What’s up, what’s down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
You must log in or register to comment.
Found out that docker volumes are important after restarting my server 🙃
That’s a mistake you only make once!
Meh, made it a few times.
Some images treat volumes differently .
Looking at you, nextcloud.
Am I mistaken that docker creates temporary volumes with a nondescript name and you can potentially dig up the volumes that were being used in
/var/lib/docker/volumes?
Finished my migration from Plex to Jellyfin
Recently been working on setting up forgejo to migrate away from GitHub. My open source stuff I’ve actually put onto codeberg and I’ve set up a handful of pull mirrors on my local instance for redundancy. This weekend I’ve been testing out woodpecker-ci for automating pushing files to s3 for some static websites for repos on codeberg as well as my forgejo instance. Today will tell if that is successful!
A catalog for organizing various Roms you have. It can pull metadata from a number of sources and properly add all the details, cover art, and platform information to each game. It’s smart enough to auto-generate collections based on game series, and embed YouTube videos for gameplay of each one without even any configuration.
The best part? It has Ruffle and EmulatorJS built in so you can play any games supported by EmulatorJS in your browser. I tested games up to N64 and they all ran smooth as butter right in the browser with gamepad configurations built in. They even support local multiplayer.
I’ve been fending off AI bots the last week or so; wrote about it here:
https://gerowen.substack.com/p/the-ai-data-scraping-is-getting-out
Interesting writeup, thanks! I thought maybe dropping connections with those user agents would be the best but idk. My sites have not been targeted yet fortunately.
So far I haven’t seen any attempts to change their user agents. I’ve seen one or two other bots poking around, but nothing to write home about so I’ve left them alone.
I have heard however that changing user agents is a tactic they do indeed employ, especially Claude, so it may be that I’ll eventually have to adapt my defenses.
I’m switching my immich instance to an SSD one and switching my VPN from zerotier to tailscale.
Hopefully that means my Immich will be a little more reactive.
If at all possible see if you can do wireguard yourself. Tailscale is basically inserting a third party company for no reason as its just wireguard with their servers involved. For example if you can run opnsense its easy to get running via the GUI. Very rewarding!
Absolutely. I used Tailscale for a bit because I didn’t want to get a VPS (I’m behind CGNAT), but I needed to expose a handful of services and use my own domain name, and I couldn’t figure that out w/ Tailscale. So I bought a cheap VPS and configured WireGuard on it to get into my LAN and I’m much happier.
I’m considering going this route - just to hide my (static) home IP.
What’s the rough sizing I’d need for a VPS? I’m guessing the smallest possible, but with the best / unlimited data usage?
That really depends on your use case. I use very little transfer because most of my usage is within my LAN. I set up a DNS server (built in to my router) to resolve my domains to my local servers, and all the TLS happens on my local server, so it never goes out to the VPS. So I only need enough transfer for when I’m outside my house.
Here’s my setup:
- VPS - WireGuard and HAProxy - sni-based proxying
- router - static DNS for local services
- local servers - TLS trunking and services
My devices use my network’s DNS, but if that fails, they fall back to some external DNS and route traffic through the VPS.
VPSs without data caps tend to have worse speeds because they attract people who will use more transfer. I think it’s better to find one with a transfer cap that’s sufficient for your needs, so things stay fast. I use Hetzner, which has generous caps in the EU (20TB across the board) and good enough for me caps in the US (1TB base scales with instance size and can buy extra). Most of my use outside my house is showing something off every now and them, or accessing some small files or uploading something (transfer limits are only for outgoing data).
Ok, didn’t think about “unlimited” actually being slower - thanks for the insight.
I’m running a pfSense f/w at the edge, so split horizon DNS and haproxy are already sorted… I’ll check out wireguard - should be straight forward
Thanks
Any resources you’d recommend?
My ISP blocks all outgoing ports. Maybe I’m not trying hard enough but anything I try port forwarding ends up getting blocked.
Minecraft and port 80 are the 2 I’ve tried and they’ve been unresponsive
Pretty sure those two ports are blocked by a lot of IPs because they’re so popular
Was using realvnc to vnc from remote, it was easy and cloud driven.
Fully swapped to tailscale and normal VNC sever now.
Performance is good and works great for the troubleshooting and small GUI stuff I need to do.
I set up my own Lemmy server, mastodon, and matrix. Finally making the move off centralized social media and communication platforms
Do you just do this for your own personal use, a few friends or just anyone from the internet?I’m just curious what the point is and how much effort is involved in connecting with other instances.
Nice! Hosting your own Fedi stuff feels great.
Finally starting my self hosted journey. I have everything I need I’m setting up a 6tb nas for linux iso’s photos and files. And I recently got a “broken” laptop that works perfectly fine that I will use for running all my applications in proxmox such as immich, jellyfin and nextcloud. And probably many others in the near future.
Last week got my new epyc server with GPU running ollama and all the trimmings.
