While YUNO is a great way to get started, I strongly encourage you to understand basic concepts, like docker, and maybe try to run something outside of it for fun. While not even remotely the same thing since YUNO is just the OS and “app store”, you would be very similarly tied to that ecosystem the same way you are to Google now. Not to mean that YUNO would have any control over your stuff, but you would be dependent on them for what you can self host.

Ok, so, there are multiple things you should be aware.

First of all you’ve set that DNS to be 10.0.0.41, that range of IPs is reserved for lan, similar to 192.168.0.41 would be. Only people in the same local network as you might be able to access it.

Also, usually your home router doesn’t use the 10.x.x.x range, but some ISPs might do it in their internal network, which means your router doesn’t get an internet IP, instead your ISP router does and it shares the same external IP with different houses, so you would need to use something like https://www.whatsmyip.org/ to know what your external IP is.

But there’s more, since you don’t control that router putting that external IP in the DNS won’t work either.

You need to do something more complicated, I recommend you read on cloud flare tunnels for example.

And one final piece of advice, don’t share your urls with randoms on the internet, security by obscurity is not security and all, but publicly advertising your url is asking for trouble, even without doing that you will see several attempts of logging into your servers constantly.

On paper I should love Authelia, I’m a sucker for y’all configured services, I can write a couple of files on my Ansible and boom, everything works… However I never had much luck setting Authelia up, Authentik on the other hand was very painless (albeit) manual (via UI) configuration. I don’t do anything crazy, so any of them would work for me though, I just failed on setting Authelia and tried Authentik and had had no reason to change.

What problem are you having? Docker is very straightforward, just copy the compose file and run a command.

Kodi is a graphical app, like Firefox, so you won’t use docker for it.

I have Jellyfin running for years too and it has never broken for me, I use Linuxserver image, so maybe they delay the updates a bit?.. Now, Immich has broken so many times that nowadays is the only docker I don’t keep at latest (and I know using latest is a bad practice, I understand the reasons, but the convenience of not worrying about the versions beats all that for me)

Configuration is much easier, e.g. this is the full config you need to expose nextcloud on nextcloud.example.com (assuming caddy can reach nextcloud using the hostname nextcloud)

nextcloud.example.com {
        reverse_proxy nextcloud
}

Comparing that to ngnix configs that need a template for each different service (although to be fair they’re mostly the same).

My point is that of those 120 probably 110 have never been compromised nor forced you to change the password due to expiration policies. The remaining 10 are the ones that require some mental gymnastics, so while the problem exists it’s not as serious as it sounds. I probably have more than 120 identities using this method since I’ve been using it for years, and I don’t think I ever had to use the counter, it’s a matter of being consistent in how you think about websites, for example if you know how you refer to a site slugify it and use that for the field, so you would use spotify, netflix, amazon-prime.

Yeah, it’s probably a legal thing, rreading-glasses is just metadata for books, completely legal, but readarr legality is less clear, so maybe they’re trying to prevent issues.

Also I didn’t understand what is rreading-glasses and why you need it

Say you want to grab a book by Isaac Asimov, you type the name of the book in readarr search bar, readarr contacts a metadata provider to show you cover images, author, date, etc. Then when you select the book readarr uses that metadata to search for downloads and ensure you’re getting the correct book and not another random book with the same name.

The problem is that readarr uses a closed source API for it’s metadata, and it’s constantly offline, which makes it impossible to use readarr. Luckily they allow you to customize the URL for the API, and rreading-glasses is an open source implementation of that API that you can use as a drop in replacement.

Yup, but most of that is easily solvable by being consistent, e.g. always use lowercase and your email (even if it’s not the login for that site). But yes, you need to know to be consistent so it’s a good point to make.

I noticed that my Ansible playbook failed to do a docker pull on readarr, I just commented it and was going to investigate further today. This sucks, especially because rreading-glasses did in fact completely solve the issue they’re facing. Not sure why they didn’t consider migrating to it officially, it’s only a config change.

It’s strange how I never see this mentioned anywhere, but there’s a way to get unique secure passwords for every site/app without needing to store them anywhere. It’s called LessPass, and essentially generates passwords based on 3 fields (site, username, master password) and works relatively well, because the advantages are quite obvious I’ll list the potential downsides:

• If one password is compromised or needs changing for whatever reason you need to increase a counter and need to remember which counter for which site (this is less problematic than it sounds, except in places that have a password policy that forces you to change your password periodically)
• Android can store the master password and use fingerprint to input it, but in PC you always have to type your master password which can get annoying.
• You need to change your passwords to this new format, which can take a while, and years down the line you’re trying to login somewhere and don’t remember if you’ve already migrated it or not.

I used to do that, but eventually found out about https://silverbullet.md/ it’s still just markdown files but I can edit them on the go with my phone.

Plus it has some nice extra syntax to query documents that’s quite handy.

Sure, but they have a setting to fix this by letting Plex know that 192.168.0.x range is local network (as if it needed it) except it’s behind a paywall.

Giving it write access to a folder is not even remotely on the same level as giving it control over the host networking. Worst case scenario in the volume access is to delete that data, which is on a btrfs drive and has backups, worst case scenario for network host is root access to host machine.

Yes I am, but I don’t want to give full control of my network drive to a closed source application because it paywalled me out of being able to access my media on my local network. It’s ridiculous that I have to do that. It breaks ECI, and is a security risk. And yeah, it’s a bit paranoid, but the fact that they can fix it with a simple config and put that behind a paywall is VERY worrisome, so I now need to pay if I want to isolate Plex from the host where it’s running.

Yup, that’s exactly the problem I have, it’s ridiculous that it doesn’t let me stream from a local network just because it thinks that it’s local network is only the docker one, it should be fairly simple for Plex to figure out it’s accessible via a direct connection and it doesn’t need to route through the Plex servers for this. But it won’t get fixed because it pushes people to pay, hell from what people are saying here the config to fix this is paywalled so they create a problem for which they sell you the solutions.

Therefore it’s literally impossible for me to watch my media locally, way to go Plex.

I don’t have that configuration:

I can’t speak for OP, but I self host lots of stuff, have literally dozens of services running, have an Ansible repo to manage it all and routi some stuff through a VPS, not to mention my day job has included managing services in one way or another for a long while. This is to say, I know what I’m doing. I couldn’t setup Plex to work the way I wanted to, they expect it to run in a docker with network set to host mode, I couldn’t find any way to tell Plex that my living room TV was in the same network, it just wouldn’t accept any connections as local. I know I shot myself in the foot here by not letting it run with network on host mode, but I shouldn’t have to, the port was exposed, I could reach it through the local network IP, but I wasn’t able to stream any content locally.