So I am for the most part a lurker and a hobbyist. I’ve always been a bit of a techie, but over time decided I wanted to be more anti-consumption and such.
I started out with by doing my own calendar. I have a desktop that has my nextcloud and use it to sync my gnome calendar with fossify (with davx5). This was rather straight forward and gave me a nice confidence boost. This is mostly done on my local network, tho I am thinking of reading more into tailscale and getting a domain. The next move I did was to bring my todo list over. This was a bit tricky as many apps don’t have a setting to support repeat todos and crossing one off might just remove the item entirely and kill the resets that another app set up. At one point I found the app super productivity. This app is basically perfect. Only downsides is that it is a bit more strict (particularly on the mobile app) about an ssl cert. There is an option to have the app sync with a local file. I thought I could be clever and just have nextcloud do the syncing and let the apps think they are working only off the local on their respective device. Alas there was a snag here. For some reason nextcloud will write the files with read only permission on the laptop, so I cannot add or cross off items. Then I remembered using some apps around a decade ago that worked off a todo.txt file. I figured maybe I could find some mobile and desktop apps and recycle the idea of letting nextcloud manage two way sync of a file and letting apps interact with it as if it were local. It seems like I have some winners here with sleek on desktop and ntodo.txt on mobile.
Just my humble story of selfhosting so I don’t feel like a poser when listening to podcasts or lurking.
Cheers to your journey so far, and to your continued success!
You can absolutely do free SSL certs with Let’s Encrypt without exposing your infrastructure to the internet. Just use DNS based validation instead of HTTP, copy the required TXT records to your domain as instructed, wait for any cache/TTL of any old records to expire (generally 1-2 hours by default), and finally complete the validation.
You’ll need to renew the certs every 3 months, which could be annoying if done manually. If your Registrar has a decent API, writing a script could be a fun automation project. Alternatively I can also send you scripts that I used to use for that purpose.
Whoa thanks for that nugget of knowledge. Sounds like something I was searching but didn’t run into.
They also have a bunch of integrations already built in! I use Cloudflare so all you gotta do is throw an API key into the config file and it does the rest. Which is nice cause DNS records can take some time to propagate
Happy to help!
You can find a bit more information at the URL below, and feel free to message me if you run into any issues getting it set up.
https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
Will do ☺️
If you’re looking for a different approach, I moved from Nextcloud to Radicale for my family calendars, which includes ToDo functionality.
From an app point, for Android I’m using Fossify Calendar (which I think you’re using?) and Tasks.Org ToDo - and this definitely handles recurring tasks (inc. with different types of schedules)
From a remote access point of view, I have HA Proxy to convert the internal HTTP traffic into external HTTPS traffic (with Lets Encrypt certificate)
(Yes, I also have a VPN for other things… just focusing here for the calendar / todo)
I am using Fossify Calendar and ntodotxt on Android (GrapheneOS), and Gnome Calendar and Sleek on my laptop.
So for context in the discussion: I started with jtx board on mobile and using thunderbird todo. At some point I decided to try out Errands. When i crossed off items in it the item would be marked as done and any repeat settings were cleared. That was a bit annoying, so i decided to search for some apps that will play nice on both laptop and mobile. I then found Super Productivity. On paper i like this one way more and the time tracking is a nice extra. The issue is that either I either use its caldav sync stuff, but then mobile asks for an ssl cert. It does have a sync with file setting, but then for some reason nextcloud write the file as read only on my laptop.
I do want to set myself up with a reverse proxy so that I can tie the server at home with my domain, get an ssl cert and go back to Super Productivity. At this point I am enjoying selfhosting and want to expand my stuff a bit more, so the extra effort will be needed at this point. Keeping things local was more for a test bed before I have to be serious about locking stuff down and what not.
You could look into using https://headscale.net/stable/ an opensource alternative to tailscale. Have yet to implement it myself as I’m using Tailscale currently, but its on my todo list :)
Adding to my list to check out :)
ty for the heads up
Thanks for sharing!
:) its good to engage with the community
Pangolin has been really cool for a few days!
FYI super productivity can sync via webdav, and nextcloud has a webdav server.
I did try that, but the mobile app is more strict about an ssl cert and I am only doing local stuff right now. Tho I am planing to hook my server to a domain eventually.
Try the web app (PWA). I don’t remember it complaining about http localhost.
I’d also raise that as an issue with the developer. No self host-able app should enforce https. Only warn/notify. There are numerous situations where http is a perfectly fine, permanent solution (LAN/VPN).
So I realize the following does not directly apply in this specific case, since we are talking about a full android app. But in general, there are strictly technical limitations which absolutely requires you to use https. This for example applies to PWA’s, and it also applies to apps which are WebView-based.
Basically the w3c is disagreeing with you; there are several important javascript features which are forcefully disabled if you are not connecting over https. This is a decision made by the webbrowser itself, and not something you or the dev can disable or otherwise avoid.
For example, it is impossible to use the browser’s built-in api for getting the sha512 hash of a file, which is why i had to go through great pains to do that in other suboptimal ways in one selfhosted service i made. Most devs rightfully wouldn’t bother, since those restrictions are arbitrary and effectively pointless, as there are (usually painful) workarounds.
List of features which require https: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts/features_restricted_to_secure_contexts
Other people were talking about it with the dev on github.
So your server is running NextCloud? I hope you have it locked down tight, with all it’s web ui access points.
I started out with by doing my own calendar.
Wasn’t the first thing for me, but the most consistent over time. Calendar and Contacts, synced between phone and laptop. I used first DaviCal, now Radicale.
The next move I did was to bring my todo list over.
AFAIK these are just CalDAV calendars labeled todo; all you need is a different client app, the server software is the same.
Only downsides is that it is a bit more strict (particularly on the mobile app) about an ssl cert.
Can you explain? Doing things encrypted by default is extremely important.
I am running things locally. I cannot get an ssl cert for my local network stuff because i cannot prove i own it to the issuer (i think?). As far as the todo apps, from what I dug up its that caldav does not support recurring stuff on the todo stuff? At least the default nextcloud app does not. You can set a recurring to do with an app that does, but sometimes i would cross it off on mobile and it would no longer show up on my desktop. It seems that they all internally juggle how recurring stuff happens and diffrent clients might trigger another one to see it as done and no need rescheduling.
I am running things locally.
Sorry, I missed that. It invalidates part of my comment.
I cannot get an ssl cert for my local network stuff
You can make a self-signed cert. If your mobile app does not have an option to accept it (“ignore SSL errors”) then it won’t work, maybe there’s an alternative?
caldav does not support recurring stuff on the todo … It seems that they all internally juggle how recurring stuff happens
CalDAV is a protocol, which remains the same. The server has little to do with how apps handle things. I have no experience with tasks, but under the hood it’s just another calendar and does not treat recurring events differently. I’m guessing these limitations/inconsistencies are app specific.
They mention they’re only doing things locally, and looking into using tailscale, so they aren’t exposing to public web and the security concerns you mention are a lot less important.
