SeeJayEmm

SeeJayEmm , 2 months ago

You can do most of not all of this with CheckMk but it's probably overkill.

SeeJayEmm , 2 months ago

I'm not having issues that I'm aware of, but that site always returns Network Request Failed and I haven't figured out why.

SeeJayEmm , 2 months ago

I'm sorry I don't have a suggestion but have you checked the Awesome Self Hosted list?

SeeJayEmm , 2 months ago (edited 2 months ago)

Id like to centralize auth but I haven't dug into it yet. My concern is, can it be distributed? I have services spread across my homelab and multiple vpses. I don't want to lose auth if any of those is down.

SeeJayEmm , 2 months ago

Would you believe a social network?

SeeJayEmm , 2 months ago

I've been using nearlyfreespeech.net for a very long time. They're a small, reliable, outfit that's been around forever and definitely respects your privacy.

SeeJayEmm , 2 months ago

I use dahsy and like it but I don't think it scratches the same itch.

SeeJayEmm , 2 months ago

You could just block the bot so you don't see them.

SeeJayEmm , 2 months ago

I have. More than once. I always hang up and call back anyway.

SeeJayEmm OP , 2 months ago

You are 100% correct. I'm on the quest to find the method that resonates with me that I'll keep up with.

SeeJayEmm OP , 2 months ago

It can be in git even if you’re not doing ‘config as code’ or ‘infrastructure as code’ yet/ever.

I have some of this. I have an ansible playbook I use to do initial vm/lxc setup and I've built out a number of roles. But none of my systems are to a point were I could just delete the vm, spin a new one up, point ansible at it, and pickup where I left off.

The one thing I have that probably closest to this is my internal BIND zones, which double as my IPAM. I've been fairly diligent about committing changes and documenting what the change was.

SeeJayEmm OP , 2 months ago

I do have a couple github repos for various things (ansible, scripts, dns). My plan for general documentation is the wiki. I've started the work on that but it's far from complete (those get saved in markdown and synced to github). Maybe the simplest solution is the one I'm avoiding. Just putting it all in a readme/changelog.

SeeJayEmm OP , 2 months ago

I'll definitely take a look.

SeeJayEmm OP , 2 months ago

Try not to have info spread out too much or maintaining all the pieces will become a chore. Make it simple and easy to keep up.

I think you're right on this point. I have a tendency to over-complicate things and that leads to them getting scrapped or neglected.

SeeJayEmm OP , 2 months ago

I have the beginnings of a similar structure in my wiki but I wasn't happy with the way I was tracking todos, fixes, changes.

SeeJayEmm , 3 months ago

Yeah, no. The dent gives you a guide for a pill cutter.

SeeJayEmm , 3 months ago

My toothbrush is Bluetooth connected. It's used to configure the brush modes and track brushing habits. I didn't buy it for this and uninstalled the app after a week. Thankfully it's not Wi-Fi connected.

SeeJayEmm , 3 months ago

Which is already paid for. I'll certainly keep that in mind when it's time to replace it.

SeeJayEmm , 3 months ago

Yeah. I'm just not dropping $70 for a new handle just to prevent one of my neighbors from learning my brushing habits.

SeeJayEmm , 3 months ago

It also breaks android auto for me.

SeeJayEmm , 3 months ago

After reading this thread I'm apparently not paranoid enough.

Internet facing services are on their own firewalled vlan (dmz), behind a rev proxy, and I have crowdsec running on the proxy and router.

Anything that can get away with putting up on a vps I have (e.g. this Lemmy server). But some things have storage/compute requirements I'm not willing to shell out for.

SeeJayEmm , 4 months ago

I've been using this for years and have been happy with the service. If I have to pay for something at least I'm not giving money to TurboTax.

SeeJayEmm , 4 months ago

I'm checking this out to see if it's useful to me. I can see where being able to drop straight into a shell on a docker container would be handy. My only real gripe is that I can't use it to connect to my free-tier oracle linux cloud VMs because they deploy OracleLinux out of the box.

I don't begrudge you wanting to make a living from your work. It's just frustrating.

I am going to try and live in it for a week or two and we'll see if it sticks.

SeeJayEmm OP , 4 months ago (edited 4 months ago)

Be aware your backup is useless, if you don’t backup nextclouds database when using a bucket as primary storage ☝🏻

Understood. My hope was to mount the bucket locally (ro) and have it backed up with the container backups using the built in borg backup option.

rclone sync b2:mybucket otherprovider:otherbucket

I'd prefer to have proper incremental backups not just a warm copy of the data.

Rclone can mount and backup almost everything. It is a swiss knife and I love it.

It seems to be very capable but I cannot make it work for my purposes. I fought with rclone/aio for a few hours yesterday trying to make it work.

I was, quite easily, able to mount the B2 bucket to a local path. I used the --allow-other option to make it available to the whole system. Everything was accessible via the CLI, but the Nextcloud AIO admin refused to allow me to add that path to the backup job. I was unable to find any logs that indicated why. If I could get this working, I think, it would be ideal as the backups would be consistent.

I also tried using a couple of the serve options. The nfs option would launch but mounts would fail with protocol errors. I couldn't get the docker plugin to sync up properly with docker. I haven't tried the restic serve option yet. I can provide logs if requested.

Thanks for the help.

SeeJayEmm OP , 4 months ago

Did you try to mount your bucket on your host system via rclone?

I did. That's where I ran into the problems.

