I have a dedicated vm for things that are crucial to the home network, either latency-critical or network related.
That’d be my dns resolver (I enforce it over VLANs by hijacking anyone trying to do DNS to other resolvers, like random IoT devices), homebridge for less important home automaton and my own matter controller for most important home automaton (controlling the lights).
My router of choice is RouterOS in another VM. I tried opnsense, pfsense, vyatta, and a bunch of others (even a containerized Cisco route), and I settled on ROS, because it was the only one who could do IPv6 properly (apart from Cisco, but that has other issues).
For the less important things I run them on k8s and really, there are only two bits worth mentioning as essential: ArgoCD and nixhelm. Together, they provide effortless and mostly automated software updates with very easy rollbacks. I don’t have to go and manually update every single bit of software and that saves huge amounts of time.
I use my searxng instance several times a day.
DNS server/cache/pihole. If that goes down I can’t browse anything.
I also selfhost a SaaS that I built. It’s essential to me that it’s available to my customers although I don’t use it personally.
No one’s mentioned Forgejo yet? Solid git and artifact repository.
Docker
TCP/IP
Sorry, this is an AppleTalk household.
I laughed my ass off when Chris from LUP podcast said they used Netbeui in their studio. I wouldn’t admit to that, myself.
Man, I haven’t seen a reference to that protocol in a very long time.
When I was studying for my first MCSE back in ancient times, my girlfriend heard me mention ‘netbeui’ and thought it was the funniest damn thing. She used to catch me throwing out all the computer jargon and just yell “NET… BOOEEEEEY” at me.
Excuse me, what?
Biggest Linux podcast in the world, uses NetBEUI. Yah, there’s that.
WireGuard on my VPS, because otherwise I’m stuck behind CGNAT and can’t access anything in my network from elsewhere. Or Tailscale, but that’s not really self-hosted.
do you have a good guide on how it works/ho to set it up? I tried a little while ago but couldnt figure it out.
I used the Arch Wiki entry about WireGuard. The trickiest part was some MTU nonsense.
Tailscale is a bit simpler and I think I just figured it out with some docs on their website.
For me, the most essentials are definitely:
- PhotoPrism
- Jellyfin
- Navidrome
- Wiki.js
Opnsense
Vaultwarden
Email
Home assistant
Emby
Gitea
Paperless-ngx
Firefox
Honest question, I’d love to host email but it seems like a huge pain in the ass these days with trying to keep from being delisted. Is there a decent, home user accessible email system that’s useable out there?
A decade ago it was easy and doable but even in professional life I don’t deal with email backend anymore, all google or o365.
You’ll never get away from maintenance for ant service you host, and you need a VPS at a minimum to handle mail unless your ISP allows it (which they probably don’t). There’s going to be front loading needed in order to make sure the IP you’re given isn’t on blocklists, and you’ll need to take appropriate measures with Apple, M$, Google, Yahoo, etc in order to send email to their domains. The good thing is that I’ve you do that, you’ll never need to touch it again.
I personally use iRedMail because of the breadth of documentation, but mailcow and others like that are allegedly nice. I prefer the omnibus solutions because I don’t care to do manual service configuration if it’s not necessary.
Been doing email hosting for my domain for 25 years, 12 years with iRedMail.
I’m also using iredmail. Apart from it needing more hardware than it used to its been pretty stable. I use an SMTP Relay for sending mail, so I don’t hit issues with sending. Not that I ever actually send many emails.
Highly recommend purelymail. No nonsense mail, with straight forward pricing.
I use an SMTP Relay for sending mail, so I don’t hit issues with sending.
Firefox
You mean you self-host your profile?
No. I host Firefox that runs in a browser.
It’s one of my favourite things. So places that may block certain sites can be bypassed.
Not sure why I was downvoted for answering a question accurately.
How do you self host Firefox? This is something I’d like to setup!
It’s this: https://github.com/jlesage/docker-firefox
- Pihole (if that service goes down, everyone in my house gets mad at me)
- Jellyfin
Everything else is a nice to have, not essential
The arr family with a torrent client is great for feeding Jellyfin. If you are a developer, you can host your own shit there too. Game servers for playing with family and friends (so far Minecraft, Terraria, Project Zomboid, V Rising). I like to host a bunch of different telegram bots I wrote for fun. Discord bots are another interesting side. I also run some automation runners for helping out with testing, building and deploying my projects.
Focus on your needs and what you want to improve of your online life, there is probably a project you can self host for it.
(if that service goes down, everyone in my house gets mad at me)
I bought a PiZero and set it up as a redundant pihole for this reason. It’s slower because it’s wireless, but not super noticeable since it’s ‘just’ DNS. I have the router pointed at the main and backup all the time and if I need to do something (or break the main one messing with dockers) there’s still the backup until I get the main up.
I messed around with some High Availability configs where they both had the ‘same’ ip but could never get it working smoothly. I just use the teleporter functionality within pihole any time I update anything to keep them in sync, which is rare.
I did something similar, but then I turned my pizero in a portable retro console lol.
Pi-hole. Get rid of at least some ads on the network level. Maybe add unbound for a faster DNS response.
Using unbound on opnSense with blacklists. Works wonders and do not require an additional device.
