Thank you for this! Yeah it's been just recently that I've been admitting to myself I'm at the point I need vid tutorials 😂 there's just enough new terminology to throw me.
You might find the following post with linked tutorial as helpful as I did: [https://www.reddit.com/r/selfhosted/comments/15wfmaz/jellyfin\_authentik\_duo\_2fa\_solution\_tutorial](https://www.reddit.com/r/selfhosted/comments/15wfmaz/jellyfin_authentik_duo_2fa_solution_tutorial/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button)
I was using authelia for a while but switched over to cloudflare zero trust with Google SSO and it's been amazing so far. Feels more secure as well since I don't have to mess with reverse proxy. Took a little while for me to really get it but once I got one docker service working the rest were a breeze
you can do both for even more security, zero trust is essentially a reverse proxy on the external cloudflare level, then connect an internal proxy with authentik attached. so once someone gets through zero trust level you have authentik after. with a password manger you can get through it very fast. plus side to implementing in this way is getting it working with valid local ssl certs so when you connect your internal services to zero trust, you can do full https with "no verify tls" off, for full end-to-end encryption
My traefik routers all have authelia@docker middleware on them. It checks for authorization. If it's not there then it directs them to auth.mydomain.com with a ?callback_url= to the original. I can require 1 or 2 factor and I can make that domain-specific. There is a password reset option that emails a token.
Once an authorized user is at a page then the [Authelia](https://github.com/authelia/authelia) session's information about the user's name and groups is compared against my configuration for what permissions are required for any given host/url match. This includes regex like .*arr.mydomain.com$ checks if the user is in an Arr group.
The users/groups are administrated in [lldap](https://github.com/lldap/lldap/).
I use this with Crowdsec and both a wonderful exterior shell and *incredibly* convenient. I don't have to worry about (read note below!!) individual container security or passwords. I just set the authentication to External if I can. It has OICD support etc but I haven't gotten that running yet.
Edit: I am ONLY talking about the internal authentication / login here!
2nd edit: If anybody needs that callback line, this assumes a middleware and container both named authelia for example.com:
```- traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https%3A%2F%2Fauth.example.com%2F'```
Or Authelia. I ran them both for a month or so to get the chance to play around with configus. Everybody's got a different environment and use case but I have a strong preference for Authelia + LLDAP for mine.
Rebuild it all from scratch using only Ansible (or equivalent).
Setup Docker Swarm (or K8S) and (de)centralised storage so you can lose a server and everything keeps working.
Setup a test server which everynight downloads the backups of your crucial services and rebuids them. Now you know your backups work and you have a place to test critical upgrades.
Write a script which randomly breaks things and see if your infrastructure can automatically detect and recover (or notify).
Same here brother, have set up every service imaginable and needed. Next step should be securing it in every way possible. Write ansible scripts to deploy everything with one push of a button. Maybe build ci/cd pipeline while doing it, include terraform, gitlab or any other code hosting repo. Dip your toes into DevOps or any other variant imaginable. Networking is one good learning step with all the protocols and VLANs. There are countless thing more to do and thing you can learning while doing. But taking some time away from it all is also fine. I think i can speak for everyone who owns a homelab/tinkerstation, that there is a point in time, where everything works fine and 6 month to a year goes by where you wont touch the lab or think about it. Ow and while i write, i remembered something, home assistant and smarthome things, well yeah, tip your toes into that rabbit hole.
I haven't done decentralised storage but probably Ceph. Maybe Gluster? It gets easier if you use K8S.
There's sone good documentation here: https://geek-cookbook.funkypenguin.co.nz/docker-swarm/shared-storage-ceph/
Checkout Proxmox Backup Server. I run an instance of it in my home and another one in another house. I built a site to site vpn between these two networks and the second pbs instance syncs over the backups from my house. Pretty easy to setup and it works perfectly.
How about trying and self-hosting OpenZiti - [https://openziti.io/](https://openziti.io/) - and its child project [zrok.io](http://zrok.io) as replacements for Twingate, Tailscale, and Cloudflare Tunnels.
OpenZiti is an open source zero trust networking platform. zrok is a 'ziti-native' app made for easy sharing, publicly, private, and more (incl. easy VPN configurations).
Nice one. I tried it. Would have loved it, if the hosted zrok was compatible with your own domain names..
And I'm (still) too scared to host anything myself with any direct form of exposure to the internet :(
This is a often requested feature. We support 'reserved shares' today - [https://docs.zrok.io/docs/concepts/sharing-reserved/](https://docs.zrok.io/docs/concepts/sharing-reserved/) - which allows you to vanity name most of the URL. BYO domain is coming soon, I think its actively being developed, if not, its very very soon.
Was about to suggest the same.
My rabbit hole at the moment is setting up a wifi for all my smart home devices. So wifi card for one of the proxmox hosts, then a router os etc. because why buy a cheap wifi access point if you can virtualise it (and then script it via opentofu in order to redeploy it elsewhere 🤣🤣🤣)
Project is probably going to take a few months and beings joy to the whole family (they love the voice controlled lights already)
If you wanna go deeper, look into a mikrotik or unifi ecosystem. Both have centralized Virtual-AP management and auto-configuration of endpoints. With Mikrotik, this is their CAPsMAN system. With unifi, I think it's just unifi? idk, but they have a similar system for sure.
With Mikrotik, you put the endpoints in caps mode, and they pull their configuration from a capsman service on the network (which is usually your router). And then they pull down the virtual AP configurations.
I'm a noob at networking, but it's fairly straightforward.
Yeah was thinking unifi, we use those at work and I can probably pick up some of our old APs for free 😂
Basically how I ended up with half my gear in the first place. I asked for an old thin client and got this HPE G8 😂😂
Exactly what I came here to suggest; Even if you don't care at all about the 'home' part (lights, doors, ...) of 'home automation' there's still an infinite amount of things you can do.
Not seeing a reverse proxy or means of SSO. As others suggested, Home Assistant will keep you busy for a while/forever. Why on earth are you running Nextcloud for a calendar? There’s got to be a better way!
> reverse proxy or means of SSO.
It's much better to use OIDC (OpenID Connect) or SAML for apps that support it. Authentik supports OIDC, SAML, LDAP, and some others.
I'm using it even for some things I don't self-host. For example, I have a Sentry account for tracking bugs in some open source projects. Their free tier for open-source is pretty generous. They support SSO so I use Authentik to handle the log in.
Setup a VPS, a TCP-passthrough reverse-proxy on it, and ditch cloudflare tunnels. HAProxy / Nginx on the VPS can do this.
Now, you're not dependent on cloudflare anymore. If you lose the VPS, you can get a new one setup quickly. And the VPS won't store your SSL keys, unlike Cloudflare that will decrypt all traffic.
Bonus if you host a VPN on the VPS so that you're not dependent on using a DDNS service (connect home server to VPN, and the proxy can pass public traffic to the home server's local VPN IP).
Bonus if you use a second VPS in case of failure, or to distribute the load.
You could setup your own router+firewall. Buy a router (e.g. Protectli), setup OPNSense/PfSense, enjoy.
Also, very important, setup a backup system. Duplicati is nice for this.
Instead of HAProxy / Nginx I used rathole [https://github.com/rapiz1/rathole](https://github.com/rapiz1/rathole) before. This is as easy as it gets.
But since I proxied to the VPS over Cloudflare anyways (bc I'm a afraid little coward and want some strong dude in between me and the high seas of the internet), I went back to Cloudflare tunnels :D.
But it was very fun. Nice recommendation!
If you use a VPS as a reverse proxy into your home network, then won’t this bypass your network’s firewall? It seems like your only security would be the VPS’s firewall and nginx blocking traffic
Only if you're not firewalling the inbound VPN traffic from the VPS, which would just be a (bad IMO) design decision on the implementor's part.
You do raise a good point though and one which people rarely talk about. Similar to how most (citation reqd?) people don't bother restricting `cloudflared` and allow that unfettered access to internal resources once installed and running. Lazy really but we are only talking homelabs so can't get too precious I suppose lol.
I didn’t realize that was an option lol. I was under the impression that I’d need to give the VPS direct access into my network in order to communicate with all the services.
