Where I could see an LLM being useful is categorizing entries and maybe proposing sanitization (for example when the payment provider uppercases or abbreviates stuff)

Just to clarify: OwnCloud or OwnCloud Infinite Scale (OCIS)?

Probably some fastboot shit. I like the idea of fastboot… if only it wasn’t so tied to Windows.

The ONLY thing I don’t like about it is having to finish the install of windows before you can wipe the ssd.

Why? Can’t you get to the bios, change to usb boot loader, boot linux and wipe the disk?

Does it make a difference, if that setting uses a trailing slash? Might be it redirects you to the path without, which triggers caddy to redirect you again, and so on and so forth.

You could also, instead of redirecting, rewrite it. Then it is handled serverside without sending the client somewhere else.

Are all the *arr services aware that they are expected to have a certain basepath?

I don’t like the syntax, the runtime environment (which runs interpreted) and for PHP more than many other languages (aside from JS), a lot of code out there is hacked together horribly which makes me completely distrust the community.

Personally I stay away from anything that doesn’t have a compiler.

I was in the same boat and therefore my nextcloud instance was mostly running for backwards compatibility with a few setups I have, while I mostly use seafile, immich and sogo. But a few days ago I updated to nextcloud hub 10 (I think that’s with nextcloud 31 under the hood) and damn does that run smooth. I was so impressed I got motivated to finally setup the high performance backend for nc talk.

I still dislike PHP, but nextcloud just won back my heart a little.

On mobile I indeed also had that issue once. However I made sure they can’t lock me out completely. The db is stored using the opensource sqlcipher, so one can open it and extract everything manually, if absolutely necessary. As long as they don’t change this, I am fine. In the worst case that would still be a lot of effort for me, but not impossible.

The export has also improved a lot. You can now also export to JSON which includes all the data one could need.

If you don’t have a hard requirement of it being fully (!) OpenSource, then I would recommend Enpass. Relatively pleasing UI that runs native on Win, Mac, Linux, Android and iOS. It has browser plugins for Chrome and Firefox that talk directly to the running fat client (so no multiple authentication with different browsers necessary).

The password db is completely local, but it offeres several sync mechanisms like WebDAV or Dropbox or also iCloud; basically whatever can store files. If it’s a NAS in your home, it simply will sync once you are back home.

It also offers “WiFi Sync”, in which case you designate one machine running Enpass as the server and link other clients to it, then you don’t even need to run a separate hosting for it (but that machine needs to be on and running Enpass when you want to sync, obviously).

It’s basically a less open but much more convenient and beautiful KeePass(XC).

No, I keep that private to minimize the information I leak about what I host, sorry. (I also don’t do git-ops for my server; I back the mentioned directories up via kopia so in case of recovery I just restore the last working state of data+config. I don’t have much need to version the configs.)

What I did to get rid of my mess, was to containerize service after service using podman. I mount all volumes in a unified location and define all containers as quadlets (systemd services). My backup therefore consists of the base directory where all my container volumes live in subdirectories and the directory with the systemd units for the quadlets.

That way I was able to slowly unify my setup without risking to break all at once. Plus, I can easily replicate it on any server that has podman.

No, since at the moment it wants to manage certificates, but I don’t intend to run pangolin as my main reverse proxy.

Pangolin is the most user friendly self hosted alternative to Cloudflare tunnels. There are dozens alternatives, but none with that feature set and such a UI.

I talk fully about software. Add appropriate nftable rules to the container network and that’s it.

Well, a big advantage of containers is, that you can isolate them pretty aggressively. So if you run a container that is supposed to serve content on a single HTTP port, expose only that port, mount no unnecessary volumes and run it on a network that blocks all outgoing traffic. Ideally the only thing left will be incoming traffic on the one port the service is supposed to serve.

Half off-topic, sorry: if you have some spare time on the weekend, you might want to take a look at nftables. AFAIK iptables is also just using nftables under the hood, so you are basically using a deprecated technology.

nftables is so much nicer to work with. In the end I have my custom rules (which are much saner to define than in iptables) in /etc/nftables.conf, then I have a very simple systemd unit:

[Unit]
Description=Restore nftables firewall rules
Before=network-pre.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
ExecStop=/usr/sbin/nft flush table inet filter
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

and finally if I push updates via ansible I simply replace the file and run nft -f /etc/nftables.conf (via ansible; on-change event).

Edit: oh and as an example how the actual rules file looks like:

#!/usr/bin/nft -f

add table inet filter
flush table inet filter

table inet filter {
  chain input {
    type filter hook input priority 0;

    # allow established/related connections
    ct state {established, related} accept

    # early drop of invalid connections
    ct state invalid drop

    # allow from loopback
    iifname lo accept

    # allow icmp
    ip protocol icmp accept
    ip6 nexthdr icmpv6 accept

    # core services
    tcp dport {80, 443} accept comment "allow http(s)"
    udp dport 443 accept comment "allow http3"

    # everything else
    reject with icmpx type port-unreachable
  }

}

and with that I have my ipv4+6 firewall that allows pings and http

The shopping list alone is beautifully done. Glad that I could help 🙂

There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors.

– Leon Bambrick

Regarding your requirement, you might want to take a look at KitchenOwl.

If you prefer freestyle notes/lists, Joplin can share and sync note collections as well.