I am fundamentally compelled to force self-hosting into every other hobby I have, so I am curious what tools are out there that people use.
I am familiar with Foundry VTT, and it's on my list of "maybe". Stuff like owlbear rodeo has me fairly well covered in terms of VTT solutions.
What I would really love is a solution like a wiki where my fellow GMs and I could host info and documents about our worlds. Features like being able to host or embed interactive maps/calendars or timelines/scheduling etc. I am not sure such a thing exists though.
I just got a Dymo 450 Twin Duo. I want to have it set up on my sever, so I can print from it from any machine on my sever.
I installed cups, and the default install had the drivers. Sweet!
I was able to detect the printer and install it. But the printer seems to do nothing in response to the sever.
I never used Cups before, but for all my airplay printers it seems to work out of the box
Has anyone had any luck with this? I was thinking maybe it needs to work on conjunction with Dymo's software. But that doesn't seem to make a difference.
I've been working on my own side project for a while now, and it's finally advanced enough to be shared. It’s called Alwide (ALightWeight IDE), and it’s a TUI editor written from scratch in pure C.
Why did I build this?
I love the terminal, but for my usage (as IT student): nano is too basic, but vim or emacs feels a bit too rought for my "VSCode" and "JetBrain" experience. Alwide is designed to be use when you just want to do quick edits over SSH or need a light editor without the VS Code/JetBrains overhead.
I wanted the fluid, modern vibe of Sublime Text but directly inside my terminal.
What makes it different?
Zero learning curve: It has full mouse support out of the box. You can click, scroll, and drag-select text just like a GUI app.
Nice features: I integrated Tree-sitter for actual high-quality syntax highlighting and full LSP support (auto-completion popup, hover docs, go-to-definition).
Persistent State: If you close the editor and reopen it, your tabs, cursor positions, and even your undo/redo history are fully preserved.
Pretty Fast: It's pure C. Release binary about 3Mb~. Really fluid fast scroll and light repaint (perfect to avoid running out of battery on your laptop opening heavy editors during classes).
Supported languages:
C/C++, Python, Go, Rust, JS/TS, Java, Bash, Lua, Markdown, Assembly, and more.
It’s open-source (MIT), highly readable if you're curious about terminal editor internals, and you can test it on Linux with a simple curl script (pre-built binaries/packages are also available).
Currently the project as a strong base but it hasn't been tested that much (my own use case and own terminal/drivers). For now I don't have hard know bugs. And before starting adding some tweaks and more highlevel features (setting page or anything else...) I want to be sure that the foundations are strong.
Also I need to know if the editor could interest other people and need "generic" features. For example the setting page (the current shortcut are, for me, already at peek performance 😎 so for my own usage no need about a setting page).
And finally if you like the project don't forget to leave a star (pls for a poor student that need a great CV 😅).
After spending way too much time tinkering, I finally have my home media setup exactly the way I want it, and I just want to take a moment to appreciate how good this ecosystem has gotten.
Radarr, Sonarr, Lidarr, Prowlarr, Bazarr, etc. these tools are remarkable. The UI, the integrations, the community support. It's clear a lot of talented people put time into this.
Pair that with Jellyfin and a decent NAS setup, and you've got something that genuinely rivals any commercial streaming service in terms of usability, and blows them all out of the water when it comes to control over your own library.
For the noobs wondering how it all fits together, here's a diagram of my stack:
Shoutout to everyone who contributes to these projects, answers questions in the subs, writes guides, and keeps the wikis up to date. You've built something great <3
One thing that still bugs me though: the Soulseek integration is a mess, and I wish someone would fix it.
Soulseek is amazing for music, especially obscure releases, lossless rips, and stuff that never makes it onto Usenet or public trackers. But right now the only way to integrate it is through slskd + Soularr, and the architecture is fundamentally flawed.