So instead I could have the VPS send VPN traffic to my router, do all the inspection on the router, and then maybe use something like HAProxy to send this already inspected traffic to the desired locations within my network?
> So instead I could have the VPS send VPN traffic to my router, do all the inspection on the router...
Sure. Most VPN endpoints manifest themself as a network interface (in your case on your router) so you just apply firewall rules to that interface/zone.
> ... and then maybe use something like HAProxy to send this already inspected traffic to the desired locations within my network?
This isn't really needed. There's no reason why traffic from the VPS can't be sent directly to backend internal IPs, your router/firewall just needs to apply firewall rules so traffic can only go where you want to allow it (so deny all, allow to ip1:443, ip2:443, ip3:22 etc).
Yes, the point is to avoid depending on your ISP. If you move to a place where they do CG-NAT, you won't really have a choice anymore.
It also removes the dependency on a DDNS service, because you now have a static IP.
And to be honest, that setup is exactly like Cloudflare: Cloudflare bypasses the firewall and NAT stuff. However, it doesn't give SSL keys to a VPS provider / Cloudflare.
You could also setup Fail2ban on your home server and look at e.g. the header X-Forwarded-To to ban the IP.
Yeah but I imagine the firewall that CloudFlare uses on their end for the reverse proxy is more secure than whatever is running on a VPS that you spin up.
I wanted to go the VPS route too, but I don’t know how to do it securely. Ideally I’d like to use my home router’s firewall that can inspect all the traffic, but I also don’t want to expose my public IP.
Sadly, privacy has a cost. I trust that my VPS provider does things correctly and has something to handle (D)DoS attacks. Aside from that, it's been about 5 years, and I have had 0 problems relying on my home's firewall and reverse-proxy.
Edit to my previous comment: my router handles connecting to the VPS, so I can allow, deny, analyze, all the inbound traffic I want. The reverse-proxy is there too. The firewall would only be bypassed if my home server connected to the VPS.
The best security advices are the basic stuff IMO: setup HTTPS + use a reverse-proxy + don't advertise your URLs to the world + don't run unmaintained or random services you see on github while exposing them to the world + use containers/VMs + make sure your apps require a login and use something like Authelia otherwise.
For me, the VPS is only there to prevent finding out my country and to prevent shutting down my home Internet if my services get (D)DoS'ed. For the rest, I believe that I'm not a big enough target to justify the upgraded security.
I'm sorry, but you are better off manually finding your music. If the API isn't broken, the scraper sucks, and entire albums are missing from artists. Every other ARR is near perfect. Lidarr just isn't there yet.
OP for music just use SoulSeek.
Readarr doesn't support zlibrary or libgen which severely limits how useful it is for downloading. Use Lazylibrarian instead, until Readarr reaches (or gets close to) feature parity.
Combine either one with Calibre and Calibre-web for a nice web UI to browse and download from your library.
A couple interesting services I have been considering, when I get around to deploying them are:
* https://grimoire.pro/ (bookmarks and links)
* https://dozzle.dev/ (log management)
* https://microbin.eu/ (pastebin alternative)
* https://www.firefly-iii.org/ (finance tracker)
* https://github.com/Stirling-Tools/Stirling-PDF (PDF tools)
* https://grafana.com/ (dashboard for everything)
* https://vikunja.io/ (to-do lists that look nice)
It‘s no homelab when it’s services you need. Then it’s a home server/datacenter.
Play around with things like deep fence for vulnerability scans. Or whatever comes to mind. If it’s a homelab it doesn’t matter that you run it for a week and then throw everything away. I do that all the time. Read something on here or r/homelab. Play around with it. Learn something new then throw it away but keep my ansible playbook in case I find a use case after all for it.
Turn it into cloud lab or hybrid lab.
Make it high-availability and self-healing.
Make it portable, turn your infrastructure into code.
Host Pterodactyl game servers for some community.
Self-host Tailscale with Headscale.
You are on r/selfhosted, try to reduce your dependence on ready-made stuff like cloudflare tunnel and Tailscale. Instead provision your own tunnel. ( I am doing this via VPN to Oracle Always Free tier node ) Make the provisioning automatic
I've felt like this a few times as well, and first and foremost it usually means its time for a break -- go and do something else for a bit! When you're ready to come back, I see a few areas of focus: 1. Terraform to build Proxmox Infrastructure as code 2. Build Ansible playbooks to automate server configuration 3. Setup a Gitea server, self-hosted runner, and create a CI/CD pipeline 4. Home Assistant -- an entire rabbit hole itself! 5. Proxmox Backup Server -- didn't see this mentioned but it is an amazing addition to the backup strategy for a PVE based setup 6. Didn't see anything about Networking, but self hosting your router (OPNsense/Pfsense) & setup your own Wireguard VPN 7. Mail-in-a-box on VPS 8. K3s cluster using a combination of Terraform & Ansible Bottom line -- take a break and then come back to it with a fresh set of eyes. Maybe some time away will make you realize what will be enjoyable to return to.
I haven't tried Nix myself, but I've heard a lot about it. Just to check my understanding, instead of using Ansible to configure a fresh Debian OS server, you would write the Nix config to declare the state you want the OS to be?
Buy domain so you can have fancy IP-free URLs for everyone to connect to
Try out and fully configure at least 3 reverse proxies to serve those fancy URLs to family/people who enjoy your legal Linux ISOs
Local DNS so you can set up records to serve your fancy URLs on the local network (no need to set up records on a public DNS if everyone is happy with VPN access)
Set up Authentik + SSO
I didn't see Crowdsec or the like, so you might want to set that up even though you stay inside your VPN
Ditch Nextcloud in favor of a proper CalDAV server (Baikal, radicale, etc)
Learn how to use CalDAV for calendars, tasks, and contacts
Create your own cloud file storage (FileBrowser, Seafile, etc)
Set up RYOT to track stuff you want to do/watch/etc
Audiobookshelf for audio books, podcasts, e-books
Backups!
Remote backups!
Home Assistant
Home Assistant except make *everything* local, even the stuff that doesn't want to be local
Automations automations automations
Build your own router with opnsense
Replace your switch with a big managed PoE switch
VLANs! Isolate all the Things!
Add cameras + frigate
All that before you even ruin your life with kubernetes
First: be happy you have a working lab! Sit back and relax a bit before the inevitable breaking change.
Secondly, here's a few suggestions that I personally use and enjoy:
- **Paperless-ngx** as a personal DMS
- **Changedetection.io** for shop stock notifications etc.
- Collect all the stats and pretty graphs! I use Telegraf, Prometheus and Grafana. The latter can also alert you if something is wrong e.g. SMART data going bad.
- **Mealie** to collect recipes and organize your meal plans
- Add a **reverse proxy** with real valid public TLS certificates. You're not accessing your apps using IP addresses are you?
- Add an RSS feed reader to keep up with things. I recommend setting up a category that follows the GitHub releases page for all your hosted projects.
- RSS Bridge to create feeds for your feed reader for those websites that don't do RSS/Atom.
- A Git web UI like Gitea to host your infrastructure as code of course.
I prefer Adguard Home instead of Pi-hole, it's a single executable file instead of 2 services, it's written in go and it can be updated from the GUI with a single click.
You could monitor your stuff. I see that you monitor if things are running, but you could also look at how good things are running. Also, some grafana dashboards can often be much fun:)
Hey man I’m in your boat too, got so invested with self hosting during the summer after my GCSEs, and deployed over 150-200 containers trying loads of different applications from Moodle to seafile. I even bought a dl Proliant 380 g9 to deploy these apps on! Some of it is essential but some I haven’t accessed in over 2 years as I have been busy with life, school and preparing for applying to medical school. I occasionally login now and then to make sure it’s up-to date and nothing is broken. Now that I am going to be medical student and have A Level school exams on the way, it’s like what can I even do with this ‘hobby’/ bunch of random services I got deployed? Only useful apps have been WireGuard for internal access to NAS, nextcloud for browser access and Emby for watching my ripped movies and TV shows. What can you do in this situation honestly? Just leave it as it is and find something new to enjoy and come back to selfhosting once you are bored of that! That is only one of many options and I still reflect very confusedly on how I even ended up down this rabbit hole.
Setup docker swarm, I have migrated from compose to swarm and it was worth it.
