Today I learned that for some reason some DNS servers don’t like SRV records, so had to troubleshoot it when people were unable to log onto my Minecraft server that is on a non-default port.

Configured changedetection.io to notify me when my usual bus is delayed or canceled.

I’m still trying to get a good backup strategy. I am currently using Duplicati but I cannot get the before script execution to work. I will eventually look at Kopia.

What kind of hardware are you using for a mini lab? I want to switch from a raspberry pi 5 to a small form factor Intel based system so I can run Proxmox. I was looking at the Lenovo m920q or an Optiplex 79xx series machine.

Do you have any recommendations for backups or the hardware switch I mentioned?

This week moved all my vps’s to nixos, so am now able to use one flake for my desktop and all my vps’s which significantly lowers down the time I need to manage my vps’s.

Nowto move my proxmox homelab server ( an old desktop pc I bought recently ) and all my server’s/devices witll be running nixos.

EDIT: An issue I’m thinking about is getting a “proper” server. Not a server like a server rack server, but a mini pc or something along those sides wbich would be a lot stronger and a lot more power efficient than the current 10+ y/o desktop pc I’m using currently.

So would like some reccomendations on that front, like what are some good mini pc brands and mini pc’s that I could have raid seted up on for nas or good budget parts and case to make one myself.

I’ve installed coraza web app firewall with OWASP ruleset this weekend. I must admit that it wasn’t as easy as I expected it, but it now (mostly) works. I had to give up with nextcloud though.

I know next to nothing about using the command line, so I’ve been relying pretty heavily on ChatGPT to set my stuff up and so far it has reliably helped me overcome every issue. The problem is, of course, that I often don’t even understand what the issue was in the first place so I don’t even know if the fix that the ai spits out is, let’s say, correct. I don’t really want to become an It expert, I just want to be able to host some services on my own to depend less on corps, is it alright if I continue to rely on the AI? Or do you guys think that I just have to learn this stuff or else I might mess up?

I don’t have great security concerns btw, my ISP doesn’t allow port forwarding, so I access my server exclusively though Tailscale.

Hello! I recently deployed GPUStack, a self-hosted GPU resource manager.

It helps you deploy AI models across clusters of GPUs, regardless of network or device. Got a Mac? It can toss a model on there and route it into an interface. Got a VM on a sever somewhere? Same. How about your home PC, with that beefy gaming GPU? No prob. GPUStack is great at scaling what you have on hand, without having to deploy a bunch of independent instances of ollama, llama.ccp, etc.

I use it to route pre-run LLMs into Open WebUI, another self-hosted interface for AI interactions, via the OpenAI API that both GPUStack and Open WebUI support!

Having electric stability issues this week in Bangkok - several 2-3 hour outages, which are too long for a UPS to cover the gap. I have several mid range but older PCs running docker, virtualbox, etc for various things including a postfix server for the family email, immich, QBittorrent, pihole, paperless, huly, postiz, a Minecraft bedrock server, a flightradar24 ads-b collector, and a variety of other homegrown projects.

Thinking about getting some or most of this over to a service like hetzner, perhaps even splurging on a baremetal dedicated system.

Recently I’ve been reading about/trying to learn qemu and proxmox, but don’t understand them yet. Is that where it’s at for managing a bunch of your own VMs? Or kubernetes/k8s?

I’ve been a little out of the loop for a few years and of course coming back up to speed IT wise judge take weeks. Looking for recommendations on offloading my home stuff to a cloud that I control.

   4 vCores (Xeon Gold 6150)
    26 GB DDR4 RAM
    150 GB Raid 1 NVMe
    1 Gbit internet speed | 40 TB Traffic
    1x IPv4
    1x /64 IPv6
    3.2Tbit Premium DDoS Protection
    24/7 Ticket Support
    4 Backups
    For ONLY 10€/Mo (recurring)

My problem is that I’m moving in the not so far future and I don’t know where to put my server. Physical security is important and if someone gets into my house, takes the computer and leaves, it’ll be worthless due to encryption. But if it’s in somebody’s datacenter (co-location or whatever), they could be forced to monitor my traffic, tamper with my system, and I’d have to entrust the key to somebody in order to boot the system and decrypt the drives should it restart for an update or for any other reason.

