Thanks!

Does this really need docker, if it’s all in-browser? Ultimately, is it just served as files from your self-hosted server and the client browser does the magic?

Yep. It’s on the TODO list…

You can do that? On ordinary, non-rooted Android?

I use Nebula. It’s lightweight, well-engineered and fully under your control. But you do need a computer with a fixed IP and accessible port. (E.g. a cheap VPS)

You can also use “managed nebula” if you want to enjoy the same risk of the control point of your network depending on a new business ;-)

Tailscale is great. The principle concern to me is that your super easy mesh network depends on Tailscale so if they want it they have control, and if they change their pricing or options you depend on them, and though they can’t see the data you send they can see the topology of your network and where all your computers/devices are.

I use Nebula, which is more work to set up and doesn’t have some of the features, not But if you slap the ‘lighthouse’ (administrating node) on a cheap VPS it works great. And it has some advantages. But Nebula also troubles me: though it’s fully open source and fully in your control, the documentation isn’t great. Instead, you can now get “managed nebula”, which puts you in the same problem as Tailscale: the company sees and controls your network topology. I fear the company (Defined Networking) is trying to push things that way. Even their android app you can’t fully configure unless you use their ‘managed’ service.

For now, Nebula is great, and my preferred mesh network (I looked into all the main ones). And for Tailscale you can run the administration server yourself with Headscale and be fully in your control.

Actually I wish Tailscale the best as a profitable business. They’ve created a fantastic service and system. But for me, I’d rather my network be in my own hands and for my own eyes. And, as is OP’s main point, once they have enough dependent users, the service might turn much worse.

I think that’s because both work on Android by being a VPN, and the system can’t handle doing two vpns simultaneously

Huh, interesting. I’ll bear that in mind - I don’t like the idea of a system clock error causing an old file to overwrite a new one!

I recall a lot of my peers hosting mail and web servers

I don’t think that’s representative of the global population. There’s more people streaming movies than hosting private blogs.

Curious about your point about time conflicts. Doesn’t syncthing look at the change on your machine compared to the ‘canonical’ list also stored on your machine? So even if the timestamp is different, syncthing still detects the change, and the only problem is if the file is simultaneously modified on another machine before being propagated - which would be a conflict anyway.

If you ask Syncthing how to do local sync (e.g. to an external HDD), the answer is, use the right tool for the job: Unison.

If you ask Unison how to do certain things (directory timestamps is the one I miss), the answer is, use the right tool for the job: rsync.

In the end, it all comes down to rsync.

P.S. I’m actually gradually migrating up the chain from rsync, having used my own hand-built utility to make convenient rsync commands, but now using syncthing and Unison more.

Kind of. That improves your backup safety, but doesn’t mitigate all the risks. E.g. if you accidentally delete everything from your backup directory, then all those deletions also happen on the sync’d one.

I think really it’s designed because you’re a consumer. Most people consume far more bandwidth than they upload, so asymmetry is more efficient.

I’m liking it. I’ve had no problem with the Android app, but then I don’t use it a lot, nor do my 10k pre-shrunk photos compare to some people’s collections here.

My only complaint is that two accounts don’t share great if you want to share face data etc. or to have a shared album show up in each others’ timeline.

Edit to add: Also because it lacks editing, I think my new workflow is going to have to be keep the photos separately still and edit/sort them my old way, then put them back in an external folder. I still want to do external folders generally because I still want my photos organised my way on the file system, but I was hoping to gradually sort/delete/edit in Immich to make the workflow more relaxing. Maybe I’ll still do some of it - deleting and I think it can rate - but I haven’t worked that out yet.

Myself right now I’d probably take it with me - in fact that’s that I’m planning to do in a couple of months - but it sounds like my needs are a bit less than yours, and i can do some stuff just over LAN and on the ‘server’ (which is also a laptop) itself.

For more, I think I’d also ask a friend like you’re thinking.

I did that before with a relative - just had to ask them to restart the server every now and again!

About trusted encryption keys, I did it with a simple password for boot encryption, that my relative knew, so in the event of theft it’d still be hard for thieves to get anything; but after boot I’d ssh in and unlock the second disk with my own password, then start up the services.

I’ve had some amusing mixed experience with ChatGPT for this. When I asked about iptables rules to restrict podman, it was great. About podaman quadlets, though, which I first misspelled ‘quartlets’, it completely made it up, and even sent me a fake link to nonexistent documentation when I challenged it!

• it’s more helpful if you ask the right questions
• and its answers often give you ideas of what to google
• Old stuff that has been written about many times over is more likely to get a proper answer
• sometimes the gist of a wrong command/answer could still help me understand what to do with the right one

Try to understand whatever you use from AI. At least understanding the general picture of what it means, and a basic idea of “this flag is for this; this option is for that”. AI can also help you with that understanding, but again beware of it completely making up something logically coherent but wrong.

I set up my old laptop as a home server, with a vps as reverse proxy via nebula. It runs Mint - strange for a server but that’s so it can still be a laptop. Syncthing keeps it in sync with the more portable laptop.

The ‘server’ now runs immich, which I can use super fast from the laptop itself; a bit slower if I connect with nebula over the LAN (it’s firewalled off from the LAN generally); or still pretty decently via the VPS on Https - and that VPS proxy means the family phones can connect with the apps easily.

Immich runs in podman, with some help from Lemmy about how to set that up.

And filebrowser makes it easy to share files or allow uploads with/from family around the world. With caddy on the VPS, ufw on the server and nebula in between, it’s really easy to add in something like filebrowser on a new subdomain.

Next is to try some other podman containers, or set up mqtt and owntracks.

Just make sure you make a backup from your syncthing clones, so an accidental delete/mess-up on one machine doesn’t wipe out every copy!

My first thought too.

Opening it up lets you use it from devices that aren’t on tailscale, or for friends and family. I have the same idea with Nebula instead of Tailscale, if I can figure it out.

Is this why there was all the hate against 3rd party apps recently?