Huh? Why?

as far as I know, there is no way to put a valid certificate like let’s encrypt for a service that is not accessible from the net

There definitely is. All of my local services run on a wildcard cert that I got from a DNS challenge with Let’s Encrypt. As long as the reverse proxy can access whatever source is issuing the certificate, and as long as the client browser can access public certificate ledgers and has DNS info about your services, things will work just fine locally.

I recommend Netbird to give access to services to your family members, for access control and for the DNS server it provides. It also gives you the bonus of accessing your services remotely.

Feel free to ask if you have any questions.

Good riddance.

Has anyone used Komga as an alternative? It’s primarily for manga and comics but it seems to support books too (epub and PDF). It also seems to be able to sync books with Kobo devices.

Yeah, pass has been discussed a bit in the thread already, but there are a few security issues that keep me from using it. Speaking of security, I had no idea the Android app was archived in 2024. That’s quite a long time without updates. Are you using a fork?

Thank you for sharing your workflow either way! Using a git based solution would be amazing.

I like the idea of using git, and there are people using it with their KeePass database (here’s an example), but I don’t think it’s optimal. If you want to use git, pass is probably the better option, but that brings in a whole lot of other problems.

I’ve started using Nextcloud to sync my database and it’s worked out fine so far. Though it would be nice to use something like git that I use all the time regardless, right now the whole bloated Nextcloud stack I have hosted only syncs my small password database haha.

I would get a router that supports an open source firmware or operating system like OpenWRT. Which one depends entirely on your use case. Getting a router from your ISP is fine if you’re allowed to and capable of flashing it, and if you trust them (I’m lucky that I have an ISP with a track record of fighting for their users’ privacy and integrity).

Yeah, that’s a good point. There are still a few cons though:

1. If the server goes down (or your internet connection goes down), you can’t add entries to your database. Local changes aren’t allowed.
2. Bitwarden doesn’t support supplementing your passphrase with a key file.
3. The Bitwarden clients aren’t enitrely FOSS as far as I understand, the SDK used has a non-free license.

There are pros and cons in both alternatives, and there is unfortunately not a perfect solution. I like the idea and philosophy behind the KeePass format, so the increase in syncing complexity is worth it (for now at least).

I’m using NixOS and I have had no problems gaming. Getting the kernel from CachyOS is also easy enough, if you want that.

I managed to get it up and running now, thank you! It wasn’t intuitive at all, compared to using nextcloud-client on the desktop. I’ll try this for a while and see if it works for me.

I’m currently using KeePassDX and I’ve set up the Nextcloud server and downloaded the Android app. I’ll give it another shot. Can you explain more how you’ve set this up for yourself? What does CF mean, and what file manager do you recommend?

Thanks!

I’m talking about this issue: https://github.com/nextcloud/android/issues/19

This issue: https://github.com/nextcloud/android/issues/19

I’m looking for a selfhosted alternative, I’m not really to keen to place all of my password eggs into one company basket so to speak. But yes, other than that, Proton is a good choice (but I’d probably go with Bitwarden personally). Thank you.

Do you do it manually into e.g. protected json, or to a normal zip (the former doesn’t support attachments as far as I know)? Or have you found a way to do it automatically? One con that I’ve read about this is that backups from one version is not guaranteed to work on another version. Thanks.

I actually used pass many years ago and I quite enjoyed it, except for the fact that the entry names are presented in clear text. You’d also have to manage your GPG secret which I’m not a fan of (in fact, my password manager is how I usually manage GPG and SSH keys in the first place). On the other hand, I guess you should keep a key file on each device on top of a passphrase even if you use a KeePass database, so I guess that point is moot. There are also no good way to include attachments. At that point Vaultwarden feels more convenient, but the more I’m thinking about it, the more I’m warming up to the idea. We’ll see, maybe I’ll give it a shot again.

Thanks for sharing your thoughts!

Edit: I did some quick research and I found this video:

https://www.youtube.com/watch?v=j-qBChKG15Y

It brings up some pretty important security concern that still seem to be relevant.

Yeah, I have a tendency to modify my database quite often. I often make new accounts, add attachments, modify passphrases on older accounts, etc. I modify it several times a week. I might be an outlier, and in that case I understand why people don’t consider this to be a huge problem haha.

I used to enjoy AI a lot, and I still think the technology is really cool, but lately I’m beginning to despise it. It spreads and nestles itself into every corner of our life, and it rots whatever it touches, be it the humans that rely on it or the projects in which it’s used. I see so many open source projects that are tainted with it, it’s almost impossible to avoid it. It’s sad. The generations that will grow up with AI will be fucked.

They’re in the process of doing so, and they’re a long way off from being finished. Frankly, I doubt we’ll ever see a release.

Heroic is great. Bottles has the potential to be great but it needs umu, and I’m skeptical about them rewriting the project (rewrites are seldom a good sign of a FOSS project in my experience).

This is only supposed to be temporary while you set up the FDE, your IP is unlikely to change in the 30 minutes or so it takes to go through these steps.

In any other scenario I’d close port 22 and use a mesh VPN with SSH capabilities, like Netbird or Tailscale. I’d only open it up again to access Dropbear during reboots, and I’d use IP filtering for that as well.

As for DHCP, I guess it depends on the ISP. I don’t have a static IP but mine doesn’t change as far as I can tell unless my router is disconnected for a longer while.