In my opinion trying to set up a highly available fault tolerant homelab adds a large amount of unnecessary complexity without an equivalent benefit. It’s good to have redundancy for essential services like DNS, but otherwise I think it’s better to focus on a robust backup and restore process so that if anything goes wrong you can just restore from a backup or start containers on another node.
I configure and deploy all my applications with Ansible roles. It can programmatically create config files, pass secrets, build or start containers, cycle containers automatically after config changes, basically everything you could need.
Sure it would be neat if services could fail over automatically but things only ever tend to break when I’m making changes anyway.
This, I used to have a kubernetes setup but how much redudency can you really have at home. Do you have a generator? Multiple Internet lines?
The fact is most hardware is highly reliable. Having good backups to restore from is all you need and you gain a huge improvement in simplicity which adds reliability in and of itself.
Yeah I guess that’s true, I do think the other part about having configs done programatically is a lot more important anyway. If things go down but all it takes to get it back is to re-run the configs from files then it’s not so bad
More importantly, if you do things programmatically you will still have the information how you did it last time the next time you need to move to a new major version of something which is particularly important in a home setting where you don’t do tasks like that often.
I would say that if you are going to host it at home then kubenetes is more complex. Bare metal kubernetes control plane management has some pitfalls. But if you were to use a cloud provider like linode or digital ocean and use their kubernetes service, then only real extra complexity is learning how to manage Kubernetes which is minimal.
There is a decent hardware investment needed to run kubernetes if you want it to be fully HA (which I would argue means it needs to be a minimum of 2 clusters of 3 nodes each on different continents) but you could run a single node cluster with autoscaling at a cloud provider if you don’t need HA. I will say it’s nice not to have to worry about a service failing periodically as it will just transfer to another node in a few seconds automatically.
I usually interpret the phrase “drop in” to mean that the replacement being referenced will also work with everything written for the original. Does “drop in” in this case mean that Immich will transparently replace Google Photos, similar to how libretube replaces YouTube? That would be amazing!
The issue is not cloud vs self-hosted. The question is “who has technical control over all the servers involved”. If you would home-host a server and have a backup of that a network of your friend, if your username / password pops up on a infostealer-website, you will be equaly in problem!
If you’re on Android and use Firefox, you can use the Disable JavaScript extension to disable JS on sites with paywalls, like NYtimes. While not perfect, it works remarkably well.
My experience with Proton has been really great so far. Constant steady improvements to their services and UI/UX, I wish I had switched to them sooner.
When your domain is close to running out, you should either get an email from your registrar asking you to renew, or a payment notification telling you that your domain will be renewed for whatever price automatically.
If the payment fails, the domain will be temporarily suspended. There is a grace period where nobody can buy that domain, allowing you to settle the missed payment. If you do not settle the payment, the domain will be put back up for sale
None of this affects whatever services you’re running on your Pi, people just won’t be able to connect to it if your domain is suspended.
I’d suggest looking into SSL certificates (Letsencrypt is free) as well as Cloudflare for masking your Pi (your home) IP address from users of your instance - do note this has privacy implications: cloudflare becomes a MITM for your site
Freenom is being sued by Meta (Facebook) at the moment for supposedly not dealing with spam domains. I would not recommend using a Freenom domain if/when they reopen registrations: FMHY had their old Freenom lemmy instance domain seized by Mali’s government
No, because I am worried the NSA may try to collate data from them. In fact, I zero-wipe, drill bit the drives in the platters and the PCB, and drop them off at e-waste for recycling.
I used to make clocks with the platters and give them to friends and family. Michael’s used to sell inexpensive clock mechanisms that looked really cool against the platter background. I haven’t seen them lately, but I’m sure someone sells them online.
So first, I’m not really looking to change operating systems. I’ve got my system set up the way I like it, where it closely matches the production systems I run for my company.
Second, why do you say the answer is Proxmox? What benefit does that have over other solutions that can be more easily integrated into my existing operating system?
[Sorry for my not really well written reply, you really need to try different options, and in my opinion proxmox is like the only choice because of how many cool things you can do there]
Proxmox I just really good, and if you want to spin up VMs easily you will need to reshape your setup anyway
With proxmox you can do like everything with VMs, containers, etc. Not just managing only containers, or just showing status of the VMs
Also, proxmox is not really an operating system, it’s a service on top of Debian (in many cases you start installing proxmox by installing Debian)
Yo dawg, I put most of my services in a Docker container inside their own LXC container. It used to bug me that this seems like a less than optimal use of resources, but I love the management - all the VM and containers on one pane of glass, super simple snapshots, dead easy to move a service between machines, and simple to instrument the LXC for monitoring.