Pi-hole can run inside a docker container no problem. In fact I have it running on my unraid server that way.
I keep one in a docker container and one in an actual pi, that way I can perform updates and upgrades without interrupting DNS service at the house.
This is the way.
I use unbound with pi-hole inside an Ubuntu lxc container. No additional device needed.
I like AdGuard Home myself.
My most frequently used are most likely vaultwarden, Memos, Trilium, Jellyfin, Frigate, Traggo, and beaverhabits. Also AdGuard and NPM but I don’t interact with them.
Oh yeah and freshrss
And! Nextcloud and Baikal. NC only for storage and Baikal caldav and carddav
I’m curious, is there a reason you use Baikal over Nextcloud for cal-/card-dav?
I would probably be happy to not have to run an additional service, so I would have to have good reasons to run Baikal next to Nextcloud. Then again, if I had already setup Baikal and then, sometimes later, Nextcloud, There would probably be a great span where I ran both :D
It didn’t work with iphone. Also, I previously hate Nextcloud and don’t want to depend on it to do any service except storage. Do not trust it.
For me it’s the first thing i learned how to self host: Nextcloud …which in turn allows me to sync Joplin notes, which I use constantly
-
Samba (I can move files now, sweet!)
-
Jellyfin (I can watch stuff, sweet!)
-
Qbittorrent-wireguard (for pirating copyrighted material from the internet illegally)
-
Somesuch Wireguard solution (for accessing the backend and doin stuff)
-
A proxy somewhere else
The rest is extra. This gets my usual goals completed pretty well.
for pirating copyrighted material from the internet illegally
I’m pretty sure that’s not the phase we use now
“Archiving legally purchased content as an insurance against corporate-sanctioned theft”?
-
It’s not very exciting, but: Network UPS Tools (NUT).
Keep everything in good shape in the event of a power outage.
I use NUT with an Eaton Ellipse but it periodically stops working and I’m forced to restart the container
Huh. Losing USB access?
Yes but I don’t know why
I’m running NUT on the host os - no container. If that’s an option for you it will probably be much more reliable.
The only one I haven’t seen mentioned here that is a requirement for me is OPNsense. I’ve been using it for a couple years, and pfSense before that for a very long time. Never going back to commercial routers and their shitty / buggy / backdoored software. I highly recommend OPNsense over pfSense for the UI improvements alone, but there are other reasons to use/support OPNsense over pfSense.
On my network it handles internet firewall, internal firewall, and all routing across 5 VLANs and between two internet gateways. It does 1-1 NAT for my public IPs, inbound VPN, outbound VPN for my *arr stack, and RDNS blocklists with the data source being a script I wrote that merges from several sources and deduplicates the list. It is my internal certificate authority (I don’t miss you at all, Windows CA), DHCP for the guest wifi, and does pihole-like ad blocking via DNS for my entire network. And it does all that running in a VM with 2GB of RAM, of which it only uses about 60% on my install.
It is an incredibly powerful tool, not terribly difficult to learn, has a pretty damn good UI for FOSS, and in my opinion is a fantastic foundation for a complex home network / homelab. Unlike pfSense, which corrupted itself twice over the years I ran it, it has never let me down. And every update has been painless over the years.
I highly recommend OPNsense over pfSense for the UI improvements alone, but there are other reasons to use/support OPNsense over pfSense.
Can you list or summarize some of the other reasons?
Eh, I’ve forgotten a lot of the details and it’s drama that I don’t care to relearn about. Easy to find online with some basic searching if you want to read about it.
Thanks for that info, @AtariDump@lemmy.world
Went to try pfSense. Need to register to their shop to buy a free download link.
Then during installation it won’t install unless it can phone home and report.
OpnSense all the way.
That’s new, it didn’t used to do that back in the days when I used it but that was a couple years ago. Sounds like it’s just getting worse.
Second OPNsense. pfSense also is maintained by some pretty shitty individuals.
Yeah I hinted at it but didn’t feel like going into it. It’s why I switched though, and happily I found OPNsense to just be better anyway.
Why “shitty individuals”?
https://web.archive.org/web/20160314132836/http://www.opnsense.com/
This was the website that pfsense maintainers made as soon as OPNsense was announced. They sniped the name, derided the project and only ended up handing over the domain after they were legally compelled to.
One person affiliated with Netgate in particular can be seen around forums and social media and has serious axes to grind. He’s… not pleasant.
Add to that Netgate’s practices (IIRC secret proprietary blob required to build pfsense, double-check that fact / unremovable installation tracking) and the picture painted is one of petulance and anger.
[edit] oh yeah, and this gem! https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/
I’m still using pfsense and considered switching over to opnsense but I found out it doesn’t have something similar to pfblocker.
I understood some of those words. It make network go?
It make network go very good.
How many NICs do you have on your opnsense machine?
It’s a VM so technically none I guess, but my hypervisor hosts have a 4 port gigabit card and a 10 gig fiber card, plus another gigabit port on the motherboard.
OPNsense is using 6 interfaces, 2 WAN and 4 LAN, but it’s all virtualized.
Audiobookshelf, Calibre-Web, Plex/Jellyfin, FreshRSS, NextCloud, DokuWiki.
