What’s up, what’s down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
I finally finished my first iteration of my Minilab including a very smooth migration from the old server yesterday so I can go to the service side of things again. I plan to get some kind of selfhosters VPN for external access to stuff that’s not exposed to the internet, I’ll have to investigate which one.
You must log in or register to comment.
Everything is running and I’m not making many changes because work got hectic. I have a few projects I’d like to tackle once I get time:
- finish migrating to podman
- get a new drive to test migrating to microos
- get more media to finally eliminate Netflix (SO is still clinging to a few shows)
- find a smaller box for my NAS - currently in a massive ATX box, but I don’t want to pay an arm and a leg just for space savings
Set up Traefik. Had it working with authelia to forward requests to authenticate then to the destination.
Friend mentioned caddy and a plugin that means all you need are docker labels. So I spent the next 3 days setting up caddy.
Accidentally overwritten my compose file and had to restart.
Luckily my authelia was saved elsewhere. But after fixing it
I ran git init and git add .
I shall be a fool no more.
Anyways, now I’ve got cloudflare blocking all requests outside of the UK, as well my friends and I don’t live outside of it. Set it up such that caddy uses the DNS challenge with cloudflare API key.
So now I can set a DNS entry for internally only. E.g. internal.example.com resolves to a private address for tailscale.
Hello! I recently deployed GPUStack, a self-hosted GPU resource manager.
It helps you deploy AI models across clusters of GPUs, regardless of network or device. Got a Mac? It can toss a model on there and route it into an interface. Got a VM on a sever somewhere? Same. How about your home PC, with that beefy gaming GPU? No prob. GPUStack is great at scaling what you have on hand, without having to deploy a bunch of independent instances of ollama, llama.ccp, etc.
I use it to route pre-run LLMs into Open WebUI, another self-hosted interface for AI interactions, via the OpenAI API that both GPUStack and Open WebUI support!
Oh that’s dope. How many hours are you running? Do you also use them for things like encoding or something like that?
I am re-re-factoring my plans for homelab 3.0 and the migration to it. Hardware budget is non-existant so I am trying to figure out how to do everything with what I already own, while re-organizing to better use what I have to make some room. Adding a few sticks of RAM and replacing some older cat5 are all I will do this year.
I finally finished setting up my Nebula network! An overlay network, as opposed to a true VPN, but excellent for flexibility and remote access. For anyone wanting maximum control over your network with excellent performance, I highly recommend it.
Check out apalrd’s blog for a great tutorial if you’re interested.
Was able to put calibre web on nixos. Still trying to build a package that’s not available (piped), but boys is it hard to package java stuff for nixos…
I know next to nothing about using the command line, so I’ve been relying pretty heavily on ChatGPT to set my stuff up and so far it has reliably helped me overcome every issue. The problem is, of course, that I often don’t even understand what the issue was in the first place so I don’t even know if the fix that the ai spits out is, let’s say, correct. I don’t really want to become an It expert, I just want to be able to host some services on my own to depend less on corps, is it alright if I continue to rely on the AI? Or do you guys think that I just have to learn this stuff or else I might mess up?
I don’t have great security concerns btw, my ISP doesn’t allow port forwarding, so I access my server exclusively though Tailscale.
Most of the stuff will somewhat work, but you’ll introduce side effects sooner or later by using commands that might work but are not the proper ones and alter unrelated things. At some point those will likely bite you and you have no idea where it’s coming from. I’d suggest to check at least what the commands you are copying are doing.
I’d encourage learning. The more you understand the better you can control your data and maintain your services. You don’t need to be an expert but I’d encourage working towards relying less on gpt.
I love Tailscale.
The more you learn with the command line the more interesting stuff you can do.
What you can probably do to build some knowledge if you’re going to be using AI anyway is ask it to explain some of the concepts to you. You also have the ability to ask clarifying questions about anything you don’t understand.
Yes I do that, and it does help me a lot to understand what I’m doing it’s just I’m a top down type of guy. Like I don’t like messing with anything unless I fully understand it, which often makes me very unproductive. I decided to not be that way with this self hosting thing because I realized I would never get around to it with that mentality. Better to break shit as I go.
Yeah, I’m the same way. I learned mostly through making Docker containers and bumbling through tutorials/documentation until things worked, just deleting them and starting over when I fucked up irreparably (except the compose file, of course).
There are a lot more comprehensive written and video tutorials than there used to be so those are very helpful too.
