So far all my setups have had root on SSD mirror with separate hard disk storage pool for all the data. Years ago I used to keep the app config, databases and docker files on the root filesystem, while the app data resided on the storage pool. That was cumbersome for backups and storage size. Eventually I moved all app data to the storage pool. Essentially the apps can be started on any machine with a Linux OS that has docker installed. Database access is slower but it's a decent compromise for having trivial all-in-one snapshots and backup. Now I'm setting up a new NAS for a friend and I'm wondering whether it's worth keeping the root filesystem separate from the storage pool. If I put it on the disks, I'd get trivial full system snapshots and backups. I'd have the same hardware reliability as the storage pool. There wouldn't be issues with root filling up. The caveat is that the OS would be slower. Has anyone reasoned and/or tried this? Should I go for it?

E: I recently put my laptop's root on ZFS and the ability to do full backups while the system is running is pretty great. The full system can be pretty trivialy restored to a new drive with zfs send / recv during setup.

cross-posted from: https://discuss.online/post/30840627

Genuine question, so please don't be mean to whoever responds. Better to learn than to judge.

Curious if people who are on Cloudflare are considering any selfhosted alternatives? If not, interested to hear what is a deal breaker in regards to using a service besides Cloudflare. I do hear a lot of praise for Cloudflare when facing DDOS, and always happy to learn more!

However, not all of the charts seem to be getting updated.

I'm running my own harbor registry for maintaining my own images for www.keyboardvagabond.com and I was working on finishing up this longhorn excessive api call issue when I saw that harbor stopped working.

Essentially, the gist is that they moved certain image references to the bitnamilegacy repository instead of bitnami, but the harbor helm chart didn't get the updates, so the images failed to pull because they "disappeared" and updating the the latest helm version didn't solve it.

Essentially, for now what I had to do was go to the default values modal and search for "repository" and make sure that I had an entry under earch part for image.repository where the value was bitnamilegacy/<failing image name without tag>.

This took me a while to figure out and I hope this helps someone!

I've been selfhosting for a bit, but have never really gotten a solid understanding of Traefik.

What I'd like to do is have 3 machines, 1 as an "entry point" where Traefik forwards by domain to the two other machines. Ie I route to anything.domain1.com and the entry machine forwards to machine 1, anything.domain2.com forwards to machine 2.

Then on each machine have another instance of Traefik to manage the applications that machine hosts.

Is this even possible? Without using docker swarm?

Thanks.

I have been looking into setting up a secure home/small business server and hardening my local network and I came across this kickstarter which is currently floundering, likely because it’s campaign page is way too technical without enough fluff for the uninformed out there (like myself to some extent). For reference I work in small industry and have some interest in implementing more IOT, and also want to self host more of my media probably via Jellyfin, and an indieweb site, possibly some AI automation via n8n.

That said, from what I can tell it seems like a really great device for my use case actually, combining a multiband WiFi 7 gateway with a built in NAS and upgradeable compute modules. As a bonus it is a German company so I’m a bit less worried about back doors that with some of the Chinese generic manufacturers out there. That said, I haven't run a server of my own before and am not sure what to make of the hardware specifications.

What I can’t sus out is how secure this actually is, how technical my background needs to be to get it set up effectively, and whether the price is good for the hardware. Any help?

cross-posted from: https://sh.itjust.works/post/49034430

Looking for some advice / recommendations / considerations on running OPNsense on bare metal vs virtualized, and if virtualized how best to do so.

I currently have OPNsense running bare metal on a Protectli FW6E Vault, with the following specs:

• Intel i7-8550U CPU @ 1.80GHz
• 120GB mSATA (1% utilization)
• 16GB RAM (6.5% utilization)
• 6 Gigabit Ethernet NIC ports

The Vault running OPNsense is the primary firewall and router, any wireless devices connect through a dumb AP running OpenWRT. Connected over Ethernet I have a RPi running HomeAssistant OS (would probably also move to virtual if that's the chosen direction) as well as a TrueNAS setup.

How much of a performance hit would be expected running in some sort of container vs the current bare metal setup? Are there any other concerns with running the main firewall / router virtually vs bare metal to take into account?

cross-posted from: https://lemmy.world/post/38014703

Hi All, my fork of Tempo has had a rebrand, which was a requirement to get back into the app stores as the original Tempo still exists in F-Droid/IzzyOnDroid

Tempus v4.0.7

Attention

This release will not update previous installs as it is considered a new app, no longer Tempo, new icon, new app id, and new app name. Hoping it will not be a huge inconvenience but was necessary in order to publish to app stores izzyDroid

Android Auto Support should be the same as before, however, I was not able to test any of the icons/visuals, so please let me know if there are any remnants of the tempo logo/icon as I believe I removed them all and replaced them successfully.

