Hi there! I’d like to share my project with you all.
What is this? Vigil is a lightweight, self-hosted dashboard that watches your Docker images and tells you when updates are available. It’s a ready-to-run Docker setup with a simple install scripts. I know most people don’t like scripts, but since I’m a tech noob I find it pretty useful. For all the pros out there, you can check the script by yourself. This is my first “real world” project so it might not be as polished as other apps out there. It’s a hobby that I started cultivating a few months ago and I’m pretty excited with the results. However, it’d only mean something significant, if other people use it and give their own opinions about it.
If you have a few minutes, I’d really appreciate you trying it out and leaving a review or suggestions on the repo or even here. I’d do my best to answer most of the comments.
Edited because the link wasn’t showing up and giving more details about the project. https://github.com/kumucode/vigil.git
Who vigils the vigil?
Slop alert. Use at your own risk
Sorry, but you have posted only 1 sentence about the project and not even a link to the project.
Additional with the
scripts—basically “em dash” which is really popular among llm generated texts, i get a bad feeling about it.
Well, I’m no tech expert at all so I’m just trying to get things right. I might not be able to answer everything, but I’ll do my best to get you an answer.
Have you vibecoded this?
100%, just take a quick look at the repo. I wish there was a rule in this community that requires a label for vibecoded apps.
It’s not a bad idea at all to have a label so we could set expectations right. But don’t be too harsh on me ;) Just being able to pull a functional app without much of experience is already a reasonable accomplishment is it?
Why would this be an accomplishment we need to celebrate? Something else than you wrote that code. If you want to celebrate an accomplishment you could say “I was part of an AI vibe coding project and we created something functional”. What you did now was putting yourself front and center where you have no place to be, you are a supporting actor, at best. Its like a project manager telling everyone they accomplished getting a product out the door, giving people the impression they did that by themselves only. No, you were part of a team where (most probably) the real work was done by others. Same applies here: you used the coding abilities of another/something else to somehow toot your own horn and tell the world you did this. You did not. You never shared any info on the others involved on your team who did all the heavy lifting, only to reveal this info when pressed by others.
I get your point about giving proper credit to the tools involved, and that’s fair. I’m not trying to pass this off as traditional from-scratch coding. Reducing it to “you did nothing” feels a bit excessive. At the same time, there’s still effort in figuring out what to build, iterating, debugging, and getting something functional out. That’s the part I’m happy about.
Even this comment stinks of LLM style. Please stop trying to bring about the dead internet.
Absolutelly vibecoding it with Cloude. I understand a bit of python and html but I’m no dev or technical professional at all. I just wanted to see if I could build something useful without much of technical expertise.
I appreciate you being honest in your response here.
I’d recommend adding this disclaimer to the post text and repo readme for complete transparency, and so anyone who doesn’t want to use AI-generated projects can move on without creating arguments in the comments.
There are many genuine reasons to not trust code generated by LLMs, especially with anything network-connected or handling important data, so it’s important to be upfront about it.
EDIT: removing this comment because I don’t think you will use this feedback responsibly
Hi @ramielrowe thanks for the feedback, that’s actually pretty good and I’ll start using it. I understand that all this AI thing can be sloppy, and create more friction than good, but I’m really fascinated by how it can help people with little knowledge to build something that a few years ago would’ve been only possible by experts.
Copying my comment from the homelab community:
I haven’t tried it yet, but here’s some initial thoughts:
Does it support multiple separate docker-compose.yml files? It would be useful if it could pull the list of containers directly from Docker rather than having to paste the docker-compose.
Does it pull changelogs so that the user can tell if a change is a breaking change that’ll require extra work?
It would be useful to support Webauthn/FIDO2 2FA instead of just TOTP. TOTP is being slowly phased out due to its weaknesses (it’s phishable). Similarly, it’d be useful to support single sign on using OIDC (OpenID Connect) as a lot of self-hosters use Authentik, Authelia, or Keycloak to have one login for all their self hosted services.
Hi Dan, I’m also copying the answer from homelab community.
