I used Lychee, I haven’t seen it mentioned here and it is very good.

On paper I should love Authelia, I’m a sucker for y’all configured services, I can write a couple of files on my Ansible and boom, everything works… However I never had much luck setting Authelia up, Authentik on the other hand was very painless (albeit) manual (via UI) configuration. I don’t do anything crazy, so any of them would work for me though, I just failed on setting Authelia and tried Authentik and had had no reason to change.

What problem are you having? Docker is very straightforward, just copy the compose file and run a command.

Kodi is a graphical app, like Firefox, so you won’t use docker for it.

I have Jellyfin running for years too and it has never broken for me, I use Linuxserver image, so maybe they delay the updates a bit?.. Now, Immich has broken so many times that nowadays is the only docker I don’t keep at latest (and I know using latest is a bad practice, I understand the reasons, but the convenience of not worrying about the versions beats all that for me)

Configuration is much easier, e.g. this is the full config you need to expose nextcloud on nextcloud.example.com (assuming caddy can reach nextcloud using the hostname nextcloud)

nextcloud.example.com {
        reverse_proxy nextcloud
}

Comparing that to ngnix configs that need a template for each different service (although to be fair they’re mostly the same).

My point is that of those 120 probably 110 have never been compromised nor forced you to change the password due to expiration policies. The remaining 10 are the ones that require some mental gymnastics, so while the problem exists it’s not as serious as it sounds. I probably have more than 120 identities using this method since I’ve been using it for years, and I don’t think I ever had to use the counter, it’s a matter of being consistent in how you think about websites, for example if you know how you refer to a site slugify it and use that for the field, so you would use spotify, netflix, amazon-prime.

Yeah, it’s probably a legal thing, rreading-glasses is just metadata for books, completely legal, but readarr legality is less clear, so maybe they’re trying to prevent issues.

Also I didn’t understand what is rreading-glasses and why you need it

Say you want to grab a book by Isaac Asimov, you type the name of the book in readarr search bar, readarr contacts a metadata provider to show you cover images, author, date, etc. Then when you select the book readarr uses that metadata to search for downloads and ensure you’re getting the correct book and not another random book with the same name.

The problem is that readarr uses a closed source API for it’s metadata, and it’s constantly offline, which makes it impossible to use readarr. Luckily they allow you to customize the URL for the API, and rreading-glasses is an open source implementation of that API that you can use as a drop in replacement.

Yup, but most of that is easily solvable by being consistent, e.g. always use lowercase and your email (even if it’s not the login for that site). But yes, you need to know to be consistent so it’s a good point to make.

I noticed that my Ansible playbook failed to do a docker pull on readarr, I just commented it and was going to investigate further today. This sucks, especially because rreading-glasses did in fact completely solve the issue they’re facing. Not sure why they didn’t consider migrating to it officially, it’s only a config change.

It’s strange how I never see this mentioned anywhere, but there’s a way to get unique secure passwords for every site/app without needing to store them anywhere. It’s called LessPass, and essentially generates passwords based on 3 fields (site, username, master password) and works relatively well, because the advantages are quite obvious I’ll list the potential downsides:

• If one password is compromised or needs changing for whatever reason you need to increase a counter and need to remember which counter for which site (this is less problematic than it sounds, except in places that have a password policy that forces you to change your password periodically)
• Android can store the master password and use fingerprint to input it, but in PC you always have to type your master password which can get annoying.
• You need to change your passwords to this new format, which can take a while, and years down the line you’re trying to login somewhere and don’t remember if you’ve already migrated it or not.

I used to do that, but eventually found out about https://silverbullet.md/ it’s still just markdown files but I can edit them on the go with my phone.

Plus it has some nice extra syntax to query documents that’s quite handy.

Sure, but they have a setting to fix this by letting Plex know that 192.168.0.x range is local network (as if it needed it) except it’s behind a paywall.

Giving it write access to a folder is not even remotely on the same level as giving it control over the host networking. Worst case scenario in the volume access is to delete that data, which is on a btrfs drive and has backups, worst case scenario for network host is root access to host machine.

Yes I am, but I don’t want to give full control of my network drive to a closed source application because it paywalled me out of being able to access my media on my local network. It’s ridiculous that I have to do that. It breaks ECI, and is a security risk. And yeah, it’s a bit paranoid, but the fact that they can fix it with a simple config and put that behind a paywall is VERY worrisome, so I now need to pay if I want to isolate Plex from the host where it’s running.

Yup, that’s exactly the problem I have, it’s ridiculous that it doesn’t let me stream from a local network just because it thinks that it’s local network is only the docker one, it should be fairly simple for Plex to figure out it’s accessible via a direct connection and it doesn’t need to route through the Plex servers for this. But it won’t get fixed because it pushes people to pay, hell from what people are saying here the config to fix this is paywalled so they create a problem for which they sell you the solutions.

Therefore it’s literally impossible for me to watch my media locally, way to go Plex.

I don’t have that configuration:

I can’t speak for OP, but I self host lots of stuff, have literally dozens of services running, have an Ansible repo to manage it all and routi some stuff through a VPS, not to mention my day job has included managing services in one way or another for a long while. This is to say, I know what I’m doing. I couldn’t setup Plex to work the way I wanted to, they expect it to run in a docker with network set to host mode, I couldn’t find any way to tell Plex that my living room TV was in the same network, it just wouldn’t accept any connections as local. I know I shot myself in the foot here by not letting it run with network on host mode, but I shouldn’t have to, the port was exposed, I could reach it through the local network IP, but I wasn’t able to stream any content locally.

I’ve had that happen to me with plex, it was probably 100% my fault because I specifically changed things during the setup of the docker file, but apparently Plex can’t figure out that is local if it’s running inside docker with non-host network, it probably only accepts local connections from the docker network, and I was never able to make it treat my actual home network as local.