What’s up, what’s down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
I finally finished my first iteration of my Minilab including a very smooth migration from the old server yesterday so I can go to the service side of things again. I plan to get some kind of selfhosters VPN for external access to stuff that’s not exposed to the internet, I’ll have to investigate which one.
I finally dealt with the AI scrapers hammering my Forgejo instance - https://jade.ellis.link/blog/2025/05/18/actually-stopping-forgejo-ai-scraping Hopefully next week I’ll be able to get back to actually programming Continuwuity rather than fighting fires.
Trying to get the right combo of iptables rules to shuttle traffic from vps to home lab server (as I think I’ll need to do once my ISP upgrade puts me behind CGNAT for the first time…
Got it working sorta, but I didn’t like seeing my vps private link address instead of the remote in logs.
I am re-re-factoring my plans for homelab 3.0 and the migration to it. Hardware budget is non-existant so I am trying to figure out how to do everything with what I already own, while re-organizing to better use what I have to make some room. Adding a few sticks of RAM and replacing some older cat5 are all I will do this year.
I recently setup a full matrix server. What I am currently worried about is my server. I am currently shopping for a used dual Xeon server. I am hosting close to 40 docker containers on 2 1 liter PCs with very low specs. I would love to bring it all in house to a single server with a separate NAD which I do have currently holding 60 terabytes of storage space.
Configured changedetection.io to notify me when my usual bus is delayed or canceled.
I’m still trying to get a good backup strategy. I am currently using Duplicati but I cannot get the before script execution to work. I will eventually look at Kopia.
What kind of hardware are you using for a mini lab? I want to switch from a raspberry pi 5 to a small form factor Intel based system so I can run Proxmox. I was looking at the Lenovo m920q or an Optiplex 79xx series machine.
Do you have any recommendations for backups or the hardware switch I mentioned?
If you do make a switch to Proxmox, then Proxmox Backup Server is where it’s at for backups. Its de-duplication feature is incredible. I backup all my Proxmox VMs/LXCs with it, as well as my non-Proxmox hosts (laptop, etc.), with
proxmox-backup-client.Personally, I’m using a few of those tiny Beelink PCs (a couple Mini S12 and an EQ12) with the N100 processor, as well as a couple larger rackmount PCs I built for situations where I needed to add an HBA or some other PCI-Ex device. I do recommend something like a Beelink before building, though - they run Proxmox fine, they’re inexpensive, efficient, quiet, and each one can run a handful of VMs.
Yeah, I heard about Proxmox backup and that sounds really nice. Love the idea of being able to take a snapshot before any major changes to a VM and then if it goes south restore from snapshot very quickly.
I use cron schedules to run scripts that backup my important stuff to s dedicated backup drive, then copies the backups to a different external drive, then upload the backups to a dedicated backup cloud storage account. Then it deletes any backups older than a month.
Have a look at Backrest for Restic. It works great with pre/post scripting and supports healthchecks for monitoring status and stats.
Also is a nice easy to use WebUI which is great for servers.
This week moved all my vps’s to nixos, so am now able to use one flake for my desktop and all my vps’s which significantly lowers down the time I need to manage my vps’s.
Nowto move my proxmox homelab server ( an old desktop pc I bought recently ) and all my server’s/devices witll be running nixos.
EDIT: An issue I’m thinking about is getting a “proper” server. Not a server like a server rack server, but a mini pc or something along those sides wbich would be a lot stronger and a lot more power efficient than the current 10+ y/o desktop pc I’m using currently.
So would like some reccomendations on that front, like what are some good mini pc brands and mini pc’s that I could have raid seted up on for nas or good budget parts and case to make one myself.
Hey! Another nixos user 😁 What are you using for your VPS? nixos-infect? nixos-everywhere?
As for mini PCs, a friend bought one from Minis Forum and quite likes it. But if you want to support the opensource ecosystem, there are tuxedo computers and slimbook. There’s also starlabs byte.
Take your pick :)
I’m using nixos-anywhere to install and then deploy-rs to deploy updates to nixos vps’s.
Also using agenix for managing secrects for the services so that I can easilly have them all in a public repo, so that other’s could take a look and take inspiration.
My nixos flake url if you wan’t to take a look.
Having electric stability issues this week in Bangkok - several 2-3 hour outages, which are too long for a UPS to cover the gap. I have several mid range but older PCs running docker, virtualbox, etc for various things including a postfix server for the family email, immich, QBittorrent, pihole, paperless, huly, postiz, a Minecraft bedrock server, a flightradar24 ads-b collector, and a variety of other homegrown projects.
Thinking about getting some or most of this over to a service like hetzner, perhaps even splurging on a baremetal dedicated system.
Recently I’ve been reading about/trying to learn qemu and proxmox, but don’t understand them yet. Is that where it’s at for managing a bunch of your own VMs? Or kubernetes/k8s?
