In a cloud server (hidden from the public)

  www.keycloak.org  - auth mostly for outline
  www.getoutline.com - my personal "notion"
  nginxproxymanager.com - to proxy things
  Wireguard - remote access and interconnection between zones
  cockpit-project.org - to manage VMS
  github.com/coder/code-server - To remote develop
  2x of docs.paperless-ngx.com/ (one for me and one for my partner) - I scan and destroy most of the letters I get.
  snibox.github.io/ - my terminal companion
  pi-hole (together with wireguard I don't have ads on my devices)
  uptime.kuma.pet - to be sure that things are online
  mailcow.email/ - for non priority domains
  docs.postalserver.io/ - mail server for apps and services

At home (small 6w nic with):

  HomeAssistant - To control home lights
  Cups - share printers
  Wireguard - (connected to the cloud)

Even though I sold mailcow and stopped working on it in the past months, it warms my heart SO MUCH to see people using it. :) Really, thank you.

I have some ideas for a proper successor which would be much more scaleable, modern, flexible and would be more focused to use existing transports for piggybacking mail. A fully and safely encrypted mail storage as well as a cool interface to invite for encrypted sessions etc. Smtpd and imapd using modern Python modules.

—

Providers found out it was easier to block private senders instead of developing good filtering mechanisms. I kind of understand this decision, but spammers simply abuse services like Sendgrid or create spam accounts on MS.

So… nothing really changed in regards of spam. We just lose actually *wanted* mails or have to look into the Junk folders more often, all while newsletters get on the priority lane.

That makes me unsure about developing anything in this regard. :(

André

Hi Andrè! I just wanted to thank you for mailcow! We used it a few years ago at my previous job to getting a new domain up & running and got a porfessional, best-practices-configured email server in no time. Great experience also for day 2 operations! Nothing like the other mail solutions available at that time.

Wishing you the best in your next endeavors!

Thank you! :)

To the new owners: I googled mailcow, got to the web site and found nothing to explain what it is, not even in the docs. Eventually I noticed the "People also ask" section in the Google results page:

> What is Mailcow?

> fully managed by Elestio. Mailcow is a Docker-based email server, based on Dovecot, Postfix and other open-source software, that provides a modern web UI for administration.

Hopefully this is correct but who knows.

Hi, it is now owned by tinc.gmbh

I sold it on 04/2021

Hi André.

First of all, thanks. I used hosted my own email 20 years ago, and when I saw how easy it was with mailcow, I decided to try again.

Looking forward to the mailcow successor. Is there anything up already?

Cheers.

Hi :) Not yet. I’m in a very burned out mode right now. Need to settle a bit.

Oh, and thank you for your kind words!!

I absolutely _loved_ mailcow. Worked out of the box way better than my hand rolled solution, and ended up using it for some small orgs too.

Thanks for all your work on it!

Thank you very much. :)

Wait, what? Was mailcow sold? What does it mean for future development and features? Should we start to look for an alternative?

> 2x of docs.paperless-ngx.com/ (one for me and one for my partner) - I scan and destroy most of the letters I get.

Ah, interesting. I have been considering finding a solution like that. How do you like it? Are there other alternatives you considered?

There are alternatives. I chose paperless because was the most mature opensource solution.

Be aware that there is paperless, paperless-ng and paperless-ngx.

When I did the setup last year paperless-ngx look like the most maintained.

> When I did the setup last year paperless-ngx look like the most maintained.

Just FYI, none of those were hostile forks, but in both the community taking over after the former maintainers abandoned the project. NGX is indeed the active version.

That's clearer. Thanks

I used paperless for a while but ended up just saving pdfs to directories instead. I can find what I need without fancy OCR features by organizing and naming files sensibly. And I am fairly certain this will still work in 40 years, while paperless, or even Linux, might no longer exist.

That was sort of the approach I had been planning on going for (manual scanning and putting it in directories that get cloud backed up). I have a pretty good scanner app on my phone, and so just scanning after opening the mail for some important document or invoice, uploading to the document storage, and then shredding seemed to be pretty low fanfare.

Which scanner app are you using?

In the end, paperless also stores the original pdfs in a directory. You get some more goodies from it, like automatic OCR and a web interface, but your baselines is also included.

Why not do both? Use rsync to do a one way sync by keeping a filter list to the paperless consume directory so whenever you drop any new documents to your original folder structures, it copies THAT to the consume and paperless consumes it?

I can recommend paperless. I am running it locally in a Docker container and sync database/files with iCloud (so they are backed up). I've been thinking about putting them on the actual web to access them anywhere, but so far having paperless "just" on my computer was enough.

Thanks for sharing this list! I wasn't aware of nginxproxymanager. This is something I've been doing semi manually for years. It looks like it'll slot right in and save me some work

How do you keep the server hidden from the public?

I just don't assign public Ip addresses to private VM.

Public (with different public ips) I have:

  * Mailcow
  * Postal
  * Code server (just a dev machine with public ip)
  * Wireguard
  * NginxProxyManager

Private (without public ip) I have:

  * PiHole
  * containers (where i run most of the staff)
  * Monitoring

One option is to use Tailscale or plain Wireguard.

You can run pihole in the cloud? That is very useful information.

You could also use https://nextdns.io. It’s basically pi-hole in the cloud.

I pay $20/yr for their service it’s so good, and I can turn on/off quickly per-device when I need normal dns to work, instead of having to ssh and tweak pi-hole or whatever across the whole network

Why wouldn’t you be able to? Pihole is just dnsmasq with a frontend.

The biggest curse of the Raspberry Pi is a whole heap of stuff that has gone from “needs a UNIX server” to “but surely that requires an underpowered UNIX server with a very specific distribution of Linux”.

Pi-hole runs just fine in Docker [1]. You don't need a Pi to run it.

[1]. https://github.com/pi-hole/docker-pi-hole/

You should not open its port to the internet at large (look up: open resolvers) but yes you can run it anywhere and access over VPN, etc.

I've been using a Raspberry Pi as a home server, and it's been holding up amazingly well, given everything I've thrown at it:

- The excellent Home Assistant, for unifying across Homekit and Google Home and tracking historical temperatures and a couple of automations. The RPi has Bluetooth built in, so I can capture the data from a few Bluetooth thermometer/hygrometers running custom firmware (https://github.com/pvvx/ATC_MiThermometer) without a 802.15.4 bridge or similar.

- An AirPlay to Google Cast bridge, mainly for listening to Overcast or the occasional YouTube video on Google speakers (without subscribing to Youtube Premium/Music)

- A SMB server, for file storage and potential Time Machine backups (but I don't currently have enough storage, and locally attached SSDs are just hard to beat in terms of performance)

- A DLNA server, for watching photos and videos on my TV

- Tailscale, for the occasional use of my home connection as a VPN when traveling (really glad to be having symmetric fiber for this!)

- Caddy, as a frontend for everything web facing, to benefit from its excellent Let's Encrypt integration for automatic certificate requests and renewals

Most of this is running in Docker containers and configured via Ansible, so that if the microSD card burns out (or I botch an OS update), I can just flash a new one with an empty image and recover from there.

All of my Raspberry Pis netboot, which means I never have to worry about a card burning out, and I can change what they boot into by just renaming a symlink on the server.

Seems like a smart way to do it, but that relies on having another always-on system standing as the server. OP's solution only requires the one device, the rPi unless something needs to be changed.

If you run an open source router distro like OpenWRT or OPNSense, you can use it as the PXE Boot host. That's a device that needs to be running anyway.

I've seen a lot of people running their routers as a VM on something like Proxmox and that gives you even more flexibility but it does require a beefier server - one that could potentially replace all the RasPis, potentially making the PXE boot redundant. :D

That's true. In theory you could use an extra Raspberry Pi itself as the netboot server. But since my home network already has a fileserver it was an easy choice.

Can you netboot from a desktop computer that's not always on? If the desktop is running when the pi is booting, does the pi then need the "server" (desktop pc) again until it needs to reboot?

No, because the root filesystem is mounted by NFS.

Which AirPlay to Google Cast bridge are you using? Thanks

This one: https://github.com/philippe44/AirConnect

And here's a containerized version that works with the Pi: https://github.com/1activegeek/docker-airconnect

i'm trying to buy rpi but can't decide which configuration. what are minimum requirements to run airplay bridge, home assistant?

If you want a Pi (or alike) for specific reasons, go for it!

But, if you are looking for cheap and relatively low-power compute, I strongly recommend looking at used ultra small form factor PCs. You can get much more computational power and expansion, often for cheaper than a Pi. And eBay is riddled with these things, unlike recent Pi availability.

https://www.ebay.com/sch/171957/i.html?_from=R40&_nkw=%28len...

The pricing gets even better if you want to buy them in a lot.

I'm using a Model 4 with 4GB of RAM, but 2GB would probably also be ok. (I haven't measured peak memory usage, but I imagine that having some spare memory for file caching reduces read contention for the SD.)

Home Assistant can take a minute or two to start up, keeping all four cores quite busy, so I wouldn't recommend trying this on an older model myself.

If you want to use the Pi's internal Bluetooth module, obviously you'll also need one that has one and supports Bluetooth LE. Again, I can only speak for the Model 4 here, which works great for that.

In terms of minimum requirements, you could even run that on a 0 or older.

In practice, you probably want at least 3b+ for reasonable performance. If you're buying new anyway and can get them for MSRP I don't see why you wouldn't get a 4.

Rather than listing everything I'm hosting at my home server, I'll just share what saved me the most time, repeatedly:

Mirrors of various package repositories I use.

I'm currently mirroring npm, crates, Arch packages, clojars, maven and some other things, then all my machines (desktop, servers and laptops) point to the mirror rather than directly to upstream. Some of them are mirroring dynamically (basically a cache at that point, do this for npm for example) while others I fetch the entire repository and keep on disk, cleaning out old packages when needed (I do this for Arch packages for example).

Best benefit is that downloading stuff and updating my machines takes seconds now, even if there is multi-GB updates to do, and a secondary effect is that I'm not impacted by any downtime from npm et al. Saved my bacon more than once.

I would be interested in doing some sort of hybrid mirror / cache of a few repos, if I could do them just in time style. I don't need all of pypi (nor do I want 13.5TB of packages). I probably only ever use a few hundred packages at most.

I would like to point all my systems at my server. And if I `pip install pandas` and its not on my server the server grabs it and passes it through and syncs that package locally from then on. Same with yum, npm, docker, or whatever.

And I just realized I could use Artifactory as a caching proxy and at least save some time there. However, that doesn't mirror the package it just caches that specific version. I would be very interested in something where the system sees that I use `pandas` now and will mirror it. Or give it a requirements.txt and it flags all those packages and dependencies for mirroring.

Maybe DevPi would work?

https://devpi.net/docs/devpi/devpi/stable/%2Bd/index.html https://blog.jcharistech.com/2022/08/13/how-to-run-a-pypi-mi...

another option is https://pypi.org/project/python-pypi-mirror/

It looks like DevPi may just work as a caching proxy as well. I also found Bandersnatch too. https://github.com/pypa/bandersnatch which is a configurable mirror with allow / block lists.

Essentially want something like DevPi but add the package to the bandersnatch allow list and mirror it from then on. With some extra large packages in the deny list.

Probably possible to wire that all up reasonably well, but probably just using a caching proxy is 90%+ of the improvement anyways. So may just stick with that.

I don't know of any particular solution for the python ecosystem, I don't use it often enough to justify dealing with that can of worms.

But for npm, there is Verdaccio which does exactly what you want, and is what I'm using.

Can you share a bit about how you set this up?

Also curious if anyone has taken this a step further and MITM Squid proxied their whole home to cache all responses >100mb or something like that.

Basically just a bunch of shellscripts for most part, that is run with systemd timers on a PC-like server (consumer components), served via Caddy.

