Prioritizing de-clouding efforts

meyotch@slrpnk.net

You are correct that I will be using it only for internal authentication. I want to get away from my bad habit of reusing passwords on internal services to reduce pwnage if mr robot gets access

Any experience on how authelia interacts with vaultwarden? They seem sympatico but should I install them in tandem? Would that make anything easier?

oha@lemmy.ohaa.xyz

swap Photoprism with Immich. Its a lot better imo

meyotch@slrpnk.net

My storage needs will never be as huge as some setups. The Jellyfin library will surely be the largest as I am part of a sneakernet pirate enclave (me and my friends swapping media collections as an alternative to torrents).

But the 512gb main drive of my mini PC should be plenty for the foreseeable future. That will be incrementally backed up to another internal HDD. I already snapshot my systems quarterly and keep that drive in a fire safe as a disaster recovery measure.

I may get to the point where I need a NAS, so I will look at True NAS so I can plan for that future need. My digital footprint is relatively small as I do not hoard a lot of video media. So, hooray, something else I can migrate later!

meyotch@slrpnk.net

I would like to hear a bit more about the main differences. I tried immich first on a resource constrained system and it was a real pig naturally. PhotoPrism seems to be less resource intensive, but my new AMD Ryzen 7 mini pc is also a lot more powerful than a pi 4.

Im willing to go either way and this one will probably be near the bottom of the list anyway, so I have time to learn more and perhaps change my mind.

tofuwabohu@slrpnk.net

No, but Vaultwarden is the one thing I don't even try to connect to authentik so a breach of the auth password won't give away everything else

non_burglar@lemmy.world

Photoprism is less "resource intensive" because it's offloading face detection to a cloud service. There are also many who don't like the arbitrary nature of which features photoprism paywalls behind its premium version.

If you can get past immich's initial face recognition and metadata extraction jobs, it's a much more polished experience, but more importantly it aligns with your goal of getting out of the cloud.

just_another_person@lemmy.world

The biggest thing I'm seeing here is the creation of a bottleneck for your network services, and potential for catastrophic failure. Here's where I forsee problems:

1. Running everything from a single HDD(?) is going to throw your entire home and network into disarray if it fails. Consider at least adding a second drive for RAID1 if you can.
2. You're going to run into I/O issues with the imbalance of the services you're cramming all together.
3. You don't mention backups. I'd definitely work that out first. Some of these services can take their own, but what about the bulk data volumes?
4. You don't mention the specs of the host, but I'd make sure you have swap equal to RAM here if youre not worried about disk space. This will just prevent hard kernel I/O issues or OOMkills if it comes to that.
5. Move network services first, storage second, n2h last.

kevincox@lemmy.ml

#1 items should be backups. (Well maybe #2 so that you have something to back up, but don't delete the source data until the backups are running.)

You need offsite backups, and ideally multiple locations.

thejevans@lemmy.ml

I would recommend running Home Assistant OS in a VM instead of using the docker container.

mcchots@sh.itjust.works

Why is that?

condorwonder@lemmy.ca

You get easy access to their addons with a VM (aka HAOS). You can do the same thing yourself but you have to do it all (creating the containers, configuring them, figuring out how to connect them to HA/your network/etc., updating them as needed) - whereas with HAOS it generally just works. If you want that control great but go in with that understanding.

rutrum@lm.paradisus.day

This looks exciting. I hope the transition goes well.

I would say to get automated backups running on the first few before you do them all. Thats a luxury we get "for free" with cloud services.

Note on firefly iii. I use it because I've been using it, but after using it for 4ish years, I dont really recommend it. The way I use it anyway, I think inserting data could be easier (I do it manually on purpose) and the graphs/visualizations I also wish were better. My experience with search functionality is also sub par. I would look at other alternatives as well, but I think its still better than not tracking finances at all. But I wonder if using a database client to insert data and python scripts or grafana to analyze the data would be better for me....YMMV

Good luck!

thejevans@lemmy.ml

Everything @[email protected] said and because backups to Home Assistant OS also include addons, which is just very convenient.

My Proxmox setup has 3 VMs:

1. Home Assistant OS with all the add-ons (containers) specific to Home Assistant
2. TrueNAS with an HBA card using PCIe passthrough
3. VM for all other services

Also, if you ever plan to switch from a virtualized environment to bare metal servers, this layout makes switching over dead easy.

shortn0te@lemmy.ml

The main difference i would say is the development and licensing model.
Photo prism is forcing ppl who want to commit to sign a CLA to.give away their rights. Also the community is not really active it is mainly one dev that can change the code license on any given time.

Immich does not have such an agreement and has a huge active contributor community around it. Also Immich is backed by Futo which has its pros and cons.

Imho the biggest pain in self hosting is when a foss product turns evil towards its community and start to practice anti consumer/free selfhosters business practices.

Immich is far less likely to turn evil.

ikidd@lemmy.world

This might be the last chance to migrate from Gitea to Forgejo and avoid whatever trainwreck Gitea is heading for. It's going to a hardfork soon.

possiblylinux127@lemmy.zip

What hardware are you looking at?

I would do a three node cluster (maybe even 5 node)

meyotch@slrpnk.net

That's surely overkill for my use level. Most of these services are only really listening to the web port most of the time. Yes, some like Immich or Paperless-ngx do some brief intense processing, but I am skeptical that I need nearly that much separation. I am using an AMD Ryzen 7 5825U. I am open to ideas, but I also press hard against over-investing in hardware for a single-person home setup.

meyotch@slrpnk.net

That's very relevant. Thanks for the heads-up. I will look into that.

meyotch@slrpnk.net

Good insights, thank you for the perspective. I will look into that more closely before committing.

meyotch@slrpnk.net

I do have a backup plan. I will use the on-board SSD for the main system and an additional 1Tb HDD for an incremental backup of the entire system with ZFS, all to guard against garden-variety disk corruption. I also take total system copies to keep in a fire safe.