N100 that just got built today with only Ubuntu and portainer installed. I still gotta migrate what I had in my main PC, which was emby, sonarr, bazarr, qbittorrent and prowlarr. It’ll be…fun
You’re probably right. I mean. I need most of the network devices, and I didn’t list everything I am running on each, just big things. I do need to consolidate some if them though. Its been a trip and has made me a better IT though.
Anyway, beefy HP laptop with 32gb ram and Xeon CPU to run all services. 3 RAID-1 (Linux sw raid) usb3 volumes to host all services and data.
Two isp’s: Vodafone FVA 5G (data capped) for general navigation and Fastweb FTTC (low speed but uncapped) for backup access and torrent/Usenet downloads.
Gentoo Linux all the way and podman, but as much limited as possible: only immich (that’s impossible to host on bare metal due to devs questionable choices).
Services: WebDAV/webcal/etc wiki, more stuff, arrs, immich, podfetch, and a few more.
The service runs as an unpriviledged user, even if, at worst, an intruder would delete or replace the wiki itself. Even the php-fpm behind it runs as that unpriviledged user and is not shared with any other service.
I doubt an attacker could do anything worse than DoS on the wiki itself.
Not saying it’s not secure, just that I’d have constant doubts whether I’ve covered all the bases if I were doing it. Especially ensuring an intruder can’t compromise anything else if they take it over via some security exploit in PHP or DocuWiki itself.
Self built Proxmox server (5600G/64gb ram/1x2tb nvme+4x4tb hdd) with 2 nics running litrally everything. List of services I run is long and Im too lazy to type them.
Separate K8s cluster with Single control pane (2nd hand old small form-factor HP stuff) and 3 Nodes to run more resource intensive stuff that doesn’t need to be close to the data source:
*ARR
HomeAssistant in another 2nd hand HP small form factor box
Western Digital My Cloud EX2 (Original) for storage
Raspberry Pi 5 for Home Assistant, Navidrome, Jellyfin, Kavita, Immich, Paperless and eventually NextCloud. Though it’s being a bastard and won’t run right now.
I need to get a Nano Pi to run OPNSense and Pi-Hole and I’ll be happy.
2 mirrored 4TB HDDs and 1 12 TB HDD, luks encrypted and on 2 zpools (I have an “unsafe” mount path for data on a single drive like media)
removable flash drive with boot partition and main SSD keyfile
-Zwave dongle
That’s it.
I can run everything I need to on it and my home internet is only 100/30 still because I don’t live in a city, so 2.5gig networking isn’t worth the cost. a380 does all of the hardware transcoding I need at a fairly low power. It isn’t as good as just getting a newer NUC, but it was cheaper and a fun project.
Also doing a full renovation, so KNX will be connected for home assistant to control my lights and things and my smart home stuff will probably balloon.
A 13-year-old former gaming computer, with 30TB storage in raid6 that runs *arrs, sabnzbd, and plex. Everything managed by k3s except plex.
Also, 3-node digital ocean k8s cluster which runs services that don’t need direct access to the 30TB of storage, such as: grocy, jackett, nextcloud, a SOLID server, and soon a lemmy instance :)
I plan on using digital ocean’s Spaces (s3-alike) where possible and also it’s intended to be a personal instance, at least to start - just for me to federate with others and subscribe to my communities. Given that, do you think it’ll still use much disk (block device) storage?
Might be time to familiarize myself with DO’s disk pricing…
Proxmox VE on a machine that I got almost for free. Intel i3-4160, 10GB RAM, 240GB SSD for the OS, and a non-redundant 1T HDD for storage. The only things I paid for are a second NIC and an 8GB RAM stick.
PVE is running a pfSense VM, and a bunch of Debian containers:
Samba
Jellyfin (still setting it up)
Twingate Connector
All internet traffic goes through the pfSense VM. Unfortunately the ISP has put me behind CGNAT and disabled bridge mode, so my internet-facing things (mostly Wireguard and SSH) are pretty much crippled. Right now my best no-cost option is to use Twingate, but I don’t trust it to handle anything other than SSH.