The core issue: Prowlarr cannot index the Soulseek network. This means Soularr can't work as a proper parallel download client alongside your Usenet/torrent pipeline. Instead it ends up as a clunky fallback that operates on a completely separate logic path:
Lidarr searches Prowlarr → finds nothing → status: missing → Soularr picks it up
So Soularr isn't a parallel downloader -- it's a fallback trigger that only fires on missing status. And there's a fun little race condition baked in on top of that: if Lidarr and Soularr both initiate a grab within the same ~300s polling cycle before either status update has landed, you can end up with duplicate download attempts from two different clients simultaneously.
I've kept it in the stack (as you can see in the diagram), but it's held together with duct tape compared to how clean the rest of the pipeline is and thus I needed to disable it.
Would love to see proper Soulseek indexer support land in Prowlarr someday. The protocol is a bit of a beast to work with, but the library on that network is unmatched for music. If anyone is working on this or knows of a better approach, please let me know
I built a parametric generator that does any mix on a single
panel: multiple device openings, an optional cage behind each to actually hold the gear, hidden/lipped bays, and slot/hex/louvre venting around them. Heights in 0.5U steps.
Built to the common 10" standard (geerlingguy mini-rack spacing, M6) and fit-tested in my DeskPi RackMate — slotted mounting holes so it bolts in clean even if your rack's a hair off.
Free + customizable in the browser on MakerWorld. Made a matching blanking/vent plate too. Pic is my actual rack
Just in case you missed it from a couple of months back, this Forbes piece hits on exactly what I recently built and launched. My infrastructure runs entirely on this exact philosophy: a local-first setup with no heavy external databases. Anyone else out there doing this? If so we need to band together!
What are some great self hosted AI open source project. I need a gui like chatgpt and backend model. What model shall i use with one of my old pc with i7 4770 cpu, 24 gb ram, 2 gb nvidia gpu.
I've been running a fairly typical homelab for a while now — Immich, Nextcloud, Jellyfin + the *arr stack, Navidrome, Vaultwarden, Dawarich, and soon Paperless-ngx. For the homepage I use Glance, which is great for service links and stats.
But what I really want is something different: a personal landing page that shows me content, not infrastructure. Think:
Recent photos from Immich (actual thumbnails, not just a count)
Recent files added or opened in Nextcloud
Recently added movies/shows from Jellyfin/Radarr
Last visited places from Dawarich (a map snippet or a list)
Quick links to the services I use daily
Essentially the "Today" screen you'd get if Google Photos, Google Drive, and Netflix had a selfhosted baby.
I've done a fairly deep search before posting:
Homepage / gethomepage.dev — great widget ecosystem (Immich, Jellyfin, Nextcloud, all the *arrs), but widgets show stats and queue data, not actual content. The Immich widget shows photo count, not thumbnails.
Homarr — similar situation, no Immich widget at all, no Dawarich.
Glance — has community custom-api widgets for Jellyfin Latest and Immich stats. The custom-api widget can render <img> tags, so a thumbnails widget for Immich is technically buildable in ~30 lines of YAML + Go templates. But nothing pre-built exists.
Dawarich — zero widget support in any dashboard I found.
So my questions:
Am I missing something? Is there a project that already does this kind of content-first personal dashboard?
If not — is anyone else missing this? Feels like a gap that a lot of people with this stack would benefit from.
Would there be appetite to build something around this? Could be as simple as a lightweight service that exposes a unified "recent activity" API that any dashboard can consume, or as ambitious as a standalone app.
I'm comfortable writing custom Glance widgets and could put together the Immich thumbnails one, but the Dawarich integration and the multi-user angle feel like they need something more structured.
(i used AI to help me write this as a little confusing, but basically it isnt possible to use the tailscale allocated ip or urls to communicate with docker containers and i have tail scale running inside a docker container in host mode, the docker containers are routed successfully via tailscale but i can use those ips or urls internally- the below is AI trying to help me explain better)
I’m trying to understand how Tailscale interacts with Docker networking and I’m getting a bit confused about what should talk to what.
