Selfhosting fun

[Mercutio]

This thread is inspired by Handruin mentioning that he wanted a low-power replacement for an ancient Xeon server setup.
What are we all doing with our server systems?

I'm guessing I'm not the only person here who runs Plex or Jellyfin. I'm sure most of us know about containerized VMs and may have systems for Home Assistant or something. I use NextCloud for external access to data, for example.

I've been playing with ScreamRouter and Booksonic lately, both in the name of getting something working better for audio formats. I had a request to add audiobooks to Plex and oh boy is that a terrible fit. And Plex has always been hopeless for music, so now I'm trying to get a better overall system for dealing with audio, ideally in a way that I can access outside my house as well as within it and even better if the tool I use will send more than two audio channels if I ask it to. There are similar services for ebooks and comics, two other giant media collections I have on hand, and I imagine they'll be on my list as well.

The interesting thing here isn't just rolling out a docker something or other, but also how to expose and secure the services. I imagine that I'll wind up using Cloudflare tunnels are probably a pretty good choice.

 

[sedrosken]

My router is some chinese Intel N100 box with quad i225 2.5Gbit NICs. It runs pfSense, and has an amount of RAM and storage that I don't remember, but I do remember is plenty for the job. I do run an OpenVPN server from it for access when I'm travelling and I have dynamic DNS set up for both mine and others who I allow to connect's convenience. My VM server is laid out thusly:

- Proxmox host on bare metal - 6c/12t, 32GB, 1TB NVME, 8TB WD Blue x3 on PCIe SATA, GTX 1070, X540 x2 10GbE card
|- Tethana3, Debian 12, NFS/vsftpd/tftpd/Jellyfin, 2c, 8GB RAM, 32GB root, 3x8TB passthrough mdadm RAID5, GTX1070 passthrough for NVENC
|- Lytelthorpe, Debian 10, version-frozen Samba and cups passthrough to Samba, 1c, 1GB RAM, 8GB root
|- Candeth2, Debian 12, cups/pihole/protonmail-bridge/webone https proxy, 2c, 2GB RAM, 32GB root
|- Direlands3, Debian 12, not permanently on telnet bridge for SSH, 1c, 256MB RAM, 8GB root
|_ AyanBaqur2, Debian 12, Game servers/MariaDB for those game servers, 4c, 16GB RAM, 100GB root

Proxmox can do some cool stuff for guests like Kernel Samepage Merging (KSM) which can take identical bits in RAM and merge them together, deduplicating RAM contents, hence the standardization on squashing Debian into roles in which something else might be better suited. Plus, I just like using Debian for everything.

I have a couple of Windows VMs, but they're not usually on. I had plans to use one as a server for Windows-based games where there wasn't a Linux port, but I lost interest in the project that prompted its creation, and another that was going to have my capture card (Datapath E1S) passed through for use with VirtualDub2 but I ended up needing to use the slot it was going to go in for the SATA card as my motherboard-resident SATA is very flaky. I might replace that with an HBA at some point, or I might wait until I rebuild the whole thing and have to build a new array anyway. I do know that the 1070 is a stopgap until I rebuild and go with an Intel chip with integrated QSV for transcoding to save power. For now NVENC does the job though I wish I had a couple modern codecs the 1070 doesn't provide.

If I ever get around to getting another switch and segmenting off the vintage stuff in my collection, I'll need to use one of my spare NICs in passthrough to the version-frozen Samba server and will likely need to move the webone proxy there too. I'm using a specific older version of Samba so I have guaranteed SMBv1 and LANMAN auth support as I do use that to access my archive from Win9x and Windows for Workgroups hosts.

 

[ddrueding]

I have a MinisForum U820 with upgraded SSD (4TB Samsung) and RAM (32GB) running Proxmox with my Home Assistant and Minecraft servers, a SAMBA share as my local backup target, along with my Linux sandbox that I should be spending more time learning in.

The only other machine in my mechanical closet is the DreamMachine Pro that is overkill for the 2x Access Points and single site-site VPN connection.

 

[Mercutio]

I actually use a combination of Hamachi and Zerotier for software defined VPNs (Hamachi is great for desktops and servers but it doesn't cope well with laptops and computers that go to sleep, hence use of both) and I also have OpenVPN running on opnsense on my router system, which is also on some POS NUC-looking brick with a Celeron Nsomething in it. It's screwed to the wall next to my cable modem and I regularly forget it's even there.