I’ve been a little out of the loop for a few years and of course coming back up to speed IT wise judge take weeks. Looking for recommendations on offloading my home stuff to a cloud that I control.
Proxmox runs Qemu under the hood. It’s the current favorite for VM management.
I wouldn’t bother with k8s unless you’re deploying services in high availability, or groups of related containers.
I’ve used a RV/Marine deep cycle battery attached to a UPS before, that would certainly give you enough for 2-3 hours on most setups.
proxmox
You will enjoy Proxmox. When you get it all jammy, check out the Proxmox Helper Scripts: https://community-scripts.github.io/ProxmoxVE/
K8S is a whole different approach and I find it to be a lot more complex, but you would not need virtual machines. If all your applications are running in containers anyways, you could consider it. Finding a good solution for persistent storage is probably the most important design decision.
Thinking about getting some or most of this over to a service like hetzner, perhaps even splurging on a baremetal dedicated system.
If I may, I find LUXVPS to be quite capable and responsive hosts.
Black Luxury Deal #1
4 vCores (Xeon Gold 6150) 26 GB DDR4 RAM 150 GB Raid 1 NVMe 1 Gbit internet speed | 40 TB Traffic 1x IPv4 1x /64 IPv6 3.2Tbit Premium DDoS Protection 24/7 Ticket Support 4 Backups For ONLY 10€/Mo (recurring)I’ve never used Hetzner, and I don’t know what you are hosting, but I’m sold on LuxVPS. I also use Contabo, and Ethernet Services. The latter would indeed be bare-bare-metal as there are no frills. However, for a test server and for $35 a year, it works.
Today I learned that for some reason some DNS servers don’t like SRV records, so had to troubleshoot it when people were unable to log onto my Minecraft server that is on a non-default port.
I’ve installed coraza web app firewall with OWASP ruleset this weekend. I must admit that it wasn’t as easy as I expected it, but it now (mostly) works. I had to give up with nextcloud though.
I know next to nothing about using the command line, so I’ve been relying pretty heavily on ChatGPT to set my stuff up and so far it has reliably helped me overcome every issue. The problem is, of course, that I often don’t even understand what the issue was in the first place so I don’t even know if the fix that the ai spits out is, let’s say, correct. I don’t really want to become an It expert, I just want to be able to host some services on my own to depend less on corps, is it alright if I continue to rely on the AI? Or do you guys think that I just have to learn this stuff or else I might mess up?
I don’t have great security concerns btw, my ISP doesn’t allow port forwarding, so I access my server exclusively though Tailscale.
I love Tailscale.
The more you learn with the command line the more interesting stuff you can do.
Most of the stuff will somewhat work, but you’ll introduce side effects sooner or later by using commands that might work but are not the proper ones and alter unrelated things. At some point those will likely bite you and you have no idea where it’s coming from. I’d suggest to check at least what the commands you are copying are doing.
What you can probably do to build some knowledge if you’re going to be using AI anyway is asking it to explain some of the concepts to you. You also have the ability to ask clarifying questions about anything you don’t understand.
Yes I do that, and it does help me a lot to understand what I’m doing it’s just I’m a top down type of guy. Like I don’t like messing with anything unless I fully understand it, which often makes me very unproductive. I decided to not be that way with this self hosting thing because I realized I would never get around to it with that mentality. Better to break shit as I go.
Yeah, I’m the same way. I learned mostly through making Docker containers and bumbling through tutorials until things worked, just deleting them and starting over when I fucked up irreparably (except the compose file, of course).
There are a lot more comprehensive written and video tutorials than there used to be so those are very helpful too.
I’d encourage learning. The more you understand the better you can control your data and maintain your services. You don’t need to be an expert but I’d encourage working towards relying less on gpt.
I’ve had some amusing mixed experience with ChatGPT for this. When I asked about iptables rules to restrict podman, it was great. About podaman quadlets, though, which I first misspelled ‘quartlets’, it completely made it up, and even sent me a fake link to nonexistent documentation when I challenged it!
- it’s more helpful if you ask the right questions
- and its answers often give you ideas of what to google
- Old stuff that has been written about many times over is more likely to get a proper answer
- sometimes the gist of a wrong command/answer could still help me understand what to do with the right one
Try to understand whatever you use from AI. At least understanding the general picture of what it means, and a basic idea of “this flag is for this; this option is for that”. AI can also help you with that understanding, but again beware of it completely making up something logically coherent but wrong.
Yes this happened to me as well, I don’t remember what I was talking about but I remember I made a typo and it just ran with it as if it was a real thing. I let it keep going to see if it ever realized it was talking about something that didn’t exist but nope it kept going until I pointed it out.