Npm registry is using verdaccio, arch packages is using https://gitlab.archlinux.org/archlinux/infrastructure/-/blob... + what is outlined at https://wiki.archlinux.org/title/DeveloperWiki:NewMirrors, clojars is just reading the list of packages and downloading them one by one each day.

Not a unified or nicely done setup by any means, just thrown together to solve the problem at hand.

I setup apache archiva [0] to cache maven binaries at work. It was okay.

[0] https://archiva.apache.org/

Gitea works really well for this - just choose "new migration" and set the remote up as a mirror - super easy.

I used to do that for my servers. It works quite well but packages update so frequently you don’t see a major benefit

How much space does it take to mirror npm currently? Tried finding that online but not sure where to look.

I've done it some year ago last time, in order to dig out some statistics, it was around 1.8TB then, just counting the latest available version of each package (not every version of every package).

But as another commentator said, I'm only caching packages that already been fetched now, as I have no need for everything in the registry (most of it is junk to be honest).

It sounded like they're essentially caching npm, not mirroring the whole thing

> Some of them are mirroring dynamically (basically a cache at that point, do this for npm for example)

NextCloud, Home Assistant, Paperless NGX, Minecraft, Caddy for some Hugo sites/blogs, Unify Controller, Vaultwarden, Traefik, Sabnzbd. Used to do WireGuard but now I use Tailscale, AdGuard home and FoundryVTT.

It's all docker-compose. I'm thinking of taking some services off the internet using TailScale, some already are just on the Tailnet (Home Assistant and Paperless NGX), all my SSH ports are now only open to the tailnet as well. I love Tailscale, except for the battery drain on my iPhone (which wasn't an issue with plain WireGuard)...

Btw, this is my hardware: https://blog.hmrt.nl/posts/personal-cloud-infrastructure/#ha... (beware, the rest of the post is somewhat dated).

Oh, I moved Paperless and Home Assistant to a NUC, mainly because I'm working on the house a lot and I really need those online, those were also set up with Tailscale in mind, and the advantage is that whether that NUC is plugged in, on WiFi or at my parent's place, all services (inc ssh) are still available at the same IP address (of course sensors drop when I move the NUC out of my network, there is no Tailscale for the Shelly plugs etc :)). I'm thinking of a similar setup for my NextCloud now. Always innovating, it's a nice hobby.

>I love Tailscale, except for the battery drain on my iPhone (which wasn't an issue with plain WireGuard).

Netmaker is a good self-hosted alternative that utilizes Wireguard.

> I love Tailscale, except for the battery drain on my iPhone

Same, I hope they can fix this soon. :(

I've run into this too, and there's been an open issue on this for some time now:

https://github.com/tailscale/tailscale/issues/3363

Yah it really does destroy my battery on iOS.

“It's all docker-compose.”

Are you using a utility to manage docker-compose or just setting it up on the CLI (e.g. started with a systemd service)?

I run docker-compose via CLI on my server but it’s not always convenient to ssh in to check on something.

Since it's all a yaml file I just use vscode's remote-ssh to check (files opens in vscode, one click opens a shell at the bottom (ie for docker-compose ps), nice thing is that remote-ssh also allows dragging and dropping files to the server without needing anything else, rarely need that though). If you add the `restart: unless-stopped` line, all containers just come up again after crashes/reboots.

On Arch I just `sudo systemctl enable docker` (after `sudo pacman docker docker-compose`), I wrote a bit about it here: [0]. This starts docker automatically, and docker automatically starts any containers with the above mentioned line in their service entry.

[0]" https://blog.hmrt.nl/posts/wordpress_using_swag/

Look into portainer

Very cool! Since this is all exposed to the internet, how do you keep it secure? I’ve got a spare laptop and a static IP, but I’m concerned about exposing my home server to attacks. Right now I’ve just got it all running in Tailscale, but I’d like to safely host public-facing apps too.

I religiously keep everything up to date, for anything exposed to the public I use https (Traefik does let's encrypt, caddy as well) and set 2FA for Nextcloud for example, there is also a brute-force protection app for NC.

Some services, like HA, my minecraft servers, Paperless, in fact most of them, I would indeed feel less comfortable exposing, and I don't, but for NextCloud I also use it to share large files with friends so it needs to be internet facing, as do the blogs, but Hugo generates static sites, so that is quite secure (like earlier mentioned blog).

Thank you for the explanation! It sounds like a pretty solid system.

One extra layer I put on my externally facing sites is a simple auth prompt (after redirect to https!) as an unlikely-to-have-a-compromise gate before any logon for a self-hosted service. You can make it a fairly easy to remember username/password for anyone you want to share your self-hosted apps with, since its a mostly irrelevant extra step just to guard against exploits in more complicated software stacks

I started using traefik as my loadbalancer which supports authentication middleware. I rigged up keycloak and forward-auth to handle external services that either do not support authentication or has a weak security profile. A poor man’s zero trust setup.

Here is the blog I used to get things started: https://geek-cookbook.funkypenguin.co.nz/docker-swarm/traefi...

Neat! Thanks for the tip. I might integrate this in some of my auth, but I'll probably keep using simple auth at the very front due to its old age and absolute simplicity making exploits unlikely

In addition to the other comment, look into fail2ban: it's a bruteforce protection that isn't application-specific, it can be configured to protect form bruteforce any service that logs login attempts somewhere.

> docker-compose

How do you deal with backups? That’s my main struggle with docker.

I use Borg (https://borgbackup.readthedocs.io/en/stable/) with some Python and Bash scripts.

All my containers write to the same volume mount (e.g., /mnt/docker_share/$service_name), the scripts shutdown the LVM, run the backups from Borg, sync the files to rsync.net and turn the LVM back on when the backups finish.

Not my home but my parent's (as I'm a "nomad"). They recently built a new house and put me in charge of the tech with a handsome budget, so I built a rack just like it would be my place. Ended up costing 1/4th of what other "smart home" companies quoted. We got way better bang for the buck and software capabilities.

On the server/NAS, a QNAP TS-464eU (4x 4TB HDD RAID 5 + 2x 1TO SSD RAID 1), I'm running Container Station with 4 docker containers:

  - Home Assistant => For all the home automation, displayed in the kitchen on a tablet.
  - Adguard => To remove internet trash and protect my parents when browsing the web.
  - NextCloud => For contact, calendar and file sharing in the family as well as backups.
  - Caddy => Reverse proxy to make NextCloud available from the outside.

Computers (including mine) are backed up daily via NextCloud. The NAS is also backed up off-site with a cloud provider.

I did a more comprehensive list of the setup[0] if you are interested.

[0] https://www.craft.do/s/W8r9KufHct0zG7

As someone who gets caught in the occasional "could you just fix x – what do you mean y is not working? It always worked before you got here"-trap, essentially signing up to run your parents entire smart home setup, indefinitely, feels like some special kind of hell.

My choice with their new house was pretty simple. They wanted a smart home, and being the tech son I would inevitably have to help them at some point. So either I debug a system that is open and familiar, with remote access and reliable software/hardware. Or I deal with some closed proprietary trash which will end-up with me on the phone with some incompetent cash grab company. As mentioned in my post, the latter would have cost 3 to 4 times the price of all the hardware we bought (see the link) and we would just get some SBC or cheap tower instead.

With the current setup, I can easily connect via VPN to configure network devices. Ubiquiti also makes it very simple to apply network changes or upgrade it remotely (as long as it's from the same brand). I set up extensive monitoring and alerting to proactively resolve issues. I also gave my parents some training and docs on how to plug things to the Ethernet sockets (if they want to setup a new printer for example) or what to do to bypass the router (rewiring) in case the main router fails.

As a side note to helping my parents. They are both 70, not the most tech literate people but they manage to do all basic things without much trouble. I put them both on Ubuntu 8 years ago, never had any issues whatsoever. I get maybe one message or call in 6 months for a question, but it's usually web related. Once in a while when I get home I update the distro, but that's pretty much all the maintenance I do. I have Teamviewer on all their devices, just in case but never really had to use it so far.

> They are both 70, not the most tech literate people but they manage to do all basic things without much trouble. I put them both on Ubuntu 8 years ago, never had any issues whatsoever. I get maybe one message or call in 6 months for a question

Okay, so can I hire your parents?

I had a few questions if you don't mind answering as I'm doing something similar for a vacation home (and my own, but this is more relevant to the remote one).

    How many IoT devices are you working with?  

I don't have the best router up north and some of my lousier routers can't handle more than about 25 devices before they start crapping the bed.

    Do they disconnect often from your router (and do the successfully reconnect)?

Similar router problem, though I've found some of the more finickier devices I own can have problems in my home where I have a number of options for connections.

    If you haven't had these problems, what router are you using?

    What about "the internet is down"?

This was less of an issue when everything was Z-Wave/ZigBee, but all of the cheap stuff is WiFi. This mostly only concerns "the lights" and "the plugs". I don't want a switch to stop being able to control devices it's not directly attached to if home assistant or the target device can't reach the internet. All of the ones that I own broadcast state and can accept commands via UDP over the local network so I was thinking of writing something that HA could call, locally, which would issue those commands and receive the statuses (so they'd always be local-only).

I only have only few (less than 10) IoT devices using WiFi and they are spread over 2 fairly good access points. The rest are either wired or using ZigBee. My router doesn't have WiFi functionality itself, it's a Unifi Dream Machine SE[0] with the APs and cameras connected in PoE. It's plugged on a UPS, so hopefully the internet should still work if the electricity cuts.

Regarding your issues, I'm not an expert but I would recommend deploying more access points (pick some good ones) on the areas where your IoT devices are. Best advice I have is to wire your access points, I always had bad results when bridging them wirelessly. Although if you are in a remote area with little interference, you could get better results.

[0] https://store.ui.com/collections/unifi-network-unifi-os-cons...

There’s another aspect though - when you come to sell the home it’s easy to market Crestron, Control4 and others specifically because they are standard (albeit expensive) solutions and have a whole ecosystem of consultants who can be brought in to diagnose and fix issues, upgrade stuff.

With DIY you are usually left with at best ripping it all out and selling it without any “Smart Home” promises, you can I guess still market that it has structured cabling to enable smarts though?

Yeah that's a good point. In our case, all smart systems can work independently (via their own app or physical controls) or be integrated with other smart home platforms. It's true that if they would ever move out, the HA instance might be gone, making the house loose a bit of its brains when it comes automation. But the base to build on is there, still has value I guess. And the rack with Ethernet in all rooms has some value too.

Edit: The only "problematic" part would be the cameras. Not sure if Unifi cams can work with other platforms than Ubiquiti's. But in any case, the wiring is there (Ethernet) and the cameras can be replaced or a new owner could bring their own Unifi surveillance console (or we could sell it with it).

RE: UniFi, they need to each be flipped into "Standalone" mode and then you just follow the instructions over here:

https://help.ui.com/hc/en-us/articles/221314008-UniFi-Video-...

I mostly ended up and recommend Axis for IP surveillance, it has nice MQTT integrations and recessed mount options (https://www.axis.com/products/axis-t94s01l-recessed-mount) but almost anything which can do RTSP will work with either a COTS NVR, or something like Frigate (https://frigate.video).

Another thing to read up on and use when shopping for IP surveillance is ONVIF and the various profiles offered!

In my experience signing up to do it or not is irrelevant because I'll end up doing it anyway since they're my parents, so i'd rather have full easy remote teamviewer/ssh access to the stuff I know works and how it works because I set it up instead of going there to debug some crap they downloaded or bought in the app store/mall that claimed to do x and now it doesn't work and now nothing is working etc etc.

Still can't avoid having at times to go and fix the god damn printer however. Printer driver programmers/designers really make me question if politicians should be the most hated profession in the world.

