from Thunderbird4@lemmy.world to selfhosted@lemmy.world on 05 Feb 17:14
https://lemmy.world/post/25167842
A year ago I built a NAS to reduce my reliance on cloud services, and set up an arr stack. I went with TrueNAS Scale, which was on Bluefin at the time. In the past 12 months, TrueNAS Scale has been through FOUR major OS versions, with a fifth already announced. At least one of those involved a release train switch so, despite diligently checking for updates in the dashboard, I was left in the dust with an obsolete OS, and didn’t find out until it was already a huge hassle to upgrade.
I’ve been really happy with the utility and benefit of having this tool, but holy smokes how is anybody supposed to keep up with all of this? This is far from my only hobby, and I simply do not have the time, patience, or interest for a constant race to keep up with vetting new release versions and fixing what breaks every 3 weeks. I have enough tinkering hobbies as it is.
On top of that, there’s the whole blow up with TrueCharts, which has also left me with an entire suite of obsolete albatrosses around my NAS that I need to deal with. Am I still waiting for them to figure out an upgrade path? I don’t even know anymore.
Sorry for the rant, but I guess what I’m looking for is: how do you keep up with the constant maintenance and updates, and where do I go from here, in February 2025, with a system running Bluefin 22.12, a 32TB ZFS pool (RAIDZ1) that has to remain intact, and a handful of TrueCharts apps that I don’t want to lose the data from (e.g. Jellyfin configs/watch history)?
threaded - newest
For one I don’t use software that updates constantly. If I had to log in to a container more than once a year to fix something, I’d figure out something else. My NAS is just harddrives on a Debian machine.
Everything I use runs either Debian or is some form of BSD
Same, but openSUSE. Tumbleweed on my desktop and laptop, Leap on my servers.
And yeah, if I need to babysit something, I’ll use an alternative. I’ll upgrade when I’m ready to, which is usually over holidays when I’m bored and looking for a project.
OS updates I only bother with every 6-12mo, though I also use debian which doesn’t push major updates all that regularly.
As far as software goes; pretty much everything is in a docker container with watchtower automatically pulling new updates to those nightly at 4am. It sends me email notifications, so It’ll tell me if an update fails; combined with uptime-kuma notifying me if any of my services is unavailable for whatever reason.
The rest I’ll usually do with the OS updates. Just because an update was released, doesn’t mean you’ve gotta drop everything and install it right this moment.
I dont :) Mostly.
Honestly I have an auto backup system. And then set it up to auto update periodically. Then use Debian Server as it almost never breaks as a server distro.
First off, backups of the configs any user data that you can’t torrent should the inevitable happen.
Then set time aside to do updates, I spend Wednesday evenings updating and improving my setup.
Then find a way to track update announcements, I use both an RSS reader and newrealeases.io to know when something I run gets an update
Gentoo.
Daily automatic updates of the OS.
Services and containers are updated at random when i have time.
Its been many years, I have fun doing it.
Not a chore.
Similar to the others although I have messed with Ubuntu, CentOS, Fedora, and even a few others for like a day or two each.
At the moment I am using Fedora. My drives are raided and my main storage has all the data and the docker config directory’s.
Using docker for everything, watchtower for updates, and pertained to manage the containers with a gui. All the containers are directed to /mnt/drive/allMyData. In there is my data folders. Shows, movies, plex configs for recording over the air, ebooks, documents, etc.
Mainly I set it up this way so I can easily change distros if I wanted to and have all my services back up in an hour or so.
I started a text file that contains the command lines I have used to start all of my docker containers. This way if I need to I reference it and use the exact same commands mapped volumes to the same folders. Now I am back up and running in a few clicks. No need to backup the container if all the data in it is setup in folders in my main data directory.
However I am running a separate hardware raid setup prior to os. This way all my data stays safe as a separate volume.
I run Debian on most of my systems and run all of my services in docker (with rare exceptions for node_exporter or stable core tools). My base systems get automatic security upgrades, and then I’ll manually check in every few weeks whenever I feel like it.
My services in docker are version locked to a specific major version (when there’s a tag available) so I can usually re-pull to get minor version updates freely without breaking issues. My few more finnickey services get manual upgrades from me every 6 months or so only.
I usually stick to an OS version for as long as I can, and to that aim I stick to LTS versions with long support windows.
4 major versions in 12mo is…a lot. Especially if those include breaking changes for you. Yikes
Is it exposed to the internet?