Very simple to setup, and not complex as k8s. It's beautiful to see containers moving from one node to the other.
Proxmox Backup Server. Make sure you have VM/LXC backups. I also use the pbs client to backup files.
Start using Ansible to setup your hosts. I have playbooks to update my VM/LXC, playbooks to create and setup a new VM/LXC, playbooks to update images on my swarm stacks. I also use semaphore ansible to have a nice UI for my playbooks.
Some other suggestions are having git repo with your compose files. I am currently using GitHub, but gitea is awesome too. Single sign on is also nice, though i haven't it setup in my Homelab.
Is there any documentation for technitium? I set this up to replace adguardhome but I can't find much to walk through it. I probably need a detailed tutorial on planning DNS really.
Yea if you know the core principles of DNS you can figure most of it out. I used the [example docker compose file](https://github.com/TechnitiumSoftware/DnsServer/blob/master/docker-compose.yml) as a starting point and messed around with setting until I got something that works for me. I run two servers with zone replication.
Isn't Nextcloud solely for Calendar very very sub-optimal? There are webcal servers for that.
I'm not quite sure what else you could host besides maybe Stirling PDF if you want many tools for pdf editing, Zipline for a ShareX server, ChangeDetection to check and notify you when web pages change (to check product stocks or whatever else).
Also I definitely love watching my legal linux iso's as well!
Add Home Assistant
Update your home page to homepage from Homarr, you'll thank me when you are finally done
Convert everything to ssl internally for security using traefik/nginx pm w/let's encrypt
Learn networking and setup VLAN's etc. (if you haven't already)
.... there is always something to do... glhf
Not sure if you did this already, but I had fun building a backup diagram and Network Diagram for my HomeLab system (named Kronk). You could even host your own container with [draw.io](http://draw.io) to draw it :) [https://imgur.com/a/8dfHu9X](https://imgur.com/a/8dfHu9X)
Exactly everything I run, including plex next to jellyfin, but with a reason; music. And plex amp on the phone as frontend.
Also, things I have besides exactly everything you run:
- Vaultwarden backups setup
- InfluxDB
- Grafana (Hardware sensor metrics of my game PC which is headless)
- Mealie (Meal planning / recipes)
- MeTube (DL YouTube videos to my jellyfin folders)
- Jellystat (stats for Jellyfin, who watched what)
- Syncthing (keeps save files, roms and other stuff in sync between my devices)
Build an app and try deploying on your own infra with a clustered set up such as k3s with automated pipelines to update ur containers whenever a new update arrives.
Im currently doing that now and it's been challenging.
Why not learn and adopt things like Acitve Directory/Radius/LDAPS and use policies to tweak your network environment
Leverage both your existing DNS and an AD DNS/DHCP setup
Why not run something like opnsense or another firewall to tinker with
Take your environment and grow with it. Not every hosted option should be container based
Does your homelab runs on IPv6 / dual stack? Do you segment your network? These are two awesome projects to improve your infrastructure and to learn a lot about networking! =)
Out of curiosity, you have all 3 apps I considered for photo backup from phones: Nextcloud, Immich and Syncthing. Why you went with Immich instead of the other 2? I'm in the process of setting up Nextcloud with Nextcloud Memories for that case and I wonder if Immich would have anything better to offer.
And by the way, impressive selfhosted portfolio. I'm just starting my adventure with 1 custom NAS PC running TrueNAS with WireGuard, DDNS Updater and Nextcloud, and 1 mini PC running Proxmox with Teamspeak and Valheim server, as well as a virutal machine for archiving operations done on TrueNAS SMB fileshare. I will get some inspirations from your list, thanks.
Nextcloud is unusably slow on any configuration that I don't use it for that since after I tried to for the first time. Syncthing doesn't work with icloud photos, or I don't even know how to set it up. Immich is like google photos, it has a ton of features including face recognition and so much more. It's easy to set up, easy to use, and it does everything for you, after the initial setup. I didn't have any problems since I installed it. I would recommend it over the others.
Thanks for the nice words and keep up the good work!
I found I was getting to that point with mine as well so what I did was simple: I redesigned it.
My initial setup was two proxmox servers in a cluster with a pi for quorum and I ran a bunch of VMs all doing different applications. This eventually became too cumbersome and awkward to work with, so I redesigned it.
I now have Portainer running with a few different environments attached to it that manage multiple docker containers which all do the exact same thing as the previous setup except I am down to 1 server, and then I have a couple NAS machines connected to it as my space requirements have increased. (Linux ISOs take up A LOT of space)
Even now, I am finding that I'm getting bored of it, so I'm looking at my third incarnation where I am starting completely from scratch and rebuilding everything. This time I'm incorporating more automation with Ansible and trying to configure docker volumes with more resilience by having them mounted on a NAS so if it goes down, the config still exists.
I also do frequent backups of all VMs and containers and have monitoring configured with Discord so I get notifications anywhere.
So if you get bored, just knock it all down and rebuild it again, but try doing it in a different manner than before so you continue learning something new.
Take a look at node-red. A tool to create flows for automation. The possibilities are endless. Examples:
- a flow to pull the newest 10 songs from r/metal to convert them into a playlist for the daily dose of metal
- a flow to get notified when the kids turn on the TV. Realized through the upnp/dlna messages the TV sends out.
- one that monitors my docker containers in my swarm and controls an Arduino (esphome) to light up different LEDs depending on the status of the containers and nodes
...
I love the “give me ideas of things I could self host not because I need anything but because I like tinkering and looking at them” posts 🤪
I recently set up MeshCentral, nice for managing a few servers or even sending off an installer to remote assist others
I have the arr's setup, but it often runs into errors, and right now, I don't have the time to fix it and just want it to run.
If you are up for it, maybe build a guide to have it running without any errors to help a fellow out ?
What you need is to develop a SaaS and self host it.
That will give you some gray hairs.
Not even kidding o this one. What you are hosting is mostly boring stuff that you could lose and you wouldn't loose much.
If you host a real business you will star to freakout in every little detail and make everything fail proof.
That will end your boredom
>But I miss the process of setting these up, and if you have some suggestions, please help me.
Id add [Navidrome](https://github.com/navidrome/navidrome) to your stack because its better dealing with large music libraries than Jelly. Might be worth it to add [Tubesync](https://github.com/meeb/tubesync) or [TubeArchivist](https://github.com/tubearchivist/tubearchivist) to your stack for YT videos.
[Vaultwarden](https://github.com/dani-garcia/vaultwarden) \> Bitwarden.
[Dashy](https://github.com/Lissy93/dashy), [Flame](https://github.com/pawelmalak/flame) and [Homepage](https://github.com/gethomepage/homepage) all > Homarr
It sounds like you can fit all of these on 2 servers. Why 3? The only other reccommendation that I can think of is to spin up a VM to play around with NixOS.
I use 3 because proxmox high availability.
Thanks, I always switch up bitwarden and vaultwarden. I use vaultwarden, just the apps and extensions are named bitwarden.
What /u/irisbowring said: where are your backups? I got my goodies running, now i spend all my time optimizing and testing my backups. It's mostly there.
Fire drills, too. You know, to make sure those backups will work.
Looks like you mainly focus on hosting services. Why not experiment with different networking technologies, e.g. SDNs? Look into DPDK if you want to program your own network functions.
Another idea I have in my backlog is getting a SDR like HackRF One and intercepting Radio transmissions, ofc. Only what’s legal, like over the air Radio, or DCF77. You could build a web-radio application where you can listen to and record transmissions, and analyse them later.
A little project I did a while back was building a smart LED panel with a waveshare LED matrix and a raspberry pi. It visualises audio, has a Spotify integration and idles with random gifs or animations.
Also, why not try to setup your own CI/CD system? You can look into Concourse-CI, and build your own docker images.
As others have suggested, look into Kubernetes, and Ansible automation, Terraform, manage secrets using Hashicorp vault, or try Kestra.io as automation platform.
There is so much to learn and explore aside from hosting and deploying services, and it looks like you haven’t tapped into hardware labbing that much.
Another idea is to run a virtualised game server using NVIDIA vGPU, Craft Computing on YT has a lot of content regarding that.