> Printer driver programmers/designers really make me question if politicians should be the most hated profession in the world.

Trying not to be snarky but really printers are very mechanical I/O devices. I don't think the driver programmers have much fun with their jobs, having to deal with seemingly greedy product requirements and lots of variation in real world use (humidity, paper type, ink quality, yada yada). When I start thinking about this and couple it with my own stupidity, I am amazed anything works at all. How do you even do automated integration tests on a printer?

I'd like to think I am about an average programmer and I am reminded by my own actions everyday that I know nothing. I am constantly learning (and forgetting) new ideas every week.

while it is obvious my comment was hyperbolic, the underlying sentiment still stands regardless. I can be charitable only so far, not complaining that the drivers don't make my color image perfect on a vinyl postcard, not even complaining that I need to realign the heads or whatever every other time I've got to use the printer, those can be mechanical issues and probably not their fault. I just want to print black and white on A4 and a color print every month or so.

But the consistent issues almost every single home printer I've used had with regards to connecting to computers, both wireless and wired is not reasonable. There's a plethora of other issues but that's more on a software in general than driver front so I'll leave them out of it.

All these problems on a windows machine by the way, surprisingly enough I've had less headache with printers on linux than windows. Maybe the lack of software layers to muddle shit helps here, who knows

> I don't think the driver programmers have much fun with their jobs, having to deal with seemingly greedy product requirements, and lots of variation in real world use (humidity, paper type, ink quality, yada yada).

That's a normal job, everyone has greedy product requirements outside of VC money pits. Also don't think their job in the capacities I complained about is very much mechanical at all, yeah it's very much I/O but that doesn't mean much.

>I'd like to think I am about an average programmer and I am reminded by my own actions everyday that I know nothing. I am constantly learning (and forgetting) new ideas every week.

people learn stuff and do their jobs, its not rocket science, nobody know everything nor can hold all the information in the world in their heads. As far as i'm aware printer connectivity isn't some CS open question, it's not a new field that needs exploring, it should've been explored by now. Yes of course drivers are a bit of a moving target regarding support for different architectures, but printers aren't the only things that need drivers and yet seem to be the only ones consistently having this issue ever since I can remember(maybe network cards as well?).

My colleagues and I call this the "Ever since you..." and it's one of our longest-running chuckles.

"Ever since you installed that ad-blocker, the Wi-Fi signal in the den is really weak"— uh, that's not how that works.

It's why I make every effort to never touch or even give advice on technical matters to friends and family anymore. Almost zero upside and unlimited downside—getting angry texts and phone calls at all hours of the day and night, and offering free support for life (and almost always accompanied by zero thank you's).

I thought the same. Having run HA at my own home for a couple years now, theres no way I would take ownership of someone elses install. I love the setup, its just not a "non-tech savvy friendly" ecosystem. Thats what I assume you pay for on the COTS ones.

My inlaws built a new house 3-4 years ago, a fairly nice, modern house. But, the whole tech side felt like it was using technology that was dated in the '90s.

TV going into a Receiver in the next room, and DVD+Apple TV connected to that receiver. 5 channel audio from the receiver. Several zones of in-ceiling speakers also run by the receiver. Some "knock off" Logitech-like smart remote control, because it's easy for the installer to program, but fairly hard to use and not something we can customize. CCTV cameras connected by coax to a central controller, I think the resolution is 640x480. One simple WiFi AP to try to cover the whole 4600sqft house.

For my own home, I went with a Google TV with soundbar and HDMI+CEC and get full control with a single remote. For full house audio I use a combination of Google Home speakers and portable bluetooth speakers. Much simpler and flexible.

The setup your inlaws have probably doesn't rely on the cloud, and report everything they watch to advertising companies, unlike your setup.

They have cable for their primary viewing, which means that, sure, Google isn't seeing it directly, but their cable provider has all the details of what they are watching then. Honestly, I'd trust Google with that information over Xfinity or whoever they have for cable. Verizon?

I realize that is a concern for some, that is not a concern for me.

I have accepted that most of what I do is recorded and tracked. As such, I have a few options... opt in, opt out, or a hybrid approach. Google provides enough value to justify the cost (IMO). For this reason, most of my products are from Google. I'd rather consolidate my data with a single company rather than spread it out across many.

I've got a slew of different computers doing different things. All of them are networked together via Tailscale.

Ubuntu 22.04 Server for the host, everything else runs in LXC containers. This is all setup on ZFS.

- https://znc.in/ IRC bouncer

- https://caddyserver.com/ Caddy Webserver for a few personal websites

- https://github.com/AndroidKitKat/waifupaste.moe/ My personal pastebin

- https://transmissionbt.com/ Torrent client that I actually use for Linux ISOs. Primarily seed different versions of Ubuntu and the latest Arch. I am looking to seed other, lesser-seeded distros, too.

- It also runs Samba

A second, dedicated computer also running Ubuntu Server 22.04. It only runs https://pleroma.social for me and a few of my friends.

A third computer, this time an M1 Mac Mini that is my Plex box. It's running the latest version of macOS Ventura and runs all the *arrs and qBittorrent. It also runs Plex itself, because it's one of the only computers that I found that was low power enough but still supported hardware transcoding in Plex. I've been meaning to find a replacement for it running Linux + an AMD GPU (I have an rx470 sitting around somewhere), but no real good deals have turned up.

Your hypothetical new plex box does not need a discrete GPU. Plex makes really good use of Intel Quick Sync, and transcode quality has been indistinguishable or better than NVIDIA since about 5th gen. A Celeron G4900 (8th-gen dual core, 3300 passmark) has been benched as capable of 21 simultaneous 1080p transcodes.[0]

TL;DR: pick up a NUC knockoff with an >8th gen celeron or i3; it'll handle anything a casual household can throw at it.

[0] https://forums.serverbuilds.net/t/guide-hardware-transcoding... this is far and away the most comprehensive hardware guide for plex servers.

The second you want multiple streams of higher quality then 1080p 10mbs you will want a dedicated card. I got a <200$ old Quattro card (can't remember which) and it can handle pretty much everything I've thrown at it now.

4k TVs are common, planning for 1080p use is a mistake at this point imo.

1) if your device plays 4k, then what are you transcoding from? That's going to be the determining factor, not the 4k output stream. Certainly in a home situation, that's likely to be direct stream. If your source files are 8K or higher, I wouldn't consider you a normal home user.

2) quicksync on a 10g or newer cpu is benchmarked at 4-6 4k simultaneous streams, but a lot depends on the details: container format in particular matters a lot, and so do your transcode options. Color matching for example, is only ever done on CPU. And IIRC AV1 and VP9 are not supported by quicksync (or older discrete GPUs).

That said, it's completely correct that you should measure all advice against your actual output device capabilities and source quality.

This is very true, QuickSync falls over very easily when trying to transcode even a single 4k stream.

Depends on the details of your transcode:

- what's the source/destination quality?

- what's the container format? Quicksync doesn't support them all; even the newest gen is missing av1 and VP9 IIRC. But then, the same can be said for discrete GPUs.

- what filters are you applying. Many (most?) filters are CPU bound, which will kill you really quick.

But for supported formats without filtering, 12g Intel quicksync is regularly benchmarked at 4-6 streams.

One should always measure internet advice against one's actual use case. Personally I would argue that if you have a library of 8K video and more than 4 4K devices, you don't qualify as a "regular" home user. But of that's the case, hardware up my friend!

10th-gen i5 could not handle a single stream with most of the 4k content I tried, even though it was benchmarked as working. So if you're trying to transcode from varying sources I would imagine most people will end up wanting a discrete GPU.

If you're ripping your own content and can ensure that everything is set up right so that the integrated GPU can handle it, sure, it will probably work.

That being said they could have made giant strides in this area on 11th-12th gen, I have no idea.

As I mentioned elsewhere, check the details of that transcode you tried. Are you doing tone mapping? That happens on the CPU (even with many discrete GPUs). Is it in a supported container format? Did you validate that the GPU was being used for the transcode?

Other 10th gen I5 users get multiple simultaneous 4k streams going at > 1x speed. Even with tone mapping it should only use like 45% CPU for a single stream.

Unfortunately the difference between software and hardware development cycles means that when you're on data formats that came to prominence in the last 2 years, even the newest hardware may not support it yet.

Or I could just solve the problem by putting an old 1070 in the box and not have to babysit something I have literally zero interest in.

Sure, it's always cheaper to use the hardware you've got than to buy something new! And you don't lose much: AV1 and VP9 compatibility the same, and probably your home doesn't use more than NVIDIA's maximum of 3 simultaneous transcodes anyway. And IIRC that's about the maximum 4k transcode throughput of a 1070 regardless.

Personally I moved from NVIDIA to quicksync exactly because I felt NVIDIA required too much babysitting. Driver compatibility, interactive mode updates, patches and patch compatibility... In comparison the intel driver felt like a cake walk. But you should definitely go with your own comfort level, especially for the price point!

> NVIDIA required too much babysitting

This is on a headless box so thankfully I've never run into any of those issues, I just install their driver and pass the GPU through to my Docker container.

The place you specification is a thread posted in 2019 talking about a Dell prebuolg. Do you mind posting the link for the nucs? Or is it in that thread somewhere? Or is that dell actually a nuc.

The thread has the benchmarks, links to ebay searches, and lists of prebuilt machines (like the dells) that meet the requirements, since they're often the cheapest way to meet the spec (according to TFA). you may have to scroll up.

I just searched ebay for used celeron NUCs, and got lots of options like this one, with a 9th gen Celeron, for a hundred bucks. NB that the generation matters much more than the CPU, but some operations are still done by the CPU so if you can get an i3 or i5 it will make a marginal difference.

https://www.ebay.com/itm/115640978606?hash=item1aecbd4cae%3A...

Do you automate your Linux ISO seeding? Like getting updated torrents when a new version is released. I have been thinking about this from time to time, and haven't come up with a solution other than scraping.

I just do this. Update the ubuntu line every 2 years or so. This runs as a cronjob on my synology with the working directory set to a directory that the Synology "Download Station" is watching. It picks up the torrents and does its thing. I come in every now and then and clean out the dot releases. It's not the best but it's not the worst either.

  #!/bin/bash
  wget -nH --cut-dirs=4 -r -l1 --no-parent -R "*.tmp" -A "*.torrent" https://cdimage.debian.org/debian-cd/current/amd64/bt-dvd/
  wget -nH --cut-dirs=4 -r -l1 --no-parent -R "*.tmp" -A "*.torrent" https://cdimage.debian.org/debian-cd/current/amd64/bt-cd/
  wget -nH --cut-dirs=4 -r -l1 --no-parent -R "*.tmp" -A "*.torrent" https://releases.ubuntu.com/22.04/
  rm *-DVD-{2,3}.iso.torrent debian-mac-*.torrent *.tmp *.loaded

Wow, thanks!

Much simpler than my glue using changedetection.io and huginn.

I also learned some new tricks with wget.

For others interested: https://explainshell.com/explain?cmd=wget+-nH+--cut-dirs%3D4...

I pretty much update things manually when I think of it (usually every ~2 months or so) or when I am downloading a new version for whatever reason (like to flash yet another computer I picked up). I've been looking for something to do in my downtime , so I might see if I can whip something up to automate updates, could be a fun project.

Right now I have have changedection.io call a huginn webhook to alert me when a new release is up.

Maybe you do, but some of us are actually, unironically, torrenting Linux distros.

I ran a raspberry (model 1, then 2, 3, 4) since forever, which has been fun. Switched to an intel NUC recently as I had a spare and needed the compute power. Being able to run on 32 gb ram with an nvme disk feels good, but the pi has served my needs pretty well...

