Hey y’all, I know getting a setup that feels “right” can be a process. We all have different goals, tech preferences, etc.

I wanted to a share my blog post walking through how I finally built a setup that I can just be happy with and use. It goes over my goals, requirements, tech choices, layout, and some specific problems I’ve resolved.

Where I’ve landed of course isn’t where everyone else will, but I hope it can serve as a good reference. I’ve really benefited from the content and software folks have freely shared, and hope I can continue that and help others.

Happy to answer questions!

  • Libb@piefed.social
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    3 months ago

    Thx a lot for sharing.

    I’m a 50+ non-geek Linux user myself, and selfhosting is the one computer ‘thing’ I would love to be able to setup one day but I’m too afraid to seriously start doing as I’m way too afraid of being that ‘low hanging fruit’ you mentioned in your post.

    I said I was not a geek in the sense that, after almost 40 years using only Apple computers, I’ve switched to Linux to use it like I used… my Mac. Sure, I’ve learned to understand a little bit of Linux workings and I would not want to go back to the Mac, no way, I can also write simple bash scripts (with a lot of trials and errors) but that’s about the full extent of my computer ‘expertise’.

    So, even though your post is well written and informative, it was still way beyond my limited skills, I’m afraid. I’m not saying that as downer, it was a really interesting read and very informative with all those useful links, but hopefully as away to let you know there are… extremely… odd users like myself that are very much interested in the idea but also are as clueless as an oyster comes the time to buy a pair of sneakers :)

    In regards to self-hosting, my conclusion so far is that it’s a much safer choice for someone like me to not do it. The risk is too real to get into some serious issues. And that I’m better off using the few paid services I rely (all in the EU, many of them small companies I can have have direct/human discussion with) as I know by experience I can trust their expertise a lot more than I woudl ever trust my desire to ever become not completely in competent in those fields ;)

    • irmadlad@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      3 months ago

      I’m a 50+ non-geek Linux user myself, and selfhosting is the one computer ‘thing’ I would love to be able to setup one day but I’m too afraid to seriously start doing as I’m way too afraid of being that ‘low hanging fruit’ you mentioned in your post.

      Dude, 70 here. Just do it. You’re going to make mistakes along the way, you’ll learn along the way. You’re already a Linux user, so you’ve got a leg up there. Even if you walk away from selfhosting thinking it’s probably better for you to use those small companies, you’ll have had an enriching experience. I find selfhosting to be rather rewarding in many aspects. For one, it’s one of my hobbies that keeps my mind busy which is a good thing. I’m always digging for something new to learn.

      If you are the only user of your server, tying it down becomes a lot easier. allow.host / deny.host, tailscale, ufw, and fail2ban will get you very far and safe so you won’t be that low hanging fruit. I am quite certain there are people here would love to help you on your way. I’m one. I’m an expert at nothing, but I don’t mind sharing the knowledge (?) I’ve learned along the way.

        • irmadlad@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          LOL You gave me a belly laugh. Yes. Really 70…well soon to turn 71 ifn’ the creek don’t rise. I have that same reaction sometimes too. Damn! I’m really 70!? Yes, the world has changed so much since I was born, and frankly, I am glad it has. I am thankful that technology and music have walked along side me all these many years. It’s been a good life.

    • mirdaki@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      3 months ago

      Hey, I appreciate your openness. Self-hosting is a really deep and wide domain to get into and that is really intimidating. If I may give my two cents, being a geek is about the love and interest in something, not your skill with it. The fact you know what a bash script is, let alone can write one, means you’re more aware of this space than most folks

      If you’re comfortable using and supporting paid services, I think that’s great! It supports the broader ecosystem and that’s a good thing

      But if this is a space you want to tinker with, I think you should try a small project. The security concerns I mentioned are basically zero if you only host something on your home network. Grab an old computer and try running something like Jellyfin (or something else you’re interested in) on it with Docker. Things wont go perfectly, but that’s OK, it’s a learning experience. Keep at it till you get it working. If you like the experience, try more things. If not, great, you’ve scratched an itch and it’s no longer there

      Regardless, appreciate your kind words and sharing your perspective!