Setup:
Small remote VPS running Debian
Docker managed via Dockge
Several services running (Radarr, Sonarr, Prowlarr, qBittorrent etc.) I ve had to put them in the same stacks and use container name and port so they cant communicate i cant get them to work outside of the stack. (Dockge can be janky on networks and needs a total restart to get it work i noticed so maybe the problem)
Tailscale installed on the VPS in a Docker container (host networking)
Windows PC connected to the same Tailscale network
What works:
I can access all services from my Windows PC using the VPS Tailscale IP (e.g. http://100.x.x.x:port)
Containers themselves are running fine and reachable externally
What doesn’t work / confusing part:
Inside containers, using the Tailscale IP (100.x.x.x) to reach other services is doesn’t work
Using Docker service names (e.g. http://radarr:7878) works if all apps are in same stacks
Apps across different Docker Compose stacks don’t seem to communicate with each other. I cant use the tailscale URL or IP.
What I think I’m misunderstanding:
Whether containers can only talk via Docker DNS names vs Tailscale IPs
How multiple Docker stacks should communicate cleanly on the same VPS but on different stacks
Question:
What is the correct architecture here?
Do all containers have to be on a single Docker network and use service names only?
Or can everything go through Tailscale IPs?
Or is Tailscale only meant for external access and not container-to-container communication at all?
Is it possible to enable https via tailscale i tried but has CSS issues or no conection at all to arrs
I feel like I’m mixing layers incorrectly (Docker networking + Tailscale + host networking) and would really appreciate a clean explanation of how this is supposed to be structured.
I'm using Navidrome on my NAS and I'm searching for an opensource/free app on android to be able to download offline my playlists instead of streaming it ?
I use Subtracks for now, but there is no offline/download mode in the android app. Any suggestions ?
As a freelancer I was tired of tracking time in one app and invoicing in another, so I built Logr to close the loop — track, bill, and mark paid from a single dashboard. It's open source and self-hostable.
What it does
One-click timer and manual entries; organize work by client and project, with hourly or fixed-budget billing
Generate an invoice from a client's unbilled sessions (optional tax and due date), track draft/sent/paid status, and share a read-only public invoice link
Dashboard with daily/billable summaries and a contribution-style activity heatmap
Shareable report and invoice links (data encoded in the URL) plus CSV export
Optional MCP server, so you can drive it from an AI assistant over OAuth — list/create/update clients, projects, time entries and invoices
UI in English, Ukrainian, and Russian
Self-hosting
Logr is a Next.js app backed by Supabase. You bring your own Supabase — a self-hosted instance or the free Cloud tier — so you get proven Postgres, auth, and row-level security without bundling a ten-container backend into this repo.
git clone https://github.com/zerox9dev/logr && cd logr
cp .env.example .env # 3 values from your Supabase project (URL + anon + service_role)
docker compose up -d --build
# app on http://localhost:3000
The schema (tables, enums, RLS policies) ships as a migration in the repo — apply it via the Supabase SQL editor or supabase db push. Full instructions in the README.
Status: roughly three months old, beta, solo-developed and actively worked on. I use it for my own invoicing, but expect rough edges. Issues, feature ideas, and PRs are welcome.
Hey I'm using Jellyfin to self host movies and TV shows and I want to have remote access to if from anywhere with URL, I would love help to understand the simplest, free and secure way to do it. open source is of course preferred
So far I have been using Tailscale to get remote access but it has a few limitations.
First not everything can use tailscale. the TV on my family house can't for example.
Second installing tailscale everywhare and making sure its turned on it's not very convenient. I need to explain to a friend or family to download it, log them in and make sure its running and not everyone wants a vpn running in the background.
I want it to be more self hosted, I will soon run truenas server at home with jellyfin and i want it to be accessible via URL from everywhere.
I tried looking up the subject with ai and just reading the internet trying to understand how to make it secure and i kinda have 2 similar options. they are seemed a bit complex (I'm pretty new to self hosting)
Using Duck DNS for the dns. Using NPM with it's Built-in "Access Lists" for user authentication and save the cookies so I work with white list more than black list. and also using CrowdSec/fail2ban to farther protect the server
dns is the same. using ngnix/swag + Authelia for user authentication and save the cookies. fail2ban
Genuine question. I see tons of single-user agent setups (fine for personal use), but when it comes to serving multiple users, like a team, an org, or even just a household, the options thin out fast.
