What’s up, what’s down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
You must log in or register to comment.
I’ve just moved and I’m setting up my machines. NIC died in my DIY router just before the move so I’m upgrading to 2.5/10 Gbps at the same time.
What NIC are you looking at and what OS have you chosen?
It’s a complete experiment with cheap network gear from China. I have a HP T730 mini PC that serves as my router. I’m installing a cheap 2.5 Gbps NIC for LAN side. Then there’s a switch with 4x2.5 Gbps Ethernet and 2xSFP+ ports. My two main machines (PC and home server) are getting 10 Gbps SFP+ cards that I’ll attach with DAC cables.
OS is OpenWRT, because I’ve been connecting over WiFi to the Internet in both old and new locations. OPNsense just will not work with any wireless adapter I’ve tried. I will try agan once I route Ethernet to my room.
I’m curious if all of this works with cheap network gear. Today I’m configuring a fresh OpenWRT installation on the router.
Now it gets funnier. The new 2.5 Gbps NIC just randomly appears on boot or not. I’ve spent half of the day to troubleshoot this and can’t figure out why.
I set up my own Lemmy server, mastodon, and matrix. Finally making the move off centralized social media and communication platforms
Do you just do this for your own personal use, a few friends or just anyone from the internet?I’m just curious what the point is and how much effort is involved in connecting with other instances.
Nice! Hosting your own Fedi stuff feels great.
Email… My wife really wants to further de-google, this means moving custom domains off gsute.
Do I move to proton/tuta or go back to self hosting email again like I did for years until about 2010?
If I self host, do I do it at home or on the server that runs my lemmy instance?
Don’t go to Proton or Tuta - both are impossible to get out of basically, do not support free standards and Proton is scumy in terms of their marketing.
Mailbox.org Infomaniak Fastmail Posted
Just to name a few.
Cool your wife is into de googling! My wife thinks I’m a conspiracy nut. I have custom domains on proton and its been great, but with their moves toward AI and crypto who knows. I would probably try tuta if I was setting it up now - but who knows if they will eventually go wonkey then you will wish you self hosted anyway 🤝
I went with Tuta because it’s my backup if everything else goes wrong. If my house burns down or my VPS shuts down my instance (e.g. billing fail, IP block ban, provider goes under, etc), I don’t want to lose access to my email.
I use a custom domain for it, so if I ever need to, switching to a different provider should be as simple as swapping some domain configs.
It’s relatively inexpensive too at €3/month when paying annually. I wanted two domains (one for personal, one for online stuff) and didn’t need any of the other stuff Proton has, so Tuta worked.
I self-host my email using Mailcow, and use a VPS for it. I don’t trust my home server to be reliable enough, and the VPS providers have nicer equipment (modern AMD EPYC CPUs, enterprise SSDs, datacenter-grade 10Gbps or 40Gbps connections, etc). I use a separate VPS just for my emails - it’s the one thing I want to ensure is secure, so I didn’t want any other random software (that could potentially have security issues) running on it…
I also use an outbound SMTP relay to avoid having to deal with IP reputation. Very easy to configure this in Mailcow. SMTP2Go has a free plan for sending <1000 emails per month.
It kind of amazes me that, in this day and age, email has turned out to be the lynchpin of security. Email as a 2FA endpoint. Email password reset systems. If email is compromised, everything else falls. They used to tell us not to put anything in email that you wouldn’t put on a postcard…how did this happen?
That and email protocols are outdated and aren’t too secure. For example:
- Neither SMTP nor IMAP have no way to use two factor authentication.
- Spam blocking is so hard because SMTP was not designed with it in mind.
- SMTP has no way to do end-to-end encryption which is why you need to layer things like GPG on top.
IMAP has a modern replacement in JMAP, but it’s not widespread. SMTP is practically impossible to replace since it’s how email servers communicate with each other.
The “solution” has been for companies to make their own proprietary protocols and apps, for example the Gmail and Outlook apps combined with a Gmail or Microsoft 365 account respectively.
