I’ve just accepted it for now while I pray they work on updating it to officially support anything that’s not keycloak lmao

I made the switch a few months back. Manually migrated my files over using the desktop apps for both, but it was maybe 200GB of junk so it didn’t take long.

OpenCloud is great. Much faster, much simpler, does what it needs to do. That being said, it is very new so documentation is lacking, and the desktop and mobile app are VERY basic (the mobile app doesn’t have a dark theme and only offers a limited photo sync right now, for example, instead of setting various one or two-way synced folders).

It’s also worth nothing that their compose file and OIDC support are both a mess. The compose file is easy enough to work around, plenty of folks have put together cleaner, minimal single file setups. For OIDC, I did get it working with Authentik but it loves to constantly log me out mid-session in Librewolf all the time. For some reason they use a hard-coded clientID for OIDC, and even worse the ID is different for web, desktop, and mobile. Very bizarre.

So it’s far from flawless, but it’s early in development and overall it’s still a better fit for me than Nextcloud.

I switched to OpenCloud a month or two ago and it’s been much better overall. A bit of a pain to set up but now it’s running smooth, does everything I need it to do and is much more performant than Nextcloud was for me.

Good shout! Admittedly I’ve been happy with Symfonium so I haven’t looked into FOSS alternatives but this looks really good. When I get a chance I’ll add it to the writeup for sure.

This is a bit over my own head as I’ve only been dabbling with it recently, but so far from what I’ve found that seems to be the case.

You can get creative with the Rules, but that’s always accepting a level of risk. Like to get Beszel and Komodo Periphery working on my VPS, I technically expose some services, but I keep Pangolin’s auth enabled and use the rules to restrict it to certain paths and only my own public IP to bypass auth (1. Allow: my IP, 2. Always deny 0.0.0.0/0).

At least from my understanding (specifically for Navidrome here), there’s no way to differentiate which user owns which track/album if they’re in the same location. Navidrome’s multilibrary configuration is basically just telling it “hey this folder is this library, that folder is that library”. A combined single folder is perfectly fine if users are fine with that, but in my use case my wife and I have dramatically different tastes so it makes more sense to separate it all out.

Y e p. It’s a nightmare tbh. No ethical consumption under capitalism etc etc

I think I made a note about that, but you’re right I should make it more apparent. I did use the blampe/hearring-aid build here which solves the issue for the short term, but I’ll add a clearer note to futureproof it for when the main builds are fixed.

I thought this was just an elaborate shitpost. that’s so unfortunate.

Pangolin with an Authentik login required. Jellyfin’s set up with OIDC too but that’s more for convenience than security (especially since password auth doesn’t seem possible to disable, so it’s just hidden with CSS which does jack shit for security).

I’m paranoid so I only expose 3 services total without Pangolin/Authentik in front of them: Authentik itself, headscale, and navidrome’s rest endpoint (the last one skeeves me a bit but it’s mandatory for it to work remotely in the situations I want it, like a web player on work machines). Anything else I personally need remote access to, I can get through tailscale - Pangolin for me covers friends and family usage and a few niche situations.

Getting it up and running was pretty easy but admittedly I’m starting to hit some snags with split DNS and Authentik. Totally doable but taking a lot of work for sure.

In the process I’m also moving my entire domain to a different name and got timed out by letsencrypt lmao so I guess I’ll try some more tomorrow.

The variant version of number 2, which is more work to set up of course, is Pangolin on a VPS. Basically serves the same purpose but skips Cloudflare entirely.

I’m in the process of setting up Pangolin and Headscale on a VPS to expose a small handful of services and to replace my wg-easy setup. Currently chaining wg-easy through a gluetun container, so with a single VPN connection I get LAN access and protect my outbound traffic, but I can’t for the life of me get the same setup working on wg-easy v15, so I’m going to give tailscale/headscale a try with a gluetun exit node.

Yeah I’d consider blocking out both the bots and AI-users a win-win lmao

Damn maybe next time

This is all super helpful, appreciate it. Just for clarity, the mini PC right now is one of those tiny HP EliteDesks. Definitely no room to fit any extra drives, but I already pulled the trigger on a second machine after doing some more research, and that should be plenty for something that’s basically just going to be a storage box.

Good catch on the redundancy, at the time posting this I didn’t realize I needed the physical space/drives to set up that safety net. 8 should be plenty for the time being. Say if I wanted to add another drive or two down the road, what sort of complications would that introduce here?

I do have a backup plan but the mirror safety net is definitely a good call, since it’s not an ideal solution. Right now I’m storing most backups internally, on a small USB drive, and uploaded to a b2 bucket, while I’m manually backing up all of that plus my media/emulation library to a 20TB external drive once a month and shoving it in my storage unit in between.

Good to know network latency shouldn’t be too noticeable, guess that does make sense. I don’t expose anything publicly, LAN/VPN only and it’s just my wife and I here, so I’m not too concerned with locking down access any more than it needs to be.

This is actually really helpful and reassuring, even if I’m not planning on going that far with it just yet. tbh it feels like I’m overcomplicating the entire concept in my head, but that’s par for the course