What's Changed

fix: Crash on share no expiration date or field returned from api
fix: Check also underlying transport 
feat: Unhide genre from album details view 
fix: persist album sorting on resume 
chore: Tempus rebrand 
chore: Update Polish translation 

Now available via the IzzyOnDroid Repository -> https://apt.izzysoft.de/fdroid/index/apk/com.eddyizm.degoogled.tempus

note:

app-tempo* <- The github release with all the android auto/chromecast features

app-degoogled* <- The izzyOnDroid release that goes without any of the google stuff.

As usual, any dev contributions appreciated as I am not actually a java/mobile dev, so my progress is significantly slower than those who do this on the daily.

In particular, any android dev is familiar android auto to help me set up a dev environment

Hello, i'm looking to upgrade my 10 years old NAS/server. I already have the HDD and the case. But i have difficulties to chose motherboard, power supply, CPU & RAM.

So far i'm looking for :

• AMD CPU, +12 threads
• A bunch of SATA ports, maybe a LSI ? Which one ? And 2 NVME slots for the Motherboard.
• More than 16GB of ram, IF possible ECC
• All of this available in western Europe

I'm aiming for a budget between 600€ and 900€ for those 4 components.

Have a nice day :)

cross-posted from: https://lemmy.world/post/37454125

Hi All,

my first post over here on lemmy. Thought I'd share my forked tempo release.

Some new fixes for October. v3.17.14

What's Changed

fix: General build warning and playback issues 
fix: persist album sort preference 
Fix album parse empty date field 
fix: Include shuffle/repeat controls in f-droid build's media notific… 
fix: limits image size to prevent widget crash 

note app-tempo* <- The github release with all the android auto/chromecast features

app-notquitemy* <- The f-droid release that goes without any of the google stuff.

Full Changelog: https://github.com/eddyizm/tempo/compare/v3.17.0...v3.17.14

As usual, any dev contributions appreciated as I am not actually a java/mobile dev, so my progress is significantly slower than those who do this on the daily.

In particular, any android dev is familiar with changing the name/icon in order get this app published in app stores.

IMPORTANT NOTE - READ FIRST:

While this can be selfhosted, YOU SHOULDNT! ... NONE of my projects have been audited or reviewed. I provide them for testing and demo purposes only. NOT to replace any other app you use.

BE RESPONSIBLE WHEN USING UNAUDITED SOFTWARE... DO NOT USE FOR SENSITIVE PURPOSES.

Now that I've hit you over the head with caution...

Want to send encrypted WebRTC messages and video calls with no downloads, no sign-ups and no tracking?

This prototype uses WebRTC to establish an encrypted browser-to-browser connection. Everything is stored locally in browser storage and cleared when you clear the site data from your browser - true zerodata privacy!

• Demo: https://chat.positive-intentions.com/
• Github: https://github.com/positive-intentions/chat
• Website: https://positive-intentions.com/
• Mastodon: https://infosec.exchange/@xoron

I have 2 servers both running a Debian VM each. The old VM was one of the first o installed several years ago when I knew lityle and its messed up and has little space left. It running on Truenas Scale and has a couple of docker apps that I'm very dependent on (Firefly, Hammond). I want to move the datasets for these docker apps to a newer VM running on Proxmox server. It a Debian 13 VM with loads of space. What are my options for moving the data given neither Firefly nor Hammond have the appropriate export / import functions? I could migrate the old VM that that wouldn't resolve my space issue. Plus it Debian 10 and it would take a lot to being it up to Trixie.

Howdy folks,

I’ve come upon a solid amount of 4tb drives, 8 SAS drives for dirt cheap from a local biz. Never used. I saw a HP ProLiant DL385p Gen8 Server on eBay for $80 and thought it was a score since it had been the best deal. I’d been wanting to upgrade off my think center m710. Curious any recommendations for this? My current setup is as follows:

Main server:

Lenovo think center m710

16gb, gt 1030, 2 4tb HDD sata, one 500gb ssd sata

Ubuntu lts

Docker compose

• Arr stack -Gluetun with open on proton in Germany -qbittorrent -sonarr -radarr -Overseer -cleanuparr -prowlarr -plex -navidrome -audiobookshelf -Minecraft server (modded: neoforge itzg) -immich -bunch of others that aren’t fully working like tatuli or plex wrapped

Secondary Thinkpad x220 (loved this shit through college) 16gbRAM, 250ssd sata Arch Docker compose -searxng -pihole dns

I’m still looking in to some security system ideas as I’d like to use some storage and maybe do that with some of it. Or some cybersecurity projects or a banned book library or something. I’m open to any suggestions to help this go as smooth as I can make it and as fun as it can be.

Good day folks, my company recently gave me some hardware, one in particular I’m curious if there are any real use cases for it. I’m not particularly well with networking. This device is a Cisco Meraki MX64. I saw it doesn’t support open WRT so I’m curious if there are any other known projects or alternative software that could run on it. I’d love to toss it in with my network stack but all I have now is just a switch that it’ll plug in to but would love to replace e switch with it.

