I know this isn't sexy but I've been working on my documentation. Getting configs etc properly versioned in my gitea instance, readmes updated etc. My memory is not what it once was and I need the hints when things break.
this post was submitted on 15 Feb 2025
194 points (99.5% liked)
Selfhosted
45477 readers
272 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
Same here. I got Gemini to write a shell script for me that I can run on my Proxmox host which will output all of my configs to a .txt file. I asked it to format the output in a way a LLM can understand so I can just copy/paste it next time I need to consult AI.
load more comments
(2 replies)
load more comments
(1 replies)
My big problem is remote stuff. None of my users have aftermarket routers to easily manipulate their DNS. One has an android modem thing which is hot garbage. I'm using a combination of making their pi be their DHCP and one user is running on avahi.
Chrome, the people's browser of choice, really, really hates http so I'm putting them on my garbage ######.xyz domain. I had plans to one day deal with Https, just not this day. Locally I just use the domain for vaultwarden so the domain didn't matter. But if people are going to be using it then I'll have to get a more memorable one.
System updates have been a faff. I'm 'ssh'ing over tailscale. When tailscale updates it kicks me out, naturally. Which interrupts the session, naturally. Which stops the update, naturally. Also, it fucks up dkpg beyond what --configure -a can repair. I'll learn to update in background one day, or include tailscale in the unattended-upgrades. Honestly, I should put everything into unattended-upgrades.
Locally works as intended though, so that's nice. Everything also works for my fiancee and I remotely all as intended, which is also nice. My big project is coalescing what I've got into something rational. I'm on the make it good part of the "make it work > make it good" cycle.
load more comments
(1 replies)
So I recently sandboxed a webapp I am getting ready to launch.
Basically Unifi switch > Vlan port > Server > Hosting Webapp instances, worker instance, cloudflared and DBs.
Pretty chuffed at the docker config actually. Just configuring my WAF and tunnel settings with Cloudflare to reduce the scanning from VPS providers. Anyone have a solution or will I need to configure some sort of nginx instance to do it as Cloudflare only allows a certain length for each WAF rule for free.
Side thought, does anyone know of a tutorial for CICD to auto build my containers and deploy? I've been reading github and codeberg docs and playing around to no avail. I'm temped to just write a go script to handle it on my server.
Trying to figure out how to get my abhorrent docker container to route all traffic through my VPS through wireguard. The catch is that the webui needs to be accessible through LAN.
Considering moving my stuff into a VirtualBox VM or two rather than running directly on my PC. Then at some point in the future when I have the hardware for it I can fairly easily move it to proxmox. Also means installing a clean OS on my main PC is a quicker task as it would just be install virtual box, load up the VMs and a lot of stuff would already be done.
Consider using containers. I used to think this way, though now my goal is to get down to almost all containers since it's nice to be able to spin up and down just what the one 'thing' needs.
I'm trying to figure out setting up TrueNAS scale and docker for the first time. Building a NAS and self hosting a few things from an old all in one mini PC.
I have a family member across the country that wants to break from Google and really isn't the type to self-host themselves, and I connect to my self hosted NextCloud solely through TailScale.
NextCloud permissions seem easy enough, but I'm researching how to add them to my Tailnet safely to avoid potential compromise of my network if something happens to their system.
Presuming this involves ACLs, which look intimidating, but I'm doing some research on that.
ACLs are not a bad as they look.
Get your nextcloud instance hooked into tailscale
You just need a sample file
Group for admins, add yourself
Tag owner for internal is admins Tag owner for nextcloud is admins
Action accept, src admin, dst *:*
Action accept, src nextcloud, dst nextcloud *.
Then tag your nextcloud ts connection as nextcloud in the webadmin
Tag all your other clients admin in the webadmin
Note: you can't just paste what I put here you need to find a viable template and then follow along. I'm on a mobile device where I would give you something more finalized
Edit: tag your fam client as nextcloud
Something like this:
I stripped down one of my configs, I took out SSH, I don't think it requires it
{
"groups": {
"group:admins": [
"[email protected]",
],
},
"tagOwners": {
"tag:admin": ["group:admins"],
"tag:nextcloud": ["group:admins"],
},
"acls": [
{
"action": "accept",
"src": ["tag:admin"],
"dst": ["*:*"],
},
{
"action": "accept",
"src": ["tag:nextcloud"],
"dst": ["tag:nextcloud:*", "autogroup:internet:*"],
},
],
}
load more comments
(2 replies)
Is exposing it to the internet not an option? Boarding more family members on could be cool.
