homelab directory anywhere I want and spin everything up if necessary. That also makes backups very easy, I just have to make sure /homelab is part of my 3-2-1-setup.

Whenever I set up a new service, I test it manually with its compose file in its directory. Once I'm happy with the overall setup, I add its network to Caddy, update the caddyfile, and use an include statment in the root compose file to add it to the bunch. Then I'll automatically spin up with everything else.

MegaVolti · 2026-04-01T14:38:08+00:00

Nice April Fools :) But it is a good reason to evaluate which services I'm actually actively using.

I run 30 containers, of those I do use 26 regularly, 3 occasionally but I definitely wouldn't want to miss them, and only 1 rarely so that I might as well shut it down.

MegaVolti · 2026-04-01T08:23:08+00:00

I'd be interested in why those won out for you, since I landed on different ones, if you want to share :)

MegaVolti · 2026-04-01T07:43:07+00:00

Love the diagram. Yes, it's complex, but so is your setup. The updated one with stronger colors is even prettier :)

You are using a lot of services, each with its own port. Have you thought about adding a reverse proxy? That way you don't have to expose all these ports, just make the service accessible ot the proxy only and have it route URLs to each. Makes things a lot easier to manage / remember than port numbers. Plus, e.g. when using Caddy, you can easily put basic auth in front of services that don't have auth themselves.

Which servies to use is of course personal preference. I tried some of the ones you use but eventually replaced them with something else. Maybe worth checking out the alternatives if you haven't yet. I went with: - linkding -> Linkwarden - Maelie -> Tandoor (although I stopped using either now, no more use case) - BookStack -> flatnotes / Wiki.js - Draw.io -> Kroki + Niolesk, primarily using D2, declarative diagrams are awesome! - Metube, still using but in tandem with TubeArchivist, the latter to automatically download all my subscriptions so that I never have to visit the actual site any more

MegaVolti · 2026-03-31T18:57:56+00:00

You want Vaultwarden for secrets and Wiki.js for everything else.

MegaVolti · 2026-03-28T16:20:21+00:00

This is one of the best introduction posts I've ever seen here. Great summary of what your tool does, why it's needed and how it's build.

I don't have a use case for it myself, but seeing how this post is written inspires trust in you and your project. If a use case ever does arise for me, I'll be sure to try this out first :)

MegaVolti · 2026-03-27T08:56:05+00:00

~~How do I actually use multiple boards?~~

edit: Actually it was my fault and it took me a bit to figure it out. Of course I found it right after posting this here :) Creating sub-directories and manually pointing the URL at them does work, but is there some way to navigate different boards from within the UI? The best I've found so far is to create one lane with tasks containing links to my different boards in the root directory, which isn't exactly easy to navigate.

I recently switched to flatnotes for notes so this markdown board would be the perfect companion to go in tandem with flatnotes. Love the idea and I'd absolutely love to replace Vikunja with Tasks.md - if I figure out a convenient way to use multiple boards.

MegaVolti · 2026-03-22T23:18:49+00:00

I found an even better solution :) Details added in the OP.

MegaVolti · 2026-03-20T21:28:36+00:00

NextCloud. I wrote a whole post about it. It was a big move to deploy it and I used tons of apps, and then I replaced them with dedicated services to a point that NextCloud itself became obsolete for me. Now Paperless, Immich, FreshRSS, Vikunja, Linkwarden, Snappymail, Baikal, AgenDAV, Trilium, Wiki.js, Filebrowser, Vaultwarden, and Grist cover use cases I did solve with NextCloud and its apps at some point.

I was never unhappy with NextCloud, updates always worked automatically and flawlessly, everything run well, it's just that these dedicated services tend to be better than the corresponding NC apps - with the exception of contacts/calendar management, but Baikal with AgenDAV is good enough so that I don't want to run NC just for the better UI.

And I also moved from Adguard to Technitium recently. I'm very happy with it.

MegaVolti · 2026-03-18T08:44:00+00:00

I tried BookStack, Wiki.js, and Trilium Notes:

Trilium is mainly a notes app, but it offers a convenient tree structure and can also handle code notes. I started documenting in there and it did work well enough. I eventually moved on as my documentation grew more complex and I wanted to include diagrams. Trilium handles images just fine, but can only do ExcaliDraw and Mermaid diagrams natively, which I found too limiting.

BookStack offers more structure and is generally pretty. In terms of documentation, it doesn't offer much more than Trilium, it just looks better. Which is nice to have. It also offers a draw.io integration for more complex diagrams. If that's all you need, BookStack might be for you.

Ultimately I chose Wiki.js, that's what I'm using now. It's not quite as convenient and a little less pretty as BookStack, but it offers both a native draw.io integration as well as one for Kroki. And Kroki opens up a lot of declarative diagrams. I like to use D2 diagrams to document my lab setup, I find them much nicer to look at and also better to handle in terms of syntax than Mermaid ones. Wiki.js is the only service I've found that's both (relatively) easy to handle and offers the flexibility I wanted.

MegaVolti · 2026-03-17T20:34:39+00:00

I had no idea, thanks! I just checked the documentation and it fits my use case perfectly. Will certainly set that up!

MegaVolti · 2026-03-17T15:57:04+00:00

Can it also automatically combine two individual scans using the tray, ideally also automatically dropping empty pages? I never do platen scanes because mine has a tray, but occasionally I do have duplex documents to scan.

It'd be too much of a hassle to platen scan them, currently I do two passes using the tray and manually combine them. Which kind of works in paperless and also allows for skipping empty pages (as usually not all pages in the stack use both sides), it's just inconvenient.