Let's say I have a domain called mysite.com

mysite.com points to a server which only opens port 443, and each connection will need to go through that and deal with Caddy reverse proxy.

I want to host more services on it.

Let's say I want to host an email service, the easiest thing would be using a subdomain such as mail.mysite.com and reverse proxy each connection to the internal port on which the service run.

Same with a chat service chat.mysite.com.

But for the sake of readability it would be much better to simply have username@mysite.com than username@mail.mysite.com or username@chat.mysite.com.

reverse proxying every request from a subdomain to the right port is pretty straightforward with Caddy, also if you use cloudflare you can proxy with cloudflare each subdomain and have auto SSL certificate without further set up, which is amazing!

But what if I do want my services to be accessed through mysite.com directly instead of a specific per-service subdomain?

Some federated services also have two separate ports for server requests and client requests, which further complicates the process..

Is this service specific and must configured individually for each service? Or there is a way to tell caddy that a specific request going through mysite.com should be redirected through port X.X.X.X? Is there a way Caddy can recognize where requests need to be directed?

I've been self hosting a matrix istance for a while, but I'm honestly really really tired of bugs on clients and authentication not working, I know matrix is very feature rich and is awesome that is federated, but I'd prefer to use something which loads my server less and which is more simple despite lacking some features, what do you think?

Hello everybody,

I want to ask for some opinions on my current setup and how I pretend to use it for my Media Server:

Current Layout

I currently use an UGREEN DXP2800 NAS running TrueNAS Scale with two 4 TB HDDs in Mirror mode. This is planned to be my "long-term storage" for backups, photos, and so on.

Additionally, I have 1 TB SSD installed in the system. I created two datasets on it: one for Docker containers and the other one for Media, following the TRaSH guides folder layout

My current plan:

My idea is to use the SSD for the torrents and the seeds, and once the file (e.g. the ~~movie ~~ Linux ISO Image) is completed, to move it to the HDDs. From there, Jellyfin would read the corresponding dataset and play the media.

The question:

The TRaSH guides puts a lot of emphasis on hardlinks and atomic moves, and that forces you to operate in one single filesystem. Is it worth it to stick to the TRaSH guide or my current setup would work just fine? What do y'all think?

Thanks in advance and happy self-hosting!

cross-posted from: https://lemmy.buddyverse.net/post/10438

I recently upgraded my network from a basic router to a Netgear GS108E Gigabit switch. Backups are now way faster, which is great… but now I’ve run into a new problem.

I run Proxmox Backup Server (PBS) in a VM on one of my servers (let’s call it Proxmox 2). PBS has 100 GB of cache storage since I’m using S3 as a datastore - it stores chunks locally before uploading to S3.

Here’s the issue: I try to backup a VM from another server (Proxmox 1). The VM’s storage is 300 GB, but actual usage is under 30 GB. Everything works fine until it hits 34% (104 GB of data). At that point, the PBS VM and the host server itself become completely unreachable. I have to force power off and restart.

I understand why PBS might crash – my VM has 4 GB RAM, 2 CPU cores, and my internet is only around 60–70 Mbps—but why would the host server hang as well?

Has anyone experienced something like this? Could it be networking, storage, or something else in Proxmox causing the host to become unresponsive when PBS gets busy? Any ideas or advice would be appreciated!

For further context: https://lemmy.buddyverse.net/post/5455

cross-posted from: https://lemmy.buddyverse.net/post/5454

Hello everyone, I’m fairly new to Proxmox and struggling with my homelab setup. I have two machines running Proxmox 9: an HP EliteDesk 800 G5 Mini (Core i7-9700) and a Dell OptiPlex 7070 Micro (Core i3 9th gen). I’m running into several issues and would appreciate your insights.

1. Networking Issue on EliteDesk: I have two VMs (both Ubuntu Server 24.04 LTS) on the same bridge (default vmbr0, I haven't modified any network settings in proxmox). If I stop or shut down one VM, the other loses internet connectivity. I can still access the applications from my home network using IP address (192.268.x.x).

2. Backup Setup on OptiPlex: I’m running a Proxmox Backup Server VM with Backblaze B2 as an S3 datastore. This is working fine so far.

3. Backup Problems on EliteDesk: I’m using default LVM-thin for VMs. Backups take a very long time and often freeze at 1-2%. Shutting down the VM cleanly afterward is nearly impossible. I’ve tried both Stop and Snapshot modes, but the issue persists. When a VM becomes unresponsive, it triggers the networking issue above. Would switching to ZFS help? If so, how can I migrate without losing any data?