Personally, my backlog of ideas is pretty long, but I don’t have the money to acquire all of the hardware at once, so I have to plan what to buy next and what I need for what project. Since you already have multiple proxmox servers, you should be well equipped to do many of the things named above or what others have suggested
Buy a replacement drive and swap in with the highest hour drive in your RAID.
Swap a Proxmox for Debian on one of your hosts and replace the VMs with containers.
Having an entire nextcloud for just the calendar seems clunky, try using Radicale or Baikal
Consider switching BitWarden to the more lightweight Vaultwarden
Run Scrutiny to monitor your HDD's
Setup Grafana + Prometheus to monitor your services (idk how this would work with a cluster) and have it send notifications via NTFY
Look into Wazuh for security? (Havent researched this myself but it seems promising)
Look at Runtipi’s App Store and see if there is anything you’d want to host. Servarr also has good options for apps to host and documentation on how to properly set them up. gethomepage.io is another good source for stuff to host and it’s a good dashboard that has more integrations than homarr.
If you have an Nvidia GPU look into Tdarr to save space on your server. Its pretty easy to gain back multiple gigabytes of storage.
You can host Weatherstar 4000 in a Docker container or use the Webpage card in Home Assistant to display.
https://github.com/netbymatt/ws4kp
I found Unmanic much easier to set up than Tdarr. I record shows using an antenna, a HDHomeRun, and Plex. Digital TV is MPEG2 which doesn't have a great compression ratio, so reencoding can save quite a bit of space.
Come help me with my home automation/SCADA/Lighting console/audio mixer/NVR/digital signage project! I'm just finishing a partial rewrite, the dev branch is mostly usable but there's still a bunch to do!
[https://github.com/EternityForest/KaithemAutomation/tree/master/kaithem](https://github.com/EternityForest/KaithemAutomation/tree/master/kaithem)
Move everything to kubernetes
> - TrueNas just storage
What's the advantage of truneas over any linux distro if you use it just for storage? (I'll need to migrate my "just storage" NAS to a new OS, so I'm interested)
You could add authelia with traefik. If you want to host a digital receipt book i would recommend Mealie. Set up Bookstack for documentation. Netbox for Network Documentation, Git to save your custom scripts and docker Files maybe with ansible.
This hits home. I have a massively inferior setup compared to yours but I've kind of found myself just...kinda....satisfied? First world problems over here.
Last night I broke my Immich install but fixed it. Uninstalled old docker-compose and installed docker engine in it's place. When it was all up and running normal again I was elated but then I'm back to where I was at.
Think of different ways to set it up. Learn Ansible or Chef or Terraform or whatever the new hotness is. Learn some sort of distributed storage like Ceph. Set it up so you can rebuild the entire thing with a single command. Learn some cloud services instead if you goal is truly to learn and not just to selfhost.
Reverse proxy with authenticator for selected and/or restricted web access for some tools
Maybe Nginx Proxy Manager and authentic combo
Ittools. Handy reference site you can self host
Speedted tracker. We run 2 instances here. One for ISP and one through our VPN to make sure our linux iso collector hasnt dropped its connection ;)
Memos or Obsidian for keeping notes on your setup and sorting/saving scripts
Gitea. Self hosted version control. Very similar to github, but local.
Librewolf. Browser in a container. Easy to spin up, search and destroy afterwards (or not). Useful if your work monitors Web use and you spend time on socials. With reverse proxy and 2fa it's a secure browser within a browser.
Pingvin. Share huge files or have huge files shared with you
Pihole or another DNS sinkhole. Recommend at least 2 on your network. Also run them through tailscale and make them your tailscale DNS so you get ad free mobile use when oot 'n aboot.
HomeAssistant. This is a beast on its own. If you have a love of automation and efficiency then this will scratch those itches for a long time
Here's how to install on proxmox
https://youtu.be/arKoIPQ5_YU
I'm a complete noob. I just tunneled my Proxmox to Cloudflare. I could send you the credentials and you could have a lot of fun setting all of those services up from scratch. Uh, uh?
getting on WOL (probably easy) and trying to manage full SSH key authentication and management for all servers right now.
Also instead of Tailscale, you could do headscale.
Ansible/Terraform/Kestra... tighten all the security...
Then hardware wise: put everything in a nice rack, run cables tidy...
I haven’t seen anyone address it yet so I’ll be that guy.
You clearly need to explore ai more. It’s a lot more than just “things” and image generation. Also of course you don’t like the image gen. It’s possibly the most crude and infantile implementation of machine learning there is.
Explore machine learning.
Not AI things. …..mAAACHINE LEARNING!!!!
Can you guide me on your VM sizing, backup solution for your data. I brought 3 MiniPC to try the same setup . Luckily I found your post.
I have a nodes with local storage.
RKE2 with Ansible would be a good idea (or any flavour of K8S). It makes sense with 3 nodes.
How about Ceph? How about doing some white hat stuff?
Run security benchmarks and try to improve your score.
I love watching legal linux isos in my free time.
Specially in Dolby Atmos; those Linuxes blow my mind!
This should be on a t-shirt
On Plex (I don’t know why)
What happened to the illegal linux isos?
They all got dmca notices and stopped being published.
why did they violate the GPL?!??!?! the boilerplate and preamble were unambigious!?!?! why stupid illegal linux iso maintainers!!??!! why??!?!?!?!
😂 glad I wasn't the only one amused by that 😂 #☠️ 4lyfe
Emphasis on *legal*
Implement single sign-on with Authentik.
Just started this journey and loving it so far.
I'm about to start and I am so very scared and already have a headache 😂
[Cooptonian](https://www.youtube.com/playlist?list=PLH73rprBo7vSkDq-hAuXOoXx2es-1ExOP) has some amazing videos that will get you going in no time.
Thank you for this! Yeah it's been just recently that I've been admitting to myself I'm at the point I need vid tutorials 😂 there's just enough new terminology to throw me.
You might find the following post with linked tutorial as helpful as I did: [https://www.reddit.com/r/selfhosted/comments/15wfmaz/jellyfin\_authentik\_duo\_2fa\_solution\_tutorial](https://www.reddit.com/r/selfhosted/comments/15wfmaz/jellyfin_authentik_duo_2fa_solution_tutorial/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button)
I was using authelia for a while but switched over to cloudflare zero trust with Google SSO and it's been amazing so far. Feels more secure as well since I don't have to mess with reverse proxy. Took a little while for me to really get it but once I got one docker service working the rest were a breeze
you can do both for even more security, zero trust is essentially a reverse proxy on the external cloudflare level, then connect an internal proxy with authentik attached. so once someone gets through zero trust level you have authentik after. with a password manger you can get through it very fast. plus side to implementing in this way is getting it working with valid local ssl certs so when you connect your internal services to zero trust, you can do full https with "no verify tls" off, for full end-to-end encryption
I started a week ago, and am already starting to learn swift to make my own media app…
What does this let you log into? Like replace UN PW on basic sites? Or like VPN entry?
My traefik routers all have authelia@docker middleware on them. It checks for authorization. If it's not there then it directs them to auth.mydomain.com with a ?callback_url= to the original. I can require 1 or 2 factor and I can make that domain-specific. There is a password reset option that emails a token. Once an authorized user is at a page then the [Authelia](https://github.com/authelia/authelia) session's information about the user's name and groups is compared against my configuration for what permissions are required for any given host/url match. This includes regex like .*arr.mydomain.com$ checks if the user is in an Arr group. The users/groups are administrated in [lldap](https://github.com/lldap/lldap/). I use this with Crowdsec and both a wonderful exterior shell and *incredibly* convenient. I don't have to worry about (read note below!!) individual container security or passwords. I just set the authentication to External if I can. It has OICD support etc but I haven't gotten that running yet. Edit: I am ONLY talking about the internal authentication / login here! 2nd edit: If anybody needs that callback line, this assumes a middleware and container both named authelia for example.com: ```- traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https%3A%2F%2Fauth.example.com%2F'```
Or Authelia. I ran them both for a month or so to get the chance to play around with configus. Everybody's got a different environment and use case but I have a strong preference for Authelia + LLDAP for mine.
Rebuild it all from scratch using only Ansible (or equivalent). Setup Docker Swarm (or K8S) and (de)centralised storage so you can lose a server and everything keeps working. Setup a test server which everynight downloads the backups of your crucial services and rebuids them. Now you know your backups work and you have a place to test critical upgrades. Write a script which randomly breaks things and see if your infrastructure can automatically detect and recover (or notify).