Mine is local only so I’m not as diligent with updates. I push them like once every 2-3 weeks. Some containers automatically update but some don’t because in the past that has broken associated scripts
I have automatic updates on everything. If it breaks, I fix it when I have time. If I don’t, it remains broken.
I could also just not do updates, but I like new features.
In life? Amphetamines.
I learned that I can’t rely on someone else’s recipes: in my case it was abandoned/badly configured unraid apps. I now exclusively use a docker compose yml where i control and tag specific versions. I intentionally stay behind 2 versions on nextcloud (stable = alpha; oldstable = beta), and for databases i stay on the LTS. Then i import the calendar from endoflife.date in my calendar app to see if i have to move the target up a bit.
Every once in a while i go there and i update manually everything
Unraid + Unifi network equipment. Everything is scheduled and automatic, with the exception of large Unraid updates, but those are only every ~6 months. Every night mover from cache SSD - > HDD array, then checks for plugin updates, then docker container updates, if Monday morning SSD trim, and if 1st of the month does an array parity check/repair.
After all that if it’s Monday morning, Unifi will check for firmware then software updates.
Sometimes a docker container will get a breaking update maybe once a year, and then I just go look @ documentation and see what needs to be changed to the config to fix.
Use Debian LTS or Ubuntu LTS (10 years support with free Ubuntu Pro). Turn on automatic unattended updates. Upgrade OS when you’re bored one of those years.
Keywords:
I have rss feeds for my main service updates so I know what new features I have, the services mostly run in podman containers and update automatically each Monday. I also have daily backups (timed to run just before the update on monday) in case anything does break.
If it breaks I fix it depending on how much I want/need it, mostly it’s a matter of half an hour to fix it and with my current NixOS/Podman system I haven’t yet needed to fix anything this year so it breaks infrequently.
Also why are you using Kubernetes on a single host if you want minimal maintenance? XD
My recommendation is to switch to just managing containers, you should just be able to export the volumes out of kubernetes and import them as normal volumes, as long as they’re mounted in the right place you keep your data and if it doesn’t work just try again. Not like you need to destroy the current system to slowly replace it.
Edit: I also recommend to update and reboot frequently, this stops updates and unstable configurations from piling up.
Wow, neat approach.
If it works, I don’t update unless I’m bored or something. I also spread things out on multiple machines, so there’s less chance of stuff happening like you describe with the charts feature going away. My NAS is pretty much just a NAS now.
You can probably backup your configs/data, upgrade, then deploy jellyfin again, restore, and reconfigure. You should probably backup your data on your ZFS pool. But, I recently updated to the latest TrueNas Scale from ~5 year old FreeBSD version of TrueNas and the pools still worked fine (none of the “apps” or jails worked, obviously). The upgrade process even ported my service configurations over. I didn’t care about much of the data in the pools, so only backed up the most important stuff.
Hahahaha, one of my kind!
My upgrades usually occur because I’m setting up a new system anyway, that way my effort is building for tomorrow in addition to the upgrades, and I get testing time to ensure changeover is pretty smooth.
In the business world it’s pretty common to do staged or switchover upgrades: test new version in a lab environment, iron out the install/config details. Then upgrade a single production server and do a test with a small group of users. Or, build new servers with the new stuff, have a set of users run on it for a while, in this way you can always just move those users back to a known good server.
How do you do this at home? VMs for lots of stuff, or duplicate hardware for NAS type stuff (I’ve read of running TrueNAS in a VM).
To borrow from the preparedness community: if you have 1 you have none, if you have 2 you have 1. As an example, the business world often runs mission-critical systems in a redundant setup in regionally-different data centers, so a storm won’t take them down. The question is how to reproduce this idea in a home lab environment.
This is not practical for a home setup. Not because it would be expensive for more hardware or whatever, but because as soon as you have multiple systems doing the same thing, their state diverges and for pretty much anything that is popular for selfhosting you cannot merge them again or mirgrate users between them without loosing anything. Distributed databases alone are a huge pita, and maintaining such redundant setups would be a million times more effort than just making sure that you can easily and quickly atomically roll back failed updates
As I said “how to reproduce this in a home setup”.
I’m running multiple machines, paid little for all of them, and they all run at pretty low power. I replicate stuff on a schedule, I and have a cloud backup I verify quarterly.
If OP is thinking about how to ensure uptime (however they define it) and prevent downtime due to upgrades, then looking at how Enterprise does things (the people who use research into this very subject performed by universities and organizations like Microsoft and Google), would be useful.
Nowhere did I tell OP to do things this way, and I’d thank you to not make strawmen of my words.
Ansible.
