anamethatisnt

@anamethatisnt@lemmy.world

This profile is from a federated server and may be incomplete. For a complete list of posts, browse on the original instance.

anamethatisnt ,

Bing’s API is down, taking Microsoft Copilot, DuckDuckGo and ChatGPT’s web search feature down too

anamethatisnt OP ,

Cheers! I've heard of Prometheus/Grafana but VictoriaMetrics was a new one. Gonna look into it!

anamethatisnt OP ,

I'll have a look! Cheers!

anamethatisnt OP ,

I've used SNMP a lot together with nagios so I should be able to handle it. :D

anamethatisnt OP ,

Gonna check it out!
Is it easy to setup automatic responses to the alerts, f.e. restarting a service if it isn't answering requests in a timely manner?
Have you used it together with Windows Servers too?

anamethatisnt ,

For the curious:
https://lemmy.world/modlog?page=1&userId=6830423

anamethatisnt ,

I consider client devices to be a big risk factor and if I can keep them from having direct access to the Backup NAS and the IoT I consider that a big win. A simple ransomware attack on a client device would find any NFS/SMB shares the client can access and start encrypting - having the Backup NAS on a separate VLAN that only the server can access stops most of those from affecting the backup and makes restoring a lot easier. I would definitely recommend having an offline backup of the NAS as well in case of the server being breached.

https://lemmy.world/pictrs/image/eb97ceb5-8869-4636-9cc1-da161b9b03e0.png

anamethatisnt ,

I agree with this, protecting everything behind a VPN is the way to go. I help friends setup their vpn client to my stuff if I want them to access an internal service.

anamethatisnt ,
  • Single switch, yes. Personally I would probably aim for a managed (must have for vlan support) switch with at least 16 ports where 8 has PoE+ (Power over Ethernet) with at least 100W total budget. The goal would be to power access points and that security camera through PoE instead of separate psus.
    A cheaper alternative is to skip PoE for now and buy an 8-port managed switch now and a secondary PoE switch in the future if need be.
  • There are access points with VLAN support, so you can have an access point deliver multiple SSIDs that belong to different VLANs. Two things to look for here is Local Management and PoE powered. You don't want your access points to become paper weights when the cloud management system is shut down. I don't want to use cloud management at all to be honest.
  • PoE allows you to protect your camera and your APs with the same UPS you put in to protect your network rack.

Draw up some plans beforehand, quick example where I forgot your video doorbell that would be on a separate SSID/VLAN through the APs if it uses WiFi. Which is kind of the point with drawing it up. It helps you find out what you missed.

https://lemmy.world/pictrs/image/bf8d6fc4-92b7-40e9-ac68-6e675e125973.png

edit: And that is just an example on how to draw it up. I imagine you want your security camera and doorbell to save video on the NAS, so then their vlan need to be able to communicate with the NAS vlan, as another example of missing stuff in the drawing.

What is a simple server solution for Jellyfin and Nextcloud?

I have a really bad "server" (just a laptop) that runs Fedora Server and uses Docker Compose to host Jellyfin. It has been very annoying to update (the web GUI for Fedora doesn't even work half of the time), updating is painful, and it's a pain to manage. I am trying to redo my entire setup, so I will be getting a NAS to store...

anamethatisnt ,

Regarding management UIs I'm a fan of Cockpit (https://github.com/cockpit-project/cockpit https://cockpit-project.org/)

Regarding management UIs for docker I believe most use either portainer (https://github.com/portainer/portainer https://www.portainer.io/) or dockge (https://github.com/louislam/dockge https://dockge.kuma.pet/).

Regarding Samba most NAS devices simplify it a lot, but it isn't that complicated to do on Fedora either and once you've got it setup it's not gonna need a lot of tinkering. (https://docs.fedoraproject.org/en-US/quick-docs/samba/)

Whether you invest in a NAS or not I recommend you invest in a USB disk large enough to act as a backup for the storage disks. That's not an investment for later but one you want right away. And do make certain it takes backups, not replicates data. A popular option is Borg Backup (https://github.com/borgbackup/borg https://www.borgbackup.org/)
If I went for a NAS I would Borg Backup the laptop to the NAS and then use the NAS own backup software to backup to the USB.

anamethatisnt ,

Synology has QuickConnect which makes external access easy without dyndns/static ip. I haven't used it myself.
https://kb.synology.com/en-global/DSM/tutorial/share_File_Station_files_without_DSM_account

Another option is to create a Microsoft 365 Business tenant, with a single Business Basic license you get 1TB OneDrive storage and 1TB Sharepoint storage - their ToS says not to use customer data in AI training.
Unless you already know how to manage it this is probably as cumbersome as selfhosting though.
I have no idea about their ToS against non business licenses, so this assumes spending for a business basic license.