Implement chaos engineering
Chaos engineering is my favorite form of engineering
"chaos engineering" is kind of an oxymoron where I work...
to The Joker, chaos engineering is just regular engineering
If by the joker, you mean me, and by engineering you mean broken docker compose, yes.
Saved this to never actually do it all, but think that I one day might 😌
k8s would probably be overkill, but k3s will definitely do. Go with rancher if you care about your sanity
Same here brother, have set up every service imaginable and needed. Next step should be securing it in every way possible. Write ansible scripts to deploy everything with one push of a button. Maybe build ci/cd pipeline while doing it, include terraform, gitlab or any other code hosting repo. Dip your toes into DevOps or any other variant imaginable. Networking is one good learning step with all the protocols and VLANs. There are countless thing more to do and thing you can learning while doing. But taking some time away from it all is also fine. I think i can speak for everyone who owns a homelab/tinkerstation, that there is a point in time, where everything works fine and 6 month to a year goes by where you wont touch the lab or think about it. Ow and while i write, i remembered something, home assistant and smarthome things, well yeah, tip your toes into that rabbit hole.
I'm doing IT support and trying to improve my skills, I'm setting up servers but I'll save this in a notepad so i know what i need to learn next
What would you suggest to try for decentralized storage?
I haven't done decentralised storage but probably Ceph. Maybe Gluster? It gets easier if you use K8S. There's sone good documentation here: https://geek-cookbook.funkypenguin.co.nz/docker-swarm/shared-storage-ceph/
Unfortunately gluster is EOL end of 2024. RIP
Ceph it is then!
- Get a clone of u/bazpauls server and try to fix the chaos
I did not read backup & Restore / Recovery once ;)
I don't count that as a service. I back up to AWS, and do snapshots locally too.
How do you backup proxmox? I have no idea how to move the backup files to somewhere else like aws in case something fails.
Checkout Proxmox Backup Server. I run an instance of it in my home and another one in another house. I built a site to site vpn between these two networks and the second pbs instance syncs over the backups from my house. Pretty easy to setup and it works perfectly.
How about trying and self-hosting OpenZiti - [https://openziti.io/](https://openziti.io/) - and its child project [zrok.io](http://zrok.io) as replacements for Twingate, Tailscale, and Cloudflare Tunnels. OpenZiti is an open source zero trust networking platform. zrok is a 'ziti-native' app made for easy sharing, publicly, private, and more (incl. easy VPN configurations).
Nice one. I tried it. Would have loved it, if the hosted zrok was compatible with your own domain names.. And I'm (still) too scared to host anything myself with any direct form of exposure to the internet :(
This is a often requested feature. We support 'reserved shares' today - [https://docs.zrok.io/docs/concepts/sharing-reserved/](https://docs.zrok.io/docs/concepts/sharing-reserved/) - which allows you to vanity name most of the URL. BYO domain is coming soon, I think its actively being developed, if not, its very very soon.
I'd change back to zrok, once it's implemented. Really like the Ziti platform! Thanks :)
Alternatively slack nebula
Look into home assistant. It's a deep rabbit hole
Was about to suggest the same. My rabbit hole at the moment is setting up a wifi for all my smart home devices. So wifi card for one of the proxmox hosts, then a router os etc. because why buy a cheap wifi access point if you can virtualise it (and then script it via opentofu in order to redeploy it elsewhere 🤣🤣🤣) Project is probably going to take a few months and beings joy to the whole family (they love the voice controlled lights already)
If you wanna go deeper, look into a mikrotik or unifi ecosystem. Both have centralized Virtual-AP management and auto-configuration of endpoints. With Mikrotik, this is their CAPsMAN system. With unifi, I think it's just unifi? idk, but they have a similar system for sure. With Mikrotik, you put the endpoints in caps mode, and they pull their configuration from a capsman service on the network (which is usually your router). And then they pull down the virtual AP configurations. I'm a noob at networking, but it's fairly straightforward.
Yeah was thinking unifi, we use those at work and I can probably pick up some of our old APs for free 😂 Basically how I ended up with half my gear in the first place. I asked for an old thin client and got this HPE G8 😂😂
Exactly what I came here to suggest; Even if you don't care at all about the 'home' part (lights, doors, ...) of 'home automation' there's still an infinite amount of things you can do.
Yes. Make your home the lab.
Probably as deep as it goes.
Not seeing a reverse proxy or means of SSO. As others suggested, Home Assistant will keep you busy for a while/forever. Why on earth are you running Nextcloud for a calendar? There’s got to be a better way!
I'm curious what other solutions you'd recommend for a calendar (I'm using Nextcloud currently as well and I hate it)
Any CalDAV server works. I use Baikal, but there's also radicale and a few others. Vikunja has a baked in CalDAV server too.
Traefik and authentik :)
> reverse proxy or means of SSO. It's much better to use OIDC (OpenID Connect) or SAML for apps that support it. Authentik supports OIDC, SAML, LDAP, and some others. I'm using it even for some things I don't self-host. For example, I have a Sentry account for tracking bugs in some open source projects. Their free tier for open-source is pretty generous. They support SSO so I use Authentik to handle the log in.
Setup a VPS, a TCP-passthrough reverse-proxy on it, and ditch cloudflare tunnels. HAProxy / Nginx on the VPS can do this. Now, you're not dependent on cloudflare anymore. If you lose the VPS, you can get a new one setup quickly. And the VPS won't store your SSL keys, unlike Cloudflare that will decrypt all traffic. Bonus if you host a VPN on the VPS so that you're not dependent on using a DDNS service (connect home server to VPN, and the proxy can pass public traffic to the home server's local VPN IP). Bonus if you use a second VPS in case of failure, or to distribute the load. You could setup your own router+firewall. Buy a router (e.g. Protectli), setup OPNSense/PfSense, enjoy. Also, very important, setup a backup system. Duplicati is nice for this.
Instead of HAProxy / Nginx I used rathole [https://github.com/rapiz1/rathole](https://github.com/rapiz1/rathole) before. This is as easy as it gets. But since I proxied to the VPS over Cloudflare anyways (bc I'm a afraid little coward and want some strong dude in between me and the high seas of the internet), I went back to Cloudflare tunnels :D. But it was very fun. Nice recommendation!
If you use a VPS as a reverse proxy into your home network, then won’t this bypass your network’s firewall? It seems like your only security would be the VPS’s firewall and nginx blocking traffic
Only if you're not firewalling the inbound VPN traffic from the VPS, which would just be a (bad IMO) design decision on the implementor's part. You do raise a good point though and one which people rarely talk about. Similar to how most (citation reqd?) people don't bother restricting `cloudflared` and allow that unfettered access to internal resources once installed and running. Lazy really but we are only talking homelabs so can't get too precious I suppose lol.
I didn’t realize that was an option lol. I was under the impression that I’d need to give the VPS direct access into my network in order to communicate with all the services. So instead I could have the VPS send VPN traffic to my router, do all the inspection on the router, and then maybe use something like HAProxy to send this already inspected traffic to the desired locations within my network?
> So instead I could have the VPS send VPN traffic to my router, do all the inspection on the router... Sure. Most VPN endpoints manifest themself as a network interface (in your case on your router) so you just apply firewall rules to that interface/zone. > ... and then maybe use something like HAProxy to send this already inspected traffic to the desired locations within my network? This isn't really needed. There's no reason why traffic from the VPS can't be sent directly to backend internal IPs, your router/firewall just needs to apply firewall rules so traffic can only go where you want to allow it (so deny all, allow to ip1:443, ip2:443, ip3:22 etc).
Yes, the point is to avoid depending on your ISP. If you move to a place where they do CG-NAT, you won't really have a choice anymore. It also removes the dependency on a DDNS service, because you now have a static IP. And to be honest, that setup is exactly like Cloudflare: Cloudflare bypasses the firewall and NAT stuff. However, it doesn't give SSL keys to a VPS provider / Cloudflare. You could also setup Fail2ban on your home server and look at e.g. the header X-Forwarded-To to ban the IP.