    • Fedegenerate@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      7
      ·
      3 months ago

      Don’t start here. Get something tiny: some ewaste, a rPi3/4 or an n100.

      Build a Pihole to block ads, malicious sites and trackers on your network

      Risk free, tonnes of learning opportunities, huge utility, tonnes of documentation and guides to help.

      Once you’ve built a couple Piholes (break and rebuild then) you’ll have an idea of what you might want to do next and what is achievable for you.

    • non_burglar@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      I’m a lifelong Linux user (or since 1999, so half my life), but I was a mixed mac and windows user before that. Anyway, I understand the reluctance you’re facing.

      You don’t need to endanger any part of your current experience to start self hosting, you can just start adding to it. The stakes can be very low if you want to learn that way.

  • SidewaysHighways@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    3 months ago

    this is great! i was intrigued by nix and nixOS early into my linux venture and this has probably pushed me to start moving my stuff from Debian, though i am kinda addicted to proxmox.

    but the way you’re doing truenas is how I’m running my stuff too. way more planning on your end really cleans it all up!

    • smiletolerantly@awful.systems
      link
      fedilink
      English
      arrow-up
      8
      ·
      3 months ago

      Funny - same thing here. Got 3 proxmox hosts running, all virtual machines are NixOS though.

      I’d love to go full Nix, but between my GF and I, we kinda split the responsibilities: hardware is hers, applications are mine. And there’s not a chance she’ll give up her Proxmox hosts 😄

      Got it automated to a single “provision” command though that will spin up any of my nix VMS unanttended, so I’m happy with that.

      • mirdaki@lemmy.mlOP
        link
        fedilink
        English
        arrow-up
        4
        ·
        3 months ago

        Oh that provision command sounds interesting! Did it take a bit of tinkering to get right?

        • smiletolerantly@awful.systems
          link
          fedilink
          English
          arrow-up
          5
          ·
          3 months ago

          Yeah, but no dark magic involved.

          • build image
          • copy to proxmox ISO store
          • import, resize disk
          • start, wait to come online
          • read ssh pubkey, save it
          • rekey secrets
          • rebuild VM

          The only “magic” parts are two nix modules for handling proper networking and hardware setup, and exposing required attributes to the script.

          Works really well, zero manual config (beyond the services you want to run…) required on nix or proxmox side.

    • mirdaki@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 months ago

      I really do encourage experimenting more with NixOS. It’s the strange combination of feeling safer (because of the rollbacks) and more powerful (because of all the modules and packages already setup by the community)

      I also spent a while using Proxmox. Almost went with it over TrueNAS. It was a little bit of a tossup, one is a good VM manager with ZFS support and the other good ZFS manger with VM support. I ended up just liking the interface better for TrueNAS, but both are certainly capable

      • ell1e@leminal.space
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        3 months ago

        A rolling back mechanism is the best thing to have for server tweaks. I achieve the same with docker. Something similar might be possible with FreeBSD Jails, podman, or anything similar like that. (Not that NixOS is a bad choice, I just wanted to share some more options for anybody looking for some to try.)

    • Fedegenerate@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      You can pry proxmox from my cold dead hands.

      I do sometimes dream of running everything in Docker though for how easy it is to update. I’ve got the community scripts running and still it’s a bit of a maintenance job.

      A TrueNAS + Docker machine is pretty tempting. If I were to migrate, that’s where I’d go.

      • hoppolito@mander.xyz
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        After having my dinky homelab machine on proxmox for a couple years, since the start of the year I am now running basically everything under a clean Debian system using incus and docker on the individual lxc guests.

        Incus has completely replaced proxmox for me and it’s so much easier to reason about (for me at least) that I wanted to maybe point your cold hands in that direction too ;)

        • gaylord_fartmaster@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          What you’re describing sounds pretty much exactly like how I use Proxmox at this point (everything in LXCs, most just running docker on Alpine) and I’ve been wanting to make the switch to Incus for a while. Did you migrate your LXCs over from Proxmox? I’m a little worried about how painful that process might be.