How does that help here?
For automating maintenance and updates? How exactly does it not?
They are complaining because of the number of updates and breaking changes. Ansible just a tool for bulk changes
I’ve got backups. Haven’t updated or looked at my server in months. If I’m ever compromised by missing security updates, I just load a backup and regenerate all keys.
I don’t put any critical data on public facing servers.
I have everything containerized (Podman) on my Debian PC and use Diun to check for updates and send notifications to a Discord server that I monitor. I do all of my updates manually so I don't update unless I have time to troubleshoot; if it breaks I still have the configs and data so I can delete the container and start over.
I also do monthly backups to cold storage (yeah, they should be weekly/biweekly but it's just personal data that I'm okay with losing). I don't use a RAID config or BTFS/ZFS like some do, so it's pretty easy to just set it and forget it. It really depends on what you're trying to do, how bulletproof it needs to be, and how you like to organize things.
You might want to think about running a “stable” or “LTS” OS and spin up things in Docker instead. That way you only have to do OS level updates very rarely.
I learned this the hard way as well… I did a big OS update on mine once and it broke almost every application running on it. Docker worked perfectly still. I transferred everything I could to Docker after that.
Thanks for this. I’ve recently been recreating my home server on good hardware and have been thinking it’s time to jump into selfhosting more stuff. I’ve used Docker a bit, so I guess I’ll have to do it the right way. It’s always good to know what choices now will avoid future issues.
Just subscribe to the release channel. That varies from OS to OS or Software, but is worth it.
Use tools that are universal. For example, I have not used TrueNAS Scale because they did not support native docker at the time. OS specific solutions are more likely to break then universal once (truecharts vs docker)
To get up and running again after a complete failure i can just download the latest config and data from my backup and set up any distro that supports docker and my system is running again.
I do OS upgrades when they are available, usually within 1 or 2 days and containers are updated with watchtower daily.
I use NixOS so if an update breaks, I just roll back. And since it’s effectively a rolling release distribution there isn’t any risk of being left behind on an outdated version.
Same here. I spent last month transitioning all my servers to NixOS and it feels so comfy! I do a small test on my desktop when I do something that might break stuff first, and then add it to server’s config later.
–target-hostand–use-remote-sudomakes it even better too.That’s not even to mention declarative, rootless, podman containers via systemd or quadlet (the containers, too, can be NixOS)!
NixOS Containers can also be a good option if you don’t care about rootless.
Constant maintenance? What’s that?
Here’s my setup:
I honestly don’t think about it. I run updates when I get to it (every month or so), and I’ll do an OS upgrade a little while after a new release is available (every couple years?). Software gets updated periodically if I’m bored and avoiding more important things. And I upgrade one thing at a time, so I don’t end up with everything breaking at once. BTRFS snapshots means I can always roll back if I break something.
I don’t even know what TrueCharts is. Maybe that’s your issue?
Yeah, everything that’s already been said, except that I specifically chose an off-the-shelf Synology NAS with Docker support to run my core setup for this exact reason. It needs a reboot maybe once or twice a year for critical updates but is otherwise rock solid.
I have since added a small N100 box for things that need a little extra grunt (Plex mainly) but I run Ubuntu Server LTS with Docker on that and do maintenance on it about as often as I reboot the NAS.
Debian, baby.
You can choose a slower train for scale. Go for the stable release or even the enterprise release. Update once in a few months or so.
I went with Talos OS for my apps after the mess from IX-systems and for the most part it has been set and forget.
Do you run Talos on bare metal or on something like Proxmox? Care to discuss your k8s stack?
Currently I run Talos on a VM on scale. I went with Truecharts. The plan for me is to run it on bare metal at some point.
I’m looking at Talos on my Proxmox cluster as VMs. I’m trying to automate it all through ansible and currently stuck trying to bootstrap my secrets manager. Somewhat of an analysis paralysis at the moment. Thinking of using a cloud hosted one with some kind of a local passthrough cache in case the WAN connection gets disrupted.
Docker: More or less automatically upgraded (compose)
Proxmox/TrueNas: My setup breaks so often or I want to do something that I will check it every once in a while and run updates
Main Debian NAS: Automatic updates. (apt)
Raspberry Pi: Automatic Updates (apt)
Windows: If it prompts me and I am shutting it down amyway: Fine. Thanks for notifying.
I stopped chassing updates quite some time ago.
Release: stable
Keep the updates as hands off as possible. Docker compose, TTeck’s LXC updater, automatic upgrades.