If you aren't behind CGNAT you can use dyndns to get around not having a static ip if you want to get into selfhosting with proper external access. I doubt you'll have the time with a newborn though. :)

anamethatisnt ,

I would pair a Synology NAS with at least one, preferably two, usb disks to make local backups to with the built in Hyper Backup - losing the whole family picture archive hurts and usb disks are cheap. It doesn't seem possible to make a read only QuickConnect connection so beware of that if there's to be non techie users connecting.

Personally I use dyndns and openvpn (if I rebuilt today I would look at Wireguard instead of openvpn as a vpn solution) as I prefer not relaying my traffic through services outside my self hosting. That would require you to aid your non techie family members with the initial configuration on their end though.

anamethatisnt ,

There isn't a 1:1 app for Discord imo.
Selfhosting a teamspeak3 (ts3) server solves the voicechat.
Signal works great for text chats especially now that you don't need to give other end users your phone number.
Then I would probably look at hosting a web forum for adding calendars and other planning tools. There should still be possible to show current ts3 users on that site too.
For open source projects codeberg for code repository/issues/feedback.
I completely understand those who use Discord for ease of management, as time taken to host the above is time taken from the actual project.

anamethatisnt ,

Elements first self hosted tier is Enterprise at a minimum of 100 users with a cost of $10/month per user.
I would rather look at selfhosting Synapse as it's the only Stable Matrix Homeserver release at the moment.
https://github.com/element-hq/synapse
https://matrix.org/ecosystem/servers/

anamethatisnt ,

It is used to replace empty spaces left by Google Ads, more info here:
https://old.reddit.com/r/duckduckgo/comments/14r3vde/does_duckduckgo_privacy_essentials_firefox_uses/

anamethatisnt ,

Computers often present their users with textual messages, but the users often don't read them.

So many times I've just been a fancy TTS (Text to speech) assistant.
End user: Sends MMS of error message.
Me: Calls end user and reads the error message out loud.
End user: Oh! Thanks! Problem solved.
Me: No problem, have a good day.

Proxmox Host Terrible Upload Network Speeds

I've had fun building a plucky little homelab on Proxmox 8.1.4 running kernel 6.5.13-1-pve. It's installed on an HP EliteDesk 800 G6 Desktop Mini PC, with the OS installed on a SATA SSD, there being a 4tb NVME btrfs pool, and there being multiple HDD's connected via USB3. Services are run an an LXC that has Docker installed, a...

anamethatisnt ,

If you liveboot Fedora or something with USB - how's the upload then?
Should be a quick way to determine if it's software or hardware based.

edit - Seems that others have had upload troubles with latest Proxmox and fixed it by downgrading:
https://old.reddit.com/r/Proxmox/comments/19d0bf7/slow_upstream_thru_proxmox81/

anamethatisnt ,

Basic knowledge that makes selfhosting easier

  1. Some networking basics (Firewall, VPN, NAT, DHCP, ARP, VLAN) makes every selfhosters life easier.
    1b. Your ISP router probably sucks, but you might be able to experiment with some static DHCP at least. I'm a fan of the BSD based routers opnsense/pfsense but depending on what router you have you might also be able to run OpenWrt on your existing router.
  2. Some management system and filesharing basics (NFS, SMB, SSH, SCP and SFTP).
  3. Learning how to set up a backup for your stuff. The hypervisor you choose may or may not have a built in solution.
  4. Checking out a few different hypervisors (Proxmox, Incus, KVM/QEMU, etc) and find out which one you wanna dive deeper into.
    4b. Learn how to make a snapshot for easy rollback in said hypervisor ASAP. Being able to undo the last changes that broke a machine is a godsend.
    4c. VM, LXC, Docker and Podman basics (what are they, how do they differ, which one fits my usecase?)

    I know Flackbox has a good CCNA (networking) study guide on youtube, but that is way too in depth for a self hosting beginner.
    Here's some introduction to different parts of the network:
    Free CCNA 200-301 Course 06-05: IPv4 Addresses
    Free CCNA 200-301 Course 23-01: DHCP Introduction
    Free CCNA 200-301 Course 12-04: ARP Address Resolution Protocol
    Free CCNA 200-301 Course 21-01: VLANs Introduction
    Free CCNA 200-301 Course 21-04: Why we have VLANs
anamethatisnt ,

I definitely agree on starting to tinker right away and to setup snapshot/backup for your stuff and then break it. It also makes one learn how to roll back and restore which is as important as setting up the snapshot/backup in the first place.

anamethatisnt ,

My Debian Hypervisor do have a DE (GNOME) to be able to easily access virtual machines with virt-manager if I mess up their networking, my Debian VMs run CLI only though.

