I run 2 instances of pihole/unbound as lxcs on my main server and local back up, works great.

If I didn’t have the two big boxes I’d use my pi4/zero2 to run two instances of pihole/unbound.

If I didn’t have my pis, I’d run 2 instances of pihole/unbound on literally anything I could install it on.

What I’m saying is that I consider pihole/unbound to be essential infrastructure at this point. I’m also trying to say I’ve broken my only instance of pihole enough times to understand the importance of redundancy.

I use Pis as a (sort of) hardware key to get family and friends onto my Tailscale VPN. They all have pihole too. I haven’t convinced any of them to get a pi0 as a redundant box, but I’m sure they’ll learn eventually too. No doubt it’ll be my problem.

WAF has consistently held me down to earth. “What will that enable you to acheive that you can’t do already?” With a couple mini pcs and a rpi I’m good. I’d love shiny things, but beyond LLMs there’s not much it would enable me to achieve that I can’t already.

That, and other hobbies. I don’t want to be an amateur system admin during the summer. So all winter long, while I’m tinkering, I’m adding up how much it adds to my maintenance schedule.

Honestly, I wouldn’t.

I only run it this way because a VPS had 0 WAF, and I’m terrified of opening ports. VPS is the well trodden ground, there’s tonnes of guides. Mine’s a hack job borne of necessity, it works though, and I am proud of what I cobbled together.

It was my first time solving my own problems. I had my meager skill set, a basic idea of what I wanted, some vague notion of how I was going to achieve it, and a thick forehead to smash against the problem till it gave way for me.

I am going to keep running it this way though. To access my server you need to HAVE a relay rPi, and you need to KNOW a password. That’s two authentication factors right there, just built in.

I use tailscale for my non-tech family.

I run a rPi with tailscale, pihole and nginx on it in their house. They connect to the their WiFi, get adblocking for free. They go to “http://homarr.sever/” pihole captures the request, sends it to nginx which reverse proxies to a homarr LXC on my server. From there they can click links to the services which are at “https://service/.######.xyz”. Again, pihole captures the request, sends it to nginx which reverse proxies it over Tailscale to the appropriate LXC.

One poor soul runs a mini pc with 2 mirrored ssds attached, it runs everything above plus Syncthing. They have the privilege of running the remote back up for the server.

For apps on their phone, I intend to set their phone up with Tailscale and then just have the app go to “http://dockge:1337/”… Just as soon as I learn to write the access controls to allow admins to access everything, users to access services, and services to access nothing. I just looked and there’s a gui now so I could maybe do it this winter.

There should be both. Minimal config + gui options for people just getting into the hobby, or just want the thing. And a more open option for people who hit the limits of the first, or to do interesting shit, or to repeatably build a thing.

I go back and forth on my server. During summer I wish it was all Docker YAMLs so I can press “update” in Dockge and then enjoy the weather.

But, I also do non-typical things. Users have a rPi in their house that captures requests and routes them through Tailscale to my server for remote access without a VPS or opening ports.

I’m not too technical so I often struggle setting things up, and documentation can be less than helpful at times, sometimes I really wished there was a gui or wizard, but it’s doable.

I’m in the UK therefore: no.

Omw, a replacement for Vikunja and Joplin? Sign me up!

Start with Pi-Hole. Use Linux (I started with Debian) to install Docker/Docker compose, Use Docker to install Portainer, and Portainer to install Pi-Hole, and literally everything else. Run it on any e-waste you have. There’s a thousand guides, it’s easy (comparatively), immediately useful and you’ll learn right quick about redundancy when you break it. Oh you’ll learn so much when you break your only instance of Pi-Hole. Watchtower messes up the updates while you’re at work and SO wants to use Facebook… You’ll learn. Also, don’t do automatic updates for a long time.

You should also learn how to read documentation and Docker’s is stellar, it’ll help you when you’re trying to implement some solo project with minimal documentation… You might hear RTFM which translates to “have you read the documentation?”.