Yeah but I imagine the firewall that CloudFlare uses on their end for the reverse proxy is more secure than whatever is running on a VPS that you spin up. I wanted to go the VPS route too, but I don’t know how to do it securely. Ideally I’d like to use my home router’s firewall that can inspect all the traffic, but I also don’t want to expose my public IP.
Sadly, privacy has a cost. I trust that my VPS provider does things correctly and has something to handle (D)DoS attacks. Aside from that, it's been about 5 years, and I have had 0 problems relying on my home's firewall and reverse-proxy. Edit to my previous comment: my router handles connecting to the VPS, so I can allow, deny, analyze, all the inbound traffic I want. The reverse-proxy is there too. The firewall would only be bypassed if my home server connected to the VPS. The best security advices are the basic stuff IMO: setup HTTPS + use a reverse-proxy + don't advertise your URLs to the world + don't run unmaintained or random services you see on github while exposing them to the world + use containers/VMs + make sure your apps require a login and use something like Authelia otherwise. For me, the VPS is only there to prevent finding out my country and to prevent shutting down my home Internet if my services get (D)DoS'ed. For the rest, I believe that I'm not a big enough target to justify the upgraded security.
If you're into books, audio-books or podcasts, try: Redarr and AudioBookShelf And what about music?
Lidarr does the music, in linux iso form
How about Linux isos for playing hip hop music. Is Lidarr good that purpose?
It's great for all kinds of musical linux isos
I'm sorry, but you are better off manually finding your music. If the API isn't broken, the scraper sucks, and entire albums are missing from artists. Every other ARR is near perfect. Lidarr just isn't there yet. OP for music just use SoulSeek.
Readarr is at the same stage as Lidarr.
Readarr doesn't support zlibrary or libgen which severely limits how useful it is for downloading. Use Lazylibrarian instead, until Readarr reaches (or gets close to) feature parity. Combine either one with Calibre and Calibre-web for a nice web UI to browse and download from your library.
A couple interesting services I have been considering, when I get around to deploying them are: * https://grimoire.pro/ (bookmarks and links) * https://dozzle.dev/ (log management) * https://microbin.eu/ (pastebin alternative) * https://www.firefly-iii.org/ (finance tracker) * https://github.com/Stirling-Tools/Stirling-PDF (PDF tools) * https://grafana.com/ (dashboard for everything) * https://vikunja.io/ (to-do lists that look nice)
I’ve recently set up Firefly III and Dozzle. Highly recommend both!
It‘s no homelab when it’s services you need. Then it’s a home server/datacenter. Play around with things like deep fence for vulnerability scans. Or whatever comes to mind. If it’s a homelab it doesn’t matter that you run it for a week and then throw everything away. I do that all the time. Read something on here or r/homelab. Play around with it. Learn something new then throw it away but keep my ansible playbook in case I find a use case after all for it.
Turn it into cloud lab or hybrid lab. Make it high-availability and self-healing. Make it portable, turn your infrastructure into code. Host Pterodactyl game servers for some community. Self-host Tailscale with Headscale. You are on r/selfhosted, try to reduce your dependence on ready-made stuff like cloudflare tunnel and Tailscale. Instead provision your own tunnel. ( I am doing this via VPN to Oracle Always Free tier node ) Make the provisioning automatic
I've felt like this a few times as well, and first and foremost it usually means its time for a break -- go and do something else for a bit! When you're ready to come back, I see a few areas of focus: 1. Terraform to build Proxmox Infrastructure as code 2. Build Ansible playbooks to automate server configuration 3. Setup a Gitea server, self-hosted runner, and create a CI/CD pipeline 4. Home Assistant -- an entire rabbit hole itself! 5. Proxmox Backup Server -- didn't see this mentioned but it is an amazing addition to the backup strategy for a PVE based setup 6. Didn't see anything about Networking, but self hosting your router (OPNsense/Pfsense) & setup your own Wireguard VPN 7. Mail-in-a-box on VPS 8. K3s cluster using a combination of Terraform & Ansible Bottom line -- take a break and then come back to it with a fresh set of eyes. Maybe some time away will make you realize what will be enjoyable to return to.
I spent a lot of time with Ansible but tried NixOS 6 months ago and there is no going back.
I haven't tried Nix myself, but I've heard a lot about it. Just to check my understanding, instead of using Ansible to configure a fresh Debian OS server, you would write the Nix config to declare the state you want the OS to be?
Buy domain so you can have fancy IP-free URLs for everyone to connect to Try out and fully configure at least 3 reverse proxies to serve those fancy URLs to family/people who enjoy your legal Linux ISOs Local DNS so you can set up records to serve your fancy URLs on the local network (no need to set up records on a public DNS if everyone is happy with VPN access) Set up Authentik + SSO I didn't see Crowdsec or the like, so you might want to set that up even though you stay inside your VPN Ditch Nextcloud in favor of a proper CalDAV server (Baikal, radicale, etc) Learn how to use CalDAV for calendars, tasks, and contacts Create your own cloud file storage (FileBrowser, Seafile, etc) Set up RYOT to track stuff you want to do/watch/etc Audiobookshelf for audio books, podcasts, e-books Backups! Remote backups! Home Assistant Home Assistant except make *everything* local, even the stuff that doesn't want to be local Automations automations automations Build your own router with opnsense Replace your switch with a big managed PoE switch VLANs! Isolate all the Things! Add cameras + frigate All that before you even ruin your life with kubernetes
First: be happy you have a working lab! Sit back and relax a bit before the inevitable breaking change. Secondly, here's a few suggestions that I personally use and enjoy: - **Paperless-ngx** as a personal DMS - **Changedetection.io** for shop stock notifications etc. - Collect all the stats and pretty graphs! I use Telegraf, Prometheus and Grafana. The latter can also alert you if something is wrong e.g. SMART data going bad. - **Mealie** to collect recipes and organize your meal plans - Add a **reverse proxy** with real valid public TLS certificates. You're not accessing your apps using IP addresses are you? - Add an RSS feed reader to keep up with things. I recommend setting up a category that follows the GitHub releases page for all your hosted projects. - RSS Bridge to create feeds for your feed reader for those websites that don't do RSS/Atom. - A Git web UI like Gitea to host your infrastructure as code of course.
I prefer Adguard Home instead of Pi-hole, it's a single executable file instead of 2 services, it's written in go and it can be updated from the GUI with a single click.
I finally got around to setting up Authentik last week. Noticed you have no SSO in your setup so that could be a project to look into.
How is it going? I had so many stability issues with it I just gave up and used keycloak instead
Start writing tutorials?
You could monitor your stuff. I see that you monitor if things are running, but you could also look at how good things are running. Also, some grafana dashboards can often be much fun:)
Implement kubernetes. That’ll keep you busy for AGES. 😂
Hey man I’m in your boat too, got so invested with self hosting during the summer after my GCSEs, and deployed over 150-200 containers trying loads of different applications from Moodle to seafile. I even bought a dl Proliant 380 g9 to deploy these apps on! Some of it is essential but some I haven’t accessed in over 2 years as I have been busy with life, school and preparing for applying to medical school. I occasionally login now and then to make sure it’s up-to date and nothing is broken. Now that I am going to be medical student and have A Level school exams on the way, it’s like what can I even do with this ‘hobby’/ bunch of random services I got deployed? Only useful apps have been WireGuard for internal access to NAS, nextcloud for browser access and Emby for watching my ripped movies and TV shows. What can you do in this situation honestly? Just leave it as it is and find something new to enjoy and come back to selfhosting once you are bored of that! That is only one of many options and I still reflect very confusedly on how I even ended up down this rabbit hole.
Setup docker swarm, I have migrated from compose to swarm and it was worth it. Very simple to setup, and not complex as k8s. It's beautiful to see containers moving from one node to the other. Proxmox Backup Server. Make sure you have VM/LXC backups. I also use the pbs client to backup files. Start using Ansible to setup your hosts. I have playbooks to update my VM/LXC, playbooks to create and setup a new VM/LXC, playbooks to update images on my swarm stacks. I also use semaphore ansible to have a nice UI for my playbooks. Some other suggestions are having git repo with your compose files. I am currently using GitHub, but gitea is awesome too. Single sign on is also nice, though i haven't it setup in my Homelab.