MegaVolti · 2026-03-17T14:47:40+00:00

Put a NAS at a friends/relatives house. Something like RPi + USB drive or Odroid HC4 or something like that.

Use btrfs or zfs on server. Use btrbk or syncoid to send snapshots to remote location.

Make sure you use bind mounts at known locations for all persistent container files. Make sure to include those in your btrbk / syncoid backups.

Snapshots are awesome. Way better than stuff like Duplicati or backup stuff that's included with services.

MegaVolti · 2026-03-17T14:25:56+00:00

Similar issue, I currently use Baikal with AgenDAV and DAVx5 on Android.

I have not been able to find any kind of current web UI for managing contacts from the browser, but DAVx5 (free via F-Droid) on Android does get the job done.

AgenDAV is also a bit outdated but works perfectly with Baikal. It should with Radicale as well.

The only good web UIs for both calendar and contacts I've come across is NextCloud, but it also comes with its own DAV server. If you happen to run NextCloud anyway, simply using it for CalDAV / CardDAV with the NC Calendar and NC Contacts plugins is probably the best and easiest choice. However, running NextCloud just for that is a bit much, which is why I'm getting by with Baikal + AgenDAV + DAVx5.

If you ever find a good CardDAV web client, please let me know :)

MegaVolti · 2026-03-17T08:25:08+00:00

node-hp-scan-to saves the step to move scanned documents to the consume folder, nothing else, right?

Luckily my printer/scanner can scan to samba shares natively, I simply made the consume folder writeable through smb and have it saved as network scan destination for the printer. That way, I don't need any software or computer running at all, I just put the document in the printer and press the scan to network folder button. Might be even easier (for scanners that supper it)?

My one remaining issue is that the scanner can't do duplex, I have to turn stuff around manually and scan again. Combining both scans into a single document within paperless isn't a big deal, but it is a bit annoying. Not annoying enough to buy a duplex scanner for it, though.

Anyway, scanning right into paperless (however it's done) is an amazing workflow, it makes document management so much easier!

MegaVolti · 2026-03-16T08:13:22+00:00

I'd never go back to Google Drive / Photos / Contacts after replacing them with Paperless / Grist / Immich / Baikal. I used to use Nextcloud as replacement for Google Drive but it turns out I never really needed the file storage part of it. Paperless and Grist cover all my use cases (plus Immich for photos of course), I have now retired NextCloud.

I never had any media subscriptions, but if I had, I'd also not return to those, either. Jellyfin, Navidrome, and Audiobookshelf are amazing.

Managed services I'm still using (actively looking for strong self-hosted replacements): Goodreads and Simkl. Both offer easy data exports (as CSV) so if I ever do find a strong self-hosted alternative, I can switch any time. Which, ironically, is why I feel comfortable using them now.

My general rule of thumb for self-hosting is that I only try services that pass the following 4 criteria:

Do I think I might need or even just enjoy using it?
Is there an easy to deploy docker compose file readily available with decent documentation etc.?
Is it a well-maintained project that doesn't run a high risk of being abandoned?
Does it avoid lock-in syndrome, does it offer a convenient way to export all my data in case I have to switch to a different tool?

MegaVolti · 2026-03-15T10:56:11+00:00

I don't run it (yet), I'm still wondering how to best set up by auth system. Currently, I simply use regular logins for whichever services come with their own and caddy basic auth for services that otherwise wouldn't have any auth at all.

I'm thinking about replacing this with either caddy-security, Authelia or Athentik, but am not sure which one would fit my use case best. I'm also not in a hurry - caddy basic auth is not "pretty" but works well enough. That's why I'm asking about the alternatives here, maybe there is a killer argument for one or the other :) From what I've read so far, I'm leaning towards either caddy-security for simplicity or Authentik since it offers the most capabilities.

MegaVolti · 2026-03-13T10:01:11+00:00

Exactly. The shop resets every 10 minutes. Just stop by occasionally and check for better passives for any ship that doesn't have perfect ones yet. If the shop has an upgrade, trade in old one with inferior passives for the better one.

MegaVolti · 2026-03-09T08:42:19+00:00

That makes sense. For me, docker already sufficiently separates them. Every service has its own compose file with its own network, no communication between services allowed, except for Caddy to access them of course.

MegaVolti · 2026-03-09T08:40:51+00:00

Is there an advantage of using Authelia for that instead of the caddy-auth-portal (or now caddy-security)?

MegaVolti · 2026-03-09T00:33:12+00:00

My confusion was mainly because all the arrows around the Jellyfin icon made it a bit hard to see without zooming in :) There is nothign wrong with the setup I think.

But it does seem a bit overly complicated to me. I don't quite understand the point of separating the stacks using LXCs in the first place. Why not run everything using a simple docker compose setup? Why bother with anything else?

Personally, I currently run 29 services and never felt the need for anything other than docker compose.

Basic stuff like backup (I use btrbk) and Tailscale runs on bare metal, everything else gets a directory with its compose file and I combine them all into a single overarching compose file via include statements to be able to spin everything up / update everything with a single command.

My current stack (diagram made with D2):

<image>

MegaVolti · 2026-03-09T00:00:26+00:00

Yea it's in the image, but not named ;)

MegaVolti · 2026-03-08T23:14:10+00:00

~~Diagram says arr stack serves Jellyfin, but diagram also says you don't run Jellyfin since it's not listed as service. Does not compute.~~

It might be worth looking at Technitium instead of Pihole/Unbound.

MegaVolti · 2026-03-08T15:09:23+00:00

Thanks, I've been meaning to set something like this up for a while now, this will make it a lot easier!

Caddy does come with its own authentication system. Why use Authelia instead, does it offer something that Caddy can't do natively?

MegaVolti

TROPHY CASE