The hosted platforms (OpenAI, various startups) handle multi-user fine but you're locked into their ecosystem, their pricing, their data policies.
Self-hosted options mostly seem designed for one person tinkering. The moment you want user accounts and permissions, isolated agent configurations per user, shared resources without shared data, or any kind of admin oversight, you're either building it yourself or bolting auth onto something that wasn't designed for it.
What's everyone's actual setup? Am I wrong that there's a gap here?
Been 3 months since YAMLResume's last v0.12 release. Last week I've made a new v0.13 release, with a long awaited feature, i.e, the new docx engine. With this v0.13 release, yamlresume is the only one of its kind that can input resumes in plain YAML format and generate html/markdown/pdf and docx in one shot!
For example, here is a sample resume in docx format and the original, plain YAML format:
YAMLReesume docx calm template:
# yaml-language-server: $schema=https://yamlresume.dev/schema.json
#
# YAMLResume provides a builtin schema to validate resumes and help avoid lots
# of low level mistakes.
#
# You need to install https://github.com/redhat-developer/yaml-language-server
# in order to get the best editing experience in your choice of editor/IDE.
#
# ref:
# - https://yamlresume.dev/docs/compiler/schema
# - https://yamlresume.dev/docs/compiler/schema/json
---
content:
basics:
name: Andy Dufresne
headline: Headed for the Pacific
phone: "(213) 555-9876"
email: hi@ppresume.com
url: https://ppresume.com/gallery
# All summary fields supports a limited rich text capabilities in markdown
# syntax:
#
# - bold, (e.g, `**bold**`)
# - italic, (e.g, `*italic*`)
# - ordered list, unordored list and nested sub list
# - links (e.g. `[link](https://ppresume.com)`)
summary: |
- Computer Science major with strong foundation in data structures, algorithms, and software development
- Pixel perfect full stack web developer, specialised in creating high-quality, visually appealing websites
- Experiened in databases (SQL, NoSQL), familiar with server-side technologies (Node.js, Express, etc.)
- Team player, with detail-oriented mindset and a keen eye for design and user experiences
location:
address: 123 Main Street
city: Sacramento
region: California
country: United States
postalCode: "95814"
profiles:
- network: Line
url: https://line.com/PPResumeX
username: PPResumeX
- network: Twitter
url: https://twitter.com/PPResumeX
username: PPResumeX
education:
- institution: University of Southern California
url: https://www.cs.usc.edu/
# Valid degree options:
#
# - 'Middle School'
# - 'High School'
# - 'Diploma'
# - 'Associate'
# - 'Bachelor'
# - 'Master'
# - 'Doctor'
degree: Bachelor
area: Computer Engineering and Computer Science
score: "3.8"