Thanks for your feedback. Much appreciated. For the first question, you click on add and past the image you’re currently using on your compose so the app creates a card with the current version. It’s a bit manual and tedious at first, but once it’s done, it’s easier to maintain. I think your idea is great to have the app just ¨find your docker-compose and do the work", but I don’t know how to do it yet. I wanted to test it manually first and see how it’d work out.
Vigil tells you if the newer version of the image is a major change or not. If you set it to update your compose automatically it will notify you and create a log, it something goes wrong you can easily revert it from the dashboard. Did I get your question right? Let me know if you meant something else.
Finally, security is an absolute must! I decided to use 2FA because most people won’t need to expose it to the web.They’ll probably use it on LAN. However, I do have adding OIDC (OpenID Connect) in mind, since many people indeed use Authentik, Authelia (these are the ones I’m familiar with). Since this is the early version, I didn’t want to make things too complex and also, I’m vibecoding it, so I’ll certainly need some experts out there to help me out to implement it correctly and safely.
If you have any question, just let me know and I’ll try my best to answer that.
This looks fantastic! Great work.
Thanks man, appreciate it!
Great idea. Automatic updates (e.g. Watchtower) make me a little nervous.
For me, it’s all about finding the right balance. I don’t want to have to manually update for every little bug fix version bump. Most software I find that major.minor version tags, if they exist, are a good compromise with daily auto updates unless it’s a really fast releasing software where just a major version makes sense. I usually just track releases on GitHub or wherever the source is hosted and bump as I need. That takes care of probably 90-95% of the containers I run.
Automatic updates for bug fixes (e.g. 1.0.0 to 1.0.1) are usually fine - it’s major and minor updates that are scarier. I’ve never used Watchtower so I’m not sure if it has an option to only allow bugfixes.
That would depend on each project properly using semver, which is unlikely.
Personally, I just risk all the updates. It’s not a huge deal to recover.
Yeah that’s exactly what I was thinking about when I started this project. I’ve noticed that many home labers are a bit skeptical with automatic updates. I’m glad you liked the idea
Can you provide a link to your repo?
Yeah absolutely, my bad. First time publishing things here and I thought it was attached to the post. https://github.com/kumucode/vigil.git
Looks like a cool project. Starred. I’m no tech expert either, so I’ll keep an eye on how the community reacts to it, in terms of security.
Keep up the good work!Thanks brother, I appreciate it. Security is one of my main concerns too, that’s why I’ll rely on the experts around here to point out what could be improved.
Please stop trying to build infrastructure software if you don’t know what you’re doing. Anyone using this probably puts their server at risk.
I won’t stop just because you’re saying it. You can only “know what you’re doing by doing it”. That’s why I made this project public available so anyone interested in looking at it, modifying it, improving it is more than welcome. I’m not selling it or claiming that I’m an expert. Quite the opposite, I’m looking for people who are genuinely interested in exploring new things and helping people out. I’ll rely on the experience and good will of experts of this community.
An issue with your statement “know what you’re doing by doing it” is that without an actually educated teacher to provide trustworthy feedback, you are going to struggle the learn from your mistakes. The LLMs can only provide so much, and they will lie out their ass to you. Unless explicitly prompted to provide critical feedback, they will find any way to provide positive feedback even to your actual detriment. They will happily skirt their sandboxes, and fight your every attempt to make them actually safe.
At a quick glance, nothing in the project indicates that you are not an expert and that an AI Agent provided the code. The quality of the code is also quite poor, even by Claude standards. I’m actually kinda mind blown you got it to built this without any tests… Something we’ve recently been talking about at my job in terms of AI agents is “cognitive debt” that is incurred in the project. LLMs are fundamentally a statistical next-word generator. If they are given something of poor quality, they will tend to produce more and more poor quality work. And without intervention, it just snowballs.
I’ll never tell someone to stop trying to learn. But, your hubris is going to negatively impact your learning outcomes. And to be clear, YOU are not writing the code and the code is what runs on the server and people interact with. What you are doing is using an AI Agent. If you want to get feedback on that, then be honest about it.
Does it offer notifications?
3 of your docker containers have new versions available
Yeah, absolutely. You can set the notifications as you wish.