I’m considering asking a friend to host the homeserver and reimburse them for a better internet connection (fiber) + electricity costs. But I’m not sure they’d be up for it.

How would you solve the problem?

Anti Commercial-AI license

Up: My unraid server with media library, emby and my kids Down: the fiber internet line into the house that the contractor working on our siding snapped. No one is upset so the system is working.

Tried to use my fifteen year old intel atom home server for 4K videos with Jellyfin. Probably could have predicted that, but it was veeeery laggy 😄 no way that old of a processor can transcode 4K videos in real time. It is useful for backups though.

Anyone have a good guide on setting up a reverse proxy that works with tailscale? Not sure if there’s anything specific I need to keep in mind or if it would just be setting up the reverse proxy like normal. Thinking of using either traefik or caddy.

myverycoolserver.duckdns.org {
    @allowed {
        remote_ip 100.64.0.0/10  # Allow Tailscale IP range
    }
    respond @allowed 200  # Allow access
    respond 403  # Deny access for others
    reverse_proxy localhost:YOUR_SERVICE_PORT  # Your service configuration
}

myverycoolserver.duckdns.org {
    @allowed {
        remote_ip YOUR_TAILSCALE_IP  # Replace with the specific Tailscale IP
    }
    respond @allowed 200  # Allow access
    respond 403  # Deny access for others
    reverse_proxy localhost:YOUR_SERVICE_PORT  # Your service configuration
}

I need to get a new VPN setup. Been using OpenVPN through OPNsense for years but I’m fed up with the abysmal performance of the OpenVPN client on iOS. Open to suggestions but it has to be fully self hosted.

For some reason Grafana started to sync roles with my IdP (google) and now my own user keeps getting a read only role, so I decided to take this opportunity to finally move away from google and start hosting keycloak instead.

It was a busy week so I could not get the time to finish it yet.

Latest thing is my server was hard locking up randomly every couple days. Finally thought to check IPMI and it was triggering a correctable ECC error on a specific stick of RAM.

I figured maybe the first couple errors were correctable by the ECC RAM but then they just got worse and caused the lock up.

Pulled the 2 sticks in that pair and so far so good. I’ll survive just fine with the remaining 192GB of RAM lol.

Also switched from my old Dell box with Opnsense to a Linksys MX4300 running OpenWRT, saves me about 20W and its fun to try something different.

Sweet!

What’s up is everything I’ve been running and down is what I haven’t.

not working

I haven’t been able to get friendica to connect to Maria DB, so I’ll eventually try just MySql. Grafana isn’t running bc I would need to change a lot of things to get an exporter into each container and the truenas apps don’t really allow that configuration - fine if you have docker compose though, which I’ve started doing more and more.

new

I just got up and running with Stirling pdf, a free (and paid) PDF editor. That looks pretty sweet.

But I’m now also using 15GB of the 32 on the system, which is still plenty for Arc cache for me

what I want

I want to rent a VPS to host various fediverse apps, probably Lemmy, pixelfed, and write freely to start, for the nomad/expect communities. I’ve been looking at netcup and they have some decent arm offerings.

I’d like to put Talos Linux on it so I can get some kubernetes experience. They have a good sized server for €10, so I could expand to add a DB server or one specifically for logging and metrics.

I was looking at Hetzner, but I’ve read that their block storage is super slow and causes timeouts on DB.

Of course, can I even run these apps on arm? I guess I gotta find that out.

One thing I’d like to do is make a web page that makes signups super easy and would create an account on all services, ideally. Not a huge deal of that isn’t reasonable, but it’d be nice to allow doing it once rather than multiple times. If I could get sso, that’d be good, but I don’t know how supported that is.

DOWN:

I’m currently fighting with my OliveTin config file. I added a simple new config for a button action and ylthe whole thing just shit the bed. Now OliveTin won’t load at all. Even after removing the new config. Stupid yaml.

