What’s happening on your servers? Any interesting news things you tried?
I didn’t do anyone other than updating Mastodon (native deployment) lately due to a lack of time. Reading so much about Immich caused me to consider trying it in parallel to Nextcloud but I’m not sure if I want to have everything twice.
Not quite homelab, but I’m about to install Linux Mint on my mom’s laptop and that had me thinking about creating an off-site backup in her place again since she has a fiber connection. I’m still not sure about the potential design though, but currently my only backup is in the same rack as the live stuff.
You must log in or register to comment.
I actually did something for quite a while. Finished long overdue wiring for outdoor access point and one more camera, replaced a main switch since the old one started to behave unreliably, installed frigate (which still needs some work), cleaned up some wiring while messing around, updated a bunch of firmwares, replaced switch in garage to managed one and made some changes on my workstation and some other minor stuff.
Next would be to move cameras into their own VLAN and harden that setup a bit. And I really should get around on better backups for my VPS. But it’s a new week coming up, if the work isn’t too busy I might get something more done.
Installed qbittorrent and downloaded a few seasons of Linux isos onto a vps. Discovered accessing those files over SSH to be too slow to play them without buffering so installed filebrowser to get them via http which worked well.
It’s been a long long time since I used bittorrent and wow it works so much better these days.
So, serious question, should I self-host my servers in AWS?
Why would you?
At this point my whole setup is mostly in maintenance mode - I’ve got everything I need up and running, making some minor changes here and there (like swapping out StirlingPDF for Bento), and keeping things up to date. I only started this hobby about 6 months ago or so, and I’m really satisfied with where things are at. We’ll see when the next Big New Thing arrives.
Finally managed to carve out some time since the birth of my daughter two months ago to tinker around a bit. Decided to tackle my gripe to semi-automate updating my services when there is a new release.
Now I have Renovate running on my self-hosted Forgejo instance using Forgejo’s actions and a “Podman in Podman” image for its runners. Don’t ask me why I wanted to do a PINP instead of DIND - I guess I like to punish myself. But at least this means everything I deploy is running with Podman 😄
A self hosting thing that I did after having a kid that’s helped us tremendously is hook up an internal camera to frigate to use as a baby monitor, and then have automations in home assistant to automatically change which parent gets notified about crying in the middle of the night based on an agreed-upon “shift”. Just a thought to consider :)
I love the idea! I was actually thinking about building something like a baby monitor with cameras instead of just buying one, so your comment further inspires me to follow up on that. May I ask what camera you were using?
I think it was an older model of this one, but I’m not sure. Just a random amcrest I had lying around.
It’s also worth pointing out that there are a few self-hosted solutions actually meant to act as baby monitors doing stuff like sleep/wake differentiation. I just had trouble getting one of them going and just thought screw it I’ll just use frigate and noise levels to detect crying sounds since he was older and hardier.
I am playing around with Podman Quadlet and that’s one hell of a rabbit hole. I have everything up and running, and now I need to configure the containers, and probably will deal with other pain points, etc.
The good thing is that I have documented the whole process so it is reproducible but it took me quite some time to figure out everything.
Would you mind sharing your process in a write up?
I will definitely do that, I just want to finish the whole setup.
I installed immich and began migrating our phones away from Google.
I threw a thinkcenter in my laundry room and did the bare minimum to securely SSH into it (fail2ban, nonstandard port, root login disabled, can’t login with password, etc), to be used as a testing platform for building my workplace a new website.
Just gotta relearn HTML/CSS and figure out what platform to use.
Also set up traefik/Authelia/maybe Anubis for the new domain and block any access outside of my home or workplace.
I’ve set up Kavita for my e-books. Nice UI, looks promising, and I’ve added some books. I haven’t really used it yet, because half of this was just an excuse to try podman (instead of docker). I wanted to set it up to run as unprivileged user, without the docker daemon running as root. That wasn’t too hard, but it was definitely a few extra steps.
But something about Kavita didn’t sit well with me. Maybe I don’t self-host enough stuff to know what’s normal, but there is a donate button, which I don’t mind, but its tooltip says: “You can remove this button by subscribing to Kavita+.”
I’m donating to a few software projects already, and I have developed a substantial amount of free software myself. There is nothing wrong with asking for money. But what I cannot stand is when software running on my own device is intentionally acting against my interests. And this tooltip was very clear about not letting me do something that I might want to do.
So I checked the source code for more. I found another anti-pattern: telemetry is opt-out instead of opt-in. But that seems to be it, I didn’t find anything worse than that. So… fair I guess, if the author wants it that way. It’s still free software. It looks like I could delete all the Kavita+ stuff myself and re-build. Which I’m going to do if I keep using it. But this is now an extra step that prevents me from just using it, because I need to feel in control of what I run. Kind of self-inflicted, I guess…
I’ve been running Kavita for a year and a half +, and honestly cannot tell where the donate button is, other than going into the settings and clicking the “kavita+” selection. Maybe I’m oblivious. Can you share what you’re seeing? As well with the telemetry option?
Telemetry is in Server -> General -> Allow Anonymous Usage Collection. When you opt-out, it also send a final message to the server that you’ve opted out. The the telemetry itself looks reasonable, I don’t mind sending it. It’s really just the dark pattern of opt-out vs of opt-in that bothers me.
The donate button is the heart in the bottom left menu (not visible in the settings). It’s unobtrusive. I wouldn’t bother to remove it, except the tooltip says that I have to pay to remove it - now it has to go. Asking for donations is fine, but asking for money to remove a button is disgusting.
Thanks!
Telemetry: I was able to find it, but it was already disabled. Maybe i noticed and unchecked it when I initially setup.