- plex for streaming media

- external hdd that a friend uses as offsite backup (he has mine)

- home assistant, mostly fed by data from the...

- mqtt broker, that ties the sensors around my house together

- postgres, for long term reporting and predictions, mostly with data from...

- some cron jobs that scrape weather data and energy prices (they change hourly, sometimes going negative)

- security camera (a shell script saving an RTSP stream)

- a docker container that I can ssh into from anywhere, that allows backing up the iphone photo roll using the "photosync" app into my photo backup folder

Soon (I tell myself) I will analyze the security camera stream with YOLO or something to detect the cats that piss against my bikes... hehehe

Any particular security camera that you use?

I have been considering building a bespoke home system with Elixir and am slowly building some APIs and ideas.

A very shitty Tapo camera made by tplink. It was cheap and exposes its RTSP stream on the network with some URL.

Do the cheap NUCs let you install more than 8GB RAM?

Define cheap. I'm running an Intel NUC d54250wyk (launched 2013) which takes up to 16GB DDR3L. You can't definitely find that class of hardware got cheap on eBay these days. Update SSD and memory and it's still great.

Stupid auto-correct. Should be: "You can definitely find that class of hardware for cheap on eBay these days."

Not sure which those are, but all the J/N 4000 series CPUs are only rated for 8 GB, yet I never heard of anyone having issues with 16, though not always at the maximum supported frequencies.

I have a 6th generation with 32GB:

    hw.model=Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
    hw.physmem=34227793920

Yeah it's a i10 NUC (not exactly super cheap), which takes 2x16 gb without problems. I'm running debian...

Running k3s on a small cluster of mini pcs and RPis.

Use Tailscale for MagicDNS and access from any network.

Have a custom wildcard domain pointing to my tailscale k3s node ips, and a traefik ingress controller. This means exposing a service from my cluster on a subdomain just requires creating an ingress object in k3s, and it's only accessible via tailscale. cert-manager and let's encrypt handle TLS.

All services are deployed via gitops using ArgoCD, so changes are auditable and can be easily rolled back. Replacing hardware is just a matter of installing k3s and joining the cluster, then everything automatically comes up.

Restic for backups to s3.

For home automation I use a USB zigbee controller, mosquitto, zigbee2mqtt, room assistant, and home assistant, all deployed on k3s. These control my lights, HVAC, and various garage doors and gates. Also have mains-powered zigbee switches bound directly to devices so everything still works even if network or home assistant goes down.

The RPis are used for Room Assistant, which can automatically control lights/HVAC based on presence detection via a smartwatch. More intrusive actions (e.g. making lights brighter when already turned on, opening blinds) are pushed to the smartwatch for confirmation.

Grafana/prometheus to monitor sensors.

For media, jellyfin and sonarr/ radarr. The native Jellyfin app works very well on modern LG TVs.

Pihole to block ads on any device connected to Tailscale. Works globally.

Right now it's zero maintenance, and changes are automatically synced after a git push, so I almost never SSH into the servers directly.

Always love seeing someone else create a similar solution as your own (albiet likely better!).

I have the same setup with K3S running on a couple PIs. You have a nice CI but I decided to use cdk8s[1] which lets you compile Typescript into K8 files. For access I did almost exactly the same but with CloudFlare Tunnels (might look into Tailscale). Stealing the zigbee2mqtt and room assistant ideas.

Where do you store volumes? I eventually just bought a NAS and mount persistent NFS volumes off it.

1. https://cdk8s.io/

cdk8s works really nicely with gitops.

> Where do you store volumes?

Back when it was a single node cluster, I just used hostFolder mounts with restic backups. I added Longhorn once the cluster grew, but there's still some local hostFolder mounts left around. For example, zigbee2mqtt needs to be on the node that has the zigbee controller plugged into it, so the node is tagged and zigbee2mqtt has a nodeSelector. This means the hostPath still works and I haven't needed to migrate it to Longhorn.

Longhorn initially scared me off with its relatively high listed resource requirements, but after configuring it to not run on the RPis it turned out to work quite well, most of the time just using a few percent CPU.

Thanks for writing almost exactly the post I was going to write. differences:

I don't use tailscale; I just port forward from my router to the k3s ingress IP, since that's fixed anyway. Accordingly k3s handles letsencrypt certificates. My router has a built in openvpn server.

I haven't moved to jellyfin... yet. Plex is super slick and runs nicely in the cluster. I've learned to keep it version locked though, to avoid regressions and unwanted new "features", which means jellyfin is only a matter of time.

I also run Nextcloud, and photoprism for my photo library.

Storage is on a built-from-scraps 16TB NAS which backs up to azure blob with duplicity, and longhorn for block-based storage (since lots of services nowadays prefer sqlite, which breaks on NFS). Yes I do need that space; I run an entertainment company and we store a LOT of video and audio. Not to mention media for plex!

I have many times considered moving most of this to a cloud system, but the cost is prohibitive. If anyone can find 13+TB of storage and transcode- and ML-capable hardware (for plex and photoprism face recognition) for less than $45/mo (my cost of electricity plus annual amortized hw cost), I'm interested.

This was basically my holiday project - Photo: https://i.imgur.com/2AnP4pu.jpeg.

I'm running Longhorn for storage but haven't figured out backup yet, and haven't got to grafana / prometheus yet.

I put up my work on GitHub as well: https://github.com/inssein/mainframe. I wanted to create a separate ingress controller for internal dashboards, but for now I just setup a separate nginx-ingress for internal, and using traefik for external, feels wrong.

> The native Jellyfin app works very well on modern LG TVs.

My experience on a CX OLED has been hit-and-miss. Freezes, crashes, and some times it just hangs when skipping and I have to force-close it.

I really want to like Jellyfin. I run it beside Plex and use both. I find Plex user-hostile but it still gives me a better video playing experience more consistently.

Interesting, I have a CX and a G1 and it works flawlessly. I didn't do anything special so might have just gotten lucky.

> changes are automatically synced after a git push, so I almost never SSH into the servers directly.

Can you elaborate how you're doing this?

I'll answer in his place, he said he's using ArgoCD and running everything on k3s. ArgoCD watches the files in a repo (kubernetes yaml manifests for example) and applies them in the cluster, so that the state of the running cluster (applications) is synchronized with the git repo.

Reading this thread, someone needs to put the home server in a tiny box, preinstalled with all the apps and put a slick user interface on it. I think https://umbrel.com is a thing but it's not packaged with hardware. Something that packages the hardware and software together would be pretty killer. Plug and play. Instant email. All the apps. Easy migration from existing services.

Synology NAS products (using their quickconnect service) get pretty close to this. You have to install their apps from an App Store but that feels reasonable for even the average consumer.

Seconded. Just get a Synology NAS. I'm incredibly happy with mine, they really seem to make a great product on both the hardware and software side.

Part of the fun for me is the tinkering, and I'm not sure if non-techies "get" the benefit of running a home server. Maybe the tide is turning for the younger generation? I can only speak for most people my age (30-40), they are capable of interacting with technology but they have absolutely 0 understanding of how anything actually works.

"Why when I can just use Spotify/Netflix/iCloud/etc"? Is the answer I got when telling them about my own home server shiz

I think it's like most home devices, it comes down to ownership. We've gotten into the habit of streaming everything from someone else e.g we're in cloud rental economy, but there's opportunity to restore ownership. Maybe there's a generation that just wants to rent but it wasn't really by choice, it's because ownership cost too much, ownership of homes, servers, storage, etc. We can reduce these costs and we can make ownership of services a thing once more. Sure, you might need someone else to fix things when they break, but it's not like I'm doing my own plumbing or electrical work in my house either.

So it's really this idea of pulling all your services back into your home server. Something you own, something that then becomes private by proxy of that. Something primarily for you and your family, no one else.

On the other hand one of the benefit of renting is that you don't have to deal with all the maintenance. It's fine to do a little maintenance but if you do that for everything it just absorbs all your time.

I know of an avid ham, and one of his favorite jokes is "Why use the radio when I can just call them on my cellphone?".

At some point, stuff like home servers really are more about the tinkering rather than any practical desire or need.

If someone's only interested in getting from Point A to Point B, he's just not going to care how fancy or interesting the mode of transport is.

I love tinkering but not with my data. For my data storage I want a stable and tested solution. I have done enough "shit I destroyed my RAID array" for my taste.

For important documents (insurance docs, mortgage, etc) I use SyncThing, for media I use my RAID1 array. I'd certainly hope that RAID1 works as I expect it to if one of my HDDs shit the bed! It's a good point though, backups aren't really backups unless they're tested... brb...

And RAID1 isn't a backup. If you delete a file accidently, it doesn't help you.

I have snapshots on my NAS, so nothing is really deleted. I supposed in another 10 years I'll have to start pruning old files, but disks are cheap and I don't really have that much data.

For that matter I generally don't delete anything. If I save it to my computer odds are it is something I want to keep for the rest of my life (that is family pictures). There are a few distro images that I download once in a while and then delete, but for the most part disk is cheap, and I don't have time to delete old stuff.

RAID and snapshots aren't a backup either: lightning strikes/house fires/earthquakes/floods kill all the disks together.

A backup is a restorable copy in some location not sharing much fate with the primary location. Right now you might consider "all copies in one city" to have too much fate in common, but "all copies in one country" to be acceptable, or "all copies on Earth".

There are many levels. Raid with snapshots is a useful level, though not perfect.

Yunohost ? Then put a sticker on a random box and your done.

Seriously, it does most of what you describe : good UI. Excellent user management between apps. Great catalogue ( 500+ all tested with different level of integration)

That is the easy part. What I really want is someone to administer the upgrades for me. Make sure everything just works, and all security holes are closed. Too often I get things almost working perfect just as some software goes out of support, and next thing I know everything is broke again after I make one upgrade.

unRaid is basically this.

Happy user of unRaid for years, just chugs away, easy updates, lots of apps available.

dietpi.com will get you halfway there

I would love for something like this to become mainstream, mostly from a privacy PoV. But, I think there are just too many different use cases, pitfalls, user problems and limitations. Something like a plug and play box could work for the very small intersection of "technically inclined and understands how to port forward and how to fix minor problems" and "not interested in tinkering with self hosting". As someone else already mentioned, a big part for people self hosting seems to be the tinkering aspect. For me tinkering and privacy are the main motivators.

On the potential problem side you have far too much friction compared to cloud services. It starts with getting a public domain and IP for sharing data with other people. Then you need to setup port forwarding, need a somewhat stable network and internet connection, run into problems with upload bandwidth being usually far less than download. Once you have the connection side taken care of, what about user onboarding, password recovery ("just mount the partition and overwrite the password" will not work), backups? How do you make clear the distinction between my self hosted Spotify and someone else's? Why can they not see my music? Why is there a difference in the first place?

I know all/most of this can be solved in some way, but it is hard. There is also never going to be a big (think billion dollar) company involved with creating such a solution as there is no monetization model. You can not go for a subscription (imo), because then you just pay someone to host something at your home using your power and bandwidth. You could say you only pay for support and maybe a relay to workaround NAT, but how would the support look like? Full access via an admin account? Privacy just got downgraded. What happens if the company hosting the relay goes under? Enjoy your brick (local would still work, but the user experience would be far worse).

Apart from all these software and user experience problems, we still need the hardware. It needs to be reasonably cheap (US and EU market maybe 200-300USD), but it needs to be reliable (it will live in the worst possible place, like a hot, dusty cupboard) and support some more advanced use cases. Of course >90% will only use it for some light file storage, music streaming and voice control, but 10% will make heavy use of transcoding, invite others to their services, store TBs of media, run their entire home automation on it. How do these 10% know they are in the 10% and need to buy different hardware? Why can the box not do automatic quality adjustment like Netflix does? Do you have a hardware migration path?

