14·
3 months agoI still just use :X with vim on a server I can ssh to.
BoofStroke
- whitewater kayaker
- mountain biker
- snowboarder
- infosec and linux nerd
- lover of small felines
- 0 Posts
- 19 Comments
Joined 1 year ago
Cake day: December 20th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Rack mount server class machines at home generally aren’t great options. Definitely stick with tower/mini designs.
That said, for a home server a general workstation may be best. I personally have a System 76 Thelio. I added a second drive and installed proxmox with a ZFS mirrored pool.
Self documenting systems ftw.
You can ship to Graylog with netcat or filebeat. Then you can do all of your graphing, searching, and analysis there.
I use it. No complaints here. They’ve recently reduced their rates. The alternatives are more involved and more expensive. I put my remote Borg repos on rsync.net
Because I use Borg I don’t really need their zfs snapshots but those are pretty cool too.
I have multiple Borg repos, so rather than add a remote for each I just rclone everything at once to rsync.
For home, use your firewall. Either physical ports on the firewall with dumb switches or vlans with managed layer 2 switches.
There are many ways to do this. Proxmox can do it with ovs if all your devices are virtualized. Pfsense is probably the most straightforward.
The best way to run pfsense is on dedicated hardware. This would work for you https://protectli.com/vault-4-port/
You’ll also then need switches or a managed switch with vlans for each network segment.
There are devices like the Netgear lm1200 that can do it inline by themselves.
I have that device, but configured as a second gateway. My firewall manages the failover based on primary packet loss and latency.
I run nut on a pi.
In addition to ups, an LTE failover. I’ve had my Comcast crap be offline for hours.
Borg. With rsync.net if you want to keep an off-site.
Naemon and Graylog.
Roundcube
I’d still use a nas for storage and another system for VMs. Unless you want to make your VM server have an array itself, but then you have to mange that on the same server.
It works the same either way. Borg does a lot of different backups on my home network. I also have more than just Borg backups that I want off-site, so an rclone of everything from that nas share once after everything else is done makes more sense than duplicating Borg everywhere. The rclone’d stuff can be used directly just like if it was put there by Borg itself.
That is rsync.net’s entire business model.
I still rclone my Borg repos there instead of relying on snapshots though.
I concur with most of your points. Docker is a nice thing for some use cases, but if I can easily use a package or set up my own configurations, then I will do that instead of use a docker container every time. My main issues with docker:
- Containers are not updated with the rest of the host OS
- firewall and mounting complexities which make securing it more difficult
Other than waf stuff, if you have multiple servers behind a small nat, a reverse proxy can service them all from a single exposed public address. You can also do rewrite rules on the proxy vs on each server.
Plex, channels, mail, calendar, contacts, wiki