Regarding your last section I agree strongly - I only expose my vpn with no other incoming ports open. You also don't need to invest in a domain if you do it this way.
I don't mind helping my friends install their openvpn client and certificate and it's nice to not have my services bombarded with failed connection attempts.

anamethatisnt ,

For linux this is as easy as script <filename>, ex:
[user@fedoragaming ~]$ script 20240313InstallingJellyfin.log
Script started, output log file is '20240313InstallingJellyfin.log'.
[user@fedoragaming ~]$ exit
exit
Script done.

edit: and for Windows I recommend using putty, it can also save sessions to logs.

anamethatisnt ,

Cockpit
I do know about and use Cockpit with said virtual machine manager but I mostly use it as a shutdown/boot/restart app in my phone and a convenient service monitor and log viewer when troubleshooting.

Wireguard/OpenVPN
I really should try out Wireguard sometime but currently OpenVPN is fast enough for my bandwidth and I was already proficient with setting it up before Wireguard.
The WebUI definitely looks useful.

anamethatisnt ,

So… no need for a DE :)

No real need for me to remove it either, but your point stands. :)
https://lemmy.world/pictrs/image/b20ad216-2b1c-4e35-bf73-4720206ff6f8.png

How to drop files from Android to home server?

I'm looking for an easy way to upload files from my Android smartphone to my home server. is there a - ideally dockerized - solution for that? Some simple web GUI where I can click on "Upload" and the files will be saved to a certain directory on my home server?...

anamethatisnt ,

Material Files support both SMB and SFTP - https://f-droid.org/en/packages/me.zhanghai.android.files/

anamethatisnt ,

I honestly prefer selfhosting my home vpn using Wireguard or OpenVPN.

anamethatisnt ,

Yeah getting stuck behind CGNAT IPv4 and no IPv6 would break setting up your own vpn server. That would cause me too look for another internet provider.
I only got 100mbps at home so I'm still running openvpn as I don't gain anything worthwhile from wireguard.

anamethatisnt , (edited )

Any router that supports latest openwrt will be able to do a mesh network, if you have the option to run cable I would recommend ethernet backhaul instead.

Sometimes there are caveats when setting up the mesh, f.e. the firmware issue and fix here:
https://www.tekovic.com/blog/openwrt-80211s-mesh-networking/

Hardware list:
https://openwrt.org/toh/start?toh.filter.supportedcurrentrel=22.03%7C23.05

edit:
OpenWrt Mesh guide:
https://openwrt.org/docs/guide-user/network/wifi/mesh/80211s
https://openwrt.org/docs/guide-user/network/wifi/mesh/mesh11sd

edit 2 adding the openwrt warning here:
It is unfortunate that some manufacturers have used the word “Mesh” for marketing purposes to describe their non-standard, closed source, proprietary “roaming” functionality and this causes great confusion to many people when they enter the world of international standards and open source firmware for their network infrastructure.

The accepted standard for mesh networks is ieee802.11s.
The accepted standard for fast roaming of user devices is ieee802.11r.

These are two completely unrelated standards.

anamethatisnt ,

Pretend the "main router" is a hotel wifi and use the TravelMate package.
https://github.com/openwrt/packages/blob/master/net/travelmate/files/README.md

anamethatisnt ,

The main config needed is AP+Sta mode, which is explained here:
https://openwrt.org/docs/guide-user/network/wifi/ap_sta

anamethatisnt ,

GOG is always my first choice to buy games.
It's a bit frustrating that you have to dive into the forum and check whether the developers actually maintain their GOG release properly before buying though.

anamethatisnt ,

You setup Proxmox Backup Server on separate hardware and then you add it as a storage option in your Proxmox Virtualization Server.
I haven't dived into it but I imagine you could run the Proxmox Backup Server as a VM in your Synology NAS.
https://www.proxmox.com/images/download/pbs/docs/proxmox-backup-3-1.pdf

edit: Unofficial PBS Docker github: https://github.com/ayufan/pve-backup-server-dockerfiles

anamethatisnt ,

The default block all incoming and allow all outgoing works fine for me. ARP and such won't traverse the router and the VPN should be a full tunnel, so no device info except the travel router itself should leak.