And what about cross compatibility? In this thread alone you got multiple different systems. This just multiplies user support issues or will lead to vendor lock in, just a different kind.

Lastly, you need marketing to bring this to the mainstream. And you need a big selling point to make people migrate from "free" cloud services to something they need to pay upfront.

I hate to be this negative about this topic, but I just do not see this being viable outside a relatively small, interested community. Please, correct me here, I would love to see this become real and mainstream!

I wrote up a larger reply to this, but simplified it a bunch:

1. Hardware needs to be good enough. Raspberry Pi proved that. Ubiquity of common parts solves a bunch of issues. The main limiting factors here are likely transcode speed, ethernet speed, encryption speed.

2. Software needs a good modularization story. Linux in general suffers from the idea that everything is configurable and to configure everything you have to learn about how it interacts with everything. There's a lot of focus on how to do things rather than matching common use cases to profiles that just work. As a concrete example rather than selecting the "I'm at a coffee shop or airport" profile, I need to select that I'm on an insecure network that I don't trust with a specific password and a configuration for my VPN that forces traffic ... Addressing componentization via use case design seems lacking (and a good place to introduce standardization). A lot of the "tinkering" level software seems to start with "How" rather than "Why" as the impetus.

3. Security. We have security principles that are evolving to solve these sorts of problems (OAuth2 RAR, Passkeys). Invest in them.

4. Support. Common solutions for common problems breed easier conversations. There are consultants that do NAS support for small businesses because those NAS companies have gained enough market share. Secondly we need to spend more time to start with the why rather than the what. Software developers (myself included) obsess over the latter and build systems at that level that can answer (how fast is my connection) rather than systems that inherently answer the real need (why is my connection slow or intermittent).

5. Perhaps the answer is just build a better NAS company where the focus is on home server software rather than purely around adding server software to a bunch of disks in a box. Perhaps the answer is really embracing the idea of U in NUC?

Perhaps this has been done elsewhere? Perhaps it's been done too many times to really work?

Thanks for taking the time to provide such a detailed response. All your points make sense and it's those things that have to be resolved one by one to make anything like this not just a viable product but an actual sustainable business. I do keep coming back to this idea mostly because unlike a lot of people here, I don't want to tinker anymore, I don't want to hand build something from scratch, those days are long gone. I'm happy and willing to pay for something that works and maybe even a subscription for a period of time (think mobile phone contract).

Ultimately as you say privacy is the clear selling point. So much of what's in the cloud is now being exploited or hacked. Obviously the cloud is here to stay and we'll continue to rely on it for a ton of high compute, high bandwidth and high storage needs, but there's so much of what we do on a day to day basis that just doesn't require it e.g let's just say I need to talk to my family, leave notes between us, share sensitive documents, etc. All of that can very much be local in my house. All the things that we do in our physical houses we deem private, the digital should be the same. But we've shifted from the personal computer to public cloud services. There was big benefits but equally there will be huge benefits to going private once more.

I can't say this problem will be solved anytime soon. Someone has to really want to solve the problem for themselves first. I'm hacking on a little toy that might manage DNS, email, web serving, file storage, etc as one binary but I'm not sure it will go anywhere, it's just an experiment.

There's a NUC in my basement connected to my router over gigabit ethernet:

- Caddy acting as a reverse proxy in front of the other apps

- Wallabag to capture articles I want to read later on my e-reader

- Calibre Web to manage my ebooks & PDFs

- Two Minecraft Bedrock Edition servers for my kid & their friends

- Yopass for secure password & secret sharing

Prior to this, I had a Raspberry Pi in the closet for hosting and it was frustrating. Not only did I have a hard time finding Docker containers for some apps that were actively maintained for ARM, but one time my SD card died and took everything with it. Since then, I've started mounting directories on my Synology NAS and using that as RAID-enabled storage that gets backed up to the cloud every night.

Be careful with calibre-web; it's had a ton of vulnerabilities. To the author's credit, they are typically addressed quickly, but there have been enough related to auth to make me wary.

https://huntr.dev/repos/janeczku/calibre-web/

Maybe hosting this service behind a firewall / on a private network would make the most sense. I notice many people here are running Tailscale at home — perhaps this is why?

- Router in VM

- Main workstation in VM with GPU passthrough (saves power by not having an additional machine running)

- Nextcloud for files, calendar, contact sync

- Joplin server for notes sync

- Samba NAS for me and everyone else who lives in the house

- Occasionally one or more Minecraft servers for friends

- Jenkins CI for my open source projects

- Mail server (using the ISP's mail proxy for outgoing)

- qbittorrent for 24/7 seeding or Linux ISOs

- Storj storage nodes for some passive income using spare disk space

- Borg backup target for friends

- Home Assistant (very basic user, only use it to control some MQTT tasmota flashed relays with my phone)

- Matrix server

- InfluxDB+Grafana for collecting various metrics (server usage, temperature sensor, hooked up to serial port of smart electricity meter for power and gas usage graphs)

- WireGuard for remote access, obviously

- Many other random stuff and my own projects

Do you use your main workstation with directly connected display or via some remote technology? My home server is in the basement and I have several low end devices around but haven’t found a way to use GUI applications remotely. Currently I use only TUI ones.

About 15 meters of one USB 2.0, one displayport and one HDMI cable. Of course a 5V power supply for USB at the client end, soldered to the cheapest USB hub I could find.

I never need more than the speed USB 2.0 provides anyway, and those USB 3.0 optical extensions are way too expensive.

Joplin server, after my own heart. It’s great lets me setup accts for friends/family. I store all my recipes as markdown and anyone on the server can get my shared notebook full of them

Thanks for the Joplin mention. I’ve been looking for a secure, gdpr compliant and preferably selfhosted note app for some time! Bingo, I guess

Joplin is old but gold in terms of open source not taking. However, I always found the experience to be a bit too clunky even after writing 100s of notes.

Obsidian is much nicer but you gotta set up your own sync or pay. Same basic premise of markdown files on your local file system. I've been enjoying it a lot and written more since switching.

Thanks, will look into it

You do not even need to run a dedicated server if for example you already have an owncloud/nextcloud setup, since all clients (desktop and mobile) can sync from a WebDAV folder (among other backends).

How is storj going ?

Have been getting $20-50/mo for sharing 15TB. Probably won't be worth it for the average developer with insane salary here, but I'm not complaining!

Nothing to sneeze at, thanks for the feedback. That project and helium are the two crypto stuff I don’t find completely idiotic. ( or that is not finance, finance crypto “works”, too. But that idiotic too )

I've bought a used Dell Poweredge T320 with Xeon E5-2428L (low consumption), 24GB RAM and an SSD, so it's quiet and cheap to run, and I've got Debian with dockerized services.

  jwilder/nginx-proxy to act as a reverse proxy that dynamically routes traffic to containers without manually editing the config, using subdomains, with SSL wildcard cert
  DokuWiki that I don't use much anymore
  Nginx to serve static files used by other servers
  My web resume
  Piwigo for pictures
  IoT: Custom Python Flask server that is used to control Philips Hue lights from ESP8266 wifi modules (cheaper than buying 20€ Philips switches)
  Vaultwarden (Bitwarden) my password manager, shared with family
  OpenVPN server
  Wekan (self-hosted open source Trello-like)
  Gitlab and Gitlab CI (created when Github didn't have free private repos, might delete at some point because it uses some CPU even when idle, but I have over 50 personal repos, also share with close family)
  Nextcloud, but I don't use it for important/sensitive stuff yet, I'd have to set up a robust  backup procedures
  Other experiments, like openvscode-server, web interface with password to trigger wake-on-lan for my PC, etc.

Email seems like a pain because small servers are always seen as spam by big services, need to manage reputation, too complicated, so I use my hostname provider (Gandi) SMTP relay to send email, and I could set up a free inbox too, but I don't need it.

I run a Poweredge T20 with a Xeon E3-1275Lv3. I snagged a 32GB kit of ECC ram from somebody's trashcan Mac Pro on eBay for a song and have a couple SSDs for OS and VMs. I use USB WD MyBook drives for storage and backups.

Right now the server, switch, drives etc is pulling 31 watts from the wall and it's so quiet you can't tell it's on. I'm sure it would keep running for hours off the cheap UPS I have it all on.

I had a second one as a desktop but the motherboard died last year. I'm not sure what I'll replace it with when the time comes. Probably one of those one liter PCs since I don't need internal 3.5" bays.

If I replace it one day, it might be for a "miniITX" (whatever MB size corresponds to ~1 liter PCs) but I fear the cost of the case + specific MB + low-power processor with many threads + good NVME SSD will be through the roof, compared to this cheap used T320, and they're hard to find in used form, at least for now.

Navidrome is my favorite, by far. It's like a personal Spotify. It also has built-in subsonic support.

Syncthing is another I could not live without. All devices upload to my server and my server gets backed up to S3/backblaze type service.

Plex for movies. But I may look at Jellyfin soon.

I use Calibre-web, but it's really not my favorite. Okular is so much better. And Calibre is a chore to use and overkill for my needs. Books organized into folders is about as far as I care to organize. Thumbnails are nice though.

I've managed to build a huge calibre library of garbage. I've been going though and pruning... I use the desktop interface to manage the libraries, and then rsync it to my cloud host.

I do use Plex for music as well, and I am quite happy with it. I don't know Navidrome, but I was wondering what made you choose it over Plex for music?

Me too, it's been a lot of years since I bothered with a home lab, but just recently I put NixOS on a triad of Intel NUCs work was throwing away. They're fanless, quiet and decent enough for Linux with their 16GB memory and 8 cores. Way better than a RasberryPi.

Now I can do some experiments I wanted to do, but not use VMs on my laptop. Feels more real when I can see a little stack of servers I can pull the power on. All are running tailscale so I can get to them from anywhere and run some simple tests. Example: I wanted to play with a quorum of FoundationDB nodes and see how things can fail. Also I'll run k3s and do some experimenting with that. Can I use minicube on my laptop? Sure, but this is more fun.

For people that aren't getting free boxes from work, you can usually find used micro/tiny form factor Intel machines for around $120. That's more than a Raspberry Pi, but you can get a Core i5-6500T with 8GB of RAM, 256GB SSD, and it'll use around 10 watts at idle (and top out around 50 watts). You'll get an M.2 PCIe 3.0 4x slot and a bay for a 2.5" SATA drive and support for up to 32GB of memory.

You can put Proxmox on them if you want to run a bunch of VMs or use Windows or any of the many Linux distros that support x64 rather than dealing with less known hardware.

While 10 watts is more than the 1-2 watts of a Raspberry Pi, it comes out to around $13/year for me leaving it on 24/7. A normal desktop idling at 50-100 watts would cost me $65-130/year so it is a big difference. In fact, if you're leaving a normal desktop on 24/7 as a home server, it might make financial sense to grab a micro/tiny machine. If it costs you $120 and saves you $50-120/year in electricity, that seems like it would be worthwhile.

They're not fanless, but they are very quiet compared to most desktops.

I ended up going this route because Raspberry Pis are so hard to come by these days. A Raspberry Pi 4B with 8GB of RAM will cost $75 and then you'll need to supply your own storage (MicroSD), buy a case if you want to protect it, and a USB cable and power adapter (though you probably have that sitting around). Between the Raspberry Pi and MicroSD card, it's basically $100 and way less powerful than a Core i5-6500T (which should be 3x faster) and you're using a MicroSD card rather than a nice PCIe flash drive. Plus, if you want, you can load the micro/tiny machine up with 32GB of RAM for not that much ($40 to get it to 24GB, $70 to get it to 32GB) and you can make that decision in the future. Plus, for a lot of purposes, standard x64 hardware can be nice. Plus, you can actually get your hands on a micro/tiny form factor PC while I haven't seen Raspberry Pis in stock in a long time.