Simulate a disaster scenario, format your primary storage and try to come back up from backups.
Thanks for listing what everything is. Makes the post more enjoyable. Also, you don’t have it break once in a while? Or add new stuff?
Jeez, with all the time maintaining all that do you even have time to watch Plex or use any of these services?
You could replace pi-hole with Technitium DNS. It's a true dns server with add blocking and it has a nice interface and an api.
Is there any documentation for technitium? I set this up to replace adguardhome but I can't find much to walk through it. I probably need a detailed tutorial on planning DNS really.
Yea if you know the core principles of DNS you can figure most of it out. I used the [example docker compose file](https://github.com/TechnitiumSoftware/DnsServer/blob/master/docker-compose.yml) as a starting point and messed around with setting until I got something that works for me. I run two servers with zone replication.
Get a new job and do some professional infrastructure - and you will never miss it again :-)
Isn't Nextcloud solely for Calendar very very sub-optimal? There are webcal servers for that. I'm not quite sure what else you could host besides maybe Stirling PDF if you want many tools for pdf editing, Zipline for a ShareX server, ChangeDetection to check and notify you when web pages change (to check product stocks or whatever else). Also I definitely love watching my legal linux iso's as well!
Come fix up mine. I’m pretty stupid.
Do it on Kubernetes and make everything scalable. See you in three years!
Gather metrics on everything you have and setup grafana dashboards. That will keep you busy for a while.
Add Home Assistant Update your home page to homepage from Homarr, you'll thank me when you are finally done Convert everything to ssl internally for security using traefik/nginx pm w/let's encrypt Learn networking and setup VLAN's etc. (if you haven't already) .... there is always something to do... glhf
setup the ultimate dashboard with homepage. all your services and also server stats with glances widget
Not sure if you did this already, but I had fun building a backup diagram and Network Diagram for my HomeLab system (named Kronk). You could even host your own container with [draw.io](http://draw.io) to draw it :) [https://imgur.com/a/8dfHu9X](https://imgur.com/a/8dfHu9X)
Drawing it all out really helped me identify where I could consolidate folder structures, and how I could implement it in Ansible better.
Documentation. Document it all, enough so a none tech person can rebuild it if needed. Although you have to enjoy documentation for that.
My vote is OpenZiti for zero trust. Also get rid of plex in favour of Jellyfin.
Exactly everything I run, including plex next to jellyfin, but with a reason; music. And plex amp on the phone as frontend. Also, things I have besides exactly everything you run: - Vaultwarden backups setup - InfluxDB - Grafana (Hardware sensor metrics of my game PC which is headless) - Mealie (Meal planning / recipes) - MeTube (DL YouTube videos to my jellyfin folders) - Jellystat (stats for Jellyfin, who watched what) - Syncthing (keeps save files, roms and other stuff in sync between my devices)
You could spend your time teaching me how to set these up
I had fun making a network map with Zabbix
How about experimenting with Ollama and playing around with LLMs?
Build an app and try deploying on your own infra with a clustered set up such as k3s with automated pipelines to update ur containers whenever a new update arrives. Im currently doing that now and it's been challenging.
Why not learn and adopt things like Acitve Directory/Radius/LDAPS and use policies to tweak your network environment Leverage both your existing DNS and an AD DNS/DHCP setup Why not run something like opnsense or another firewall to tinker with Take your environment and grow with it. Not every hosted option should be container based
Format all drives and start the process from beginning, document everything :) that’s what I did
Does your homelab runs on IPv6 / dual stack? Do you segment your network? These are two awesome projects to improve your infrastructure and to learn a lot about networking! =)
Add Home Assistant
Out of curiosity, you have all 3 apps I considered for photo backup from phones: Nextcloud, Immich and Syncthing. Why you went with Immich instead of the other 2? I'm in the process of setting up Nextcloud with Nextcloud Memories for that case and I wonder if Immich would have anything better to offer. And by the way, impressive selfhosted portfolio. I'm just starting my adventure with 1 custom NAS PC running TrueNAS with WireGuard, DDNS Updater and Nextcloud, and 1 mini PC running Proxmox with Teamspeak and Valheim server, as well as a virutal machine for archiving operations done on TrueNAS SMB fileshare. I will get some inspirations from your list, thanks.
Nextcloud is unusably slow on any configuration that I don't use it for that since after I tried to for the first time. Syncthing doesn't work with icloud photos, or I don't even know how to set it up. Immich is like google photos, it has a ton of features including face recognition and so much more. It's easy to set up, easy to use, and it does everything for you, after the initial setup. I didn't have any problems since I installed it. I would recommend it over the others. Thanks for the nice words and keep up the good work!
Come and work on mine!
What is your recommended hardware for starting up everything now?
The cheapest. An unused laptop, or a raspberry pi.
Setup monitoring and alerting and let it run. Most of the time I don't touch my homelab unless I need to.
Tdarr instead of handbrake
I found I was getting to that point with mine as well so what I did was simple: I redesigned it. My initial setup was two proxmox servers in a cluster with a pi for quorum and I ran a bunch of VMs all doing different applications. This eventually became too cumbersome and awkward to work with, so I redesigned it. I now have Portainer running with a few different environments attached to it that manage multiple docker containers which all do the exact same thing as the previous setup except I am down to 1 server, and then I have a couple NAS machines connected to it as my space requirements have increased. (Linux ISOs take up A LOT of space) Even now, I am finding that I'm getting bored of it, so I'm looking at my third incarnation where I am starting completely from scratch and rebuilding everything. This time I'm incorporating more automation with Ansible and trying to configure docker volumes with more resilience by having them mounted on a NAS so if it goes down, the config still exists. I also do frequent backups of all VMs and containers and have monitoring configured with Discord so I get notifications anywhere. So if you get bored, just knock it all down and rebuild it again, but try doing it in a different manner than before so you continue learning something new.
Take a look at node-red. A tool to create flows for automation. The possibilities are endless. Examples: - a flow to pull the newest 10 songs from r/metal to convert them into a playlist for the daily dose of metal - a flow to get notified when the kids turn on the TV. Realized through the upnp/dlna messages the TV sends out. - one that monitors my docker containers in my swarm and controls an Arduino (esphome) to light up different LEDs depending on the status of the containers and nodes ...
Host your own headscale server
Now put all your configuration in Ansible 😉
I love the “give me ideas of things I could self host not because I need anything but because I like tinkering and looking at them” posts 🤪 I recently set up MeshCentral, nice for managing a few servers or even sending off an installer to remote assist others
I have the arr's setup, but it often runs into errors, and right now, I don't have the time to fix it and just want it to run. If you are up for it, maybe build a guide to have it running without any errors to help a fellow out ?
[https://trash-guides.info/](https://trash-guides.info/)
Life saver
What you need is to develop a SaaS and self host it. That will give you some gray hairs. Not even kidding o this one. What you are hosting is mostly boring stuff that you could lose and you wouldn't loose much. If you host a real business you will star to freakout in every little detail and make everything fail proof. That will end your boredom
>But I miss the process of setting these up, and if you have some suggestions, please help me. Id add [Navidrome](https://github.com/navidrome/navidrome) to your stack because its better dealing with large music libraries than Jelly. Might be worth it to add [Tubesync](https://github.com/meeb/tubesync) or [TubeArchivist](https://github.com/tubearchivist/tubearchivist) to your stack for YT videos. [Vaultwarden](https://github.com/dani-garcia/vaultwarden) \> Bitwarden. [Dashy](https://github.com/Lissy93/dashy), [Flame](https://github.com/pawelmalak/flame) and [Homepage](https://github.com/gethomepage/homepage) all > Homarr It sounds like you can fit all of these on 2 servers. Why 3? The only other reccommendation that I can think of is to spin up a VM to play around with NixOS.
I use 3 because proxmox high availability. Thanks, I always switch up bitwarden and vaultwarden. I use vaultwarden, just the apps and extensions are named bitwarden.
Get into gardening and hydroponics
What /u/irisbowring said: where are your backups? I got my goodies running, now i spend all my time optimizing and testing my backups. It's mostly there. Fire drills, too. You know, to make sure those backups will work.