I come through once a week or so to update the stacks (dockge > stack > update), I come through once a month or so to update the machines (I have 5 total). Total time updating is 3hrs a month. I could drop that time a lot when I get around to writing some scripts to update docker images, then I’d just have to “apt update && apt upgrade”
Minimise attack surface and outsource security. I have nothing at all open to the internet, I use Tailscale to create tunnels. I’m trusting my security to Tailscale but they are much, much, better at it than I am.
.
Automatically upgrading docker images sounds like a recipe for disaster because:
That’s why I refuse to automate updates. I sometimes go weeks or months between using a given service, so I’d rather use vulnerable containers than have to go fix it when I need it.
I run OS updates every month or two, and honestly I’d be okay automating those. I run docker pulls every few months, and there’s no way I’d automate that.
I’ve encountered that before with Watchtower updating parts of a serrvice and breaking the whole stack. But automating a stack update, as opposed to a service update, should mitigate all of that. I’ll include a system prune in the script.
Most of my stacks are stable so aside from breaking changes I should be fine. If I hit a breaking change, I keep backups, I’ll rebuild and update manually. I think that’ll be a net time save over all.
I keep two docker lxcs, one for arrs and one for everything else. I might make a third lxc for things that currently require manual updates. Immich is my only one currently.
Glad it works for you.
Automatic updates of software with potential breaking changes scares me. I’m not familiar with watchtower, since I don’t use it or anything like it, but I have several services that I don’t use very often, but would suck if they silently stopped working properly.
When I think of a service, I think of something like Nextcloud, Immich, etc, even if they consist of multiple containers. For example, I have a separate containers for libre office online and Nextcloud, but I upgrade them together. I don’t want automated upgrades of either because I never know if future builds will be compatible. So I go update things when I remember, but I make sure everything works after.
That said, it seems watchtower can be used to merely notify, so maybe I’ll use it for that. I certainly want to be around for any automatic updates though.
It’s Watchtower that I had problems with because of what you described. Watchtower will drop your microservice, say a database, to update it and then not reset the things that are dependent on it. It can be great just not in the ham fisted way I used it. So instead I’m going to update the stack together, everything drops, updates, and comes back up in the correct order
Uptime Kuma can alert you when a service goes down. I am constantly in my Homarr homepage that tells me if it can’t ping a service, then I go investigating.
I get that it’s scary, and after my Watchtower trauma I was hesitant to go automatic too. But, I’m managing 5 machines now, and scaling by getting more so I have to think about scale.
I don’t use Watchtower myself for the same reasons described, but I was under the understanding if you had a container as a dependency on another container that if you took the dependency down it also took the container down. Is this not actually true?
I am not the person to be asking, I am no docker expert. It’s is my understanding depends_on: defines starting order. Once a service is started, it’s started. If it has an internal check for “healthy” I believe watchtower will restart unhealthy containers.
This is blind leading the blind though, I would check the documentation if using watchtower. We should both go read the “depends on” documents as we both use it.
Strangely it sounds like that’s correct. I was under the understanding that depends_on cared about it past start as well but it does not. It doesn’t look like there’s a native way of turning containers that are depending on one another when you turn the dependency off. It looks like the current recommended way of doing it is either with a Docker compose file (which doesn’t help if the process crashed/was concidered unhealthy), or having a third party script on the host monitor the dependencies and if one is considered offline, it turns the dependees off.
Looking into it the concern has been approached twice now on the GitHub page, however every time that it’s been brought up it’s been closed for stale because nobody ever replies to the question
That was my conclusion as well, however I am at work and it’s not appropriate to be reading docker documentation. Thank you for the write up.
I run a Fedora server.
All of my apps are in docker containers set to restart unless stopped by me.
Then I run a cron job that is scheduled at like 3 or 4am that runs docker pull on all containers and restarts them. Then it runs all system updates and restarts the server.
Every week or so I just spot check to make sure it is still working. This has been my process for like 6 months without issue.
Try watchtower instead of cron jobs
I’ll check it out! Thanks!
Depends on your stance on risk since WatchTower has to run as privileged
This is a good point. Generally if can accomplish what I want with my own scripts, I will go that route. I’ll probably avoid adding additional software to the mix since what I have works fine enough.
At least you get updates. I'm running TruNAS core which isn't updated anymore, and I have some jails doing things so I can't migrate to scale easially.
The good news is this still works despite no updates it does everything it used to. There is almost zero reason to update any working NAS if it is behind a firewall.
The bad news is those jails are doing useful things and because I'm out of date I can't update what is in them. Some of those services have new versions that add new features that I really really want.