One could easily disagree, though. The operating costs are likely to be an additional $10-11/year and one could get a 1GB RAM Raspberry Pi for $35 (if they had them in stock) and get a small MicroSD and maybe only spend $40-45 instead of $120, but it feels like the utility of a $45 machine with 1GB RAM is a lot more limited and I'd (personally) rather spend the money on something I know I can use.

> A Raspberry Pi 4B with 8GB of RAM will cost $75

Do you have a link to where I can buy a Raspberry Pi 4B (8GB) for under $150? The cheapest I can find through Amazon was $202.

I bought one before the pandemic (~2019) at Microcenter for, if I recall correctly, $90?

Seriously, if you know where to find one, please share!

Keep watching https://rpilocator.com/ or follow them on twitter

IIRC the approved resellers do not sell them over RRP, which you can find via the official website - when they have them in stock.

Opinions my own.

I use an Intel NUC as a desktop. It's powerful enough for 6 virtual ubuntu machines (probably more) and running ceph and postgres nodes with Vagrant (not that I use them all the time, more for development)

Processor Intel(R) Core(TM) i7-10710U CPU @ 1.10GHz, 1608 Mhz, 6 Core(s), 12 Logical Processor(s) 32GB RAM 1TB SSD

https://ark.intel.com/content/www/us/en/ark/products/188811/...

IntelliJ and Windows 11 runs fine.

I had this setup and then wanted more so got a Ghost Canyon one. It's not really a Nuc as its about 8x the size, but carries the badge. It'll fit a full PCI card and then you can go wild. It really is great.

I have a small K3S cluster of RPIs and a Synology NAS. I don't trust the RPIs to store any meaningful data so I use the NAS to store and backup everything. The cluster can request persistent volumes and they are automatically created and exposed via NFS by the NAS.

On the NAS, it's mostly storage services:

  - MinIO (S3 compatible)
  - Postgres
  - InfluxDB
  - Syncthing
  - Plex (NAS has hardware encoding)
  - Print/scan server
  - Cloud Sync to Backblaze

On the cluster, all the "compute" services:

  - Traefik and cert manager to expose the services with HTTPS, both on the NAS and the cluster
  - Accounting service to invoice clients
  - Mayan EDMS to store and process the documents of my LLC. It was a pain to setup but it offers OCR and an API to search document content.
  - Home Assistant and mosquitto that I just started using. I'm playing with ESPHome to integrate some CO2 sensors.

On the unusual things on my network:

  - A LaMetric time that I use to push my own notifications
  - A RPI connected to speakers that I use as a pulseaudio server when I want to put music (`pactl load-module module-tunnel-sink server=tcp:x.x.x.x`)
  - A RPI with a 64x64 led matrix from Adafruit that I want to use like an on-air sign.

What accounting service do you use?

My ideal is that I use it as my "home base" and everything else is a "peripheral" that checks back in one way or another.

The big things are:

* Music Player Daemon - It has access to my whole music and podcast collection, whereas I only "check out" a subset of this onto my phone at any given time.

* Podcast downloader - I used to have this. I wrote it myself. I got tired of the problems that kept coming up so I turned it off. But, I got recommended a replacement. I'll try it out at some point.

* Gitolite - I highly recommend this one for anyone with this use case. It's a git repository host, for when you don't want all of your business on Github. You can create however many repositories, you give it however many ssh public keys, and you configure which has access to which. The main interface is a special admin repository where you add the pubkeys and configure the repos. For my "home base"/"peripheral" model this changed everything for me, especially since I use QubesOS on my laptop where I'm working in multiple VMs with different ssh keys.

I eventually want Sandstorm.io and OpenHab, but I'd probably want a separate machine since I think that stuff wouldn't be in the Debian/Ubuntu repos.

Old Thinkpad T420s turned home server

- PiHole + Cloudflared - ad blocking for the entire network

- Home Assistant - getting data from temperature sensors

- Sonarr - downloading TV shows to Plex

- Radarr - downloading movies to Plex

- Jackett - better torrent trackers support for Sonarr and Radarr

- Transmission - downloading torrents from Sonarr and Radarr

- Plex server - media server for streaming TV shows and movies, mostly to the TV

- Tailscale - access to everything from outside my home

- NFS / Samba - mostly for backups

- Heimdall - nice dashboard for everything above

- Maestral - open source Dropbox client

It's absurd but I always thought it'd be so great to have FreeIPA set up. Having my computers actually be part of a real network would be neat.

I do wish it were a little less coupled. I'd rather be using better known moderm pieces like cfssl instead of dogtags for CA, OpenLDAP instead of 389ds for ldap. But FreeIPA has one of the hardest worst most terrifying jobs on the planet & it's amazing it can interoperate so deeply, and there's like, next to no hope ever we improve beyond this particular thing, unless we can somehow just ditch AD & SMB. Maybe some day Windows & filesharing will have alternative viable directory systems, but hard to imagine.

I also ran into this project on setting up Kubernetes atop FreeIPA though, and wow is it ever terrifying. https://github.com/zultron/freeipa-cloud-prov

Some more basic answer for you, Jellyfin for media-sharing. A small GoToSocial server for ActivityPub/Mastadon. Prosody for XMPP. WireGuard for vpn. Frigate for security cams. Rygel for upnp/dlna MediaRenderers (there s other good options too). Mpd/mopidy for music jukebox. Nextcloud for groupware-ish.

If you want a lot of ideas, there'a a pretty active k8s-at-home microcosm, and there's a website that indexes the projects they get up to. Even if you dont want to run kubernetes, the projects they have cover the whole gamut of services people might find useful or fun to run at home.

A while back I had a bunch of home sensors reporting to Prometheus. Temperature/humidity gauges, ambient light sensors. My favorite was making my laptops battery & charge status show up. The 2-in-1 had two batteries & was extra cool to watch drain one, then another, then see levels charge back up.

Plex, Calibre, Photoprism, some homebrew backup scripts that interact with other computers on the network, some private security/camera stuff, and a slew of StableDiffusion/GPT models for text/image generation (which is what the majority of the server resources are usually maxed out with). Sometimes I'll host Steam/Minecraft servers for friends.

Proxmox (On an Intel J4105 with 8GB RAM) with

* A VM for Home Assistant (Smarthome automation hub)

* A VM for Docker, currently only running Portainer and MyMedia for Alexa (local music streaming to Alexa)

Everything else as LXC container:

* Caddy (Reverse Proxy)

* UnifiController (WiFi AP controller)

* Samba (Network Filesharing)

* Paperless NGX (Document Management System)

* Jellyfin (Audio and Video Streaming, OSS Emby/Plex)

* Homepage (Dashboard)

* InfluxDb (Time-series Database; for SmartHome long-time data and homeserver metrics)

* Grafana (Graphs for InfluxDb)

Then a few more where I tried stuff out, Owncloud Infinite Scale (Go rewrite of OC), meshcentral (IT monitoring and remote control, might use it to support my elderly parents), Navidrome (music server, not really better than Jellyfin outside performance)

Then there’s also a Raspberry Pi 4 running Proxmox Backup Server for deduplicated backups of all those VMs and containers ;)

If you want a recommendation: Paperless NGX. Having all your important documents tagged and scanned is amazing.

- Bind for internal DNS zone

- Pi-hole on 2 Raspberry Pi 4s

- Chrony stratum 1 NTP from GPS on a Pi, my OPNsense router redirects all NTP traffic to it.

- Emby (like Plex)

- Sonarr/Radarr/Prowlarr/Transmission with VPN/SABnbzd for collecting lots of little boxes that fall off trucks.

- Calibre-web

- LibreNMS

- Omada/UniFi controllers

- Home Assistant

- Tailscale

Almost all Dockerized now but it didn’t used to be. One Ubuntu 22.04 server I built with most of it, and another TrueNAS box I also built for file sharing and secondary Bind server.

I have a feeling I’ll be running a lot more after reading the rest of the comments!

I thought I was too hoity-toity for it, but I ended up gradually dockerizing most of the applications on my home server. It’s just so convenient.

Really made doing Ubuntu upgrades or clean installs way less of a chore. Some of that software requires an insane collection of packages, like Mono for Emby. And there started to be conflicting version issues with Python/PHP for awhile too.

> Pi-hole on 2 Raspberry Pi 4s

Is this for redundancy? How does this work?

Yes. They both have the same initial configuration, and DHCP hands out both IPs.

They both in turn talk to the two bind servers for recursive resolving.

(I got extremely irritated at my ISP’s DNS years ago which is why I was running bind, but now I keep it running behind Pi-hole for an internal domain name I started using because having bind running made that easy)

pi-hole is at it's heart a recursive dns server, so you run two of them and advertise both in your dhcp(or put them in manually if you roll staticly)

On my home server running on a fitlet2 with no public access except through my wireguard vpn:

- jellyfin :: Media server for streaming music, tv, movies to my phones, ipads, and rokus

- nextcloud :: Storage, carddav, caldav

- frigate :: Object detection on my custom home cameras

- homeassistant :: Notifications/Automation (used with frigate)

- freshRSS :: RSS feed reader

- vaultwarden :: Bitwarden server

- bookstack :: Wiki

- yacy :: This is a distributed search engine, but I use it in non-distributed (robinson mode), and use it instead of bookmarks. Any interested page, instead of bookmarking, I add it to my yacy index

- smashing :: Dashboard. I have written some custom addons. This is shown in my front tv to track the real time location of buses at the stops near me.

- photoprism :: Photo manager

- snapdrop :: Airdrop replacement

- imapfilter :: Advanced mail filtering, like taking news letters and converting to RSS feeds

- dolibarr :: ERP for my side business

I run wireguard and pihole on a separate raspberry pi.

Every digital asset I’ve ever created and backups of every machine I’ve had since graduating college. I have a rule of forbidding remote access so it’s not really a server — you can only get onto this host if you are sat in front of it. Everything is backed up offsite by a combination of borg and USB “tapes”.

It was very liberating to put all my data on one filesystem (ZFS zpool) instead of having it littered over many decades of hard and floppy disks. It felt like a great tidy up, even if it was really more like bundling all my junk into a storage unit. Not having to worry about losing it took a weight off my mind.

How do you do backups?

I’ve had a homelab for a decade and I could never figure backups out properly.

I use proxmox with containers, VMs when I have no choice, and a portainer machine that runs docker containers when I have no choice.

I use ansible so in each playbook I have a task to backup periodically to rsync.net

But that requires a lot of work because it must be setup for each service, doesn’t work with the docker machine because docker is weird to me and I can’t use ansible to setup stuff within th container, and proxmox’s backup are too big for my rsync account. Besides I only need the actual data in the backup, not the whole OS.

Any insights?

As my sibling says, zfs send and receive is excellent. If your datasets are encrypted they remain encrypted at the other end, without any requirement to unlock them on your backup server (should you only partially trust it, for example.) It works for incrementals but you have to manually specify the delta point for each send — it’s not like rsync where it figures out the differences automatically.

I use zfs send/recv to update a pile of USB drives each time I do a physical offsite backup. I also use it to gather data from other hosts onto my main data computer.

Once everything is there I then archive each snapshot of each filesystem as a new borg archive. This is efficient — borg only backs up changes — but it requires a rescan of all the data. This happens at ~50MB/s on my opteron with 4TB WD Red HDDs.

Check out Proxmox Backup Server - you can install it on top of PVE. My home server backs up locally to it's own PBS datastores, which then get synced over to a $6 dedicated server running PBS in Europe.

Use ZFS snapshots and send & receive. It so good and easy! I backup everything with it, VM's, containers, databases, files.

Where do you backup to?

To my parents, who lives 30 minutes from me. Alternatives would be some other family member or friend you trust.

