

You shouldn’t have any user home for your services, you shouldn’t even allow them to login at all. They should only have group access to resources they need, and containers should restrict what directories they have access to.
Mama told me not to come.
She said, that ain’t the way to have fun.
You shouldn’t have any user home for your services, you shouldn’t even allow them to login at all. They should only have group access to resources they need, and containers should restrict what directories they have access to.
Companies don’t typically host multiple containers on the same host. So having a different user for them is less important than securing the connection between machines, since a given biat isn’t particularly interesting. Attackers will still try to break out, so they have a backup.
As a self-hoster, you typically do the opposite. You run multiple services on the same host, and the internal network isn’t particularly secure. So you should be focusing more on mitigating issues, and having each service run as an unprivileged user is one fairly easy way to do that.
Yup, my first NAS was my first desktop PC, and I’ve upgraded it as I upgraded my desktop. My current NAS is still running my original Linux install, and currently has a Ryzen 1700 and Nvidia 750 Ti… Y desktop has a Ryzen 5600 and an AMD 6650XT, and I’ll upgrade my NAS to that when I upgrade my desktop.
If you have old parts, use those, it’ll probably overkill. Most server stuff isn’t very resource intensive, so a little goes a long way.
If you’re buying something new, I’d recommend something small, like a Mini PC or an N100 rig. 16GB RAM is probably enough, and anything with more than 4 cores is probably overkill. A dedicated GPU is unnecessary, something with a modern-ish iGPU will be plenty to transcode video.
Nice!
I self host Minecraft on our LAN so my kids can play together, and it’s super nice.
I look at what services I use and see if I can replace any of them w/ a self-hosted solution. Rinse and repeat.
Looking for more stuff to host will just overcomplicate things. I instead try to look for ways to consolidate services down.
The 64-bit version is built directly from Debian for the arm64 platform, while the 32-bit version is derived from Raspbian, a customized Debian variant created in 2012 for the original Raspberry Pi.
The SOC also isn’t fully open, so you won’t get top tier performance with a purely FOSS stack. I push the limits on mine (Retropie mostly), so using their OS is the better bet (I use the one shipped by Retropie, which is super old).
I actually kinda hate the Raspberry Pi because of how closed it is. It’s gotten a bit better over the years, but the Pi 5 took a big step back. But unfortunately, its competitors aren’t much better, so I still use my RPis, but I probably won’t buy more.
I’m also not a fan of Debian in general, so if I switched, I would probably use openSUSE or Arch instead (I tried Arch, but it had issues syncing to disk after updates; they fixed that, but it shows that other distros will be a bit wonky). Raspbian works, so I stick with it.
Yup.
Nowhere near as big as yours. I haven’t bothered checking, but probably something like 100 movies and about the same number of TV shows (only a handful of series). It consists pretty much only of what I’ve ripped from physical media, plus a handful of things my SO uploaded. Total storage is about 2TB, and mostly DVDs w/ a handful of Blurays. Rips are full quality, and mostly ripped from MakeMKV, with a handful ripped w/ Handbrake.
We don’t watch a ton, but I do order new stuff periodically, so it slowly grows (most recent addition is Adventure Time).
Yeah, I always run Raspbian. It’s stable and let’s me largely forget about it.
Or just close off the most common vectors, such as disabling root ssh login, doing key-only SSH auth, and block traffic from regions of the world you don’t need to support.
Yup, we don’t have IPv6, so we’d need a VPN or something to do that.
You can based on the port.
Yeah, this is why I reuse my old PC parts. Here’s my rough history:
My NAS power draw was cut in half from 2-3, and it’ll probably be cut again when I upgrade my PC again.
Old PC parts FTW!
Yeah, I’m liking it so far, but I’m still very much in the testing phase, I don’t have any “real” data in it yet.
Isn’t that what 802.1x is for? If you really want to lock down your network, there are options.
I’m not OP and am a dev, but also prefer flat files. Here’s my reasoning:
My main concerns with Seafile specifically are:
With flat files, I can easily switch to a different service if my needs change.
Here’s what I’ve used and can recommend:
Since you rejected NextCloud, check out the other two. I’m switching from NextCloud to OCIS right now, and I may end up using OpenCloud if development looks stable.
Sure, but those will usually be pieces of an app on the same host, not whole apps. Like for an inventory management app, you might have the auth server and its database on one host, the CRUD app and its database on another, and the report server, its database, and a replica of the CRUD db on another. And I use the term “host” broadly enough to include VMs on the same physical hardware. And these hosts will have restricted communication between each other.
At least, that’s how I’ve seen it done.
Self-hosters will generally run multiple full apps on one host. It’s a different setup.