This week I finally managed to route torrent traffic through a VPS that was sitting around gathering dust. I am behind CGNAT so was taking me 6 weeks to do the kind of traffic I do in a day now. I couldn’t be more chuffed.
What ratio are you at with your Linux ISOs *wink.
Just under two right now but it is throwing out 55-60GB a day at the moment. Gotta keep those Linux ISOs seeded!
Shoutout to @Estebiu@lemmy.dbzer0.com for helping me appreciate the joy of docker compose. I got to set up Navidrome and it’s been great!
With that said, I have a security-related question: at what point in self-hosting am I exposed to the outside internet that warrants things like reverse proxies and other security measures? I’m currently typing router IPs (e.g. 192.168.x.x) to access the services, so is my machine exposed if the only people intending to connect are local on our wireless network?
To expose your stuff to the outside internet, you need to actively set port forward in your internet router, you won’t do that by accident.
What a relief, thanks for the clarity! I have vague memories of doing that as a teenager to play various games with friends, which sounds like something risky a teenager would do 😅
There’s nothing wrong with making a reverse proxy only for use inside your homelab. It’s one way to resolve internal DNS queries and give addresses to your services. It’s perhaps the best, because it’s the only way I know that doesn’t necessitate remembering port numbers.
E.g. You are hosting something at 192.168.1.20 on port 3310. Even if you set a local DNS record for pihole.itjust.donn to resolve to 192.168.1.20, you’ll still have to type pihole.itjust.donn:3310 to access it. The same isn’t true with a reverse proxy.
This is good to know because I’m learning about nginx currently, so I’m glad it has practical use without opening up my network 🤘
Call me careless, but I personally don’t think exposing services publicly is that big of a deal. I’ve been publicly exposing Home Assistant, Jellyfin, Immich, Joplin and a few others for at least 3 years now with no repercussions. Everyone’s risk tolerance is different, but I wouldn’t write off publicly available services. Precautions like a reverse proxy, Crowdsec, Fail2ban, and Authelia all lower the risk profile.
A catalog for organizing various Roms you have. It can pull metadata from a number of sources and properly add all the details, cover art, and platform information to each game. It’s smart enough to auto-generate collections based on game series, and embed YouTube videos for gameplay of each one without even any configuration.
The best part? It has Ruffle and EmulatorJS built in so you can play any games supported by EmulatorJS in your browser. I tested games up to N64 and they all ran smooth as butter right in the browser with gamepad configurations built in. They even support local multiplayer.
I really need to figure out how to get Jellyfin to use SSL certs and assigning a domain to the instance.
I have my instance running in my k3s cluster. I have its node affinity to only run on my minisforum i9. That way, I can use cert manager to manage the certs.
Do you have a revese proxy setup?
When in doubt, put it behind nginx
Caddy is the way.
Caddy! I am embarrassed to think about how long it took me to figure out caddy. I kept cracking away at it tho, and one day it was like the clouds rolled back, and the sun shone on my face, a alien ship came down and this green little dude gave me the secrets, and it was all so simple. Now I can have caddy up and dishing out certs in about 5 minutes. When I look back, I cringe.
Finally installed jellyfin when I realized I could use rclone to mount 10G of free disk space from box (with client side encryption using rclone) on my server.
Very easy to install on Debian, but the plugins are a security nightmare. Jellyfin devs are kinda dumb.
A LOT of plugins in many projects are a huge concern. I say this as someone who ran security for an OS for a while. It’s just people making bad decisions for everyone and then hand-waving the risks when questioned.
I dont mean the plugins themselves but the fact that there’s no way to safely download a plugin.
Even if the plugin really is benign, jellyfin will happily download something inauthentic and malicious befuarse there’s no cryptographic signature checks
A new homepage for the business of my wife.
I plan to use Hugo for it, I just wish the documentation would be better.
For the homepage I need a few additional “non-blog” pages and from the documentation I am not sure how to do that the best way.
But to be honest, I have not really looked deeper into that, so it is very possible that I just missed something.
Ive been using Zola for a bit now and love it. Very simplistic. Could be worth a look but simple pages can be html or markdown. Couldnt be much simpler. Super fast to build
I will look into that too, thank you for the suggestion
Zola really is great, I have started to work with it and it is so much easier to grasp and to get results with. Thanks a lot for pointing me to Zola!
