There’s nothing technically wrong with it, it’s just a glacial development speed. I tried contributing there myself when I wanted a specific feature (which had been requested years prior by someone else and was deemed a good idea), it took months before I even got a single comment back.

In the meantime, I had switched to conduwuit because it was a much, MUCH more active project. However, conduwuit has diverged substantially from conduit, including irreconcilable database changes, so it is not possible to migrate back, that would require starting from a fresh slate and loosing all user data.

Understandable. Funny thing is, I’m not even federated; I think that keeps me away from a lot of drama.

But yeah. The drama sucks, and so does the Matrix Foundation. So many dumb decisions, so many years old issues that could easily boost acceptance and usability, but… Nah. No better alternatives around though if you want to own your data, have proper multi-client support, and at least the option to federate.

Nice, how’s it been going?

Roger, will do.

Yeah, community driven sounds like unless there’s new drama. But yeah, currently tending towards continuwuity. Purely vibes based from snooping around both repos.

We have NixOS, Proxmox and TrueNAS in use.

• TrueNAS on a dedicated NAS host. It’s great for that, and has been super stable. The snapshotting works great, and all the little tasks associated with a NAS are taken care of without needing to spare a thought.
• Proxmox as VMS host. You haven’t mentioned it above, so I’ll leave it at this: also works really well for its purpose.
• NixOS: acouple dozen NixOS VMs runnign on the Proxmox hosts. I like the separation (i.e.: one VM <-> one task/service), but it’s not necessary, esp. if you plan on using a stable branch. I absolutely love NixOS, and would never run server applications on anything else ever again. The documentation thing is trueish. There’s not even close to the same documentation as with e.g. Arch and the Arch Wiki, but that makes sense when you think about it: instead of hundreds of lines of documentation, you hide that complexity behind an option, e.g. graphics.nvidia.enable = true; which then becomes pretty self-explanatory, at least if you are somewhat familiar with the ecosystem already. The way I’d recommend going about documentation with nix is this:
  • go to search.nixos.org/options, search for the service you would like to host. 90% of the time, the options and descriptions shown are all you need.
  • if an option is unclear, click on its “declared in” link. You’ll be taken to the module source in nixpkgs. Look at what they are doing there/the comments explaining why. Often, this resolves any ambiguity, or helps you out with your goal.
  • if that did not help, check the NixOS wiki; often, common pitfalls are documented there, together with the nix expression to fix them.
  • another great way is to search GitHub for language:nix <thing you need to do>. As a random example: I recently wasn’t sure how to configuring scaling in hyprland on NixOS, but searching for an appropriate term will quickly show you how other people have solved the same problem. It’s not really documentation, but the declarative nature of nix means it’s easy to find TONS of working examples via a github search.
  • all else failing, ask on discourse.nixos.org. Youńll usually get useful help very quickly there.

So, what’s my advice?

If you are unfamiliar with NixOS, it’s probably a bit of a headache getting a NAS to run satisfactory. Truenas works so well, there isn’t really a need for nix. But running your services in nix is great, totally recommend!

Not sure, but they also support Borg, which definitely does.

Btw, nice read OP. Always great to see more Nix “in the wild”.

Yeah, but no dark magic involved.

• build image
• copy to proxmox ISO store
• import, resize disk
• start, wait to come online
• read ssh pubkey, save it
• rekey secrets
• rebuild VM

The only “magic” parts are two nix modules for handling proper networking and hardware setup, and exposing required attributes to the script.

Works really well, zero manual config (beyond the services you want to run…) required on nix or proxmox side.

Nothing. People fearmonger

Funny - same thing here. Got 3 proxmox hosts running, all virtual machines are NixOS though.

I’d love to go full Nix, but between my GF and I, we kinda split the responsibilities: hardware is hers, applications are mine. And there’s not a chance she’ll give up her Proxmox hosts 😄

Got it automated to a single “provision” command though that will spin up any of my nix VMS unanttended, so I’m happy with that.

Better open a package request (or pull request :D) then 😄

I host it publicly accessible behind a proper firewall and reverse proxy setup.

If you are only ever using Jellyfin from your own, wireguard configured phone, then that’s great; but there’s nothing wrong with hosting Jellyfin publicly.

I think one of these days I need to make a “myth-busting” post about this topic.

OK, add step above: use wildcard certificate for your domain.

Terminating the TLS connection at your perimeter firewall is standard practice, there’s no reason your jellyfin host needs to obtain the certificate.

Actual answer for 3:

• put jellyfin behind a proper reverse proxy. Ideally on a separate host / hardware firewall, but nginx on the same host works fine as well.
• create subdomain, let’s say sub.yourdomain.com
• forward traffic, for that subdomain ONLY, to jellyfin in your reverse proxy config
• tell your relatives to put sub.yourdomain.com into their jellyfin app

All the fear-mongering about exposing jellyfin to the internet I have seen on here boils down to either

• “port forwarding is a bad idea!!”, which yes, don’t do that. The above is not that. Or
• “people / bots who know your IP can get jellyfin to work as a 1-bit oracle, telling you if a specific media file exists on your disk” which is a) not an indication for something illegal, and b) prevented by the described reverse proxy setup insofar as the bot needs to know the exact subdomain (and any worthwhile domain-provider will not let bots walk your DNS zone).

(Not saying YOU say that; just preempting the usual folklore typically commented whenever someone suggests hosting jellyfin publicly accessible)

No, mate. I don’t need a guide, or a tour. Just a single clarifying sentence.

“My product does x”. Right now, x could be:

• help you scam people
• provide a meditation partner
• help you learn how to code in Cobol
• give travel tips
• …

What does your product DO? And dong you dare answer “it helps you make money”, that does not explain anything.

I have clicked every link on that site and I still have exactly zero clue wtf this is.

FWIW, I have no issues sending mails/having them be received from my self-hosted to Google mail

Sorry, I should have mentioned: liking bare-metal does not mean disliking abstraction.

I would absolutely go insane if I had to go back to installing and managing each and every services in their preferred way/config file/config language, and to diy backup solutions, and so on.

I’m currently managing all of that through a single nix config, which doesn’t only take care of 90% of the overhead, it also contains all config in a single, self-documenting, language.

Nice. My partner has a Proxmox setup, so we’ve adapted the Nix config to spin up new VMs of any machine with a single command.

NixOS :)

Maybe I should have clarified that liking bare-metal does not imply disliking abstraction