I expose mine for convenience, and I use multiple layers of security to reduce risk:
- Cloudflare protections at edge
- IP filtering at VPS
- connection from VPS to NAS is over Wireguard
- TLS handled in my network (so no snooping at VPS)
- all exposed services are in containers with minimal access
That cuts most of the issues.
load more comments
(1 replies)
I'm trying to figure out why truenas scale refuses to auto start virtual machines... Other than that everything's smooth atm :>
Set up pi-hole on my network and I’m realizing it clashes with my VPN on my desktop and private relay on my Apple devices lol. Progress everywhere else though?
I've recently setup an recipe archival project using tandoor, I'm working on converting all my grandparents fading old as dust cooking recipes from their misc handwritten cursive notecards to digital.
Setup was uneventful but it took a little research to figure out how to use a remote postgres server, turns out the app doesn't give an error when it can't connect to the server, it just fails to run
Have to say the actual program itself is absolutely absurd and how they choose their permissions, it breaks all conventional and took quite a bit to get used to.
I just setup a local llm with open webui and lm studio using qwen 2.5 coder 7b as the model, gonna test it this week.
Finished setting up an email server and am now looking into a matrix nextcloud bridge. Doesn't seem to exist, so I guess I'm writing one.
What exactly is it supposed to bridge?
I can only assume it'd be a bridge for Nextcloud Talk.
Correct!
Interesting, I wasn't aware Talk has Text, always thought it's video only.
Yup. It does individual/group chat messages too.
My NAS and our desktops are all on WiFi, so I'm planning to run some cable or install moca or something. Our uplink is currently only 100mbit (max for this ISP, I refuse to switch) but our city plans to roll out gigabit everywhere in the next couple years, so I want something forward compatible (powerline will probably be too limiting). SO has been complaining about latency, and I think the WiFi card is to blame, so I'm trying this before upgrading the WiFi card.
Our house has the following:
- phone lines everywhere (could maybe use the existing cables to fish through cat6?)
- cable jacks e everywhere (have an unused satellite dish)
- lots of power plugs
- two floors (rambler + basemen) with pretty much no shared walls (everything will need to jog a bit)
I'm going to try running some cable tomorrow (holiday in the US, just want a test run from bedroom internet source -> basement water heater room), but if that doesn't work, I'll need a backup plan.
Anyone have experience with any of the above? Tips?
This may sound dumb or be helpful so I'll toss it in just in case:
Depending on when they're built, a lot of houses' RJ-11 phone jacks are actually using CAT-5E. If you're lucky, they're individual runs and not daisy-chained!
The way they set up the runs here is weird though, they're cat-5E but we have no fancy junction box. It all runs to some hatch on the side of the house presumably for telecom/satellite TV installers. So you might have secret ethernet cable behind your landline jacks, even if there's no tidy junction box! :)
It was cool finding out there's already capable infrastructure in the walls, but you gotta replace the wall jacks with RJ-45 using a tone tool to label which one goes where, and then the next trick is figuring out an affordable switch that can handle a garage that could get to 100ºF + in summer...
But anyway, worth checking before you start getting too deeply sunk into other solutions. :)
It was built in the late 80s so I doubt it's cat5. But I also know the basement was finished later, so maybe I'll get lucky at least with those.
I just need to figure out where it's all going to see if I can reuse it.
Another interesting thing is the previous owner ran speaker wire to the master bed, living room, and basement room exactly where I want to go, so maybe can reuse those runs.
That's a massive project that I would like to one day embark on myself. I'm in a ranch with a basement so it should be a breeze. Ha, not! Good luck!
No experience with most of that stuff, but I would also try to avoid powerline. Tried it and had pretty bad performance.
load more comments
(1 replies)
Adding a second vdev today to my primary pool running on Scale. New vdev will be 12TB by 4 wide, with existing at 10TB by 5 wide. Drives are all 7,200 RPM enterprise grade, CRM drives.
May also add a second pool with the drives from my previous build which would be 10TB by 4 wide. These drives are 5,400 RPM so I would not use them in my primary pool.
Also, Noctua sent me a bracket (at no charge) so I can correct the orientation of the CPU fan to be facing front to back (currently left to right). I also have a couple 80mm fans and a 120mm fan to add to the server case. Once all of that is in place I hope to start running Ldarr against my libraries without CPU temps hitting 95°C.
Currently trying to figure out how to create and maintain an internal CA in order to enable pod to pod TLS communication, while using letsencrypt for my public ingresses.
This year has been my first foray into self hosting in general. I have been doing a lot of learning and have a long way to go but have got to the point where I have proxmox running with a few VMs running an arr stack, a jellyfin server and a Plex server.
I'm just super happy to get everything running and now need to fine tune stuff. Currently trying to figure out why the Plex server is down half the time externally.
I'm having a lot of fun!