[-] revereddesecration@alien.top 1 points 1 year ago

I have a series of containers that use the host network and share messages over MQTT. Works well. One of them launches other containers when specific trigger phrases are said in specific topics. Another one sends trigger phrases based on a schedule.

[-] revereddesecration@alien.top 1 points 1 year ago

It’s easy enough to run Authelia in front of all of your subdomains. Suddenly you’re back to one attack vector.

[-] revereddesecration@alien.top 1 points 1 year ago

Sounds like the next step in your journey is combing through this list and seeing what’s out there: https://github.com/awesome-selfhosted/awesome-selfhosted

So much great stuff! But most of it has drawbacks, like missing features or less attractive UI. But it’s free and open source so we love it all the same.

[-] revereddesecration@alien.top 2 points 1 year ago

Pi runs Raspbian which is just Debian with customisation applied. So of course it can run elsewhere. You don’t know as much as you think you do perhaps 😉

[-] revereddesecration@alien.top 1 points 1 year ago

Fun fact: don’t comment out anything, just find the name of the database service, let’s say it’s db, then run docker compose up db to launch it on its own.

[-] revereddesecration@alien.top 1 points 1 year ago

There’s a couple of things to weigh up: attack surface, and incentive to attack. You’re not high on either scale so it’s not a high chance of problems.

[-] revereddesecration@alien.top 1 points 1 year ago

I host Psono and auth via OIDC provided by Authentik.

I chose Psono because it was the only option that offered OIDC on a free tier. Previously I paid for Passbolt which wasn’t bad, but Psono does the same job for free and is nicer to use.

[-] revereddesecration@alien.top 1 points 1 year ago

Why can’t you have your TLS managed at the gateway, then reverse proxy based on subdomain to your various services?

revereddesecration

joined 1 year ago