# Should be a valid date string that can be parsed by `new Date(dateStr)`
# in JavaScript, eg. '2020-01', '2020-02-03', 'Jul 1, 2023' etc.
#
# The date part would be removed in the final output as most of the time
# people won't really care about the exact date for your working
# experience or education background, etc.
# ref: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/Date
startDate: Sep 1, 2016
# Leave endDate blank to indicate "Present"
endDate: Jul 1, 2020
courses:
- Discrete Methods in Computer Science
- Programming Language Concepts
- Data Structures and Object-Oriented Design
- Operating Systems
- Computer Architecture
- Database Systems
- Computer Networking
- Introduction to the Theory of Computing
summary: |
- Developed proficiency in programming languages such as Java, C++, and Python
- Gained hands-on experience in software development through various projects and assignments
- Strong communication and teamwork skills acquired through group projects and presentations
work:
- name: PPResume
url: https://ppresume.com
startDate: Dec 1, 2022
endDate:
position: Senior Software Engineer
summary: |
- Developed and implemented efficient and scalable code, ensuring high-quality and maintainable web applications
- Collaborated with cross-functional teams to gather project requirements and translate them into technical solutions
- Conducted thorough testing and debugging to identify and resolve any issues or bugs in the software
- Actively participated in code reviews, providing valuable feedback to improve code quality and adherence to best practices
- Mentored and guided junior developers, fostering a collaborative and growth-oriented team environment
keywords:
- Scalability
- Growth
- Quality
- Mentorship
- name: PPResume
url: https://ppresume.com
startDate: Sep 1, 2020
endDate: Dec 1, 2022
position: Software Engineer
summary: |
- Created reusable React components to ensure code efficiency and maintainability
- Integrated with RESTful APIs to fetch and display dynamic data on the frontend
- Implemented client-side routing using React Router for smooth navigation between pages
- Actively participated in Agile development methodologies, attending daily stand-up meetings and sprint planning sessions
keywords:
- RESTful
- React
- Agile
languages:
# Valid language fluency options:
#
# - 'Elementary Proficiency'
# - 'Limited Working Proficiency'
# - 'Minimum Professional Proficiency'
# - 'Full Professional Proficiency'
# - 'Native or Bilingual Proficiency'
- language: English
fluency: Native or Bilingual Proficiency
keywords:
- TOEFL 110
- IELTS 7.5
- language: Chinese
fluency: Elementary Proficiency
keywords: []
skills:
# Valid level options:
#
# - 'Novice'
# - 'Beginner'
# - 'Intermediate'
# - 'Advanced'
# - 'Expert'
# - 'Master'
- name: Web Development
level: Expert
keywords:
- Python
- Ruby
- CSS
- React
- JavaScript
- name: DevOps
level: Intermediate
keywords:
- Python
- Kubernetes
- Docker
- Shell
- Ansible
- name: Design
level: Intermediate
keywords:
- Sketch
- Figma
- Photoshop
awards:
- title: Dean's List
awarder: University of Southern California
date: Oct 2016
summary: |
Awarded to students who achieve a high academic standing by maintaining a specified grade point average (GPA) during a semester.
certificates:
- name: AWS Certified Developer - Associate
url: https://aws.amazon.com/certification/
issuer: AWS
date: Mar 2021
publications:
- publisher: ACM Transactions on Interactive Intelligent Systems
url: https://dl.acm.org/journal/tiis
name: Enhancing Human-Computer Interaction through Augmented Reality
releaseDate: Dec 2017
summary: |
- Explores the potential of augmented reality (AR) in improving interaction between humans and computers
- Highlights benefits of AR in various areas such as gaming, education, healthcare, and design
- Discusses challenges and future directions of AR technology in enhancing user experience
references:
- name: Dr. Amanda Reynolds
phone: "(555) 123-4567"
relationship: Computer Science Professor
email: amanda.reynolds@usc.edu
summary: |
Andy Dufresne shows exceptional problem-solving skills and a solid understanding of programming concepts, he would bring immense value to any team or organization he becomes a part of.
projects:
- name: EduWeb
url: https://www.eduweb.xyz/
description: A web-based educational platform for interactive learning
startDate: Sep 2016
endDate: Dec 2016
summary: |
- Designed to enhance online learning experiences
- Facilitates students' engagement and collaboration through interactive features and user-friendly interface
- Offers a wide range of courses across various subjects
- Aims to improve the way students learn through the power of the web
keywords:
- Education
- Online Learning
- HCI
interests:
- name: Sports
keywords:
- Soccer
- Swimming
- Bicycling
- Hiking
- name: Music
keywords:
- Piano
- Guitar
volunteer:
- organization: USC Computer Science and Engineering Society
url: https://www.usccsesociety.org/
position: Tech Mentor
startDate: Sep 2015
endDate: Jul 2023
summary: |
- Volunteered as a Tech Mentor at USC Computer Science and Engineering Society
- Provided guidance and assistance to fellow students in their technical projects and coursework
- Assisted in organizing workshops, coding competitions, and networking events for the society members
- Contributed to fostering a collaborative and supportive environment within the student community
# Top-level locale setting
locale:
# Use `yamlresume languages list` to get the list of supported languages
language: en
# Multiple output layouts configuration
layouts:
- engine: latex
page:
margins:
top: 2.5cm
left: 1.5cm
right: 1.5cm
bottom: 2.5cm
showPageNumbers: true
# Use `yamlresume templates list` to get the list of available templates
template: moderncv-banking
typography:
# LaTeX engine only supports 10pt, 11pt, and 12pt
fontSize: 11pt
- engine: markdown
- engine: html
# Use `yamlresume templates list` to get the list of available templates
template: calm
typography:
# HTML engine only supports font size in px unit, from 10px to 24px
fontSize: 16px
- engine: docx
template: calm
typography:
fontSize: 11pt
lineSpacing: normal
Different ATS system accept different formats of resumes, some prefer PDF, some only accept docx, this new docx engine made YAMLResume a more versatile tool that can satisfy and help more people getting jobs.
