I’m probably the overkill case because I have AD+vC and a ton of VMs.
RPO 24H for main desktop and critical VMs like vCenter, domain controllers, DHCP, DNS, Unifi controller, etc.
Twice a week for laptops and remote desktop target VMs
Once a week for everything else.
Backups are kept: (may be plus or minus a bit)
Daily backups for a week
Weekly backups for a month
Monthly backups for a year
Yearly backups for 2-3y
The software I have (Synology Active Backup) captures data using incremental backups where possible, but if it loses its incremental marker (system restore in windows, change-block tracking in VMware, rsync for file servers), it will generate a full backup and deduplicate (iirc).
From the many times this has saved me from various bad things happening for various reasons, I want to say the RTO is about 2-6h for a VM to restore and 18 for a desktop to restore from the point at which I decide to go back to a backup.
Right now my main limitation is my poor quad core Synology is running a little hot on the CPU front, so some of those have farther apart RPOs than I’d like.
I run microk8s on a 3 node cluster, using FluxCD to deploy and manage my services. I also work with Kubernetes at work, so I’m very familiar with the concepts. But I will never use anything else.
If you want maximum control and flexibility, learn Kubernetes. For a lot of people (myself included) it’s overkill, but IMO it’s the best.
My main gripe with docker-compose, which is what I used to use, is that service changes require access to the machine. I have to run commands on the host to alter services. With Kubernetes, and more precisely a GitOps model, you can just make a commit to a git repo and it will roll out.
For your last point, portainer fixes that. I use portainer to pull compose files from my gitea instance. There is an option to auto update on git comit but I prefer to press the button to update.
I write the compose files in vscode and push them to my repo.
FWIW I manage docker compose files with ansible. Allows me to centrally manage them without the need to go logging into multiple vms. I also create a systemd service file to start/stop the containers (also managed with ansible).
That said I’m starting to switch over to k8s as well (also with microk8s which has been the easiest to work with). Definitely overkill but I want to learn it.
Yes very true, I really would much prefer GitOps as I feel… uneasy about how handwired and ephemeral my current setup is and would love it to be more declarative and idempotent. It does seem like Kubernetes is the way to do that.
Using CloudFlare and using the cloudflared tunnel service aren’t necessarily the same thing.
For instance, I used cloudflared to proxy my Pihole servers’ requests to CF’s DNSoHTTPS servers, for maximum DNS privacy. Yes, I’m trusting CF’s DNS servers, but I need to trust an upstream DNS somewhere, and it’s not going to be Google’s or my ISP’s.
I used CloudFlare to proxy access to my private li’l Lemmy instance, as I don’t want to expose the IP address I host it on. That’s more about privacy than security.
For the few self-hosted services I expose on the internet (Home Assistant being a good example), I don’t even both with CF at all. use Nginx Proxy Manager and Authelia, providing SSL I control, enforcing a 2FA policy I administer.
Actually you dont need to trust a upstream DNS server. Checkout dnscrypt-proxy in github. You can use dnscrypt with Anonymized DNS relays. You can use the IP of this dnscrypt-proxy as your DNS resolver.
Bookstack is really nice and user friendly. It’s probably one of my favorites.
Dokuwiki is simple and stores files in plaintext.
I haven’t used wiki.js much but I’ve heard good things about it too.
Another option if you don’t need to share the wiki with anyone would be a note tool like Trilium. It has built in support for stuff like mermaid or excalidraw diagrams.
Don’t forget to setup backups for whatever wiki you do go with, and make sure you can restore them when your wiki is broken ;)
I don’t know current pricing, but a premium proton account, which was ~$9/month when I started has worked very well for me. I like the other features they are rolling out and use them a lot.
Domain is purchased through cloudflare, and I think it was like $10/year?
I’m administering a wiki.js instance. Despite it being written in node, it’s a pretty nice wiki with a lot of modern features builtin. The only other wiki I’ve ever setup and used was mediawiki, which is obviously a complete legacy php clusterfuck where you need add-ons (which are terrible to install and configure) for everything.
I just spent a week evaluating all the popular choices to document an overlay network I’m standing up. All I want is a simple markdown interface to write notes in. My goal was something with a very simple UI, markdown, and very light weight.
MediaWiki, Bookstack, and WikiJS (or JSWiki) were good but they were too much for what I needed. I ended up with stumbling on gollum and really like it. It’s very very simple, fast, and clean. I wrote a one line cronjob and now I’m backed up to gitlab.
Lots of people have said worthwhile things. Don’t selfhost email for example. While going with an email hoster has been recommended a couple times, which is good and easy, I want to offer an alternative: SimpleLogin (or comparable providers). Essentially a “email alias generator”, it forwards received emails to one or more mail addresses (Google, Hotmail, what have you). It also allows you to connect a domain and then create new inboxes on the fly by simply sending (or telling a service to send) an email to that non-existing inbox. Which is incredibly handy if you’re faced with a situation that demands an email, where you don’t want to give out an actual email.
So say you have the domain doe.com, and you’re in a physical shop at the register, faced with the question if you want to get 10% off by registering for their members club. You can simply give the cashier the email “coupon_walmart@doe.com” (which does not yet exist), the email will be sent, received bei SL, the inbox created and the coupon code forwarded to your Gmail account. Afterwards, you can disable or delete the inbox and never have to worry about newsletters or data breaches. Nifty!
Every one of these boxes also has its own “sent from” address visible in your actual mail account. Which means that you can simply respond to incoming emails, and the recipient will see the mail address they sent a message to. This also means that you can set up filters in your mail account to move messages from certain sender addresses into specific labels, as if they were real separate email accounts.
I honestly dont see how mail can be reliably self hosted, and be accepted by the majority of filters. Especially as we move farther and farther into the world of limited IPv4 availability.
All it takes is for your IP to be listed as spam, and a large number of companies out there are going to put you in junk, or worse drop you completely.
Add on top of that the issue of reliability, and I just can’t fathom hosting myself. It makes much more sense to me for email to be one of the only things you do third party.
selfhosted
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.