          • hoppolito@mander.xyz
            link
            fedilink
            English
            arrow-up
            3
            ·
            3 months ago

            I used the recommended migration tool and it worked okay for many containers but iirc the docker ones had to have one of the security options manually changed in their config which didn’t transform properly with the tool (maybe nesting enable?).

            May very well have changed in the meantime or I only made a mistake, that was in my experimentation phase.

            Ultimately, I did rebuild my instances from the ground since I also switched file system, and to make better use of incus profiles (e.g. one with docker provisioned, one with monitoring and so on) so I couldn’t give you a long-term migration review.

            For me that was (relatively) painless by just migrating the docker volumes in place and rebuilding the stacks, of course ymmv.

            If you decide on migrating and stumble upon issues don’t hesitate to hit me up - I’m only an amateur but maybe I can still help!

      • SidewaysHighways@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        I was truenas on bare metal for the first year or so, but now I run a truenas VM in proxmox, then use those pools as mounts onto the proxmox. it is really cool!

        Until I was in the middle of figuring out how to automate backups of my vms, which paused TrueNas, which was the destination of the backup, was a fun 20 minutes getting it all back running this evening lol

        • Fedegenerate@lemmynsfw.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          I used proxmox to set up my ZFS pools and use bind mounts. It’s fine, I’m sure it’s a “grass is greener” thing.

          Home labbing is a winter hobby, so in the summer months I hate the time spent updating all the machines when I could be outside.

          If I had purely Docker set up, in winter I’d be complaining that “everything is too simple” and “I want more control” etc.

  • BlackPenguins@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    3 months ago

    What’s your hardware setup for all of this? I’ve got an 8 core, 16 GB, 5TB external NUC but it starts struggling after I add a few services. BitWarden in particular so I just used their services instead. I’d love to run everything myself for same reasons but I def might need an upgrade first.

      • MysteriousSophon21@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        Vaultwarden is ridiculously efficient - runs on like 50MB RAM on my potato server which is the same machine that handles my audiobookshelf server for the soundleaf app I love.

    • mirdaki@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      I’m using a AMD Ryzen 7 3700X with 64GB of RAM for my main server. Looking at it right now (so just light background activity) the services are using ~3% of my CPU and 10GB of memory. Granted my ZFS cache is using 32GB of memory, I could tune that to use less, but I have enough headroom to make that fine

      I opted to just use the Bitwarden service to avoid depending on my services to get my secrets for my services, so I haven’t tried running it, but I have heard good things about Vaultwarden. I’ll eventually try running that as a backup

  • Urist@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    3 months ago

    Nice writeup and a fun read! Never thought I would encounter a fellow NixOS and FoundryVTT user in the wild, but I realize the Venn diagram of these kinds of users do have more overlap than I thought.

    With regards to your point about Foundry needing more power than a cheap VPS: I have it working fine on an Oracle cloud free tier VPS (unfortunately not the ARM-cores). That being said, it does want a little more power.

    I am not running it with NixOS though. I am renting a temporary space, so I do not own or want to do too much locally right now, and Oracle OCI was only sort of working with NixOS. I did manage to install it with nixos-infect, but think I messed up the SSH with my reverse proxy and had no way to fall back to a previous version, which begs the question how would you?

    You linked to “NixOS friendly hosters”, do those give you access to boot options to recover from such a case? Since I did not have that option I determined the risk of failure too great for setting up NixOS on that particular VPS provider.

    I also note that you use the nix-foundryvtt module and was wondering how your experience with it was. Does your sops define your login to the website such that it fetches the package automatically or do you have to manually install them?

  • MoonRaven@feddit.nl
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 months ago

    I’ve used Authelia and Authentic. I personally switched to pocket I’d recently. You can integrate lap and groups easily and I’m amazed at how freaking fast it is. Might be a nice experiment next :)