I see other people doing, and I’m interested in, an even more generic system (maybe Cockpit or something) but I’ve been really happy with this. If OP’s dream is managing all the containers and VM’s together, I’d back having a look at Proxmox.
I use Docker LXCs. Really just a Debian LXC with Docker and then Portainer as a UI. I have separate LXCs for common services. Arrs on one LXC, Nextcloud, Immich and SearXNG on another, Invidious on a third. I just separate them so I don’t need to kill all services if I need to restart or take down the LXC for whatever reason.
Thanks. I did check it out and it looks like it’s got some really cool benefits, like being able to cluster across two machines and take one down if it needs servicing, with zero down time.
I’m thinking about buying some rack mount servers and bringing everything I’m currently doing in the cloud for my business to on-premises servers. The one thing I was wary about was how I was going to handle hardware maintenance, and this looks like it would solve that issue nicely.
Proxmox does VMs and containers (LXC). You can run any docker / podman manager you want in a container.
Benefits of having Proxmox as the base is ZFS / snapshoting and easy setup of multiple boot drives, which is really nice when one drive inevitably fails 😏
If you’re only trying to use Jellyfin at home, you don’t need any reverse proxy or domain. All you need is for both devices to be on the same network, and for the Raspberry Pi to have a fixed internal IP address (through your router settings).
On the Shield, you just give the Jellyfin app that IP address and port number (10.0.0.X:8096) to connect and you’re good to go.
Whether a device is wired or on wifi matters on some routers, because some routers have wifi and wired devices on different subnets by default. It’s unlikely, so I wouldn’t worry, unless you notice accessing it only works wired.
wlan and eth are network adapters in your raspberry Pi probably. Not subnets. Subnet is a range of IP addresses the router can use to give out IP addresses to devices. Basically, let’s assume that the router/the local network has only one subnet 192.168.1.0/24. This number means, the router can give out IP addresses from 192.168.1.0 to 192.168.1.254. If the router had two subnets, let’s say A: 192.168.1.0/24 B: 192.168.2.0/24 device on subnet A, would be able to talk to the device on subnet B.
Either way, in my opinion you’re overcomplicating things a lot for yourself. If you only wish to watch from home, on your couch, you don’t need reverse proxies, cloudflare and all that jazz. Docker and raspberry pi is enough. I can walk you through it if you want :)
So an IP address is divided into four section separated by dots. 123.123.123.123. Each of those section can go from 0 to 255, so 0.0.0.0 to 255.255.255.255. Why this number? There is 256 numbers from 0 to 255, and 256 is the biggest number you can make out of 8 bits. (If you’re interested in binary, please look it up, this is already long haha) If every number between the . can be made out of 8 bits that means the whole IP address is 32 bits. It’s 32 bits cos that’s what was convenient when it was decided basically. Makes sense?
Now, the subnets. Each network can be divided into sub networks or subnets. Subnets fall into 5 classes: ABCDE. D and E aren’t used as much so I don’t know much about them.
Class A: Subnet mask is 255.0.0.0 Class B: Subnet mask is 255.255.0.0 Class C: Subnet mask is 255.255.255.0
A subnet mask determines how many bits are reserved for the network, and how many bits are used for hosts (devices). Basically, each IP address is divided into a network part and a host part. Network part is used for identifying networks and how many you can make, while host part is used for identifying hosts/devices like your phone or PC or whatever and how many can be connected.
In class A, with 255.0.0.0, the first number is reserved for the network, and the other 3 for the devices for example.
In class A you have a small amount of possible subnets but a big number of devices, and the opposite in class C.
The 24 after the slash is just a different way of saying 255.255.255.0, called CIDR notation. 255.0.0.0 is /8 and 255.255.255.0 is /16.
So depending on the subnet class, what the numbers mean differs. Well except the port and CIDR subnet mask.
All in all, all you need to know is that your router most likely has one subnet lol
ok. I would still like to learn this stuff, so hopefully someone can come in and answer some of the questions - but it seems like, then, the challenge is just gluetun for now.
VPN limiting your bandwidth? Sounds like a CPU issue. You’ll be surprised how much CPU overhead it takes to encrypt and decrypt traffic at such high speeds.
Free, private (can be self-hosted), and open source. You don’t need to create an account to use it. If I remember correctly, this was created in response to the recent changes to Splitwise.
Hey, I’m the author of Spliit.app, thanks for the mention :)
Indeed I created Spliit as an open source because I believe that some tools should be open source, especially those used on the long term (I have Splitwise account from many years ago).
selfhosted
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.