Alright, thank you!

Hey, we’re also thinking about setting up authentik. Could you answer the following, where I haven’t found answers to yet: does introducing SSO impede logging into Jellyfin on a TV / phone app at all?

I am a bit confused tbh 😅

The link you send links to docker projects, the link I sent is the second one of those. Seems pretty straightforward?

But to be fair, I have never used docker for any of this. In my nix config, it’s literally just:

    services.prowlarr.enable = true;
    services.prowlarr.openFirewall = true;

There’s not really anything you need to configure host-side. Prowlarr needs to be able to communicate with sonarr and radarr (same as jackett), but otherwise it’s basically stateless.

Yeaaaaaaahh the auth thing is really, really complicated to selfhost. There’s a docker project out there that apparently makes it possible, but… No idea. FOr the time being I still use FF’s auth - that’s still an improvement though: Mozilla knows that I am logging in / from what kind of device, but not the content or amount of what I sync.

This?

Probably… I mean, I’d at least start it in a systemd service, but sure, you don’t need a domain.

But of course your mobile won’t be able to access that domain outside your network

No idea - this is my firefox sync NixOS config, in its entirety:

  age.secrets.ffsync.rekeyFile = secrets.ffsync;
  services.firefox-syncserver = {
    enable = true;
    secrets = config.age.secrets.ffsync.path;
    settings.hostname = "localhost";

    singleNode = {
      enable = true;
      hostname = "0.0.0.0";
      capacity = 2;
    };
  };

You can self-host Firefox sync

Yes - but I have no idea about docker, sorry. Have it running baremetal (or rather, in a proxmox VM).

Just a hunch, but in case you “only” share the directory where Sonarr puts Episode files with Jellyfin via some mount point or whatever, and not the directory where Sonarr gets them from (where the torrent client downloads to), then I can see hardlinks breaking in unexpected ways

Sorry to hear that that’s been your experience! :( My installation has been running for ~5 years without any problems

Yeah no worries - I discovered Prowlarr from that exact same comment years ago so jumped at the opportunity to post it here 😆

Real question is, why Jackett instead of Prowlarr? 😄

Take a look at Kavita for selfhosting bools!

Named mine after “objects” from Iain M. Banks’ Culture Novels.

Currently I have:

• gsv
• hub
• excession
• drone

Nice and short, and map roughly to the “power level” of the hardware, so to speak.

And my Yubikeys are named after Special Circumstances agents 😄

You can also selfhost sync!

You can also just selfhost Firefox sync!

In that case I can really highly recommend it. Nixos on the server is fantastic anyways, and the only hurdle to recommending simple-nixos-mailserver is that most people are not familiar with nix… 😄

It’s a bit unconventional maybe, but I vote simple-nixos-mailserver - IF you are curious / willing to learn nix. It’s essentially just sanely configured dovecot, postfix, rspamd.

My config for those three combined is about 15 lines, and I have never had an issue with them. Slap on another 5-10 lines for Roundcube as a webmail client.

Since it’s Nix, everything is declarative, so should SOMETHING happen to the server, you can be up and running again super quickly, with the exact same setup.

Yep, that’s right. In theory you could share the encrypted DB with the public and not degrade security. (Still don’t do that though…)

Fail2ban allows you set different actions for different infringements, as well as multiple ones. So in addition to being put in a “local” jail, the offending IP also gets added to the cloudflare rules (? Is that what its called?) via their API. It’s a premade action called “cloudflare-token-multi”