4. Hardware Acceleration for Jellyfin: On the EliteDesk, I’d like to enable hardware acceleration for a VM running Jellyfin (in Docker) using the i7-9700’s UHD 630 iGPU. Can anyone recommend a clear guide specific to this CPU? The Proxmox documentation isn’t very detailed for Intel GPUs.

The networking issue is the most frustrating. Has anyone encountered similar bridge problems? Any advice on fixes or next steps would be greatly appreciated. Thank you!

Context: my father is a lawyer and therefore has a bajillion pdf files that were digitised, stored in a server. I’ve gotten an idea on how to do OCR in all of them.

But after that, how can I make them easily searchable? (Keep in mind that unfortunately, the directory structure is important information to classify the files, aka you may have a path like clientABC/caseAV1/d.pdf

selfh.st was a website that was included in my RSS feed for reading news about self hosting and such for a while now. I never felt it was that helpful for me since I usually add the release notes of the services I use individually on my feed. I would often read out of curiosity.

I also felt their feed was always very clunky to be honest, it was never formatted properly but at least there was content there. In the middle of the huge images there was at least a little bit of information to be seen.

9 months ago their feed broke (because they changed their domain or something like that) and since then, I noticed the website is kind of declining? I kind of hate the overuse of enshittification but there are no other words for me to define this. Many red flags were already ignored before by the way, including the usage of AI slop imagery and a change of interface for the worse, to include information about sponsors.

They started sending the feeds with: "This is a feature reserved to premium users" with a link to their website. Felt very icky.

I do NOT expect people that make content to keep doing it without support (we support a few independent news outlets, also donate every now and then to projects we use a lot), however the way they are trying to get said support is very.... weird. Like trying to boost numbers, if that makes sense? If done different I would gladly give them a subscription each month, but this hit me in a weird way.

Anyway, I won't be part of their audience anymore. Are there other websites which focus on self hosting have on your feed?

With the recent news, VPN bans being tested in western countries and even states like Michigan toying with new internet censorship; it’s had me thinking that I need to up my self hosting game. I currently use Truenas scale electric eel and I really am a novice with no formal education. I have a myriad of apps running, learned through YouTube tutorials, documentation, and AI. I tunnel out some of these services via cloudflare zero trust to a domain. I’ve got pi-hole running on the network and a VPN on my windows machine but that’s about it. It’s great! It works! It’s fun to tinker with and has allowed my family to ditch a lot of subscriptions. Browsing around, though, I see a lot of comments about different ways to secure servers. Everytime I try to learn about something such as VPS, reverse proxies it feels like an inundation of too much information and differing opinions. It seems like there are so many ways to do it that I really have no clue where to begin. I also don’t want to break what is currently working for me.

Anyone have a good idea on good sources to educate myself? Is it vital I learn how to run some sort of local service? How would hard government crackdown shutdown VPNs and what could a self-hoster do to avoid that? Be gentle. Thanks.

If I want a #selfhosted database backend for #n8n automations, what does @selfhost suggest? Baserow? Grist? Supabase?

Needs to run nicely in a Docker container on #TrueNAS.

IMPORTANT NOTES (PLEASE READ!):

• These are NOT products. They are for testing and demonstration purposes only.
• They have NOT been reviewed or audited. Do NOT use for sensitive data.
• All functionality demonstrated is experimental.
• These are NOT meant to replace robust solutions like VeraCrypt, Simplexchat, Signal, Whatsapp, wetransfer. It's a proof-of-concept to show what's possible with browser APIs.
• Cyber security is full of caveats, so reach out for clarity on any details if they can't be found in the docs.

Aiming to create the worlds most secure messaging app.

https://positive-intentions.com/docs/projects/chat

• Open Source
• Cross Platform
  • PWA
  • iOS, Android, Desktop (self compile)
  • App store, Play store (coming soon)
  • Desktop
    • Windows, MacOS, Linux (self compile)
    • Run index.html on any modern #browser
• Decentralized
• Secure
  • No Cookies
  • P2P E2EE encrypted
  • Forward secrecy
  • No registration
  • No installing
• Messaging
  • Group Messaging (coming soon)
  • Text Messaging
  • Multimedia Messaging
  • Screensharing (on desktop browsers)
  • Offline Messaging (in research phase)
  • File Transfer
  • Video Calls
• Data Ownership
  • SelfHosted
  • GitHub pages Hosting
  • Local-only storage

For more information on "how it works", check out: https://positive-intentions.com/blog/decentralised-architecture

(Degoogled links to the apps)

• P2P Chat: https://chat.positive-intentions.com/
• P2P File: https://file.positive-intentions.com/
• Encrypted drive storage: https://dim.positive-intentions.com/?path=%2Fstory%2Fusefs--encrypted-demo

More:

• GitHub: https://github.com/positive-intentions
• Mastodon: https://infosec.exchange/@xoron
• Reddit: https://www.reddit.com/r/positive_intentions