UP:

After reading the Jellyfin docs and their Hardware Encoder Quality section which states

Apple ≥ Intel ≥ Nvidia >>> AMD*

I decided to spin up a test server on the m1 mini that’s been sitting unused in my basement for a couple of months now to see if I can get better performance out of jellyfin on the m1 vs where it’s running currently, which is on an i7 Intel that’s going on 10ish years old now.

I also spun up baserow and directus containers to see which one I want to use for my database needs.

I’m currently trying to figure out why my email server got blocked by Proofpoint and they refuse to talk to me. Really about ready to give up on email after self-hosting it for a decade with few problems.

Currently rewriting my homelab into terraform and adding some redundancies using cloud environments, in case of power outages or network issues.

Trying to get the right combo of iptables rules to shuttle traffic from vps to home lab server (as I think I’ll need to do once my ISP upgrade puts me behind CGNAT for the first time…

Got it working sorta, but I didn’t like seeing my vps private link address instead of the remote in logs.

Been spending some time with podman, but ran into some issues with denied access on a bind mount. Messed around with acl for 30 minutes or so until I realized selinux is a thing.

So, now I’m learning selinux. I’m a long time ubuntu guy, but just now adding Rocky to my setup.

Immich is UP and even my wife likes it, now I’m slowly adding her 100gb library to immich. Kinda fun going through all those old pictures.

Proxmox Backup Server is DOWN. I’ve got a synology that boots at 11pm for my backup to use it as NFS share, but PBS won’t auto mount that darn NFS. Works fine with PVE backup.

Finally got it working just in time for life to implode again so I just powered it down and unplugged everything again.

This time I’m probably just gonna huck it out a window or into the trash

Everything is running and I’m not making many changes because work got hectic. I have a few projects I’d like to tackle once I get time:

• finish migrating to podman
• get a new drive to test migrating to microos
• get more media to finally eliminate Netflix (SO is still clinging to a few shows)
• find a smaller box for my NAS - currently in a massive ATX box, but I don’t want to pay an arm and a leg just for space savings

Trying to get navidrome routed through Traefik.

I think it’s rejecting it as an untrusted proxy because forwarding the ports locally works.

Also working on getting Traefik up and running on a TuringPi cluster to eventually move my workloads over to it.

spec:
      containers:
        env:
        - name: TZ
          value: Europe/Rome
        - name: ND_SCANSCHEDULE
          value: 0 * * * *
        image: deluan/navidrome:latest
        imagePullPolicy: IfNotPresent
        name: navidrome
        ports:
        - containerPort: 4533
          hostIP: null
          hostPort: null
          name: http
          protocol: TCP
        volumeMounts:
        - mountPath: /data
          mountPropagation: null
          name: config-volume
        - mountPath: /music
          name: music
          readOnly: true

I am re-re-factoring my plans for homelab 3.0 and the migration to it. Hardware budget is non-existant so I am trying to figure out how to do everything with what I already own, while re-organizing to better use what I have to make some room. Adding a few sticks of RAM and replacing some older cat5 are all I will do this year.

My biggest shortcoming at the moment is my NAS is also my gaming PC. It’s pretty inefficient to have that on all the time. But I haven’t had the time to build a dedicated NAS.

Weirdness:
My Authentik instance had a PostgreSQL upgrade prerequisite in order to update it.

I'd followed instructions 3-4 times completely unsuccessfully and had to keep reverting to backup.

So, I gave up for a couple weeks and left it be in order to get over my frustration.

Yesterday, I followed the instructions again. As far as I can tell, I did nothing different than I'd tried previously and it worked first try and then I was also able to upgrade Authentik.

NOTE: The instructions aren't exactly difficult! So, I don't see how I'd have gotten it wrong!

Currently in a holding pattern because, while I got RAM & SSD for a new-to-me “1-liter” server before tariffs hit, I don’t have the server itself nor any money to buy one, despite looking for 9th or 10th gen Intel which will cost me only $120 to $150 barebones.

