this post was submitted on 05 Apr 2026
35 points (76.1% liked)

Selfhosted

58238 readers
840 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
35
Vigil - a self-hosted dashboard that watches your Docker images (lemmy.world)
submitted 10 hours ago* (last edited 9 hours ago) by 1step@lemmy.world to c/selfhosted@lemmy.world
32 comments fedilink hide all child comments
 

Hi there! I'd like to share my project with you all.

What is this? Vigil is a lightweight, self-hosted dashboard that watches your Docker images and tells you when updates are available. It’s a ready-to-run Docker setup with a simple install scripts. I know most people don't like scripts, but since I'm a tech noob I find it pretty useful. For all the pros out there, you can check the script by yourself. This is my first "real world" project so it might not be as polished as other apps out there. It's a hobby that I started cultivating a few months ago and I'm pretty excited with the results. However, it'd only mean something significant, if other people use it and give their own opinions about it.

If you have a few minutes, I’d really appreciate you trying it out and leaving a review or suggestions on the repo or even here. I'd do my best to answer most of the comments.

Edited because the link wasn't showing up and giving more details about the project. https://github.com/kumucode/vigil.git

top 32 comments
sorted by: hot top controversial new old
[–] TypFaffke@feddit.org 2 points 1 hour ago

Who vigils the vigil?

[–] chameleon@lemmy.today 3 points 2 hours ago

Slop alert. Use at your own risk

[–] ShortN0te@lemmy.ml 8 points 9 hours ago (1 children)

Sorry, but you have posted only 1 sentence about the project and not even a link to the project.

Additional with the

scripts—basically "em dash" which is really popular among llm generated texts, i get a bad feeling about it.

[–] 1step@lemmy.world 0 points 9 hours ago (1 children)

Well, I'm no tech expert at all so I'm just trying to get things right. I might not be able to answer everything, but I'll do my best to get you an answer.

[–] statelesz@slrpnk.net 8 points 9 hours ago (2 children)

Have you vibecoded this?

[–] doeknius_gloek@discuss.tchncs.de 12 points 9 hours ago (1 children)

100%, just take a quick look at the repo. I wish there was a rule in this community that requires a label for vibecoded apps.

[–] 1step@lemmy.world 0 points 9 hours ago* (last edited 9 hours ago) (2 children)

Absolutelly vibecoding it with Cloude. I understand a bit of python and html but I'm no dev or technical professional at all. I just wanted to see if I could build something useful without much of technical expertise.

[–] markko@lemmy.world 2 points 5 hours ago

I appreciate you being honest in your response here.

I'd recommend adding this disclaimer to the post text and repo readme for complete transparency, and so anyone who doesn't want to use AI-generated projects can move on without creating arguments in the comments.

There are many genuine reasons to not trust code generated by LLMs, especially with anything network-connected or handling important data, so it's important to be upfront about it.

[–] ramielrowe@lemmy.world 0 points 8 hours ago* (last edited 5 hours ago) (1 children)

EDIT: removing this comment because I don't think you will use this feedback responsibly

[–] 1step@lemmy.world -1 points 8 hours ago

Hi @ramielrowe thanks for the feedback, that's actually pretty good and I'll start using it. I understand that all this AI thing can be sloppy, and create more friction than good, but I'm really fascinated by how it can help people with little knowledge to build something that a few years ago would've been only possible by experts.

[–] dan@upvote.au 4 points 8 hours ago (1 children)

Copying my comment from the homelab community:

I haven't tried it yet, but here's some initial thoughts:

Does it support multiple separate docker-compose.yml files? It would be useful if it could pull the list of containers directly from Docker rather than having to paste the docker-compose.

Does it pull changelogs so that the user can tell if a change is a breaking change that'll require extra work?

It would be useful to support Webauthn/FIDO2 2FA instead of just TOTP. TOTP is being slowly phased out due to its weaknesses (it's phishable). Similarly, it'd be useful to support single sign on using OIDC (OpenID Connect) as a lot of self-hosters use Authentik, Authelia, or Keycloak to have one login for all their self hosted services.

[–] 1step@lemmy.world 1 points 8 hours ago

Hi Dan, I'm also copying the answer from homelab community.

Thanks for your feedback. Much appreciated. For the first question, you click on add and past the image you’re currently using on your compose so the app creates a card with the current version. It’s a bit manual and tedious at first, but once it’s done, it’s easier to maintain. I think your idea is great to have the app just ¨find your docker-compose and do the work", but I don’t know how to do it yet. I wanted to test it manually first and see how it’d work out.

Vigil tells you if the newer version of the image is a major change or not. If you set it to update your compose automatically it will notify you and create a log, it something goes wrong you can easily revert it from the dashboard. Did I get your question right? Let me know if you meant something else.

Finally, security is an absolute must! I decided to use 2FA because most people won’t need to expose it to the web.They’ll probably use it on LAN. However, I do have adding OIDC (OpenID Connect) in mind, since many people indeed use Authentik, Authelia (these are the ones I’m familiar with). Since this is the early version, I didn’t want to make things too complex and also, I’m vibecoding it, so I’ll certainly need some experts out there to help me out to implement it correctly and safely.

If you have any question, just let me know and I’ll try my best to answer that.

[–] BrianTheeBiscuiteer@lemmy.world 7 points 10 hours ago (3 children)

Great idea. Automatic updates (e.g. Watchtower) make me a little nervous.

[–] kill_dash_nine@lemmy.zip 2 points 6 hours ago

For me, it’s all about finding the right balance. I don’t want to have to manually update for every little bug fix version bump. Most software I find that major.minor version tags, if they exist, are a good compromise with daily auto updates unless it’s a really fast releasing software where just a major version makes sense. I usually just track releases on GitHub or wherever the source is hosted and bump as I need. That takes care of probably 90-95% of the containers I run.

[–] dan@upvote.au 2 points 8 hours ago (1 children)

Automatic updates for bug fixes (e.g. 1.0.0 to 1.0.1) are usually fine - it's major and minor updates that are scarier. I've never used Watchtower so I'm not sure if it has an option to only allow bugfixes.

[–] frongt@lemmy.zip 1 points 3 hours ago

That would depend on each project properly using semver, which is unlikely.

Personally, I just risk all the updates. It's not a huge deal to recover.

[–] 1step@lemmy.world 0 points 9 hours ago

Yeah that's exactly what I was thinking about when I started this project. I've noticed that many home labers are a bit skeptical with automatic updates. I'm glad you liked the idea

[–] jello@programming.dev 1 points 6 hours ago (1 children)

This looks fantastic! Great work.

[–] 1step@lemmy.world 2 points 6 hours ago

Thanks man, appreciate it!

[–] weissbinder@feddit.org 5 points 10 hours ago (1 children)

Can you provide a link to your repo?

[–] 1step@lemmy.world 3 points 9 hours ago

Yeah absolutely, my bad. First time publishing things here and I thought it was attached to the post. https://github.com/kumucode/vigil.git

[–] IncogCyberSpaceUser@piefed.social 3 points 9 hours ago (1 children)

Looks like a cool project. Starred. I'm no tech expert either, so I'll keep an eye on how the community reacts to it, in terms of security.
Keep up the good work!

[–] 1step@lemmy.world 1 points 9 hours ago (1 children)

Thanks brother, I appreciate it. Security is one of my main concerns too, that's why I'll rely on the experts around here to point out what could be improved.

[–] Damarus@feddit.org 3 points 6 hours ago (1 children)

Please stop trying to build infrastructure software if you don't know what you're doing. Anyone using this probably puts their server at risk.

[–] 1step@lemmy.world -1 points 6 hours ago (1 children)

I won't stop just because you're saying it. You can only "know what you're doing by doing it". That's why I made this project public available so anyone interested in looking at it, modifying it, improving it is more than welcome. I'm not selling it or claiming that I'm an expert. Quite the opposite, I'm looking for people who are genuinely interested in exploring new things and helping people out. I'll rely on the experience and good will of experts of this community.

[–] ramielrowe@lemmy.world 3 points 5 hours ago* (last edited 4 hours ago)

An issue with your statement "know what you’re doing by doing it" is that without an actually educated teacher to provide trustworthy feedback, you are going to struggle the learn from your mistakes. The LLMs can only provide so much, and they will lie out their ass to you. Unless explicitly prompted to provide critical feedback, they will find any way to provide positive feedback even to your actual detriment. They will happily skirt their sandboxes, and fight your every attempt to make them actually safe.

At a quick glance, nothing in the project indicates that you are not an expert and that an AI Agent provided the code. The quality of the code is also quite poor, even by Claude standards. I'm actually kinda mind blown you got it to built this without any tests... Something we've recently been talking about at my job in terms of AI agents is "cognitive debt" that is incurred in the project. LLMs are fundamentally a statistical next-word generator. If they are given something of poor quality, they will tend to produce more and more poor quality work. And without intervention, it just snowballs.

I'll never tell someone to stop trying to learn. But, your hubris is going to negatively impact your learning outcomes. And to be clear, YOU are not writing the code and the code is what runs on the server and people interact with. What you are doing is using an AI Agent. If you want to get feedback on that, then be honest about it.

[–] cron@feddit.org 1 points 10 hours ago (1 children)

Does it offer notifications?

3 of your docker containers have new versions available

[–] 1step@lemmy.world -2 points 9 hours ago

Yeah, absolutely. You can set the notifications as you wish.