I ask for it to explain what the command did and I did manage to wrap my head around a few concepts but in the end I feel like I’m trusting it to not insert any vulnerabilities into the system, and I don’t like that. Mistrust is the whole reason I’m doing this. But yeah I’ll pay close attention and maybe even ask all the implications of he changes we make.
Tried to use my fifteen year old intel atom home server for 4K videos with Jellyfin. Probably could have predicted that, but it was veeeery laggy 😄 no way that old of a processor can transcode 4K videos in real time. It is useful for backups though.
Does it have QuickSync support? If it does it might be able to handle a few 4k transcodes.
Alternatively I wonder why the video is needing to be transcoded in the first place, maybe you can get it playing natively.
It was one of the cheapest variants of intel processors, so I highly doubt it has any sort of transcoding support. I have resorted to using my desktop pc for streaming, since it has a much better CPU.
My problem is that I’m moving in the not so far future and I don’t know where to put my server. Physical security is important and if someone gets into my house, takes the computer and leaves, it’ll be worthless due to encryption. But if it’s in somebody’s datacenter (co-location or whatever), they could be forced to monitor my traffic, tamper with my system, and I’d have to entrust the key to somebody in order to boot the system and decrypt the drives should it restart for an update or for any other reason.
I’m considering asking a friend to host the homeserver and reimburse them for a better internet connection (fiber) + electricity costs. But I’m not sure they’d be up for it.
How would you solve the problem?
What do you actually need to run on your server? I’d look into downsizing. A single small form factor computer or even a newer Raspi can do a lot these days.
Yep - while only drawing a fraction of the power and creating almost no noise
My problem isn’t the hardware, it’s that the place I’m moving to will have a bad internet connection. My current homeserver has stuff like a CI (currently being tested), a builder for software (compiling rust, C/C++, go, and whatever else), immich, nextcloud with an extension to download from youtube and other sources (basically to circumvent geoblocking of multiple friends and family), and it could be expanded to host other services e.g a seedbox. All that stuff needs good hardware and a good connection.
Myself right now I’d probably take it with me - in fact that’s that I’m planning to do in a couple of months - but it sounds like my needs are a bit less than yours, and i can do some stuff just over LAN and on the ‘server’ (which is also a laptop) itself.
For more, I think I’d also ask a friend like you’re thinking.
I did that before with a relative - just had to ask them to restart the server every now and again!
About trusted encryption keys, I did it with a simple password for boot encryption, that my relative knew, so in the event of theft it’d still be hard for thieves to get anything; but after boot I’d ssh in and unlock the second disk with my own password, then start up the services.
Hello! I recently deployed GPUStack, a self-hosted GPU resource manager.
It helps you deploy AI models across clusters of GPUs, regardless of network or device. Got a Mac? It can toss a model on there and route it into an interface. Got a VM on a sever somewhere? Same. How about your home PC, with that beefy gaming GPU? No prob. GPUStack is great at scaling what you have on hand, without having to deploy a bunch of independent instances of ollama, llama.ccp, etc.
I use it to route pre-run LLMs inti Open WebUI, another self-hosted interface for AI interactions, via the OpenAI API that both GPUStack and Open WebUI support!
Oh that’s dope. How many hours are you running? Do you also use them for things like encoding or something like that?
Anyone have a good guide on setting up a reverse proxy that works with tailscale? Not sure if there’s anything specific I need to keep in mind or if it would just be setting up the reverse proxy like normal. Thinking of using either traefik or caddy.
You can restrict Caddy access to use your tailscale. For instance in your Caddyfile:
For tailscale ip range:
myverycoolserver.duckdns.org { @allowed { remote_ip 100.64.0.0/10 # Allow Tailscale IP range } respond @allowed 200 # Allow access respond 403 # Deny access for others reverse_proxy localhost:YOUR_SERVICE_PORT # Your service configuration }For specific tailscale IP:
myverycoolserver.duckdns.org { @allowed { remote_ip YOUR_TAILSCALE_IP # Replace with the specific Tailscale IP } respond @allowed 200 # Allow access respond 403 # Deny access for others reverse_proxy localhost:YOUR_SERVICE_PORT # Your service configuration }Might look into the pangolin project if what you’re trying to do is expose services from your home network over wireguard to a reverse proxy on a vps.
The software suite is basically wireguard, traefik, and auth middleware wrapped in a trenchcoat. Much simpler than rolling your own implementation, but there has been recent controversy with the project over locking “basic” existing features behind a paywall after the project got popular, though after public backlash they’ve backpedaled on that iirc.Edit: Just realized you said tailscale. Above recommendation might be a deal breaker depending on your reason for wanting tailscale specifically
You’re gonna need to provide more detail on what you’re trying to do
It should be the same setup regardless if you’re using a VPN or not.
Having used both I generally prefer traefik.