Money to buy one is not coming in because the place where I live has nonstop noise & activity and I don’t have a separate room or any door I can close, which severely limits my ability to work as I have auditory hypersensitivity and an absolute need for solitude in order to recharge enough to think. 🤷🏻

I installed Jitsi Meet on my YUNOhost server and am very impressed. It works really well and needed basically no setting up after installing.

I finally finished setting up my Nebula network! An overlay network, as opposed to a true VPN, but excellent for flexibility and remote access. For anyone wanting maximum control over your network with excellent performance, I highly recommend it.

Check out apalrd’s blog for a great tutorial if you’re interested.

No new devices, but I migrated my homelab from an intel nuc to an old recycled HP z240 with a p1000 gpu I got for free. I had Nextcloud and jellyfin on it, but jellyfin gets the majority of the use.

I then added a gitea docker container to my server for my personal projects. Then I configured a miniflux container with some of my favorite RSS feeds for a lightweight way to view my feeds on my computer.

I would like to get pihole configured again in a docker container(I have only ever run it on a raspberry pi), but I have small children and a baby and they make it hard to find extra time in the day.

I recently setup a full matrix server. What I am currently worried about is my server. I am currently shopping for a used dual Xeon server. I am hosting close to 40 docker containers on 2 1 liter PCs with very low specs. I would love to bring it all in house to a single server with a separate NAD which I do have currently holding 60 terabytes of storage space.

I have a question on top of my matrix setup. Has any one integrated VoIP? I am trying to bring all communication in house.

I finally bought a tiny PC to replace my aging APU border router/firewall (OpenBSD), so I’m trying to wrap my head around building a router currently inside the network that it will be protecting.

I have Debian installed as hypervisor, Incus, and sticking with OpenBSD for the firewall. pf makes too much sense to me too switch to firewalld. I’ll also move the network-related containers off my main lab host once this is up and running.

I set up my old laptop as a home server, with a vps as reverse proxy via nebula. It runs Mint - strange for a server but that’s so it can still be a laptop. Syncthing keeps it in sync with the more portable laptop.

The ‘server’ now runs immich, which I can use super fast from the laptop itself; a bit slower if I connect with nebula over the LAN (it’s firewalled off from the LAN generally); or still pretty decently via the VPS on Https - and that VPS proxy means the family phones can connect with the apps easily.

Immich runs in podman, with some help from Lemmy about how to set that up.

And filebrowser makes it easy to share files or allow uploads with/from family around the world. With caddy on the VPS, ufw on the server and nebula in between, it’s really easy to add in something like filebrowser on a new subdomain.

Next is to try some other podman containers, or set up mqtt and owntracks.

i just moved almost all of my containers (except for my omada controller) to my VM running fedora and podman off my VM running ubuntu and docker. why? i was in a product sales call (being sold to) and didn’t have any actual work tasks to do during that time. Now there’s an additional VM on the network.

Trying to decide if I’ll move omada as well or just shift everything back. I shouldn’t have fiddled with the stack while I was bored. A video game or something would’ve been a better idea.

A couple things I've been working on

First, I spun up a larger VPS to consolidate two smaller ones. This time I dockerized almost everything. Still a docker newb, but karakeep, redmine, mbin, lemmy (still deciding which I want), davical. Asterisk and postfix/dovecot are probably gonna stay on the vps root. I'm using zfs and compression. Interestingly, the postgres database that everything is using seems to get better compression than the mail spool.

A couple weeks ago I picked up a NetApp 7 bay disk shelf for $30. It uses fibre channel (AT-FCX) controllers and I've never used that before. I grabbed a $7 FC HBA (QLE2560), a 2m cable and an m2-to-PCIe adapter meant for an eGPU. The idea is to see if I can't get the RK3588 board I'm playing with to see it. I did something similar with a $50 Dell 12 drive bay and my old C6100.