Lots of stuff; my 'home server' is probably a little more elaborate than a lot of people would want to deal with. I bought a 42u rack years ago and stuck it in my basement, and it's got a bunch of old enterprise-type hardware in it. It contains:

Hardware:

- ESXi vSphere server

- Old ESXi vSphere server (being decommissioned) - pfSense firewall

- Big NFS/CIFS storage server (60TB)

- Windows workstation/gaming desktop (lives in a rack-mount case connected to a KVM; cables run upstairs to my 'office')

- Linux workstation (also on KVM)

VMs include:

- Linux dev server for miscellaneous projects

- Pi-hole DNS

- Personal Gitlab

- Personal wiki

- Plex

- k8s dev environment for a defunct project that I haven't deleted in case it becomes un-defunct for some reason.

- Suricata/Zeek IDS

- Windows domain controller, for reasons

> - Windows workstation/gaming desktop (lives in a rack-mount case connected to a KVM; cables run upstairs to my 'office')

I am thinking about doing this. What cables are you running and what display resolution is the system running? I am thinking I could get away with a single DP cable for 4K display and a powered USB cable going to a USB hub.

Do you have a KVM you would recommend?

I am running displayport at 1440p at 60Hz - I used these cables, and they work fine:

https://www.amazon.com/gp/product/B07HN8PR4J

However, based on some of the reviews, they will probably not work for higher resolutions or refresh rates at that length. There are active/amplified cables available, but I don't know how well they work.

KVM is a Black Box KV6202A-R2. Which I think is discontinued now, but the same people make similar items. The important thing is to get a KVM with EDID emulation - a lot of the cheaper KVMs don't have it and will tell the non-active system that the monitor is disconnected every time you switch, which causes all sorts of problems.

I use my home server also for serious stuff in terms of data protection and archiving rules. Storing tax things, that need to be archived at least 10 years, backup of databases from my dedicated server in the internet and backup of private data, like photos and so on.

For this I use an encrypted ZFS mirror running on Ubuntu. The board is a power saving ASRock J4105M with soldered low power CPU.

For each HDD I use an dedicated SATA controller for controller redundancy.

The computer itself is secured with a real steel lock against (too easy) theft!

The database backups from the internet server are coming in incrementally with ZFS snapshots. I love this!

How do you manage the encryption keys?

The keys have a password, so, yeah, if the machine reboots I need to ssh in. :-)

I have 3 rpi4s running my entire home network.

One is a vpn router and a wifi AP, it also has Uptime Kuma. I need this to be reliable and rarely touch it except to improve its reliability. - Openvpn - HostAPD - Uptime Kuma (in docker) - A microservice invoked from Uptime Kuma that monitors connectivity to my ISPs router (in docker) - nginx, not in docker, reverse proxies to Uptime Kuma

The second acts as a NAS and has a RAID array, consisting of disks plugged into a powered USB hub. It runs OpenMediaVault and as many network sharing services as I can set up. I also want maximum reliability/availability from this pi, so rarely touch it. All the storage for all my services is hosted here, or backed up to here in the case of databases that need to be faster.

The third rpi runs all the rest of my services. All the web apps are dockerized. Those that need a DB also have their DB hosted. Those that need file storage are using kerberized NFS from my NAS. This rpi is also another wifi AP. This rpi keeps running out of RAM and crashing and I plan to scale it when rpis become cheaper or I can repair some old laptops.: - Postgres - HostAPD - nginx - Nextcloud - Keycloak - Heimdall - Jellyfin - N8N - Firefly-iii - Grist - A persistent reverse SSH tunnel to a small VM in the cloud to make some services public - A microservice needed for one of my hobbies - A monitoring service for my backups

All of these pis are provisioned via Ansible.

Sounds neat. Are you doing anything to mitigate the possibility of SD card corruption with the Raspberry Pis?

I used to use a single RP to run as a media server, and it was great, but stopped using it after suffering from SD card corruption.

You can boot a Pi4 (and some older Pi boards) from more reliable storage attached to a USB port these days (e.g. SSD).

https://www.raspberrypi.com/documentation/computers/raspberr...

You can also network boot as well:

https://www.raspberrypi.com/documentation/computers/raspberr...

TBH I haven't ever had a problem with SD card corruption so far. If I did, it wouldn't really matter, since all the important data is on the RAID array, and the OS can be reprovisioned if needed.

Performance proved to be an issue for SD cards though, when attempting to host nextcloud and postgres. I do what teh_klev is talking about and selected the fastest USB stick I could find, which was a Samsung FIT Plus 128 GB Type-A 300 MB/s USB 3.1 Flash Drive (MUF-128AB), and this gave me a huge speedup.

Unfortunately Jellyfin is not really fast enough on an rpi and I have no solution.

I have been thinking of setting up a pi4 as a wifi AP. Can you comment on the hardware performance? I am worried that the range or throughput might be poor, and thinking I might need to use an Intel ax200 or similar.

I've done this before and it works in a pinch, but I didn't think it was reliable enough to use on a permanent basis. I added a USB WiFi interface, and that helped with the signal quite a bit. Setting up the AP and networking isn't trivial (but is certainly do-able if you're familiar with linux networking).

My use case was using it to connect my family's devices to an AirBNB network. I used the Rpi as a bridge to the host WiFi. This way I could keep a common SSID/password and didn't have to reconfigure all of my kid's devices. It kinda worked.

However, it wasn't very reliable and had poor range and performance. The Rpi was meh with one client attached, but it was bleh with more than one. I ended up replacing it quickly with a cheap dedicated AP that I flashed with openwrt. Much easier, and device-wise was cheaper too.

The range is indeed poor, and it depends a lot on your house/flat. Would definitely recommend using another machine with something like this.

In terms of throughput, right next to an AP, I just got 65Mb/s.

Love reading threads like these. Have already discovered a couple of cool things in here to explore.

Here's what I'm either running now or in the process of standing up. It's very WIP, and nothing special, but maybe someone has some feedback/ideas. I'm aiming to have all the things I use contained in my rack, relying on cloud stuff as little as possible, mainly as a fun exercise/project.

https://i.imgur.com/PDO71bx.png

Devices:

    * 6 x Raspberry Pis (1 x v1, 2 x v2, 1 x v3, 2 x v4)    
    * 1 x HP Microserver (ProLiant Gen8 Intel Celeron G1610T, 2x3TB in RAID, 1TB regular)   
    * 1 x Old gaming PC (i7 3770K, 24GB mem)    
    * 1 x Current PC (i5 12600K, 64GB mem; this is in the rack so that I can have a small, cleared desk, but is not hosting anything)

Uses:

    * Dev stuff:
        * Forge - WIP: Forgejo
        * CI/CD - WIP/TBC: Woodpecker CI vs Concourse CI vs Laminar CI
        * Container registries - 1 x my images, 1 x Docker Hub mirror
        * Deployments - WIP: Would love a FOSS Octopus Deploy clone. Working on my own primitive Ansible clone for fun, which might be good enough.
    * Home stuff:
        * Reverse proxy - nginx
        * Backups - TBC: Not sure yet. Lots of good options around. Probably should be doing this first..
        * Adblock - Pihole
        * Content aggregation - Basic Bash YT downloader (using yt-dlp), Deluge
        * NAS - Samba
        * VPN - WIP: Wireguard
        * Network control - WIP: some basic custom stuff to wake/sleep the microserver + gaming PC when not in use for power/heat reasons, initiate backups etc
        * Telegram bots - TG is my chat client of choice and I have a small .NET 'gateway' API I use to send messages from various bots (each representing different parts of my 'home lab') to my personal account
        * Monitoring/dashboards - TBC: haven't explored software for this yet
        * Log aggregation - TBC: haven't explored software for this yet
        * Network boot - TBC: Yesterday I started thinking of trying to PXE boot the RPis cause they're in one of those stacking towers inside my half-height rack, so getting to them is a PITA.

Love this thread, here is mine:

    Hardware: Synology NAS (DS420+)
    Software:
    - Synology DSM – Was actually quite impressed by Synology's software. It is a tad quirky but can usually be worked around but all in all pretty good. (https://www.synology.com/en-us/dsm)
    - Plex: not in love, but it gets the job done, definitely gonna use this thread to look in to replacements (https://www.plex.tv/)
    - Syncthing: i love my magic folders that just sync stuff, amazing software (https://syncthing.net/)
    - Docker: most things are hosted out of Docker (https://www.docker.com/)
    - cloudflared: effortless external access for all my stuff + all other Cloudflare goodies (WAF/Zero-Trust). Good piece of mind to not have to ever open ports on my local network and let CF just take the brunt of the Internet. Also used as a local PlaintextDNS=>DoH proxy that is hooked up to NextDNS (https://www.cloudflare.com/products/tunnel/) [disclaimer: I work for the big orange cloud company, so sorry if the previous sounds like an ad, I do really like the software we make].
    - FreshRSS: quite silly to do a cloud version of this when it is quite easy to host on your own. It works good, but I feel a strong itch to write my own version. (https://www.freshrss.org/)
    - Metrics: prometheus node exporter. I do have grafana hosted in the cloud, but I've been meaning to move that to my local server.

The list will definitely grow after reading this thread :D

   > cloudflared: effortless external access for all my stuff + all other Cloudflare goodies (WAF/Zero-Trust). Good piece of mind to not have to ever open ports on my local network and let CF just take the brunt of the Internet. Also used as a local PlaintextDNS=>DoH proxy that is hooked up to NextDNS (https://www.cloudflare.com/products/tunnel/).

I was a beta tester for Warp pre-launch and set my home server up to use it. I'll agree with you -- it was awesome. I stopped using it after the beta since it became metered (which was expected and I'm not sore about[0])

   > [disclaimer: I work for the big orange cloud company, so sorry if the previous sounds like an ad, I do really like the software we make]

I don't work for the big orange cloud company and I really like the software you make, I really enjoy reading your technical blogs and have routinely shared them with co-workers at past jobs[1]. I had a coworker solve a long-running issue on a pool of Linux front-end hosts by tweaking some kernel/network configuration settings -- he mentioned he got the idea from a blog post from the big orange cloud company that "he read over the weekend". I use your services for my home server and end up recommending (and ultimately using) it with every one of my customers. I'm sure you guys have pissed someone off by now, but everyone I encounter heaps praise on your products and company.

[0] Okay, maybe a little. It was a really neat service that I got to use for free for almost a year. A gentleman from Cloudflare (I think he said he worked in Romania) even sent me a gray T-Shirt with the big orange cloud company's logo on it in "Apple-style" minimalism.

[1] Programmers have gaps -- I'm surprised how many web developers' gaps are "everything between the various hosted files and The Browser".

> Plex: not in love, but it gets the job done, definitely gonna use this thread to look in to replacements (https://www.plex.tv/)

I'm sure you've seen it already but Jellyfin is fantastic.

emby + Kodi is also good.

I use Cloudflare to proxy a number of self-hosted HTTPS services, which is great.

I still haven't found a solution to obscure, geo-filter and WAF arbitrary TCP/UDP.

Spectrum Enterprise seems like it is capable but not really the answer for a personal server that handles megabytes of traffic a day.

Docker containers for:

Minio : object store

sdftosvg : Molecular renderer

Observability stack : (Grafana, Prometheus, exporters)

Postgres: molecular metadata (9 billion molecules)

Molecular relaxation workers

Quantum Monte Carlo simulators

Dask workers

Websocket message pump

Insilico virtual lab server + 3 clients

Vscode server

Deep Learning model server (inference)

Deep learning model training server

Most of these are applications I have written myself, and powering my hobby project https://atomictessellator.com

Specs: 4 machines 2TB RAM total 4 GPUs (Tesla A100s) 384 CPU cores total

These are in my lounge, yes, it is noisy, yes, it is hot in here, yes, I love it

What is a molecular relaxation worker? Is that a scientific or a computing term?