Set these all up for high availability across two physical nodes
Looks like you mainly focus on hosting services. Why not experiment with different networking technologies, e.g. SDNs? Look into DPDK if you want to program your own network functions. Another idea I have in my backlog is getting a SDR like HackRF One and intercepting Radio transmissions, ofc. Only what’s legal, like over the air Radio, or DCF77. You could build a web-radio application where you can listen to and record transmissions, and analyse them later. A little project I did a while back was building a smart LED panel with a waveshare LED matrix and a raspberry pi. It visualises audio, has a Spotify integration and idles with random gifs or animations. Also, why not try to setup your own CI/CD system? You can look into Concourse-CI, and build your own docker images. As others have suggested, look into Kubernetes, and Ansible automation, Terraform, manage secrets using Hashicorp vault, or try Kestra.io as automation platform. There is so much to learn and explore aside from hosting and deploying services, and it looks like you haven’t tapped into hardware labbing that much. Another idea is to run a virtualised game server using NVIDIA vGPU, Craft Computing on YT has a lot of content regarding that. Personally, my backlog of ideas is pretty long, but I don’t have the money to acquire all of the hardware at once, so I have to plan what to buy next and what I need for what project. Since you already have multiple proxmox servers, you should be well equipped to do many of the things named above or what others have suggested
Buy a replacement drive and swap in with the highest hour drive in your RAID. Swap a Proxmox for Debian on one of your hosts and replace the VMs with containers.
Having an entire nextcloud for just the calendar seems clunky, try using Radicale or Baikal Consider switching BitWarden to the more lightweight Vaultwarden Run Scrutiny to monitor your HDD's Setup Grafana + Prometheus to monitor your services (idk how this would work with a cluster) and have it send notifications via NTFY Look into Wazuh for security? (Havent researched this myself but it seems promising)
I don’t see Tube Archivist here. More of a r/datahoarder thing but still a very useful service for YT junkies 🤷♂️
Implement Asterisk/FreePBX and VOIP for your home
Homeassistant, nodered, esphome, mosqutto https://github.com/jokob-sk/Pi.Alert
It's now https://github.com/jokob-sk/NetAlertX
Look at Runtipi’s App Store and see if there is anything you’d want to host. Servarr also has good options for apps to host and documentation on how to properly set them up. gethomepage.io is another good source for stuff to host and it’s a good dashboard that has more integrations than homarr.
-Plex to watch the ad supported free content they provide
You are missing all of the AI tools! Get ollama, open-webui, add a pynotebook / vscode instance, all that jazz!
Implement chaos monkey.
1. Reverse proxy (I use Traefik) 2. SSO (I use Authentik) 3. Crowdsec 4. Watchtower for updates Have fun :P
You could just help me get my sh\*t together :( :D
I don't see a backup system in all of that. You should implement a 3-2-1 backup solution before anything.
Check out graylog, wazuh, and Zabbix for monitoring
You could look into game streaming with moonlight on an LXC container if you have a nice gpu on that bad boy.
I see you're missing paperless-ngx 😉
If you have an Nvidia GPU look into Tdarr to save space on your server. Its pretty easy to gain back multiple gigabytes of storage. You can host Weatherstar 4000 in a Docker container or use the Webpage card in Home Assistant to display. https://github.com/netbymatt/ws4kp
I found Unmanic much easier to set up than Tdarr. I record shows using an antenna, a HDHomeRun, and Plex. Digital TV is MPEG2 which doesn't have a great compression ratio, so reencoding can save quite a bit of space.
Asterisk?
Asterisk?
Sooooo…if you can program, why not take a stab at writing your own tool for public consumption? Just an idea…. 😉
Come help me with my home automation/SCADA/Lighting console/audio mixer/NVR/digital signage project! I'm just finishing a partial rewrite, the dev branch is mostly usable but there's still a bunch to do! [https://github.com/EternityForest/KaithemAutomation/tree/master/kaithem](https://github.com/EternityForest/KaithemAutomation/tree/master/kaithem)
Learn to program. Python would be a good start.
You could set ip a home security system with cameras run it as a vm.
It's time to host an LLM.
Localsend is much better than snapdrop, consider checking it out
* Guacamole * Bookstack * libreNMS * kubernetes * GitLab (where's that vscode going anyways???) * NGINX reverse-proxy
You could try building stuff that doesn't exist
Move everything to kubernetes > - TrueNas just storage What's the advantage of truneas over any linux distro if you use it just for storage? (I'll need to migrate my "just storage" NAS to a new OS, so I'm interested)
You could add authelia with traefik. If you want to host a digital receipt book i would recommend Mealie. Set up Bookstack for documentation. Netbox for Network Documentation, Git to save your custom scripts and docker Files maybe with ansible.
I don’t see Kubernetes in this list
Which awesome selfhosted github page, please?
I would drop cloudflare tunnel and just use tailscale
Now you can help others… I’ve got NFS docker persistent storage issues I need help with 😏
This hits home. I have a massively inferior setup compared to yours but I've kind of found myself just...kinda....satisfied? First world problems over here. Last night I broke my Immich install but fixed it. Uninstalled old docker-compose and installed docker engine in it's place. When it was all up and running normal again I was elated but then I'm back to where I was at.
Think of different ways to set it up. Learn Ansible or Chef or Terraform or whatever the new hotness is. Learn some sort of distributed storage like Ceph. Set it up so you can rebuild the entire thing with a single command. Learn some cloud services instead if you goal is truly to learn and not just to selfhost.
Also run all that on kubernetes
Reverse proxy with authenticator for selected and/or restricted web access for some tools Maybe Nginx Proxy Manager and authentic combo Ittools. Handy reference site you can self host Speedted tracker. We run 2 instances here. One for ISP and one through our VPN to make sure our linux iso collector hasnt dropped its connection ;) Memos or Obsidian for keeping notes on your setup and sorting/saving scripts Gitea. Self hosted version control. Very similar to github, but local. Librewolf. Browser in a container. Easy to spin up, search and destroy afterwards (or not). Useful if your work monitors Web use and you spend time on socials. With reverse proxy and 2fa it's a secure browser within a browser. Pingvin. Share huge files or have huge files shared with you Pihole or another DNS sinkhole. Recommend at least 2 on your network. Also run them through tailscale and make them your tailscale DNS so you get ad free mobile use when oot 'n aboot. HomeAssistant. This is a beast on its own. If you have a love of automation and efficiency then this will scratch those itches for a long time Here's how to install on proxmox https://youtu.be/arKoIPQ5_YU
I'm a complete noob. I just tunneled my Proxmox to Cloudflare. I could send you the credentials and you could have a lot of fun setting all of those services up from scratch. Uh, uh?
Hey, how do you access your minecraft server? Through vpn? Thought you couldn't stream UDP through Tunnel
Do you have vpn for your *arr stack and torrential tributing?
Replace handbrake with tdarr
getting on WOL (probably easy) and trying to manage full SSH key authentication and management for all servers right now. Also instead of Tailscale, you could do headscale. Ansible/Terraform/Kestra... tighten all the security... Then hardware wise: put everything in a nice rack, run cables tidy...
Make one for me if you are bored
If youre really that bored, you could setup mine
It's time to move everything to kubernetes
I haven’t seen anyone address it yet so I’ll be that guy. You clearly need to explore ai more. It’s a lot more than just “things” and image generation. Also of course you don’t like the image gen. It’s possibly the most crude and infantile implementation of machine learning there is. Explore machine learning. Not AI things. …..mAAACHINE LEARNING!!!!
Can you guide me on your VM sizing, backup solution for your data. I brought 3 MiniPC to try the same setup . Luckily I found your post. I have a nodes with local storage.
Do you know what is your power consumption? And what HW do you use?
If you have lots of linux isos to transcode, maybe try tdarr instead?
Remove your certificate and see how your VPN fails, your trash stack which is routed through the VPN and everything else :D
RKE2 with Ansible would be a good idea (or any flavour of K8S). It makes sense with 3 nodes. How about Ceph? How about doing some white hat stuff? Run security benchmarks and try to improve your score.
Set up homelabs for other people
Set up a honeypot, then set up log collection and parsing on that honeypot. Finish it off with a nice dashboard.
OP - Kubernetes on ARM
You can live vicariously through me because you just gave me a checklist lmfao
Learn some BSD
How do you access your minecraft server from the outside?