Chatgpt is a fine rubber duck as long as you’re doing standard things on standard platforms. Explain your problem to ChatGPT as best you can and troubleshoot with it. Everything should be a place holder, give it zero details you don’t have to. Then follow the stupid steps it gives you. If it asks you if you made sure the port is what you told it you expect the port to be, go fucking check. It’s a robot, it doesn’t care how good you are just do the thing. If none of that works come here with all the checks you’ve already done so someone here doesn’t ask you if you made sure the port was 8096 in the compose file and you typed it as “8906:8096”. You will mess up simple stuff, it’s fine we all do/did, LLMs are great at covering the basics.

You’ll want to use Podman, Dockge, LXCs, what have you eventually. But Docker/Portainer are the standards. Everyone that can use Podman/Dockge/… can use Docker/Portainer, not the other way around. You’ll get more help doing standard things on standard platforms.

You learn what Docker is, how it works, what a compose file is, how they work, what maintenance is like. Then branch from there, after Pi-Hole what’s the most impactful to you, media? Jellyfin, plex & *arrs+gluetun, what’s your poison? All available through docker. Keep adding services until you cant stand the upkeep, you expand beyond your hardware, or you know you have all you want.

Docker is least effort to learn to do this stuff, you may want to out grow it eventually, but I don’t think you’ll ever not use docker/podman for something. Even when you have everything set up as a NixOS box, there’s likely gonna be a docker/podman host running something somewhere, probably a third redundant pihole.

Then tinker with what you have. Docker is good but has limitations, what is Proxmox, what’s an LXC? In summer I wish everything was on Docker so updates are painless (comparatively). In winter I’m glad I’m in proxmox and can tinker away.

My entire homelab used to live on a rPi4 running Debian, and docker doing almost everything on your list. My current pair of n100 minis can do everything on your list. I think (I’ve not tried game servers).

It doesn’t take much. Start with Debian, Docker, Portainer, Pi-Hole.

When something catastrophically breaks, it’s generally not worth chasing the solution. Good teaching moments later but by then you’ll have snapshots to revert back to. Anyway when things break catastrophically, and they will, give yourself an hour to fix it, and then just start again. It reinforces install procedures, you’ll have an idea on how you could have done it better anyways, and it’s just not worth the heart ache.

Sames, I have a bunch of users(2) all streaming jellyfin fine over tailscale, except one house which buffers sporadically over the day. There’s no rhyme or reason to the when, or the what that needs to be buffered. As in it’ll buffer direct plays/HEVCs/AV1s, or it’ll play them fine. Some times it’ll buffer at night, sometimes during the day, sometimes neither or both. Worse, I’m getting all my information via users, so maybe theres a common thread, but they haven’t found it.

Their internet speed is fine. It could be WiFi being saturated in their area. It could be the relay being a very old rPi3 just isn’t up to it (The pi, captures their requests through Pi-Hole and proxyies their traffic over tailscale). It could be the laptop they’re using as a client isn’t up to it. Or it could be some setting somewhere.

It’s annoying whatever it is.

Not too close. My Proxmox server is basically set up, I can’t fit anything more on it, so it’s just back end and tinkering now. I’m comfortable with Proxmox.

That said, new box and a large windfall I’d have a look at Unraid. After donating to Proxmox at least that much first.

If Proxmox didn’t exist (and TTeck didn’t exist) I think I would have at least tested Unraid. I was comfy in Debian with Docker as a virtualisation host before moving to Proxmox anyways.

I’m sure it’s good, I would like to give it a go. I’m happy where I am though.

Thanks, I’ll check it out. Speedy could be interesting for games that used the CPU speed as a clock speed.

The LinuxServerIO peeps make fantastic images. When my server was docker only they pretty much built my homelab. I’m sure my docker hosts still have a bunch of their stuff, *arrs are probably all them.

Cleanuparr/Huntarr just got upgraded to a late-summer project.

Edit: they’ve been running a couple days now. They’re good.

I’ve been on full maintenance mode for spring/summer, those are the times to be going placed and doing things. Autumn I’m going to write my winter goals for the server.