Donate button: Ah, I see where you mean. Interestingly I do not see it when accessing from my mobile device, either as a mobile site or requesting a desktop site. But when accessing it from a desktop browser I do see it in the bottom left.
A quick test shows ublock origin can block the element from showing. I believe that even if the user donates, it is not sufficient to hide this button, and the user must opt to pay for Kavita+ which is a subscription, not a one time license/etc, and forgoing it may lock other features a user is interested in.
https://wiki.kavitareader.com/donating/ https://wiki.kavitareader.com/kavita+/
If you reach the point of looking for a different solution, check out Calibre Automated. I tried several different things and this was the best one for me.
This looks cool, but I really wouldn’t like having the donate button right in front of me
I’ve been making another attempt to replace Docker with Podman. The issue is I can’t connect to my server through a web browser. I think it’s a firewall issue.
Networking and networking troubleshooting is a bit confusing for me and that’s the least favourite part about self hosting for me. Turns out I actually enjoy writing scripts more and the challenge of writing POSIX scripts especially.
If I can figure it out, I’ll probably write a guide for setting up Podman and Caddy on Alpine Linux since there isn’t a lot of recent information out there from what I found in my searches so far.
Did the switch from Docker to Podman a couple of months ago. Now I host all my services (arr-stack, Forgejo, Nextcloud, Authelia, Traefik, Immich… to name a few) on my VPS and mini pc/home server with Podman.
I recently sat up headscale to connect my VPS running the Traefik Proxy to my home lab to make some of my services running on there accessible from the internet. It was quite the journey, to say the least, as networking is not my forte either.
But feel free to drop me a pm if you need some inspiration or support, maybe I can help.
Thank you for the offer. I still need a bit more more time to experiment and zero in on the issue again. Fortunately my setup is quite simple and the only bottleneck will be Caddy.
I basically run Caddy which redirects to a static generated blog, simple file server page and a Kiwix instance. I’m mostly making a self hosted reference site of materials for Linux and Scripting resources.
One day I may add a Forgeo instance but currently my entire workflow exists around rsync. I’m happy just having my single file scripts hosted as text files and don’t really need the power of git. At least not at the moment.
Rootless podman cannot bind ports <1024, only root can by default (on pretty much any distro I guess). Have you done something like
sysctl net.ipv4.ip_unprivileged_port_start=80to allow non-root processes to bind to port numbers >=80?Good luck 🫡 I made the switch about half a year ago and went all in on rootless quadlets while I was at it. It was a pretty nightmarish couple weeks figuring out things like user id mappings and rootless permissions, but I got there eventually. Landed on a super neat Traefik config that should work for anyone and makes spinning up new quadlets with their own reverse proxied subdomains really simple. I should really post it somewhere…
In the end I wouldn’t exactly say it was worth it… but it sure feels cool to be fully moved into a more open/native container implementation.
Yeah, I mainly just want to move away to more open projects. When I first started, everyone kept suggesting using Cloudflare. After half a year using their service, I just felt icky the entire time.
In the past couple months I was able to move away and chose to protect myself by learning how to harden my server as well as hiding my server behind multiple layers of obscurity.
With my current setup, the only site traffic I get has only been myself and my custom ssh port only gets hit by bots about 3-10 times a week according to my logs. Only time will tell how effective my layers of obscurity will hold up but so far it seems to satisfy my needs better than I was expecting.
Once I get podman in a state I like, I’ll pretty much be all open sourced and all I’ll have to do for myself is be in maintenance mode unless I care to add a new service. I like to keep things simple so I don’t normally go crazy adding new services anyways.
I got tailscale cert to work but I feel kind of bad about learning tailscale instead of headscale
I was going to read into these. What benefits do you see in headscale?
Mainly that they can’t enshittify because they’re already open. Tailscale is great right now, and free, but who knows in 5 years
Have you looked into netbird? I have been thinking of setting that up over tailscale
CLOUDFLARE IS NO MORE FOR MY NETWORK
Soon I’ll drop Cloudflare for my public services too
What are you moving to?
Anubis, though I always had it before I removed Cloudflare.
I did have troubles passing the Anubis check from time to time. It does not offer an alternative way to prove you’re not a bot and locks you out of the website completely.
Hooray!
I have noticed that Microsoft and google are trying to scan my domain for /php-myadmin and similar links that I thankfully do not have.
I had already fail2ban running but it failed to ban a single IP. I did setup custom filters that would ban admin panel scanning attempts but somehow now it also bans my home IP and my phone 5G ip sometimes. No idea how to fix it so far. Also, this filter/jail doesnt necessarily jail everyone attempting to reach these links, just sometimes it does.
I’ll have to look at my fail2ban logs and see if I’m having similar issues.
It should be possible to mod your jail to whitelist an IP range on your local Network.
I’m doing that on one of my jails.
I’ve learned a hard lesson this week. Jellyfin server OS partition run out of free space and corrupted the database. Nothing to do but reinstall. I guess this week I’ll be reviewing backups! 🤣🤣🤣
oh this recently happened to me. but nothing much was lost, users were managed with SSO, files were unaffected, barely an inconvenience.
I don’t like the sound of that. Sounds like bad programming? Who’s at fault? Jellyfin or the database implementation? Why would a nospace error corrupt everything. Sounds absolutely volatile. 😱
They just made a blog post about the next version fixing a long standing issue with their database management. Should probably improve in the near future.
Yikes. Well that’s good, at least. Progress is good.
FYI from the newest release notes for 10.11.0
Jellyfin now actively checks the available free space for its configuration and data directories. If you have less than 2GB of free space in each data directory, Jellyfin now refuses to start to prevent data corruption. Additionally, checks are implemented to prevent certain path misconfigurations that are known to cause issues.
Set up Zipline to share bigger files with my friends.
