Because a private CA allows you to create a certificate and nobody else has the ability to create certificates unless you give them the keys or a signing CA. With Let’s Encrypt, you are trusting every major certificate authority to not create a cert on your domain; coupled with DNS poisoning means you would end up on a legit-looking but counterfeit website of yours.
You’ll have to explain that one to me.
Just my 2 cents.
I have been burned by WD Red on SMR drives, so I will just say Fuck You WD. That is all.
Services the only supported sqlite databases struggled (Jellyfin). Anything that worked with postgresql worked like a charm. So trick on the sqlite ones is a local PV then do a task to copy to NFS periodically.
My setup was a central NAS hosting an NFS server then each Pi mounted PVs from the NFS CSI driver over the network and I only used local storage to boot the OS.
I manually manage the media files but I do assign the categories, I just mount it on Jellyfin as read only so it can’t make any changes and it stores the metadata and album art on the Jellyfin system partition.
Raspberry Pi 4 4GB handled it just fine for me the last couple years.
Figure out why my new 10GbE NIC won’t read in my repurposed gaming rig (now server), get all my storage migrated over to Ceph, transition my services over to Proxmox hosted Talos k8s stack from my RPi-hosted k3s stack.
A relatively newish SBC can run Jellyfin and even do some light transcoding (single stream full HD or 2-3 streams SD).
I love Jellyfin (kind of love/hate haha), but I would never trust it to manage my media files themselves.
Definitely check out k3s. I ran a 7 node arm64 cluster for a couple years and it served me well. I’ve since graduated to proxmox/ceph and all that, wish me luck 😅
Check out ansible for ways to automate this stuff. Highly recommended!
Honestly, what you’re trying to do is a great use case for docker already. I suggest learning more about how to use docker, take backups, restore from backups, etc. E.g., I have a NFSv4 share that I store all of my containerized services’ config and data files in. Any time I need to restore a precious version, it’s as easy as restoring the previous version files and starting the previous version container.
What is the tmpfs for?
Different phases of power? Did you have 3-phase ran to your house or something?
You could get a Starlink for redundant internet connection. Load balancing / fail over is an interesting challenge if you like to DIY.
You could possibly run ai horde if they have enough ram or vram. You could run bare metal kubernetes or inside proxmox.
Honestly I just moved back to local accounts. I’m interested in the other comments on this post for a good solution to move to.
Does that work with gitea? I was able to get it working with Authentik but wasn’t able to get it working on Keycloak.
Yea that’s the whole trusting trust thing. You can theoretically set up hour browser to only trust your private CA and not trust any of the publicly trusted CAs. Depends on your threat model I suppose.