I'm in the process of migrating VMs and containers to a new platform. I have things sort of haphazardly sitting on a mix of Hyper-V on Windows and KVM on Linux. My old workstation (threadripper) will probably be reincarnated shortly as a Windows Server host and my Lenovo SR630 is currently running something that started its life as OpenSuse but definitely isn't that any more. I've never messed with Proxmox. Most of the VMs I have are replicas of systems I have in production that I turn on and off as I need them.

I let Plex and TDARR run on my Linux host server so that they can have basically unbounded access to resources if they need them rather than being constrained to a VM. It's not impossible that I might have more than four simultaneous external Plex clients that need real time transcoding. TDARR doesn't get used unless I have something that's poorly encoded or that I feel like ripping for myself, but it's pretty nice to just point it at a directory and tell it to go to work until it's done. It'll also use a GPU though, so in my mind it makes sense that it can share with Plex.

 

[sedrosken]

I've considered migrating to opnSense after hearing of pfSense's past problems. I just know at this point migrating the config is more complicated than export, install, import, and I don't have the time or ambition to spend an afternoon or longer setting all that back up, and no doubt needing to shuffle over new OpenVPN configs and whatnot to my client devices. Maybe if something really bad happens and I lose all my configs anyway.

 

[Mercutio]

I standardized on opnsense as an access platform a while back, because I got sick of dealing with everyone having something different, although part of that is that I'm the only person who really connects to each system as an end point, so switching up security certs is mostly only a headache for me and not any remote users.

 

[Handruin]

I know it's a little more proprietary than you may care for but I was considering setting up TailScale which is based on WireGuard.

Homelab · Tailscale

Tailscale is a zero config VPN for building secure networks. Install on any device in minutes. Remote access from any network or physical location.

tailscale.com

For homelab stuff, I have a bunch of what you already described. I have a basic static page generator for managing everything called Home Page that I deploy as a container.

Home - Homepage

A modern, fully static, fast, secure, fully proxied, highly customizable application dashboard with integrations for over 100 services and translations into multiple languages.

gethomepage.dev

I run Home Assistant on a Beelink Mini S12 pro under Proxmox along with my Plex server. My other systems are still under VMware ESXi server but once I get my new hardware setup I'll be migrating everything over to Proxmox.

 

[Mercutio]

It doesn't look like Tailscale is much different from Zerotier or Hamachi to me. I started using both years ago, although at this point I'm doing more with Zerotier just because it's less work from a support standpoint. I do see that somebody has an open server endpoint for it. That's a plus for sure.

 

[ddrueding]

Proxmox was a very easy thing to figure out if you're already familiar with ESXi. If I were to ditch the Ubiquiti setup it would be for OPNSense and TailScale, but at the moment I can't be bothered. Maybe when I have enough WiFi 7 stuff that I feel compelled to upgrade.

What are people's thoughts on running your firewall as a VM on your homelab machine? Makes me a little nervous to not have a physical separation there? Maybe have that VM have two dedicated hardware NICs that physically go in and out of the machine to isolate it from the virtual switch? Probably being too paranoid.

 

[Handruin]

My thoughts about running a firewall as a VM are similar to yours, it makes me nervous. I feel like there's more possibilities of getting things wrong and leaving something open. I know that VMware and Cisco had the Nexus 1000V and there was a firewall component so it feels like this should be a viable option to consider but there are more factors that Cisco and VMware have time and budget to harden vs us homelab folks.

Also to your point, I would want clear separation of WAN and LAN physical adapters if I were to try this. It feels more idiot-proof just from the perspective of assigning adapters and virtual switches to VMs.

 

[Handruin]

In the spirit of more self hosted fun, these are some projects/components I have on my list to explore. Some of these may pan out to being not useful but wanted to explore them.

SWAG - to assist in managing my self hosted domain

SWAG - LinuxServer.io

Welcome to the home of the LinuxServer.io documentation!

docs.linuxserver.io

Traefik - reverse proxy for assisting in setting up clean URLs to all of my self hosted components.