I’ve had some amusing mixed experience with ChatGPT for this. When I asked about iptables rules to restrict podman, it was great. About podaman quadlets, though, which I first misspelled ‘quartlets’, it completely made it up, and even sent me a fake link to nonexistent documentation when I challenged it!
- it’s more helpful if you ask the right questions
- and its answers often give you ideas of what to google
- Old stuff that has been written about many times over is more likely to get a proper answer
- sometimes the gist of a wrong command/answer could still help me understand what to do with the right one
Try to understand whatever you use from AI. At least understanding the general picture of what it means, and a basic idea of “this flag is for this; this option is for that”. AI can also help you with that understanding, but again beware of it completely making up something logically coherent but wrong.
Yes this happened to me as well, I don’t remember what I was talking about but I remember I made a typo and it just ran with it as if it was a real thing. I let it keep going to see if it ever realized it was talking about something that didn’t exist but nope it kept going until I pointed it out.
I ask for it to explain what the command did and I did manage to wrap my head around a few concepts but in the end I feel like I’m trusting it to not insert any vulnerabilities into the system, and I don’t like that. Mistrust is the whole reason I’m doing this. But yeah I’ll pay close attention and maybe even ask all the implications of he changes we make.
Sweet!
What’s up is everything I’ve been running and down is what I haven’t.
not working
I haven’t been able to get friendica to connect to Maria DB, so I’ll eventually try just MySql. Grafana isn’t running bc I would need to change a lot of things to get an exporter into each container and the truenas apps don’t really allow that configuration - fine if you have docker compose though, which I’ve started doing more and more.
new
I just got up and running with Stirling pdf, a free (and paid) PDF editor. That looks pretty sweet.
But I’m now also using 15GB of the 32 on the system, which is still plenty for Arc cache for me
what I want
I want to rent a VPS to host various fediverse apps, probably Lemmy, pixelfed, and write freely to start, for the nomad/expect communities. I’ve been looking at netcup and they have some decent arm offerings.
I’d like to put Talos Linux on it so I can get some kubernetes experience. They have a good sized server for €10, so I could expand to add a DB server or one specifically for logging and metrics.
I was looking at Hetzner, but I’ve read that their block storage is super slow and causes timeouts on DB.
Of course, can I even run these apps on arm? I guess I gotta find that out.
One thing I’d like to do is make a web page that makes signups super easy and would create an account on all services, ideally. Not a huge deal of that isn’t reasonable, but it’d be nice to allow doing it once rather than multiple times. If I could get sso, that’d be good, but I don’t know how supported that is.
Anyone have a good guide on setting up a reverse proxy that works with tailscale? Not sure if there’s anything specific I need to keep in mind or if it would just be setting up the reverse proxy like normal. Thinking of using either traefik or caddy.
I have caddy on a vps that serves as a tailscale exit node and also reverse proxies over the tailnet. My pfsense router is also in the tailnet and exposes some subnet ip addresses to the tailnet. So for example I have public domain watch.example.com hits my caddy and gets proxied to internal IP 192.168.31.48 which is my jellyfin docker.
Might look into the pangolin project if what you’re trying to do is expose services from your home network over wireguard to a reverse proxy on a vps.
The software suite is basically wireguard, traefik, and auth middleware wrapped in a trenchcoat. Much simpler than rolling your own implementation, but there has been recent controversy with the project over locking “basic” existing features behind a paywall after the project got popular, though after public backlash they’ve backpedaled on that iirc.Edit: Just realized you said tailscale. Above recommendation might be a deal breaker depending on your reason for wanting tailscale specifically
All good, thanks for the recommendation. I’m using tailscale as I currently don’t want to expose anything over the Internet and also don’t mind tailscale being a freemium service. I might still look at pangolin just to expand my knowledge.
You’re gonna need to provide more detail on what you’re trying to do
You can restrict Caddy access to use your tailscale. For instance in your Caddyfile:
For tailscale ip range:
myverycoolserver.duckdns.org { @allowed { remote_ip 100.64.0.0/10 # Allow Tailscale IP range } respond @allowed 200 # Allow access respond 403 # Deny access for others reverse_proxy localhost:YOUR_SERVICE_PORT # Your service configuration }For specific tailscale IP:
myverycoolserver.duckdns.org { @allowed { remote_ip YOUR_TAILSCALE_IP # Replace with the specific Tailscale IP } respond @allowed 200 # Allow access respond 403 # Deny access for others reverse_proxy localhost:YOUR_SERVICE_PORT # Your service configuration }It should be the same setup regardless if you’re using a VPN or not.
Having used both I generally prefer traefik.