It’s a colloquial term for structure optimisation

https://wiki.fysik.dtu.dk/ase/ase/optimize.html

For me: Jellyfin with all my movies, shows, home videos, and a film footage archive of content ripped from YouTube. I set this server up when a movie I wanted to watch was no longer on Netflix and I realized, in a few decades there’s a decent likelihood that many of my favorites will be hard to find on streaming services or I’ll have to subscribe to several services to get the collection I want. I’ve had it running for years now and it’s one of my favorite things. I share access to it with my friends and family, so they benefit as well. Only issue I had to get around was with steaming 4k video. For some reason, the official Jellyfin apps try to transcode 4k video live rather than just streaming it directly, and my low-CPU NAS really struggles to keep up with that, so I’d resorted to paying for Infuse Pro as the front end for my server, which does stream 4k without transcoding. In all it’s just a NAS with ngrok running in a docker container running Jellyfin and a Caddy reverse proxy. Highly recommend this setup to anyone interested in building a media server! It feels good to actually own some digital content in the age of Spotify and Netflix.

On my Synology NAS, I run the following using Docker:

- Jellyfin: Streams my movies and shows

- Paperless-NG: Where I keep OCR'd scans of my paper docs

- Airsonic: So I can stream my music using the Subsonic protocol

- Photoprism: Where I store my photos, auto-labelled with AI and geotagged

- The Synology Surveillance Suite: NVR for my home security cameras.

- Wireguard: So I can access all this on the go

It feels pretty cool to stream music and videos from my personal cloud using Wireguard while I'm e.g. travelling or in the car.

yup I have a DS920+ running docker instances of :

Plex

Tiddlywikki

trilium (x2 instances)

taiga

Homepage

Pingvin

freshRSS

pihole

minecraft server

valheim server

My ftitzbox router handles wireguard for me

Debian as the OS, Portainer to have a WebUI so that I can manage containers a bit more easily. Jellyfin to stream movies, Transmission-OpenVPN to download movies, Blog container and caddy to manage the traffic. Wireguard so that I can connect to my home network remotely.

The server has a GTX 1050Ti so that it can transcode the movies, was a bit of a challenge to be able to successfully use the GPU in the Jellyfin container, but works flawlessly now.

I plan to setup a Nextcloud or maybe Syncthing to backup my own files and photos, but I'm not sure how I want to handle backups, maybe just an external SSD. Cloud backup would be cool.

A local Bitwarden server would be nice as well, but maybe I'll just switch to good old Keepass.

Has a Ryzen 3, 16GB RAM, 3TB storage (2x 3TB in a mirrored RAID).

What stresses me out a bit is that I don't really monitor the state of my RAID, so theoretically it could currently be broken without me knowing. I'm not doing anything against this because I currently only store movies and shows which are also copied to an external SSD for travel, so I don't really care if it goes tits up.

But if I want to start hosting my files and passwords, I gotta make that more stable.

On my NAS (qnap ts453d) I run a few webapps using Docker:

    homeassistant (Home Automation)
    jellyfin (Media Server)
    joplin (Notes Syncing)
    transmission (Bittorrent Client)

The apps are behind nginx proxy manager (which does https termination) and the containers are managed using Portainer. They are automatically updated using watchtower.

And then on a raspberry pi, there's more home automation stuff:

    openhab (my old home automation system, which still interfaces old components like my heating and the photovoltaic system) 
    influxdb (storage for openhab)
    grafana (visualisation and alerting)
    node red (automation stuff like doorbell push notifications)
    mosquitto (mqtt server)
    lots of custom scripts that do stuff and publish the results via http

I probably should move some of this stuff to the NAS, but I have a working and tested backup flow and the NAS takes forever to boot, so I would lose more sensor data by reboots of the NAS than by the SD card of the pi breaking (happend twice in 7 years).

My FreeBSD server is a bit of a Ship of Theseus at this point (been around in some form or other for ~20 years). Some items:

  - project management software (todo lists, etc)
  - web server (personal photos, wikis, etc)
  - a script that sends me email and text reminders (birthdays, appointments, etc)
  - a script that listens to my network, and notices when devices connect;
    I use this to play "intro music" on our sound system when friends'
    phones connect to the WiFi.
  - a script to monitor some email accounts. One fun one is an "exquisite corpse" [1]
    manager, to make surrealistic email chains.
  - central hub for my development repos, so I can push/pull to share with other devices.
  - a script to download certain podcasts regularly

and many more (:

[1] https://en.wikipedia.org/wiki/Exquisite_corpse

Decommissioned due to energy costs increase in Poland.

I've moved my "home lab" to a dedicated server in a country with green energy.

At home, I'm currently using NanoPi R5s as "router" (NAT, no routing).

Define "home server." Consumer-grade NASes are so powerful they can pretty much do anything you'd do with a "home server."

On my smart TVs, I installed Kodi. I have an off-the-shelf NAS that serves the files via NFS. It can do Plex, if that's your cup of tea. (But I prefer Kodi, because most of things I do are audiophile grade and I don't want the kind of transcoding that Plex does.)

The NAS is basically a super-powerful server in a tiny footprint. I just use it for files, because I just don't care to take the time to learn how to do anything else. One critical feature is that it's point-and-click RAID. I've hot-swapped drives after a failure with no downtime; all point-and-click over the web interface.

But, one thing I want to do is self-host my own website, and self-host a mastodon node. Maybe if I was independently wealthy I'd take the time to figure it out, like when I ran a dial-up BBS when I was younger.

What NAS do you have?

Synology

Thanks.

I have two raspberry pi's 8gb, with SSDs. Running Portainer for Docker management. I have everything containerized with docker-compose. - Most importantly, Cloudflare tunnel for exposing my services without opening ports on my router.

- Tor relay (non-exit)

- Pi-hole for DNS and ad blocking - Homepage dashboard

- Audibookshelf - Jackett

- Sonarr

- Radarr

- Jellyfin

- qBittrorrent

- Backup Pi-hole

- Uptime Kuma

Monitoring everything with Zabbix which runs on a VPS.

you use portainer but "have everything containerized with docker-compose". am i missing something regarding portainer that supports compose files, or do you run containers via compose files and use portainer for monitoring/logging and such?

You can create stacks in Portainer with compose file, that's what I meant...

> - Sonarr

> - Radarr

What indexers are you on?

1337x TPB and few private indexers

I am running at home:

- authoritative DNS for my zones (nsd)

- recursive DNS for my home network (unbound)

- MTA (exim), IMAP (dovecot) and spam filter (spamassassin)

- IPsec VPN for my phone and laptop (strongswan)

- HTTP serving mostly a static filedump (apache2)

- a persistent IRC session (irssi)

- Debian repo cache (apt-cacher-ng)

- full AAA setup for IPsec & wifi login (openldap, mit-krb5, freeradius)

- mailing lists (mailman) - this one is soon to go away

- netboot for my desktop (dhcpd, atftpd+thttpd)

- netroot/NFS for my desktop (nfsd, rpc.*)

- a fricken samba server because that's the only thing my HP printer wants to upload scans to (nmbd, smbd)

- oh and 12 TB of bulk storage (ZFS, 4×4TB HGST raidz1)

- coming soon™, paperless-ngx

Might still have forgotten something…

Hardware is a X9DR7-LN4F with 2× E5-2630v2, 128GB RAM. 160~200W, getting replaced soon (electricity is fricken expensive…) The thing is also rather noisy sitting in a glorified broom closet.

There's a Dell PV-124T tape library with an LTO-6 drive attached for backups.

At the moment I just have the UniFi controller running on a Raspberry Pi. But I really do want to set up a good NAS for storage, and do some kind of encrypted snapshot backup to cloud for important things I currently just have strewn across some external hard drives and SSDs (generally at least two copies, but all the drives are at my house which isn’t great if there’s a fire or something).

I might get a small server (maybe the HPE Microserver) instead of something like a Synology, set Proxmox up on it, and then if I ever have the time I’d quite like to get a Samba 4 Active Directory controller going so I can control my few Windows machines better (and so it stops trying me to link a Microsoft account and all that).

HP Elitedesk 800 g6 mini running Proxmox (compute and SSD storage)

  - Home Assistant
  - Docker
    - cloudflared
    - traefik
    - authelia
    - unifi controller
    - jellyfin
    - arr stack
    - influx
    - grafana
  - OSX (runs only when needed)
  - Win11 (runs only when needed)

QNAP TS251+ (RAID1 storage)

RaspBerry Pi (print server)

  printers:
    - HP Laserjet
    - Dymo Labelprinter
    - 3D Printer
  software:
    - Cupsd
    - Klipper
    - klipperscreen
    - Moonraker
    - Mainsail

I really like my setup, although in the future I would like to investigate some form of redundancy, since my home starts to rely more and more on Home Assistant.

Hardware: old laptop from ~2012 and some external hard drives (~25W total).

Occasionally used for things like yahoo answers archiving, fishnet (distributed lichess game analysis), random big computations or downloads, and other things I want to run overnight but don't need a big desktop PC for.

Services it more permanently hosts:

    - email for me and friends
    - websites of friends
    - game server (Factorio, OpenArena, custom games I made, etc.)
    - SSH -D functioning as a VPN when paypal or some such is being a bitch again
    - [web] blog
    - [web] grocery list (custom. It syncs between devices, stores recipes, frequently bought items, etc.)
    - [web] link shortener / pastebin / file sharing in one
    - [web] a data explorer for some game (with associated scraper running every few hours)
    - [web] a series tracker to note which episode file we're at because apple tv is garbage (for many reasons) and doesn't remember this
    - [web] browser-based latency test thingy, both as plain HTTPS and websocket (they're remarkably similar with HTTPS connection reuse, the main difference being that websocket breaks when your connection is down for 0.1s or your IP changes, so I use websocket more as canary and the HTTPS version for actual latency testing)
    - [web] proxies for certain sites, like to speed up the openstreetmap wiki by caching or to remove the 5MB unnecessary javascript from a news website
    - data scraper that emails me when the local river does something that interests me (like get close to flooding or drying up or a sudden large change)
    - other data scrapers
    - Telegram bot
    - IRC bouncer
    - Gitea
    - Restic backup server

And a ton of web things I'm forgetting, including little .php scripts not worth mentioning that I occasionally use to do this or that.

I'm really amazed what I can do with some hardware that would otherwise be thrown away or disappear into an old drawer never to be used again. I could probably host twice as many things and it would still work (CPU and network are basically idle the whole time, only RAM would be getting tight then... I could upgrade to 16 GB DDR3 which is cheap nowadays).

I also recommend using an old laptop as a server. Benefits include the built-in battery backup, built-in KVM, and relatively low power consumption.

The other major benefit is that if you're the kind of person who's apt to set up a home server, you probably already have at least one these lying around.

There's just one slightly opaque pitfall, not all laptops have a BIOS setting where you can specify what to do on power-loss and power-resume. So the laptop "server" stays off and you need to intervene manually.

I've had better luck with thin clients ...

Never had power out for long enough that the laptop didn't survive. Automatic shutdown of optional services at 80% battery level might also mean that it survives 2-3x as long, if this sort of thing is likely to hit where you live. Or buy a tiny UPS.

(One of the major advantages of laptops not manufactured in the last 3 years: replacing the battery to make it good as new takes 15 seconds. Click out, click in. They don't make 'em like that anymore :( )

If the battery were to run out: on 355 of the 365 days per year, there will be someone home who can push the button within a few hours.

And if it's one of the 10 other days: email will retry for 24 hours and everything else is somewhat optional for me. I can call someone to get there within a day, or change the DNS records and turn on a VPS to temporarily buffer the incoming SMTP. I considered my contingency options but never got close to needing it.