Traefik, The Cloud Native Application Proxy | Traefik Labs

Traefik is the leading open-source reverse proxy and load balancer for HTTP and TCP-based applications that is easy, dynamic and full-featured.

traefik.io

Shlink - URL shortener for internal use to link to things

Shlink — The URL shortener — Documentation

The self-hosted and PHP-based URL shortener application with CLI and REST interfaces

shlink.io

Mealie - manage recipes

Mealie.io

A simple, fast, and easy way to create and share recipes.

mealie.io

Book Stack - internal wiki-style system to assist in managing homelab or house related stuff

BookStack

BookStack is a simple, open-source, self-hosted, easy-to-use platform for organising and storing information.

www.bookstackapp.com

 

[sedrosken]

I refuse to have something as critical as a router be anything but a separate machine running on bare metal. It's not good practice at all, at the very least IMO. I think virtualizing a router is kind of just asking for trouble.

 

[Mercutio]

I've done router/firewall on a VM. I decided it was a bad idea after I had a VM shit itself on an ESXi host and I had to drive out and fix it in the middle of the goddamned night.

I DO keep a router VM on each hypervisor, but it's a backup rather than a primary config.

 

[Mercutio]

Shlink - URL shortener for internal use to link to things

OK I am having trouble wrapping my head around this. Even if the link structure of internal web sites are complicated, wouldn't you just bookmark the sites you need? Is this because you don't necessarily get to pick the URLs that come out of containerized appliances?

 

[Handruin]

Yep, you could just rely on bookmarks. I don't have every device sync'ed with the same bookmarks though. Having some shortened URLs that resolve internally for household things for when visitors are here could be easier to tell them to go to example.com/movies or something simple like that to have them request content to watch or to example.com/lights that take them to the web dashboard to manage the smart light switches in the house.

Other things it offers is dynamic redirects based on device type.

Shlink — The URL shortener — Documentation

The self-hosted and PHP-based URL shortener application with CLI and REST interfaces

shlink.io

Like I said earlier, this may not pan out to being anything beneficial but wanted to give it a try to see if it does add value in interesting ways.

 

[Mercutio]

I don't have every device sync'ed with the same bookmarks though.

I use Firefox Sync and my Chrome sign-in to keep bookmarks in common between devices. The only reason I need both is ChromeOS, which doesn't really like Firefox for Android very much for some reason. Once Firefox syncs to whatever device, I can usually import it to anything else I care to use. Vivaldi is actually my normal choice for Chromium browser, but apparently Brave has said they're planning to preserve compatibility with Manifest v2 extensions, so I'm giving it time as well.

 

[Mercutio]

The biggest issue I have with Proxmox now that I've looked in to it to any degree at all is that it's Debian-based. I've got it up and running on a spare system but I feel dirty for doing it. The FSF people are dicks and they always have been.

 

[Handruin]

Perhaps considering looking into XCP-ng if Debian is against your code.

XCP-ng - XenServer Based, Community Powered

xcp-ng.org

 

[Mercutio]

The most condescending asshats I've ever encountered in my life were two people who both represented themselves senior devs in the Debian project on a couple IRC channels I happened to be active on at probably the very beginning of 1995. I've never gotten over it. For all I know, those dipshits are still working on it today.

I've set up Ubuntu and Mint for others but I've never used Debian for myself.

 

[Handruin]

Are the debian-derived distros also tainted for you?

Senior Dev's in 1995...I doubt they're still involved. They'd probably be in their 70s and if they were that condescending, I can't imagine people would still be putting up with their crap this long. Life's short man, probably worth moving on but I know I'm not going to change your mind.

 

[LunarMist]

Maybe those guys are long gone or dead by now. You hold a grudge like an old-school baby boomers.

 

[Mercutio]

FSF still has people working on the lost cause that is HURD, which last I heard finally got SATA and USB support in about in about 2015, so they're clearly not opposed to keeping relics of a bygone era around.

 

[Mercutio]

In the category of solution to a problem I didn't realize that I have, Komga is a really interesting tool.
It's a media server for Ebooks, PDFs and comic book data formats. I've generally been content to toss the things I'm reading on to Google Play Books, but Play Books has a hard limit of 100MB/file, which sometimes isn't enough space.

Of particular interest to me is using it to store role playing game manuals for my tabletop gaming needs, and omnibus collections of comic books. The tool keeps track of your reading progress per title and there's no limit at all to the number of titles. It also performs well on tablets and works just fine over a VPN, so I can access all my stuff even when I'm not home.

The down side is that it's primarily made to act as a server, so you have to do any meta-data edits you need another tool for that.