Trying to get the right combo of iptables rules to shuttle traffic from vps to home lab server (as I think I’ll need to do once my ISP upgrade puts me behind CGNAT for the first time…
Got it working sorta, but I didn’t like seeing my vps private link address instead of the remote in logs.
A couple things I’ve been working on
First, I spun up a larger VPS to consolidate two smaller ones. This time I dockerized almost everything. Still a docker newb, but karakeep, redmine, mbin, lemmy (still deciding which I want), davical. Asterisk and postfix/dovecot are probably gonna stay on the vps root. I’m using zfs and compression. Interestingly, the postgres database that everything is using seems to get better compression than the mail spool.
A couple weeks ago I picked up a NetApp 7 bay disk shelf for $30. It uses fibre channel (AT-FCX) controllers and I’ve never used that before. I grabbed a $7 FC HBA (QLE2560), a 2m cable and an m2-to-PCIe adapter meant for an eGPU. The idea is to see if I can’t get the RK3588 board I’m playing with to see it. I did something similar with a $50 Dell 12 drive bay and my old C6100.
Went through and verified that a number of things were backing up and updating correctly. I feel a little less weight on my shoulders knowing things are working as they should.
I’m currently trying to figure out why my email server got blocked by Proofpoint and they refuse to talk to me. Really about ready to give up on email after self-hosting it for a decade with few problems.
Check RBLs a lot of times services just use one of those, and they can be flaky. Usually, you can fill out a form and get reinstated.
I’m not on any of those blacklists, luckily. I guess Proofpoint doesn’t publish theirs. At least iCloud and Gmail both use them. I saw one hint that they may require mail servers to literally have the word “mail” as the subdomain, so I’m working up the courage to mess around with my perfectly working DNS.
There is still the relay through the cloud route (SES, but also at least Scaleway)
Part of me thinks if I have to pay for a relay service, I should just pay for hosted email. But I’ve definitely been considering it!
Oh that sucks! One would think that after that long, it’d be somewhat established.
RIGHT?!
I started this about a month ago, absolutely no idea what I was doing, and in that short time this little box has grown a ton. Got the basics for cloud storage, jellyfin with the arr suite, navidrome to replace spotify/tidal, etc. Got my scanner going right into paperless, finally starting a budget planner with actualbudget, even set up homebox to maybe eventually keep track of my collections of random bullshit. Spent 3 days fighting with Wireguard and gluetun to make a single VPN connection that’ll hook me into my LAN but also output all my traffic through Mullvad, using pihole as my DNS - I should get Unbound set up at some point too but that’s a project for another day.
Today I learned about homeassistant, and while I’m not one to care about IoT shit or whatever, just dabbling with NFC tags for the lights and such has been pretty neat.
This week I’m getting a second machine in that I’m going to use exclusively as a NAS and stop relying on USB external hard drives.
I really just wanted a little 24/7 Bob Ross box with a bit of cloud storage, and this project blew up a lot more than I thought it would LOL
Bob Ross box???
Grab the entire series, load it up on the tv, and let it rip all day
My biggest shortcoming at the moment is my NAS is also my gaming PC. It’s pretty inefficient to have that on all the time. But I haven’t had the time to build a dedicated NAS.
I’m putting together a pretty simple one this week. Got a used HP Elitedesk G4 SSF for around $150, already have 2 8TB external drives lying around that are easy enough to shuck and slap into it. Should be pretty easy to just slap TrueNAS Scale onto it, set up a mirror with the 2 drives, and be good to go for a while.
I’ll definitely need more space down the road and this thing can’t fit more than 2 drives without some modifications (3 is doable, but 4 will take some 3D printed parts which I believe someone’s still working on fine-tuning). But it’s good enough for me for now, still got 2.5TB I’m not using.
If I thought about storage a bit more before starting this project, I probably would’ve just gotten the same SSF but with some slightly better specs to use as the entire server, rather than running 2 different machines, but oh well.
Edit: Slight change of plans, got a 12tb drive free through a program at work, so gonna go with UnRAID instead. The license fee is a bit disappointing but it seems to suit my needs better, and being able to mix and match drives of any size at will is pretty nice
Yeah I had your idea back when I wanted a nas. I didn’t have the time and just bought a synology knowing it wasn’t the best option and was aware of the possibility of enshitification. Now that they’ve enshitified, I can’t really recommend them any longer. So far it’s been good but I’m still looking for options that are quick and easy to set up. Or maybe I’ll grit my teeth and start building one from scratch.
I’m perfectly happy to build my own NAS with NixOS and ZFS on it. I think it’s mostly a matter of getting the right hardware.