OpenWrt Travelmate is great for this purpose.

anamethatisnt ,

There's also some web-based solutions but not sure setting up a webserver is any less complicated than using docker:
https://lycheeorg.github.io/
https://piwigo.org/

anamethatisnt ,

Found an interesting read regarding the matter here:
https://old.reddit.com/r/ceph/comments/mppwas/single_node_ceph_vs_zfsbtrfs/
Most seem to recommend going for ZFS instead if using a single machine but there is a person discussing his first hand experience with single node Ceph.

anamethatisnt ,

Figure out how much power your servers use on average with the help of a wattage meter, then enter that number and how many minutes battery backup you want in Eatons UPS Power Calculator to find a suitable unit. I'm sure other vendors have similar tools too.

anamethatisnt ,

Eatons batteries are usually really simple to switch, see
https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/backup-power-ups/eaton-5s-ups/eaton-5s-120v-user-manual-700-1000-1500-lcd.pdf

For me they are meant for allowing a graceful shutdown in a powerout scenario and to protect the hardware behind them from power surges.

anamethatisnt ,

portainer.io with debian gives you a web UI if that's the only thing stopping you.
There's a Community Edition (CE) here: https://www.portainer.io/install

anamethatisnt ,

I think Mediasonic still makes 8 bay DAS units, they're becoming a lot rarer.
I would probably start looking at NAS units if I were you, or buy a bigger tower case and fit the disks internally instead.

anamethatisnt ,

Does your server has an empty pcie slot? If so I would go for an ethernet pcie card instead of usb-c adapter.

Or, more expensive, go for a qotom router and migrate opnsense to it.
f.e. something like this https://teklager.se/en/products/routers/tlsense-J6412-aesni-router

anamethatisnt ,

With that budget I would look at home routers that you can run openwrt on: https://openwrt.org/toh/start?toh.filter.supportedcurrentrel=22.03%7C23.05

anamethatisnt ,
  • KVM/QEMU/Libvirt/virt-manager on a Debian 12 for minimal installation that allows you to choose backup tools and the like on your own.
  • Proxmox for a mature KVM-based virtualizer with built in tools for backups, clustering, etcetera. Also supports LXC. https://github.com/proxmox
  • Incus for LXC/KVM virtualization - younger solution than Proxmox and more focused on LXC. https://github.com/lxc/incus
anamethatisnt ,

As part of the transition of perpetual licensing to new subscription offerings, the VMware vSphere Hypervisor (Free Edition) has been marked as EOGA (End of General Availability). At this time, there is not an equivalent replacement product available.

For further details regarding the affected products and this change, we encourage you to review the following blog post: https://blogs.vmware.com/cloud-foundation/2024/01/22/vmware-end-of-availability-of-perpetual-licensing-and-saas-services/

anamethatisnt ,

I use cockpit and my phone to start my virtual fedora, which has pcie passthrough on gpu and a usb controller.

Desktop:
https://lemmy.world/pictrs/image/9576ffd1-f65d-4d88-9b1d-17b03fc61709.png

Mobile:
https://lemmy.world/pictrs/image/5cdf480e-ccbf-4e21-9c0d-d261464177f1.png

anamethatisnt ,

Edit my forum questions to add the solution, if found.

Question about using default router and modem

Is using the router and modem my cable company provided for my internet putting my privacy at risk? And if so, I have heard of openWRT routers but it seems like there's quite a bit of a learning curve with that but even if I got one would I need a non cable company branded modem as well? Any specifically that anyone here would...

anamethatisnt ,

The simplest, most effective thing you can do for privacy is change the dns server of your devices.

This can be the reason to switch router, my ISP delivered router doesn't allow me to change DNS delivered by DHCP or DNS used by the router. If I must setup my own DHCP server I might as well setup an opnsense and add crowdsec/suricata or zenarmor.

anamethatisnt OP ,

The problem with the KeePass apps is that it works by syncing database files which means that there can be sync conflicts. Okay for me to handle, but not for the rest of my household.
I really want a server-client system where everyone works in the same database.

Bitwarden is Docker, but also very well-liked. Might have to give up on the .deb / .rpm wish.
Thanks for the suggestion!

anamethatisnt OP ,

This is the reason I don't use a shared database, I think that's what you're referencing?
Add ability to sync group structure with KeeShare - Status:Open
https://github.com/keepassxreboot/keepassxc/issues/3045

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •