1stepVigil - a self-hosted dashboard that watches your Docker images
weissbinderCan you provide a link to your repo?
Yeah absolutely, my bad. First time publishing things here and I thought it was attached to the post. github.com/kumucode/vigil.git
Great idea. Automatic updates (e.g. Watchtower) make me a little nervous.
danAutomatic updates for bug fixes (e.g. 1.0.0 to 1.0.1) are usually fine - it’s major and minor updates that are scarier. I’ve never used Watchtower so I’m not sure if it has an option to only allow bugfixes.
That would depend on each project properly using semver, which is unlikely.
Personally, I just risk all the updates. It’s not a huge deal to recover.
Yeah, I’m a developer and my teammates don’t always follow semver standards. I try to but every now and then it’s really hard to know which is the right move. I’ve also had breaks because of minor increments and the author refused to roll back the change because the new behavior was consistent with the spec [that didn’t change].
For me, it’s all about finding the right balance. I don’t want to have to manually update for every little bug fix version bump. Most software I find that major.minor version tags, if they exist, are a good compromise with daily auto updates unless it’s a really fast releasing software where just a major version makes sense. I usually just track releases on GitHub or wherever the source is hosted and bump as I need. That takes care of probably 90-95% of the containers I run.
Sorry, but you have posted only 1 sentence about the project and not even a link to the project.
Additional with the
scripts—basically “em dash” which is really popular among llm generated texts, i get a bad feeling about it.
Well, I’m no tech expert at all so I’m just trying to get things right. I might not be able to answer everything, but I’ll do my best to get you an answer.
statelesz100%, just take a quick look at the repo. I wish there was a rule in this community that requires a label for vibecoded apps.
It’s not a bad idea at all to have a label so we could set expectations right. But don’t be too harsh on me ;)
Just being able to pull a functional app without much of experience is already a reasonable accomplishment is it?
reddwarfWhy would this be an accomplishment we need to celebrate? Something else than you wrote that code. If you want to celebrate an accomplishment you could say “I was part of an AI vibe coding project and we created something functional”.
What you did now was putting yourself front and center where you have no place to be, you are a supporting actor, at best. Its like a project manager telling everyone they accomplished getting a product out the door, giving people the impression they did that by themselves only. No, you were part of a team where (most probably) the real work was done by others. Same applies here: you used the coding abilities of another/something else to somehow toot your own horn and tell the world you did this. You did not. You never shared any info on the others involved on your team who did all the heavy lifting, only to reveal this info when pressed by others.
I get your point about giving proper credit to the tools involved, and that’s fair. I’m not trying to pass this off as traditional from-scratch coding. Reducing it to “you did nothing” feels a bit excessive. At the same time, there’s still effort in figuring out what to build, iterating, debugging, and getting something functional out. That’s the part I’m happy about.
I was a bit harsh. If you are happy about this project then that is good enough.
I agree with people though, I wish there was a mandatory tag to indicate using AI on a project.
AppoxoAbsolutelly vibecoding it with Cloude. I understand a bit of python and html but I’m no dev or technical professional at all. I just wanted to try if I could build something useful without much of technical expertise.
I think it’s awesome that you’re trying to get into larger scale software development. Agentic coding can do some amazing stuff, but it takes experience and knowledge to keep it going down good path. I think this can be a good learning opportunity to level up your own skills. Something I would suggest doing is instruct Claude with something like:
You are an experienced Senior Software Engineer that is an expert in web and backend technologies like Python, Typescript, Node and React. You are being brought in to analyze and productionize a prototype application. Please explore this project and plan out a workstream to level up this prototype so that it is production ready. First you should establish some research topics and write them to "docs/research/{date}-{topic-name}.md". After that, launch some FOREGROUND general-purpose agents to handle researching these topics in parallel. Once completed these general-purpose agents should write their findings to their original docs/research/{date}-{topic-name}.md.Once it’s conducted all the research, take a look at the documents that it writes. And if you have questions about the research results/decisions, have Claude explain.
Hi @ramielrowe thanks for the feedback, that’s actually pretty good and I’ll start using it. I understand that all this AI thing can be sloppy, and create more friction than good, but I’m really fascinated by how it can help people with little knowledge to build something that a few years ago would’ve been only possible by experts.
for a very long time it was not only possible for experts. like, I would say the last 10-15 years, maybe even more. It’s very harmful that people can now create things they don’t even know how to check what it does, and they just assume this “sentient thing” actually produced what you wanted with no major flaws. thing is, you (or anyone else vibecoding things) won’t be able to determine what is good or bad without taking the time and learning the building blocks, learning how they work and how they are supposed to be used.
also your comments look like AI generated comments, fake enthusiasm and all the rest. it does not inspire much confidence
Geez, it’s really hard to have normal conversation nowadays on the internet. There’s this constant skepticism of AI comments, and I get it. Most of the time I just feel like I’m talking to bots. However, I’m surprised that people really take their time to give their opinions here and they seem to be legit. Weirdly enough, I’m quite a positive and enthusiastic person… or at least I’m trying to practice that. There’s been too much negativity around me lately, but who cares about what happens in my life, right haha? Don’t need to explain myself to any one, but just felt like I needed to do.
Elena Brescacin@1step @selfhosted Frustrating to be treated as a non-human being. People thinking you are a machine commenting. Well, despite being 100% human, it's almost 26 years I struggle with this (verify you're a human) due to visual captcha's. for us visually and/or auditory impaired, senses-based anti-bots (audio and pics) are an irreversible obstacle. And my strong scare is that interactive platforms like social networks, Lemmy included, will soon add some senses-based verifications to avoid bots.
Damn the bots!
Damn the bots!
I hate bots, for real… I kind of miss the old days of internet where we could jump in a forum or any community to talk and connect with people. But I kind of get the point of building mechanisms to reduce the “bots infestation”. Things are definitely more complex to visually and/or auditory impaired people. But at least, Lemmy isn’t as annoying as Reddit and people sound genuine.
@1step I find comfortable when a bot is designed to describe images, such as AltBot, or Be My Eyes's BeMyAI - you can also "chat" with the bot to ask questions in order to have further details on what the camera is focusing.
On web communities (forums and social networks) that should be comfortable if you tag the bot and it replies with the image description. But it should be temporary, as a 24/7 answering bot, replying to EVERY conversation in every moment or (worse) being set up for propaganda, makes the world a worse place - yes it can turn on flames (violent on line argues) so that you will not know if you are talking to a person, or punching the wall.
In my area we say "hey! Am I talking to the wall?" when someone is stubborn, does never understand what you say, won't listen, does all the opposite of what you asked them to do.
We should change it "Oops, I'm talking to a robot"
On web communities (forums and social networks) that should be comfortable if you tag the bot and it replies with the image description. But it should be temporary, as a 24/7 answering bot, replying to EVERY conversation in every moment or (worse) being set up for propaganda, makes the world a worse place - yes it can turn on flames (violent on line argues) so that you will not know if you are talking to a person, or punching the wall.
In my area we say "hey! Am I talking to the wall?" when someone is stubborn, does never understand what you say, won't listen, does all the opposite of what you asked them to do.
We should change it "Oops, I'm talking to a robot"
I appreciate you being honest in your response here.
I’d recommend adding this disclaimer to the post text and repo readme for complete transparency, and so anyone who doesn’t want to use AI-generated projects can move on without creating arguments in the comments.
There are many genuine reasons to not trust code generated by LLMs, especially with anything network-connected or handling important data, so it’s important to be upfront about it.
Not being very technical nut publishing a project that is essentially coding…
Whaaaat? <Insert minion meme here>
That screams for AI slop.
Trust issues aside: What does it do better than the bazillion other dashboards?
Hi Appoxo, I agree that AI can be slop, but it seems like it’s getting better over time. I’m not claiming that this is a revolutionary new application, it’s more like a prove of concept that I wanted to test out. What does it do? well, you basically have a centralized place to keep tracking of your docker images and get a notification when there’s a new release so you can update it manually or automatically as you wish that’s the main utility of it. There are a few other things but, maybe thye aren’t interesting enough.
I see.
As a poc it certainly works.
Side remark: I usually see the term “dashboard” usally being used for a sort of compilation about services individual status (like you do) but also links to the actual service to use said service.
So yours is a sort of hybrid of (I believe they are called) Yacht and homarr
Looks like a cool project. Starred.
I’m no tech expert either, so I’ll keep an eye on how the community reacts to it, in terms of security.
Keep up the good work!
Keep up the good work!
Thanks brother, I appreciate it. Security is one of my main concerns too, that’s why I’ll rely on the experts around here to point out what could be improved.
Please stop trying to build infrastructure software if you don’t know what you’re doing. Anyone using this probably puts their server at risk.
I won’t stop just because you’re saying it. You can only “know what you’re doing by doing it”. That’s why I made this project public available so anyone interested in looking at it, modifying it, improving it is more than welcome. I’m not selling it or claiming that I’m an expert. Quite the opposite, I’m looking for people who are genuinely interested in exploring new things and helping people out. I’ll rely on the experience and good will of experts of this community.
An issue with your statement “know what you’re doing by doing it” is that without an actually educated teacher to provide trustworthy feedback, you are going to struggle the learn from your mistakes. The LLMs can only provide so much, and they will lie out their ass to you. Unless explicitly prompted to provide critical feedback, they will find any way to provide positive feedback even to your actual detriment. They will happily skirt their sandboxes, and fight your every attempt to make them actually safe.
At a quick glance, nothing in the project indicates that you are not an expert and that an AI Agent provided the code. The quality of the code is also quite poor, even by Claude standards. I’m actually kinda mind blown you got it to built this without any tests… Something we’ve recently been talking about at my job in terms of AI agents is “cognitive debt” that is incurred in the project. LLMs are fundamentally a statistical next-word generator. If they are given something of poor quality, they will tend to produce more and more poor quality work. And without intervention, it just snowballs.
I’ll never tell someone to stop trying to learn. But, your hubris is going to negatively impact your learning outcomes.
Hi ramielrowe. You made great points here. I’m definitely stepping out of my area of expertise. I also understand that when comes to LLM we must not blindly follow/accept things and having some previous knowledge on the topic you intend to work with, gives you much better results and allow you to spot inconsistencies or more importantly, mistakes. I’m aware of the “positive feedback” that is pretty evident specially on ChatGPT, that’s why I try my best to challenge it. I completely understand your analogy on “cognitive debt”. It’s pretty similar to a reinforcing learning process on humans. If you teach people the “wrong way” and keep reinforcing that without any correction, you know the results.
Regarding the code quality, I’m pretty sure it isn’t top notch, that’s why I’m sharing it here so people who really understand it can point out the flaws and suggest improvements. What I’ve learned so far from the feedback in the comments, is that I need to improve the way I communicate my ideas and the purpose of the application. Since this is my first project, and I’m not very familiar with the dev & tech community, I’m learning the do’s and don’ts along the way.
My impression is that you are coming in completely fresh on all of this and you were expecting everyone else to look at your project and tell you what needs to happen to fix it. That is not learning, that is other people telling you what to do. Nor the realities of the internet. We aren’t your teachers and what you need is instruction. Not minor feedback, not suggestions, actual instruction. I have a few suggestions if you are actually serious:
There are entire college degrees on these topics. And I’m not saying you have to go to college. But, If you’re not even willing to read a couple books, then you don’t really want to learn.
Funny enough, teaching is my area of expertise, so I think I get where you’re coming from. But I also think it’s important to remember that there are a ton of ways to learn, and at the end of the day, only the person learning knows how deep they want to go with a given topic. That comment, “We aren’t your teachers, and what you need is instruction,” kinda comes off as condescending, but maybe I’m just reading it wrong. “We” means a lot of people, but not everyone.
I’m sure the books you suggested are great for building the basics, but assuming what someone’s willing to do or not just based on a quick post doesn’t really take the full picture into account. It’s like drawing. You don’t need to be the next Da Vinci just because you enjoy it. You can have fun, draw simple stuff, and share it with people. You might not end up in a museum, but that’s totally fine. Not everyone needs to be an expert to enjoy what they do. However, learning the basics definitely helps to draw better, right?
Yikes. That doesn’t give me confidence for something that needs root access to the Docker UNIX socket. Was this vibe coded? This kind of application has no business being insecure.
Hi Thaurin, I appreciate your feedback, I understand that security must be a top priority. I’m glad your pointing it out. If you have any advice on how to improve it, it’ll be more than welcome.
If you want to learn to develop web applications, try to understand everything you do. Don’t let the entire thing be generated by AI. Do small changes and commit those one at a time. Understand the programming language, your application’s architecture, internet security, and so forth. Not understanding and then releasing it publicly and later asking for advice on how to improve it, isn’t the way. You’re still the maintainer of the project now, and will have to understand and approve any PR’s people may send your way.
I mean, it can be addictive to just let AI throw everything together in a week without learning anything consequentual. But I wouldn’t throw it on my server with root access to Docker. What’s your real interest here? Learning or telling AI to make stuff for you?
In this world of technology, applications there are too many areas of expertise required to make things “functional” I’m not sure if I can learn everything required to make applications at the level of the most popular ones. I’m more interested in general knowledge and putting ideas out there. I still think that getting this project to the public even if it’s not that great, is still better than have it just on my computer. So, the main purpose is to hear from people what they think of the project, maybe inspire others with more experience to put their projects out there too. My expectations were pretty low about this project, but it turned out to be a great experience to engage with many people from different background just like you.
You are potentially putting yourself at risk and others as well by making it public. I run a VPS in the cloud, so I would never, ever install this app on it, even though I firewall it to my own IP ranges. Your agent has access to the docker group and the tokens are sent and stored in plaintext, as per the SECURITY.md file. That means any leak of a token could lead to total hostile takeover of the server. Adding that you don’t understand the codebase yourself just pushes this further over the edge.
Sure, I get it. It’s fun to build things. But I’ve always found it more fun to actually build things myself. These days, everybody is building these huge, monolithic codebases that nobody understands anymore. I don’t believe that it’s impossible to learn the things required to make a full application. True, you can’t learn everything, but that’s because there are so many different things that do slightly different things, and each week something new comes along. So you specialize a bit. But it’s fun to learn, and just telling an AI to do it makes you lazy.
I don’t know, I don’t like it. I do use AI during development, but I throw smaller things at it, so I can actually look at the code and approve it every time something changes. Plus, I built the structure and original foundation myself, so I still have a firm grip on it. I enjoy creating the code more than I enjoy piling on features generated by the AI.
I don’t develop profesionally anymore, but I’ve read so many stories online about senior developers getting depressed and considering a career change, because their managers think it’s cool to let AI take over their old jobs, while they are left doing code reviews and undoing the fuckups that AI threw at them.
Every week I see several new iOS app on Reddit for tracking your fitness, habits, reminders, expenses, subscriptions, and they are always introduced in the same way: “I grew tired of how x apps do y, so I built my own” while stating that “this is my first app.” And there’s always a $15/month subscription on it! The internet is filling up with cheap Chinese replicas of applications, except that they are not sold cheaply.
People are writing their posts using AI, and then replying to everyone in the thread in Spanish, because why not? Let’s not even try anymore! Open source projects are in trouble, because the volunteer maintainers cannot get through the automatic AI slow pull requests on GitHub to get to the high-quality ones.
I just really don’t like how the current landscape looks, especially in the future. The ensloppification of everything.
