Selfhosting Sunday - What's up?
-
I hear about Incus being the next best thing. I've never played around with it. Is it all that and a bag o' chips?
I think so.
It is LXD + KVM, so way more and finer tune control on lxc instances. It can run OCI images as well, so for docker instances with only a few configs and no persistent storage, it is actually quite handy. For docker instances that need pretty complicated compose files, I just run docker inside an lxc for now, until I figure that out.
-
I hear about Incus being the next best thing. I've never played around with it. Is it all that and a bag o' chips?
Side question, but where are you hearing this about incus?
I'm wrapping up 9 years of using proxmox and I have very specific reasons for switching to incus, but I this is the third time I'm fielding questions in the last month about incus.
-
Absolutely. I used Tailscale for a bit because I didn't want to get a VPS (I'm behind CGNAT), but I needed to expose a handful of services and use my own domain name, and I couldn't figure that out w/ Tailscale. So I bought a cheap VPS and configured WireGuard on it to get into my LAN and I'm much happier.
I'm considering going this route - just to hide my (static) home IP.
What's the rough sizing I'd need for a VPS? I'm guessing the smallest possible, but with the best / unlimited data usage?
-
Ive been using Zola for a bit now and love it. Very simplistic. Could be worth a look but simple pages can be html or markdown. Couldnt be much simpler. Super fast to build
I will look into that too, thank you for the suggestion
-
What's up, what's down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
Found out that docker volumes are important after restarting my server
-
Found out that docker volumes are important after restarting my server
That’s a mistake you only make once!
-
That’s a mistake you only make once!
Meh, made it a few times.
Some images treat volumes differently .
Looking at you, nextcloud.
-
Side question, but where are you hearing this about incus?
I'm wrapping up 9 years of using proxmox and I have very specific reasons for switching to incus, but I this is the third time I'm fielding questions in the last month about incus.
-
I'm considering going this route - just to hide my (static) home IP.
What's the rough sizing I'd need for a VPS? I'm guessing the smallest possible, but with the best / unlimited data usage?
That really depends on your use case. I use very little transfer because most of my usage is within my LAN. I set up a DNS server (built in to my router) to resolve my domains to my local servers, and all the TLS happens on my local server, so it never goes out to the VPS. So I only need enough transfer for when I'm outside my house.
Here's my setup:
- VPS - WireGuard and HAProxy - sni-based routing
- router - static DNS for local services
- local servers - TLS trunking and services
My devices use my network's DNS, but if that fails, they fall back to some external DNS and route traffic through the VPS.
VPSs without data caps tend to have worse speeds because they attract people who will use more transfer. I think it's better to find one with a transfer cap that's sufficient for your needs, so things stay fast. I use Hetzner, which has generous caps in the EU (20TB across the board) and good enough for me caps in the US (1TB base scales with instance size and can buy extra). Most of my use outside my house is showing something off every now and them, or accessing some small files or uploading something (transfer limits are only for outgoing data).
-
I really like the idea of containers, it def solves my problems of running multiple services in the host OS. I’d like to build my own containers to pull the few “bare metal” services I’ll have outside of docker. Anyway, I’ll keep podman in the back of my head.
One thing I’m already happy I did was create a docker directory and having sub directories keep all of my container volumes separate. Should make backing things up easier as well.
Yeah, containers are great! It's really nice knowing exactly which directories to move if I need to rebalance my services onto other hardware or something.
Most of my services are on my NAS, so I have this setup:
- /srv/nas/<folder> - everything here is on my RAID, and offsite backups look here (and exclude certain directories to save on cost
- /home/<user>/containers - my git repo with configs, sans passwords/keys
- configs w/keys live in my password manager
Disaster recovery should be as simple as:
- Copy my data from backup into /srv/nas
- Clone my container repo
- Copy env files to their respective locations
- Run a script to get things set up
I use specific container versions, so I should get exactly the same setup.
I'm going to be reinstalling my NAS soon (boot drive is getting old), so we'll see how this process works, though I'll skip step 1 since I'm keeping the drives.
-
My machine is not a workhorse. I got it second hand. It has around 8gb of RAM, and an 80gb HDD I found in a laptop.
But it's enough to work as a testbed, so it's fine with me.
-
Setting up HW accel on Jellyfin was a bit more manual than a single checkbox. You have to tell it which codecs it should HW decode and encode. I had some issues with it so left it off for now
-
What's up, what's down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
Finally got around to trying what @[email protected] recommended me to troubleshoot my scanner sending to FTP. And I got it working! Thanks chaospatterns!
-
Found out that docker volumes are important after restarting my server
-
What's up, what's down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
I fixed DNS
(My DNS queries were blocked by my ISP's modem, I flashed OpenWRT on an old WiFi Repeater, and set up a DoH proxy)
-
It kind of amazes me that, in this day and age, email has turned out to be the lynchpin of security. Email as a 2FA endpoint. Email password reset systems. If email is compromised, everything else falls. They used to tell us not to put anything in email that you wouldn't put on a postcard...how did this happen?
That and email protocols are outdated and aren't too secure. For example:
- Neither SMTP nor IMAP have no way to use two factor authentication.
- Spam blocking is so hard because SMTP was not designed with it in mind.
- SMTP has no way to do end-to-end encryption which is why you need to layer things like GPG on top.
IMAP has a modern replacement in JMAP, but it's not widespread. SMTP is practically impossible to replace since it's how email servers communicate with each other.
The "solution" has been for companies to make their own proprietary protocols and apps, for example the Gmail and Outlook apps combined with a Gmail or Microsoft 365 account respectively.
-
I’m trying to figure out a basic CRM for my local sports club. I use docker to self host a voting platform called RALLLY that we use a lot and enjoy. If people can recommend a CRM I’d give it a go today. I tried a platform called twenty yesterday but couldn’t get it off the ground
Consider reviewing odoo, I last looked at them when they were known as openERP, I know one guy that runs it and is happy. It might be a bit much if you just want a CRM...
-
I'm considering Keycloak myself because it's trusted by security professionals (I think it's a RedHat project), whereas Authentik is basically a passion project.
I hear keycloak has quarkus builds as well these days which should be much slimmer than how it used to be built.
-
I hear keycloak has quarkus builds as well these days which should be much slimmer than how it used to be built.
I hadn't heard of it, and looking into quarkus just reminded me of how complicated the whole Java ecosystem is. Gross.
Hosting Go, Rust, etc stuff is dead simple, but with Java, there's all this complexity...
-
What's up, what's down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