I started this about a month ago, absolutely no idea what I was doing, and in that short time this little box has grown a ton. Got the basics for cloud storage, jellyfin with the arr suite, navidrome to replace spotify/tidal, etc. Got my scanner going right into paperless, finally starting a budget planner with actualbudget, even set up homebox to maybe eventually keep track of my collections of random bullshit. Spent 3 days fighting with Wireguard and gluetun to make a single VPN connection that’ll hook me into my LAN but also output all my traffic through Mullvad, using pihole as my DNS - I should get Unbound set up at some point too but that’s a project for another day.

Today I learned about homeassistant, and while I’m not one to care about IoT shit or whatever, just dabbling with NFC tags for the lights and such has been pretty neat.

This week I’m getting a second machine in that I’m going to use exclusively as a NAS and stop relying on USB external hard drives.

I really just wanted a little 24/7 Bob Ross box with a bit of cloud storage, and this project blew up a lot more than I thought it would LOL

I’m working on self-hosting my own LLMs.

I realized there are things I wanna talk about and research but I don’t want to send it to open AI. Frankly I feel gross about how much I’ve sent to open AI. My desktop is a beefy gaming rig that I don’t use for gaming much. I have a 20thread core, 64gb ram, an Nvidia gtx 3060 and 5 spare TB so why not.

• I keep a few ollama models downloaded and I’m slowly getting to know them and what they can do. Gemma seems to answer the fastest so I’ve been using that. Deepseek is like the reasoning button on chatgpt.
• I use openai-whisper to transcribe meetings I record using OBS. It’s really slow so I have a cronjob transcribe all my meetings for that day overnight.
• Open Web UI is a fantastic LLM frontend. It provides tools, rags, web searching, and model ranking all as a simple to use UI.
• My desktop has a Wireguard server which makes it easy to use my OpenWebUI on my phone.

Now I want to work on giving the LLM access to my Google calendar so it can create reminders for me. I’m sick of forgetting to think about remembering to do things so I hope if I can just ramble at the LLM about what I’m doing or what’s on my mind it can organize my thoughts. What else are these LLM actually for?

Not really self-hosted, but I set up obsidian with syncthing and am going to transfer all of my notes from book stack to it and let bookstack be more organized documentation and obsidian to be a big scattering of notes and tags and such. I tried it with bookstack, but the flow was too much of a barrier for me to use it consistantly

I finally dealt with the AI scrapers hammering my Forgejo instance - jade.ellis.link/…/actually-stopping-forgejo-ai-sc… Hopefully next week I’ll be able to get back to actually programming Continuwuity rather than fighting fires.

Set up Traefik. Had it working with authelia to forward requests to authenticate then to the destination.

Friend mentioned caddy and a plugin that means all you need are docker labels. So I spent the next 3 days setting up caddy.

Accidentally overwritten my compose file and had to restart.

Luckily my authelia was saved elsewhere. But after fixing it

I ran git init and git add .

I shall be a fool no more.

Anyways, now I’ve got cloudflare blocking all requests outside of the UK, as well my friends and I don’t live outside of it. Set it up such that caddy uses the DNS challenge with cloudflare API key.

So now I can set a DNS entry for internally only. E.g. internal.example.com resolves to a private address for tailscale.

Was able to put calibre web on nixos. Still trying to build a package that’s not available (piped), but boys is it hard to package java stuff for nixos…

How the hell do you get Wger working on http only? I always get the CSRF error even after trying their recommendations

Went through and verified that a number of things were backing up and updating correctly. I feel a little less weight on my shoulders knowing things are working as they should.

Hi, I finally set up tailscale on my raspbery pi, in exit node mode so I have access to my whole network. I also set AdGuard an the very same pi with dhcp. I finally bought home assistant voice device, didn’t arrive yet, but cant wait to experiment with it.

I still have to setup Authelia for sso, I want to setup a device on my network as a (proton) vpn gateway (zero knowledge right now) and then I want to start learning about pfsense to properly segment my network (into subnets) and have more control.

Finally found what’s causing my laptop’s DNS servers to change automatically in the background. It was the systemd-resolved FallbackDNS setting. Disabled it in a config and now I can access all my custom DNS names.