End of rant. :)
haha that’s ok bro, have you rant. I’m a Mr. complainer myself. Although, I’ve been trying really hard lately to avoid “unnecessary or premature criticism” and this shit is one of the hardest things I’ve ever tried. Regarding the security concerns, I absolutely agree with you that this is top priority and mandatory. That’s why we set testing environments for this type of things, right? There’s a common feeling that I’ve noticed from the tech community regarding the usage of AI that to me is similar to “musicians vs DJs” or “classical musicians vs Jazz”, I’m sorry if this analogy isn’t the best one, but these are the communities that I’m more familiar with. Some are really opened, others are absolutely against and concerned (rightly so to some degree) and others fall in the middle. I think what we’re experiencing is more of a huge paradigm change, a clash of personalities and the natural fear of the unknown and changes. Maybe the most excited people are really the ones who knows very little and have no idea of the negative potential of these tools or perhaps the so skeptical ones are those who don’t know yet how to reconcile this shift and what to make out it. Who knows? I’ll end up with my rant too… I hate the “enshitification” of the internet content because of AI lol. I’ve read somewhere that the AI text have surpassed the human generate one in the web :,( Lots of people have claimed that my comments “look like AI”… as if they would be that good at identifying it anyways. I’m not a bot by the way. I just found that Lemmy feels more genuine than Reddit (let’s leave this rant to another time).
Peace bro!
How can you expect to release something secure if you don’t know what the fuck you’re doing? You’re literally just hoping to have AI and the community do all the work for you. What exactly are you here for then?
Copying my comment from the homelab community:
I haven’t tried it yet, but here’s some initial thoughts:
Does it support multiple separate docker-compose.yml files? It would be useful if it could pull the list of containers directly from Docker rather than having to paste the docker-compose.
Does it pull changelogs so that the user can tell if a change is a breaking change that’ll require extra work?
It would be useful to support Webauthn/FIDO2 2FA instead of just TOTP. TOTP is being slowly phased out due to its weaknesses (it’s phishable). Similarly, it’d be useful to support single sign on using OIDC (OpenID Connect) as a lot of self-hosters use Authentik, Authelia, or Keycloak to have one login for all their self hosted services.
Hi Dan, I’m also copying the answer from homelab community.
Thanks for your feedback. Much appreciated. For the first question, you click on add and past the image you’re currently using on your compose so the app creates a card with the current version. It’s a bit manual and tedious at first, but once it’s done, it’s easier to maintain. I think your idea is great to have the app just ¨find your docker-compose and do the work", but I don’t know how to do it yet. I wanted to test it manually first and see how it’d work out.
Vigil tells you if the newer version of the image is a major change or not. If you set it to update your compose automatically it will notify you and create a log, it something goes wrong you can easily revert it from the dashboard. Did I get your question right? Let me know if you meant something else.
Finally, security is an absolute must! I decided to use 2FA because most people won’t need to expose it to the web.They’ll probably use it on LAN. However, I do have adding OIDC (OpenID Connect) in mind, since many people indeed use Authentik, Authelia (these are the ones I’m familiar with). Since this is the early version, I didn’t want to make things too complex and also, I’m vibecoding it, so I’ll certainly need some experts out there to help me out to implement it correctly and safely.
If you have any question, just let me know and I’ll try my best to answer that.
DeckPackerYeah, I was looking for that info, because I don’t trust any (especially new projects, that use AI).
How did you know, it was AI though? I am just curious
The OP says so in the comments, but also:
- two week old github account, project created 2 weeks ago
- initial commit is a large 1.0 release with everything committed at once
- this also happens for 2.0 where everything is commited in one commit
- the code and comment structure
Also the look of the UI I can see default Claude UI a mile away these days. Always the same colours, fonts, layouts, ect…
That’s right, I’ve been working on this project for a few weeks. I wasn’t sure if I should commit it to a public repo, but I thought it’d nice to have other people testing it out, and giving their opinion. Honestly, I never used github before, that’s why the account is new. I committed everything at once, when I felt like the application was “functional”.