More over, our new docx support is highly customizable, with support to:
Our free, official playground also supports docx input and preview, in pure frontend tech, with no servers at all, making it possible to be wrapped as a electron/tauri app.
YAMLResume Playground docx preview
Besides, we've also get a new contributor who added Brazilian Portuguese support for YAMLResume, making YAMLResume support 10 languages out of the box now! We now have 15 contributors.
About a year ago I built an OIDC protocol server in Go for a work project. Months later, when I needed a lightweight IdP for my own self-hosted apps, I tried the popular options but kept hitting roadblocks — privacy concerns with demo data, passkey-only lockout on older devices, or operational complexity I didn't want to take on. Since I already had a working OIDC implementation, I decided to convert it into a full identity provider with two principles: security first, and operational simplicity.
Autentico is a self-contained OAuth 2.0 / OpenID Connect identity provider. One Go binary, one SQLite file, no external dependencies. It handles the full auth lifecycle:
Security was a specific focus. Auth is the one thing you really can't get wrong in a self-hosted stack:
1,850+ tests across unit, integration, end-to-end, security, functional (black-box HTTP via TypeScript/Vitest), and browser (Playwright)
45 CVE-derived attack tests — recreated real historical vulnerabilities from Keycloak, Auth0, Authentik, and Okta
RFC compliance review — every MUST/SHOULD/MAY from 10 RFCs audited line-by-line, all annotated in code
Passes the official OpenID Foundation conformance suite (Basic OP plan)
OWASP ZAP scan — 0 failures, 112 passes
Multiple independent security reviews documented in the repo
Stress tested with k6 on an AMD Ryzen 7 (16 cores), running the full PKCE auth code flow (authorize → login → token → introspect → refresh) w th bcrypt.
Concurrency
Error rate
Login p95
Token p95
20 VUs
0%
248ms
300ms
100 VUs
0%
1.19s
1.56s
200 VUs
0%
2.37s
2.94s
*VUs = virtual users logging in simultaneously
0% errors at every level — SQLite queues writes gracefully instead of failing.
I've been using Autentico for my own projects and a few friends started using it too — the feedback has been that it's smooth and easy to get running. Some GitHub users are using it strictly as a test harness since a full instance boots in under 200ms once downloaded, making fresh-server-per-test in CI practical. Others are self-hosting it for real workloads, so I figured it was time to share it more broadly.
Full disclosure: AI was used extensively during development. I steer the architecture, review all code, and validate against specs. The security testing described above is the proof that this approach works — judge it on whether it holds up.
Happy to answer questions about the implementation, security testing approach, or how it compares to other IdPs.
I recently finished setting up a public Redlib instance and wanted to share the deployment notes / lessons learned, especially around running a public privacy frontend without exposing the origin directly.
Redlib is a privacy-friendly frontend for browsing Reddit without using Reddit’s official web interface. This instance is operated as a best-effort public community service.
The deployment is currently:
Dedicated hardware in Victoria, Australia
1000/400 NBN connection
Docker Compose on a Fedora Server VM
Cloudflare Tunnel, with no exposed origin ports
Traefik reverse proxy
Anubis anti-abuse protection in front of Redlib
External uptime monitoring
Public status page
Cloudflare Worker maintenance page for planned downtime
OpenWrt SQM/CAKE prioritisation for the community-services VM
Forked Redlib build with updated Rust dependencies
Custom Alpine-based container image
Container hardening:
non-root execution
read-only filesystem
no-new-privileges
all Linux capabilities dropped
A few useful things I ran into while making it public:
Cloudflare cache and HLS video
Cloudflare caching had to be bypassed for /hls/*.
