Looking for lightweight homelab dashboard that can run as nonroot container and also supports OIDC
-
Hi all. Per the title, I'm looking for something that:
-
Can run as an unprivileged user inside a container
-
Allows OpenID Connect authentication for a multiuser setup
-
Doesn't take hostage of my CPU
Homarr and Dashy are featureful solutions, but they can't run unprivileged in docker. Dashy closed this issue, but in fact it's not resolved. Meanwhile Homarr does work with UID/GID env vars, but starting as root and dropping capabilities is not the same as defining
user: 1234:1234from the get-go. Furthermore, they are really heavy node apps, which kinda deter me from deploying.I neither wanna use my reverse proxy with forward auth or having an extra oauth2-proxy container, so Organizr (using forwarded auth headers) or Homer/Homepage/bunch of static pages behind a reverse proxy is out of scope.
Feature-wise I'm just looking for a beautified link keeper, preferably with multiple dashboard mapped to different user groups (ideally it could be done via custom OAuth metadata/claims). Fancy plugins like RSS and weather are not needed, but appreciated.
With all that said (and sorry if I'm too choosy), is there a current solution that fits the bills above? My IDP's UI is quite rudimentary, but I can resort to using it as a "homepage". I wanna thank in advance for any guidance
P/S: Seems like most dashboards fall into two categories - bloated fancy apps, or dead simple frontpages. It'd be nice to have something inbetween.
-
-
Hi all. Per the title, I'm looking for something that:
-
Can run as an unprivileged user inside a container
-
Allows OpenID Connect authentication for a multiuser setup
-
Doesn't take hostage of my CPU
Homarr and Dashy are featureful solutions, but they can't run unprivileged in docker. Dashy closed this issue, but in fact it's not resolved. Meanwhile Homarr does work with UID/GID env vars, but starting as root and dropping capabilities is not the same as defining
user: 1234:1234from the get-go. Furthermore, they are really heavy node apps, which kinda deter me from deploying.I neither wanna use my reverse proxy with forward auth or having an extra oauth2-proxy container, so Organizr (using forwarded auth headers) or Homer/Homepage/bunch of static pages behind a reverse proxy is out of scope.
Feature-wise I'm just looking for a beautified link keeper, preferably with multiple dashboard mapped to different user groups (ideally it could be done via custom OAuth metadata/claims). Fancy plugins like RSS and weather are not needed, but appreciated.
With all that said (and sorry if I'm too choosy), is there a current solution that fits the bills above? My IDP's UI is quite rudimentary, but I can resort to using it as a "homepage". I wanna thank in advance for any guidance
P/S: Seems like most dashboards fall into two categories - bloated fancy apps, or dead simple frontpages. It'd be nice to have something inbetween.
Homarr supports all of that iirc
Edit: Just saw it doesn't appear to support rootless, that sucks, my bad
-
-
Hi all. Per the title, I'm looking for something that:
-
Can run as an unprivileged user inside a container
-
Allows OpenID Connect authentication for a multiuser setup
-
Doesn't take hostage of my CPU
Homarr and Dashy are featureful solutions, but they can't run unprivileged in docker. Dashy closed this issue, but in fact it's not resolved. Meanwhile Homarr does work with UID/GID env vars, but starting as root and dropping capabilities is not the same as defining
user: 1234:1234from the get-go. Furthermore, they are really heavy node apps, which kinda deter me from deploying.I neither wanna use my reverse proxy with forward auth or having an extra oauth2-proxy container, so Organizr (using forwarded auth headers) or Homer/Homepage/bunch of static pages behind a reverse proxy is out of scope.
Feature-wise I'm just looking for a beautified link keeper, preferably with multiple dashboard mapped to different user groups (ideally it could be done via custom OAuth metadata/claims). Fancy plugins like RSS and weather are not needed, but appreciated.
With all that said (and sorry if I'm too choosy), is there a current solution that fits the bills above? My IDP's UI is quite rudimentary, but I can resort to using it as a "homepage". I wanna thank in advance for any guidance
P/S: Seems like most dashboards fall into two categories - bloated fancy apps, or dead simple frontpages. It'd be nice to have something inbetween.
It’s not exactly what you’re looking for, but as an intermediate option, you may want to look into docker user namespaces.
https://docs.docker.com/engine/security/userns-remap/
It effectively transforms the containers’ root user into a non-root user outside the container (e.g. for filesystem accesses).
-
-
Homarr supports all of that iirc
Edit: Just saw it doesn't appear to support rootless, that sucks, my bad
I've poked around Homarr's setup a bit, and it seems like it can run rootless after a few tweaks!
For anyone interested, I've written a POC and feature request here - https://github.com/homarr-labs/homarr/issues/3913
Hope it can be officially supported
-
Hi all. Per the title, I'm looking for something that:
-
Can run as an unprivileged user inside a container
-
Allows OpenID Connect authentication for a multiuser setup
-
Doesn't take hostage of my CPU
Homarr and Dashy are featureful solutions, but they can't run unprivileged in docker. Dashy closed this issue, but in fact it's not resolved. Meanwhile Homarr does work with UID/GID env vars, but starting as root and dropping capabilities is not the same as defining
user: 1234:1234from the get-go. Furthermore, they are really heavy node apps, which kinda deter me from deploying.I neither wanna use my reverse proxy with forward auth or having an extra oauth2-proxy container, so Organizr (using forwarded auth headers) or Homer/Homepage/bunch of static pages behind a reverse proxy is out of scope.
Feature-wise I'm just looking for a beautified link keeper, preferably with multiple dashboard mapped to different user groups (ideally it could be done via custom OAuth metadata/claims). Fancy plugins like RSS and weather are not needed, but appreciated.
With all that said (and sorry if I'm too choosy), is there a current solution that fits the bills above? My IDP's UI is quite rudimentary, but I can resort to using it as a "homepage". I wanna thank in advance for any guidance
P/S: Seems like most dashboards fall into two categories - bloated fancy apps, or dead simple frontpages. It'd be nice to have something inbetween.
Not sure about one in particular, but check out the github page off guy called 11notes. He makes rootless and distroless images of popular applications. Might be something to find there
️ -