This week linked my 2 home bases with wire guard, all the subnets mesh and the wifi isolation is solid. Performance is surprisingly good considering they’re 9 time zones apart on different hemispheres.
Migrating plex to jellyfin to get hw accel working.
Also trying to get my second base multiple statics and 10gb if possible, rural fiber in Europe is unbelievably aweome, hope to drop Comcast business back home if it works.
Got someone to work with on a new company, so that’s part of this, though my day job relies on this too.
Shoutout to @[email protected] for helping me appreciate the joy of docker compose. I got to set up Navidrome and it’s been great!
With that said, I have a security-related question: at what point in self-hosting am I exposed to the outside internet that warrants things like reverse proxies and other security measures? I’m currently typing router IPs (e.g. 192.168.x.x) to access the services, so is my machine exposed if the only people intending to connect are local on our wireless network?
To expose your stuff to the outside internet, you need to actively set port forward in your internet router, you won’t do that by accident.
What a relief, thanks for the clarity! I have vague memories of doing that as a teenager to play various games with friends, which sounds like something risky a teenager would do 😅
There’s nothing wrong with making a reverse proxy only for use inside your homelab. It’s one way to resolve internal DNS queries and give addresses to your services. It’s perhaps the best, because it’s the only way I know that doesn’t necessitate remembering port numbers.
E.g. You are hosting something at 192.168.1.20 on port 3310. Even if you set a local DNS record for pihole.itjust.donn to resolve to 192.168.1.20, you’ll still have to type pihole.itjust.donn:3310 to access it. The same isn’t true with a reverse proxy.
This is good to know because I’m learning about nginx currently, so I’m glad it has practical use without opening up my network 🤘
Call me careless, but I personally don’t think exposing services publicly is that big of a deal. I’ve been publicly exposing Home Assistant, Jellyfin, Immich, Joplin and a few others for at least 3 years now with no repercussions. Everyone’s risk tolerance is different, but I wouldn’t write off publicly available services. Precautions like a reverse proxy, Crowdsec, Fail2ban, and Authelia all lower the risk profile.
I’ve setup Nextcloud on Hetzner, and have ordered a mini PC to run Immich and experiment with.
Still trying to decide on a good cheap email host that I can also move my family on to eventually.
I recently moved from Gmail to mailbox.org with my own domain. Works as it should so far. And for 2.5€ per month I can’t complain about the price either.
And switching email addresses has actually been less painful than I expected. Most services let you change the associated Mail easily.
I’m trying to figure out a basic CRM for my local sports club. I use docker to self host a voting platform called RALLLY that we use a lot and enjoy. If people can recommend a CRM I’d give it a go today. I tried a platform called twenty yesterday but couldn’t get it off the ground
Consider reviewing odoo, I last looked at them when they were known as openERP, I know one guy that runs it and is happy. It might be a bit much if you just want a CRM…
Docker compose. I had a plan to ease into docker, I slipped and fell in the fucking pool. So far I have AdGuard Home and Heimdall working. Some WireGuard variant is next, followed by moving grafana and Prometheus over.
So far so good……internet blogs, videos, etc have been not great, seems things have changed since dropping the version in your yaml file. All in all, I think the direction I’m heading in is good. Time will tell.
Docker compose is great! Good luck!
I’ve been moving from docker compose to podman, and I think that’s the better long term plan for me. However, the wins here are pretty marginal, so I don’t recommend it unless you want those marginal wins and everything is already in containers. IMO: Podman > docker compose >>>no containers. Docker compose has way better examples online, so stick with that until you feel like tinkering.
I really like the idea of containers, it def solves my problems of running multiple services in the host OS. I’d like to build my own containers to pull the few “bare metal” services I’ll have outside of docker. Anyway, I’ll keep podman in the back of my head.
One thing I’m already happy I did was create a docker directory and having sub directories keep all of my container volumes separate. Should make backing things up easier as well.
Yeah, containers are great! It’s really nice knowing exactly which directories to move if I need to rebalance my services onto other hardware or something.
Most of my services are on my NAS, so I have this setup:
- /srv/nas/<folder> - everything here is on my RAID, and offsite backups look here (and exclude certain directories to save on cost
- /home/<user>/containers - my git repo with configs, sans passwords/keys
- configs w/keys live in my password manager
Disaster recovery should be as simple as:
- Copy my data from backup into /srv/nas
- Clone my container repo
- Copy env files to their respective locations
- Run a script to get things set up
I use specific container versions, so I should get exactly the same setup.
I’m going to be reinstalling my NAS soon (boot drive is getting old), so we’ll see how this process works, though I’ll skip step 1 since I’m keeping the drives.
Got my jetKVM in the mail yesterday. Really sleek build and software. Liking it a lot so far.
Migrated my network to a router running openwrt this past week as well. Having issues with avahi-daemon crash looping, so I haven’t been able to get mdns working in between networks 🤷