If behind CGNAT and forwarding is not an option, Headscale, Tailscale or ZeroTier may be an option. I use Tailscale and it have ZERO forwarding on and can access anything on my network when connected through it. Think of these as Wireguard on Steroids. :)
I tried Tailscale once, but it introduced some massive latency because apparently I got connected to my machine through a gateway in Frankfurt. It was the Tailscale Funnel service though, so maybe that’s not what I needed.
Also, are any of the services you listed end-to-end encrypted?
Tailscale is but since you already tried them, maybe headscale that’s supposed to be the self hosted version of Tailscale that someone wrote, so you have better odds at less latency! https://headscale.net/
Great setup! Be careful with the SSD though, Proxmox likes to eat those for fun with all those small but numerous writes. A used, small capacity enterprise SSD can be had for cheap.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
N100 that just got built today with only Ubuntu and portainer installed. I still gotta migrate what I had in my main PC, which was emby, sonarr, bazarr, qbittorrent and prowlarr. It’ll be…fun
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
30 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.
[Thread #525 for this sub, first seen 18th Feb 2024, 06:05] [FAQ] [Full list] [Contact] [Source code]
All in a small PC Case
sever is running YunoHost
Edit: Formatting
Jesus, you can run more than one piece of software on each bit of hardware…
Why spread out across 12-13 machines? Seems like a huge waste of power, and a whole bunch of extra to maintain.
You’re probably right. I mean. I need most of the network devices, and I didn’t list everything I am running on each, just big things. I do need to consolidate some if them though. Its been a trip and has made me a better IT though.
Also move most services to containers. That’s a huge resource saver while maintaining ease of management and separation from the host.
looks like this and runs NetBSD
Services:
Why?
I don’t understand, why what my lemmy?
It’s a work in progress, but https://wiki.gardiol.org (which is OFC self-hosted)
Anyway, beefy HP laptop with 32gb ram and Xeon CPU to run all services. 3 RAID-1 (Linux sw raid) usb3 volumes to host all services and data.
Two isp’s: Vodafone FVA 5G (data capped) for general navigation and Fastweb FTTC (low speed but uncapped) for backup access and torrent/Usenet downloads.
Gentoo Linux all the way and podman, but as much limited as possible: only immich (that’s impossible to host on bare metal due to devs questionable choices).
Services: WebDAV/webcal/etc wiki, more stuff, arrs, immich, podfetch, and a few more.
All behind nginx reverse proxy.
99% bare metal.
Self developed simple dashboard
External access via ssh tunnels to vps
That public wiki gives me the security heebie-jeebies. 🤭
The service runs as an unpriviledged user, even if, at worst, an intruder would delete or replace the wiki itself. Even the php-fpm behind it runs as that unpriviledged user and is not shared with any other service.
I doubt an attacker could do anything worse than DoS on the wiki itself.
Why?
Not saying it’s not secure, just that I’d have constant doubts whether I’ve covered all the bases if I were doing it. Especially ensuring an intruder can’t compromise anything else if they take it over via some security exploit in PHP or DocuWiki itself.
Self built Proxmox server (5600G/64gb ram/1x2tb nvme+4x4tb hdd) with 2 nics running litrally everything. List of services I run is long and Im too lazy to type them.
ThinkPad T450s (my old laptop)
OS: Arch Linux DE: Plasma
Services: Arr stack for gluetun, sonarr, radar and jackets Jellyfin for videos Gonic for audio
All 3 of them are run using docker compose
NAS with Truenas, built myself:
And the following in a VM with docker compose:
Separate K8s cluster with Single control pane (2nd hand old small form-factor HP stuff) and 3 Nodes to run more resource intensive stuff that doesn’t need to be close to the data source:
HomeAssistant in another 2nd hand HP small form factor box
I only use the highest of grade when it comes to hardware
Case: found in the trash
Motherboard: some random Asus AM3 board I got as a hand-me down.