I have ordered (should arrive tomorrow) a N100 which I'm going to manually migrate the useful services to one at a time. Once that is doing I'll probably switch to XigmaNAS so I can stick with FreeBSD. (I've always preferred FreeBSD). That will leave my NAS as just file storage for a while, though depending on how I like XigmaNAS I might or might not run services on that.
Core is still getting updates?i got one last week.
only the most basic security. It is out of date according to the pkg system and so jails cannot be updated-
Super lame. BSD is very preferable for core systems like this.
I know, I like BSD. However because core isn't a supported version of FreeBSD I cannot update the other things I run on my NAS. I'm more worried about an attack on those out of date services than I am about the few issues that have been fixed
Yes of course. So BSD Truenas is dead? That is a True shame, as BSD is rock steady reliable and runs on truly ancient hardware just fine.
on life support thay haven't pulled the plug yet but it is coming. They are not updating anything not urgent and so new hardware support is dead as are jails to do useful things. I'm probably moving to xigmanas in the near future.
Thst seems like a good option. Ive got some test beds to try it out on
if all users and devices on the network are well behaved and don’t install every random app, even if from the play store, then yeah, it’s less of a risk
I use debian, so what’s to keep up with? Apt upgrade is literally everything I need. My home server doesn’t take a lot of my time except when I want to tweak something or introduce something new. I dont really follow all the trendy stuff at all and just have it do what I need.
This is why I’m still using a Synology ¯\(ツ)/¯
I can install all the fun stuff I want in Docker, but for the core OS services, it’s outsourced to Synology to maintain for me
I run proxmox on the host with docker in a VM for 90% of my stuff, OS updates I do like every 6 months maybe, I’ve done 1 major version upgrade on proxmox with no issues at all.
The docker containers auto-update via Komodo, and nothing really ever breaks anymore other than the occasional container error that needs a simple fix.
Everything important is backed up nightly using both proxmox backup server, and to backblaze B2 with restic.
I’ve never heard of komodo, I’ve heard a lot about Watchtower but I found it more annoying to set up due to its labeling systems. Is there any added benefit for Komodo over using a standard watch tower setup?
I haven’t set up either of them, but my main concern is having a breaking change be automatically updated
Komodo is a full management setup, similar to Portainer, Dockge, etc… It works reasonably well.
Watchtower doesn’t require any labeling unless you want to exclude a container.
Pinning to a major version usually solves this, ie; instead of using
postgres:latestusepostgres:14which will give you updates only from version 14.But also have backups in place, worst case you just roll back to before it updated.
Oh ok, thank you, I already use Portainer for my existing setup so it wouldn’t make much sense to fully rework it. I haden’t thought of version pinning though so I may implement that instead, it makes sense “breaking changes” wouldn’t happen within the same major version.
Yeah pinning is great, you’ll still need watchtower for auto updates too
Yea for sure, I plan to implement that as well when I have some free time.
I’ve never used true nass, but I’ve never had any issue with keeping up with releases. I use a proxmox host with Debian containers mostly, and then I use ansible to do any major changes to the hosts such as replacing certificates or upgrading the packages
Being said my backup structure isn’t the most professional, I have a 8 TB external drive that I keep plugged in via USB and I have proxmox backup server on the same host and it creates backups nightly
I switched away from truecharts once scale switched to native docker and my experience has been much smoother since. TC had some kind of breaking change every other month, now I only have to worry about breaking changes when the actual apps have a major update.
The transition was way easier than i expected. First I set up nginx pointing to the TC load balancer for every url, so I could swap apps one at a time. Then I used heavyscript to mount the volumes for an app and rsynced them to a normal dir. With that I could spin up the community apps version or a custom docker config and swap over nginx once I confirmed it was working.
I use Debian stable for my main OS for the stability, security and infrequent updates, and run all of my services in Docker containers to keep everything up to date.
Thanks for a lot of useful replies, everyone. Sorry I ghosted my own post for a couple days. I’m seeing surprisingly few people who actually use or used TrueNAS, so maybe that’s something to consider moving away from. I’ll have to weigh my options.
ngl the newest truenas version is incomprehensible to me. Makes most of the videos on it obsolete, and the docs aren’t much better, all while trying to abstract docker compose in a way that makes it shit itself when you try to use anything not specifically developed to work with TNS’s storage layout.
It’ll probably improve with time but I clearly picked the worst time to pick it up.
I’ve decided either to return to dietpi.com or try prox mox and pray it’s more stable.