I have another n100 box that I’m going to dedicate to immich, I have 7 users now, so when they all upload on a night my current n100 has a little bit of a cry.

Security is always a big one. I’m currently relying on tailscale (limited to necessary lxcs), reverse proxies, Https, and app ‘sign ins’. Not bad (it’s bad) but not good either.

For new projects, I want to integrate Audiobookshelf with Hardcover. I’ve got a project installed but it didn’t work on my first attempt so I gave it up for winter.

I’d like to set up a virtual DosBox, accessable by a browser, for my 1000s of dos games. Again I’ve found a few projects, none worked out of the box so have been given up for winter.

Other than that all my front end services are working well. *arrs are becoming a pain for all the malware named as good files confusing rad/sonarr. Qbit knows not to download .exes, and the like, but sonarr doesn’t know to delete them and look again. Lazylibrarian accepts no shit though, if things aren’t going as expected LL very quickly deletes and goes again. I might try vibecode a script for that.

I’d like to break out my storage into a dedicate box. Probably get some e-waste to fill with drives. Currently I have a n100 running network, storage and virtualization, it’s a little cramped.

It’s probably smarter to break out networking first, build a little router/firewall box (the above n100 mini would be perfect). But, I don’t get along with networking, I find it challenging in an unsatisfying way. When I’m done banging my head against the wall and things work I’m just relieved I don’t have to do it again, instead of feeling accomplished. New projects are fun, Storage I get the feeling of accomplishment from doing the thing. Networking is a dark art full of black boxes I don’t understand that sometimes play nice together and mostly fuck my shit up.

I want to move over to IPv6, not for any other reason than it’s probably a good idea to progress to the 2000s. If I can move everything over to Hostnames however, that’d be the dream.

Moving from Docker to Podman is probably smart.

Lots to do over winter… I’m probably gonna build a fish tank instead

GoDaddy(I think) for my domain, Cloudflare +Letsencrypt (DNS SSL challenge), Tailscale (to access applications remotely), AirVPN (for applications to access the web), Gmail (smtp, I want to migrate soon).

I host everything else.

‘Hunter2’ Was my original plan, yours is much better with a special charachter, thank you.

I saw Immich’s licence. I don’t want to dig up old drama though.

I was unaware jellyfin didn’t take donations.

I thought they would both take donations though. Money is money after all.

Holy-shit it does!!! I couldn’t find any of the main repos I want to donate too: Pi-Hole, jellyfin/seerr, *arr, immich. I guess that’s an outreach problem? Getting PromoFaux (Pi-Hole) onto librapay. Pledges seem to help with that.

But Lemmy, Syncthing and Vaultwardern is in in there. I have a tonne of services using MySQL, it’s in there.

Thank you kind stranger, my bank acct hates you.

I’ve said it before, I think there’s money in a service that crowd funds open source donations.

I use so much FOSS that making sure they all get some money is a real first world problem. If I can only give £10 that month what do I do? Rotate who gets the tenner? Give everyone £.20? Then you have to figure out how each service wants funding and organise that.

Instead I could go to FOSSfund select all the software I use and donate £x. That money gets divvyed up and stored with other people’s donations until a threshold is reached.

When enough money is accrued the service makes a substantial donation. The FOSSfund itself is funded through interest gained while holding donations.

Of course I am a naive user that wants good things to exist and has no idea the difficulties in making them happen. Brb, off to vibecode a payment system. I forsee no problems. I will not be taking questions or feedback at this time.

I used proxmox to set up my ZFS pools and use bind mounts. It’s fine, I’m sure it’s a “grass is greener” thing.

Home labbing is a winter hobby, so in the summer months I hate the time spent updating all the machines when I could be outside.

If I had purely Docker set up, in winter I’d be complaining that “everything is too simple” and “I want more control” etc.

You can pry proxmox from my cold dead hands.

I do sometimes dream of running everything in Docker though for how easy it is to update. I’ve got the community scripts running and still it’s a bit of a maintenance job.

A TrueNAS + Docker machine is pretty tempting. If I were to migrate, that’s where I’d go.