CPU: AMD FX-8320E (8 core)
RAM: 16GB
Storage: 5x2tb hdds + 128gb SSD and a 32GB flash drive as a boot device
That’s it… My entire “homelab”
Beautiful. 🫠
Western Digital My Cloud EX2 (Original) for storage
Raspberry Pi 5 for Home Assistant, Navidrome, Jellyfin, Kavita, Immich, Paperless and eventually NextCloud. Though it’s being a bastard and won’t run right now.
I need to get a Nano Pi to run OPNSense and Pi-Hole and I’ll be happy.
NanoPi R2C has 1 gigabit speeds and you can run LibreCMC with little to no blobs :)
It is a Ethernet only router though, no WiFi.
My plan was to get one of those flying saucer looking WAPs to handle the WiFi. Would that work?
Runs off to look up LibreCMC 😂
Ryzen 2700X on a gigabyte B450i
Arc A380
2 mirrored 4TB HDDs and 1 12 TB HDD, luks encrypted and on 2 zpools (I have an “unsafe” mount path for data on a single drive like media)
removable flash drive with boot partition and main SSD keyfile
-Zwave dongle
That’s it.
I can run everything I need to on it and my home internet is only 100/30 still because I don’t live in a city, so 2.5gig networking isn’t worth the cost. a380 does all of the hardware transcoding I need at a fairly low power. It isn’t as good as just getting a newer NUC, but it was cheaper and a fun project.
Also doing a full renovation, so KNX will be connected for home assistant to control my lights and things and my smart home stuff will probably balloon.
A 13-year-old former gaming computer, with 30TB storage in raid6 that runs *arrs, sabnzbd, and plex. Everything managed by k3s except plex.
Also, 3-node digital ocean k8s cluster which runs services that don’t need direct access to the 30TB of storage, such as: grocy, jackett, nextcloud, a SOLID server, and soon a lemmy instance :)
The Lemmy instance might need access to large storage.
My instance’s image cache is like 230GB. Plus a bunch more for the db. Can confirm storage is needed.
(unrelated question 😶 - anyone running pictrs 0.5 on local storage happily?)
Thanks for the heads up.
I plan on using digital ocean’s Spaces (s3-alike) where possible and also it’s intended to be a personal instance, at least to start - just for me to federate with others and subscribe to my communities. Given that, do you think it’ll still use much disk (block device) storage?
Might be time to familiarize myself with DO’s disk pricing…
A single nuc with I dunno what
Proxmox VE on a machine that I got almost for free. Intel i3-4160, 10GB RAM, 240GB SSD for the OS, and a non-redundant 1T HDD for storage. The only things I paid for are a second NIC and an 8GB RAM stick.
PVE is running a pfSense VM, and a bunch of Debian containers:
All internet traffic goes through the pfSense VM. Unfortunately the ISP has put me behind CGNAT and disabled bridge mode, so my internet-facing things (mostly Wireguard and SSH) are pretty much crippled. Right now my best no-cost option is to use Twingate, but I don’t trust it to handle anything other than SSH.
If behind CGNAT and forwarding is not an option, Headscale, Tailscale or ZeroTier may be an option. I use Tailscale and it have ZERO forwarding on and can access anything on my network when connected through it. Think of these as Wireguard on Steroids. :)
I tried Tailscale once, but it introduced some massive latency because apparently I got connected to my machine through a gateway in Frankfurt. It was the Tailscale Funnel service though, so maybe that’s not what I needed.
Also, are any of the services you listed end-to-end encrypted?
Tailscale is but since you already tried them, maybe headscale that’s supposed to be the self hosted version of Tailscale that someone wrote, so you have better odds at less latency! https://headscale.net/
Zerotier? Not sure -https://www.zerotier.com/ can speak more to this.
Great setup! Be careful with the SSD though, Proxmox likes to eat those for fun with all those small but numerous writes. A used, small capacity enterprise SSD can be had for cheap.