How do you keep up?
-
[email protected]replied to [email protected] last edited by
They are complaining because of the number of updates and breaking changes. Ansible just a tool for bulk changes
-
[email protected]replied to [email protected] last edited by
Yeah, everything that's already been said, except that I specifically chose an off-the-shelf Synology NAS with Docker support to run my core setup for this exact reason. It needs a reboot maybe once or twice a year for critical updates but is otherwise rock solid.
I have since added a small N100 box for things that need a little extra grunt (Plex mainly) but I run Ubuntu Server LTS with Docker on that and do maintenance on it about as often as I reboot the NAS.
-
[email protected]replied to [email protected] last edited by
Debian, baby.
-
[email protected]replied to [email protected] last edited by
You can choose a slower train for scale. Go for the stable release or even the enterprise release. Update once in a few months or so.
I went with Talos OS for my apps after the mess from IX-systems and for the most part it has been set and forget.
-
[email protected]replied to [email protected] last edited by
Docker: More or less automatically upgraded (compose)
Proxmox/TrueNas: My setup breaks so often I want to do something that I will check it every once in a while and run updates
Main Debian NAS: Automatic updates. (apt)
Raspberry Pi: Automatic Updates (apt)
Windows: If it prompts me and I am shutting it down amyway: Fine. Thanks for notifying.I stopped chassing updates quite some time ago.
-
[email protected]replied to [email protected] last edited by
Release: stable
Keep the updates as hands off as possible. Docker compose, TTecks lxc updater.
I come through once a week or so to update the stacks, I come through once a month or so to update the machines. Total time updating is 3hrs a month, I could drop that a lot when I get around to writing some scripts to update docker images.
Minimise attack surface and outsource security. I have nothing at all open to the internet, I use Tailscale to create tunnels. I'm trusting my security to Tailscale but they are much, much, better at it than I am.
-
[email protected]replied to [email protected] last edited by
Release: stable
Keep the updates as hands off as possible. Docker compose, TTeck's LXC updater, automatic upgrades.
I come through once a week or so to update the stacks (dockge > stack > update), I come through once a month or so to update the machines (I have 5 total). Total time updating is 3hrs a month. I could drop that time a lot when I get around to writing some scripts to update docker images, then I'd just have to "apt update && apt upgrade"
Minimise attack surface and outsource security. I have nothing at all open to the internet, I use Tailscale to create tunnels. I'm trusting my security to Tailscale, Pihole and my ISP's firewall, but they are much, much better at it than I am.
-
[email protected]replied to [email protected] last edited by
Same here. I spent last month transitioning all my servers to NixOS and it feels so comfy! I do a small test on my desktop when I do something that might break stuff first, and then add it to server's config later.
--target-hostand--use-remote-sudomakes it even better too. -
[email protected]replied to [email protected] last edited by
I run a Fedora server.
All of my apps are in docker containers set to restart unless stopped by me.
Then I run a cron job that is scheduled at like 3 or 4am that runs docker pull on all containers and restarts them. Then it runs all system uldtwa and restarts the server.
Every week or so I just spot check to make sure it is still working. This has been my process for like 6 months without issue.
-
[email protected]replied to [email protected] last edited by
At least you get updates. I'm running TruNAS core which isn't updated anymore, and I have some jails doing things so I can't migrate to scale easially.
The good news is this still works despite no updates it does everything it used to. There is almost zero reason to update any working NAS if it is behind a firewall.
The bad news is those jails are doing useful things and because I'm out of date I can't update what is in them. Some of those services have new versions that add new features that I really really want.
I have ordered (should arrive tomorrow) a N100 which I'm going to manually migrate the useful services to one at a time. Once that is doing I'll probably switch to XigmaNAS so I can stick with FreeBSD. (I've always preferred FreeBSD). That will leave my NAS as just file storage for a while, though depending on how I like XigmaNAS I might or might not run services on that.
-
[email protected]replied to [email protected] last edited by
Try watchtower instead of cron jobs
-
[email protected]replied to [email protected] last edited by
I'll check it out! Thanks!
-
[email protected]replied to [email protected] last edited by
Core is still getting updates?i got one last week.
-
[email protected]replied to [email protected] last edited by
only the most basic security. It is out of date according to the pkg system and so jails cannot be updated-
-
[email protected]replied to [email protected] last edited by
Super lame. BSD is very preferable for core systems like this.
-
[email protected]replied to [email protected] last edited by
Do you run Talos on bare metal or on something like Proxmox? Care to discuss your k8s stack?
-
[email protected]replied to [email protected] last edited by
Thanks for this. I've recently been recreating my home server on good hardware and have been thinking it's time to jump into selfhosting more stuff. I've used Docker a bit, so I guess I'll have to do it the right way. It's always good to know what choices now will avoid future issues.
-
[email protected]replied to [email protected] last edited by
I use debian, so what's to keep up with? Apt upgrade is literally everything I need. My home server doesn't take a lot of my time except when I want to tweak something or introduce something new. I dont really follow all the trendy stuff at all and just have it do what I need.
-
The good news is this still works despite no updates it does everything it used to. There is almost zero reason to update any working NAS if it is behind a firewall.
if all users and devices on the network are well behaved and don't install every random app, even if from the play store, then yeah, it's less of a risk
-
[email protected]replied to [email protected] last edited by
Automatically upgrading docker images sounds like a recipe for disaster because:
- could pull down change that requires manual intervention, so things "randomly" break
- docker holds on to everything, so you'd need to prune old images or you'll eventually run out of disk space; if a container is stopped, your prune would make it unbootable (good luck if the newer images are incompatible with when it last ran)
That's why I refuse to automate updates. I sometimes go weeks or months between using a given service, so I'd rather use vulnerable containers than have to go fix it when I need it.
I run OS updates every month or two, and honestly I'd be okay automating those. I run docker pulls every few months, and there's no way I'd automate that.
