ninjan

ninjan , 5 months ago to Selfhosted in Starting over and doing it "right"

There's absolutely no issues whatsoever with passing through hardware directly to a VM. And Virtualized is good because we don't want to "waste" a whole machine for just a file server. Sure dedicated NAS hardware has some upsides in terms of ease of use but you also pay an, imo, ridiculous premium for that ease. I run my OMV NAS as a VM on 2 cores and 8 GB of RAM (with four hard drives) but you can make do perfectly fine on 1 Core and 2 GB RAM if you want and don't have too many devices attached / do too many iops intensive tasks.

ninjan , 5 months ago to Selfhosted in Starting over and doing it "right"

Well good part there is that you can build everything for internal use and then add external access and security later. While VLAN segmentation and overall secure / zero-trust architecture is of course great it's very overkill for a selfhosted environment if there isn't an additional purpose like learning for work or you find it fun. The important thing really is the shell protection, that nothing gets in. All the other stuff is to limit potential damage if someone gets in (and in the corporate world it's not "if" it's "when", because with hundreds of users you always have people being sloppy with their passwords, MFA, devices etc.). That's where secure architecture is important, not in the homelab.

ninjan , 5 months ago to Selfhosted in Starting over and doing it "right"

My best advice is use that your old setup hasn't died yet while you can. I.e. start now and setup Proxmox because it's vastly superior to TrueNAS for the more general type hardware you have and then run a more focused NAS project like Openmediavault in a proxmox VM.

My recommendation, from experience, would be to setup a VM for anything touching hardware directly, like a NAS or Jellyfin (if you want to have GPU assisted transcoding) and I personally find it smoothest to run all my Docker containers from one Docker dedicated VM. LXCs are popular for some but I strongly dislike how you set hardware allocations for them, and running all Docker containers in one LXC is just worse than doing it in a VM. My future approach will be to move to more dedicated container setup as opposed to the VM focused proxmox but that is another topic.

I also strongly recommend using portainer or similar to get a good overview of your containers and centralize configuration management.

As for external access all I can say is do be careful. Direct internet exposure is likely a really bad idea unless you know what you're doing and trust the project you expose. Hiding access behind a VPN is fairly easy if your router has a VPN server built in. And WireGuard (like Netbird / tailscale / Cloudflare tunnels etc all use) is great if not.

As for authentication it's pretty tricky but well worth it and imo needed if you want to expose stuff to friends/family. I recommend Authentik over other alternatives.

ninjan , 5 months ago to Selfhosted in Alternative to certbot for acquiring ssl certificates to use with nginx.

I'd say any project that's decently maintained and satisfies your use case is probably good enough. I found this that from the sound of it fits your use case: https://github.com/fffonion/lua-resty-acme

ninjan , 5 months ago to Selfhosted in So SBCs are shit now? Anything I can do with my collection of Pis and old routers?

A lot of stuff runs great on SBCs, it's just that they're not as smooth to manage as a Proxmox server running containers or VMs. You also need several SBCs to reach the scale of what many do here on selfhosted and once you reach 4+ SBCs the old x86 server starts looking cost effective all of a sudden. The biggest benefit though is the no noise and very low power consumption, which is great for stuff that will be powered on 24/7/365.

Really a mix is ideal, so you can get the benefits of cheap running costs of SBCs and the power and versatility of x86 for the tasks that require it.

ninjan , 5 months ago to Selfhosted in Managed to set up an instance using Lemmy-Easy-Deploy but federation is being a bit weird

Ah, I'd give it at least a day before I start digging too much into it.

ninjan , 5 months ago to Selfhosted in Managed to set up an instance using Lemmy-Easy-Deploy but federation is being a bit weird

The stickied posts get a bit weird and I've experienced them staying wrong until new ones are set. But this was last summer, unsure if it works better now or not.

The only thing I find concerning is the post "feedback on design and Firewall options" which you don't have and really should have unless there's something odd with that specific post. I have noted some issues with federating content from kbin/mastodon etc users but I saw that post on my self-hosted Lemmy instance...

ninjan , 5 months ago to Selfhosted in What should I use my RPi4 for?

Cool, but I'm guessing that ain't especially cheap right? I pay $60 a year for 4 cores and 8 GB RAM (400 gb storage). Which I consider a pretty OK price. $5 a month.

ninjan , 5 months ago to Selfhosted in Public DNS server with gui

... Touché

ninjan , 5 months ago to Selfhosted in Public DNS server with gui

Only doing resolution for your own domain and dnssec solve pretty much all those issues and is pretty darn easy.

And I did say that the web gui is what you need to lock down, DNS has no vulnerabilities exploitable through port 53 that lets an attacker take control of the server.

ninjan , 5 months ago to Selfhosted in What should I use my RPi4 for?

You can setup a tunnel from your Hetzner VPS to your home with say Netbird and then run stuff that would be a bit to expensive to run on rented hardware. Like say Nextcloud, Matrix or game servers, on your RPi while still having them web accessible thanks to the tunnel.

ninjan , 5 months ago to Selfhosted in Public DNS server with gui

And I explicitly said "unless you want to rely on a big player".

Personally I'm very fed up with AWS, Cloudflare and Google virtually owning the modern Internet. I selfhost to get away from their spying and oligopoly so routing DNS through them is simply out of the question, for me.

And really it's not that hard these days with pre-packaged Docker containers. I have a fairly complex setup and while I have put hours into it it wasn't rocket surgery by any means. It's also quite healthy to understand how DNS actually works if you work with the Web imo.

ninjan , 5 months ago to Selfhosted in Public DNS server with gui

DNS is plenty secure due to its simplicity and age. From the perspective of securing your server that is. DNS has numerous flaws when it comes to security in terms of can you trust the resolved name. But that is another matter.

I'd be more worried about the gui, keep that behind a secure proxy or don't expose it to the internet at all if we're talking a server at home.

I run my own DNS and it's virtually a prerequisite if you want to host stuff under a personal domain in a smooth fashion. At least if you don't want to rely on a big player like say Cloudflare.

ninjan , 5 months ago to Memes in Racismed

The fuck is he on about?

ninjan , 5 months ago to Matrix in Which server would you reccommend to selfhost for personal use in 2024?

+1 on the question. I'm also more for Dendrite since it solves the resource hogging of Synapse. For me the limiter is that the bridges are built for Synapse and will "likely" work on dendrite. If I didn't have three small kids I'd be up for helping test but I don't have that kind of time right now.