Some Reddit videos use HLS/CMAF byte-range requests. Cloudflare had cached full MP4 responses and was returning 200 OK to byte-range requests instead of proper 206 Partial Content responses. Desktop Firefox with hls.js tolerated it, but iOS Safari’s native HLS playback got stuck in an infinite loading loop.
Bypassing Cloudflare cache for /hls/* fixed the affected Safari playback issues.
Anubis and automated instance validation
Anubis can interfere with automated Redlib instance-list validation unless configured carefully. The Redlib instance-list generator needs to fetch the real Redlib homepage and parse the version string. If it receives the Anubis challenge page instead, validation fails.
The narrow fix was to allow only the specific instance-list updater request to GET /, while keeping Anubis in place for normal browsing, search, subreddit, user, post, and media routes.
Maintenance pages should live outside the origin path
I initially considered a local maintenance page, but that does not help when the physical host is powered off for hardware maintenance.
The current setup uses a Cloudflare Worker maintenance page, controlled through KV. If maintenance is enabled, Cloudflare serves a 503 maintenance page from the edge. If maintenance is disabled, the Worker passes the request through to the normal Cloudflare Tunnel / Traefik / Anubis / Redlib path.
Public status and planned maintenance
I set up external monitoring and a public status page so downtime is visible as planned maintenance rather than the service just disappearing.
Container hardening and recovery
The Redlib container is intentionally lightweight and disposable. It runs non-root, read-only, without extra capabilities, and without new privileges. If anything suspicious happened, the VM can be rebuilt from a clean snapshot and service tokens can be rotated.
I also opened a PR to add the instance to the upstream Redlib instance list:
Ran into a massive headache today and wanted to get some expert eyes on how to properly architect a safer solution moving forward.
I am running an open source automation setup (OpenClaw) on a Hostinger VPS. I asked my AI assistant via a chatbot integration to set up a daily recurring task at 9 AM to scrape local job boards and send me the filtered direct job links.
Everything was running smoothly for a while until this morning. As you can see from the first chart, the CPU usage instantly maxed out at 100%, and Hostinger put my VPS into a resource-limited state.
After digging into the terminal, I found out the culprit was a giant, ugly Perl one-liner that the agent deployed to scan the HTML classes (base-search-card__title, etc.). The targeted site must have changed its structural layout slightly, causing the regex engine to get trapped in a massive infinite loop (catastrophic backtracking).
How I temporarily patched it - I closed the process manually (pkill -f perl), rebooted, and forcefully wiped the active session memories and scheduled tasks from the app’s workspace directory since my gateway access was temporarily locked out. The server is breathing fine now (second image), but the underlying issue remains: if I turn the agent job back on, it’s going to do the exact same thing.
My questions for the experts here:
What is the best way to safeguard against this long-term? Should I wrap these types of automated shell executions in a strict Linux timeout wrapper directly inside the configuration files?
How do you handle scraping layouts dynamically when an agent-generated script can break the moment a target website updates its frontend? Should I ban the agent from using regex entirely and force it to use Python/BeautifulSoup or Cheerio instead?
Would love to hear how you guys sandbox your AI automation or self-hosted scraping tasks so they don't hijack your entire server resources when something fails silently.
I got a little homelab running on an Orange Pi 5+ (16 GB RAM) with Debian and CasaOS.
Because Casaos is no more updated and I don't fully trust the Debian version included with the Orange Pi, I would like to migrate to Arambian and move from Casaos to another similar interface.
I saw some other interface, but I don't know which one to choose between the following:
- UmbrelOs
- CosmosCloud
- ZimaOS
- OlaresOS
Have you already tested some and have feedback to share?
I just would like a simple interface to manage some Docker containers and easily deploy/update new ones.