Debatting with myself and to a lesser degree what to do in terms of our homeserver situation. While the proxmox node has more than enough CPU and RAM capacity left, the NAS, an older Synology, is full to the brim, EOL and needs replacement.And sadly being a mini PC the proxmox node is unable to get the HDs connected.
So something new is needed and I would rather have my setup streamlined and combine the two.
But that is… More difficult than anticipated. I really would like something power saving with ECC ram that can take at least two PCI-e (SFP+ and a potential graphic card for AI later on). That can take 4,better 6 HDs. And at least one,better two NVMe. …that basically means self building which I am happy with, but all current builds I calculate come out somewhere south of 2000€ (including two new HDs, as two old ones need to go). And that’s sadly out of the financial possibility at the moment.
If only the fucking Ugreen (DXP6800)would support ECC. While not ideal in terms of PCI-e it would be enough to do the trick.
I use a little mini PC with a DAS connected via USB. So you don’t need to go full server to expand the storage.
That’s a bit below the level of reliability I need,sadly - before doing that I could also go for a non ECC solution.
Are there any AI apps that will index markdown documents with a vector DB, then allow you to run natural language queries using some kind of RAG approach with a local LLM?
Closest I’ve found is LlamaIndex, but this is still more of a ‘foundation’ than a turn-key solution and right now I’m too time-poor to do the assembly required…
I realise I’m describing close-to-frontier tech, but is there anything more turn-key (Dockerised) out there yet?
My use-case is pretty ‘vanilla’ in this space: Having a knowledge base and wanting quick answers to questions like “How should screen X behave if I am not a registered user?”.
Thanks for any suggestions!
Ollama + OpenWebUI also can do this.
I think I found my jam! AnythingLLM self-hostable
I tried to update my lemmy instance and it all went so horribly wrong. DB never came up, errors everywhere, searching implied I updated to a dev branch sometime in the past (not a dev, don’t think I did) and it’ll be console and DB queries for a fix.
Ran out of time and overwhelmed, I restored backups and buried my head in the sand. Nope, not now. Future, yes, but oh not now.
I had that problem once, just had to delete a duplicate db function
Sometimes we get so engrossed in what we’re doing we can’t see the problem(s). I do that a lot, so I have take a break. Same with creating music. You get so deaf to what you are trying to write that nothing sounds good no matter what you do. In the words of Snoop Dog, ‘I had to back up off of it and sit my cup down. Tanqueray and chronic, yeah, I’m fucked up now.’
Take a break.
A while back, the docker installation instructions just had “lemmy:latest” as which version to pull. The Lemmy devs aren’t the brightest, and the beta versions are included as “latest”. Now the instructions have you put the specific version to pull, like “0.19.10”.
I wonder if that’s what happened?
As we received new network hardware from our ISP, and inevitably are getting a new IP address again with that, I’m looking into setting up a DDNS. I’ve wanted to check out DuckDNS.
They run their (free) service on AWS EC2 instances, though, and as I am currently also trying to end my reliance on Google and Amazon, I’ve got some more digging to do. If anyone has a good, European (or heck, federated?) solution, hmu!
I have been very happy with desec.io, they are a nonprofit based in Berlin.
Also very impressed with desec!
I’ve been using DuckDNS on a multiple platforms for a couple of years and it works great. Never had a problem.
I’m using the Hetzner nameservers, it’s not exactly DynDNS but they have a DNS API and I just have a cronjob set up that checks every five minutes if the IP is still correct and updates otherwise.
Using this in the cronjob: https://github.com/FarrowStrange/hetzner-api-dyndns
i run coolify and I have to make my own solutions so I’m learning a lot about docker.
Finally starting my self hosted journey. I have everything I need I’m setting up a 6tb nas for linux iso’s photos and files. And I recently got a “broken” laptop that works perfectly fine that I will use for running all my applications in proxmox such as immich, jellyfin and nextcloud. And probably many others in the near future.