I would mount it on the host system and add an additional volume in your docker-compose.yml

I'm embarrassed to admit I didn't try this. I think I was too far into the weeds the other night. I'll give this a try.

If it works, I'm thinking I'll need to setup a systemd service to auto-mount the path on boot and set it as a dependency in docker so docker doesn't start before it?

SeeJayEmm OP , 4 months ago

I was able to get the rclone mount on boot via a systemd unit without much trouble.

I even managed to drag it kicking and screaming into a docker volume that I mounted as an external volume to the Nextcloud AIO stack. It still refused to allow me to add it as a backup directory.

I think I'm throwing in the towel with getting Nextcloud to back it up via the built in mechanism. I'll just schedule a separate job (cron/systemd) that runs shortly after the Nextcloud backup. It should be close enough for my purposes.

SeeJayEmm , 4 months ago

Reads to me like the container it's running as a user that doesn't have permission to the volume path.

SeeJayEmm , 4 months ago

I'm not sure if there's a correct way. What I've done in the past is use "ps" to find out what user the processes are running as.

SeeJayEmm , 4 months ago

@avguser

I'll second not self hosting email unless you're in it for the experience.

I'd also strongly caution against hosting email for friends and family unless you want to own that relationship for the rest of your life.

If you do it anyway, you're going to end up locked into whatever solution you decide for a long time, because now you have users who rely on that solution.

If you still go forward, don't use Google (or msft). Use a dedicated email service. Having your personal domain tied to those services just further complicates the lock in.

(I did this over a decade ago, with Google, when it was just free vanity domain hosting. I've been trying for years to get my users migrated to Gmail accounts.)

If I had it all to do over again. I'd probably setup accounts as vanity forwards to a "real" account for people who wanted them. That's easy to maintain, move around, and you're not dealing with migrating peoples oauth to everything when you want to move or stop paying for it.

SeeJayEmm , 4 months ago

I've been successfully using SES for a couple years now without issue.

SeeJayEmm , 4 months ago

I set this up a couple years ago but I seem to remember AWS walking me through the initial setup.

First you'll need to configure your domain(s) in SES. It requires you to set some DNS records to verify ownership. You'll also need to configure your SPF record(s) to allow email to be sent through SES. They provide you with all of this information.

Next, you'll need to configure SES credentials or it won't accept mail from your servers. From a security standpoint, if you have multiple SMTP servers I would give each a unique set of credentials but you can get away with one for simplicity.

Finally you'll need to configure your MTA to relay through SES. If you use postfix here's a quick guide:
https://medium.com/@cloudinit/sending-emails-with-postfix-and-amazon-ses-2341489a97e2

I've got postfix configured on each of my VPS servers, plus and internal relay, to relay all mail through SES. To the best of my knowledge it's worked fine. I haven't had issues with mail getting dropped or flagged as SPAM.

There is a cost, but with my email volumes (which are admittedly low) it costs me 2-3 cents a month.

SeeJayEmm , 4 months ago

I get told by web forms regularly that my email is not a valid address and even people that got my email written on a piece of paper have replaced the .email with .gmail.com cause “that couldn’t be right”…

That's the thing that holds me back from a non-standard TLD, as much as I'd love to get a vanity domain.

I've got a .org I've had for over 20 years now. My primary email address has been on that domain for almost as long. While I don't have problems with web-based forms, telling people my email address is a chore at best since it's not gmail, outlook, yahoo, etc...

SeeJayEmm , 4 months ago

My mistake was using Google but when it was just the ability to have a personal domain as your google account. But they kept expanding and morphing that into what is now Google Workspace. Migrating people off of that requires them to abandon their Google accounts and start over. If it was just email it would be a much simpler prospect to change backends.

SeeJayEmm , 4 months ago

Certainly. But, what I'm trying to say is it's not just email. My users are using my domain as their Google account. All Google services, oAuth, etc..., not just email. To do it right I need to get them to migrate their google services to a gmail.com account.

SeeJayEmm , 4 months ago

Everyone's saying fstab but if Navidrome is in a docker container, just mount it as a volume on your container. I found this guide that seems to document it fairly well.

https://phoenixnap.com/kb/nfs-docker-volumes

This is how I'm handling NFS mounts in my docker stacks.

SeeJayEmm , 4 months ago

I'm rather confused by the config you posted. The NFS config should all be down in the volumes: section the only thing you reference in the service section is the name of the volume you define and the path to mount in the container. Something like this (tho I'm guessing as to what should be what with your setup).

services:
  navidrome:
    container_name: navidrome
    image: deluan/navidrome:latest
    ports:
      - "4533:4533"
    environment:
      ND_SCANSCHEDULE: 1h
      ND_LOGLEVEL: info
    volumes:
      - /opt/navidrome/data:/data
      - music:/music
volumes:
  music:
    driver_opts:
      type: nfs
      o: "addr=XXX.XXX.XXX.XXX,nolock,soft,ro"
      device: ":/nfs/Shared Music"

SeeJayEmm , 4 months ago

You can point it to any nfs file system you have exported on the file server. That's entirely up to you.

SeeJayEmm , 5 months ago

I mean don't people already spout this crap?

SeeJayEmm , 5 months ago

Remember sites like stumble-upon? I want the Internet that enabled THAT back.

SeeJayEmm , 10 months ago

Loud grunting and farting noises intensify

This is the one time you should be "loud and proud" about doing your business.