if you could start again in your self hosting journey, what would you do differently? :)

That’s an excellent question.

If I were to start over, the first thing that I would do is start by learning the basics of networking and set up a VPN! IMO exposing services to the public internet should be considered more of an advanced level task. When you don’t know what you don’t know, it’s risky and frankly unnecessary.

The lowest barrier to entry for a personal VPN, by far, is Tailscale. Automatic internal DNS and clients for nearly any device makes finding services on a dedicated machine really, really, easy. Look into putting a tailscale client right into the compose file so you automatically get an internal DNS records for a service rather than a whole machine.

From there, play around with more ownership (work) with regard to what can touch your network. Switch from Tailscale’s “trusted” login to hosting your own Headscale instance. Add a PiHole or AdGuard exit node and set up your own internal DNS records.

Maybe even scrap the magic (someone else’s logic that may or may not be doing things you need) and go for a plain-Jane Wireguard setup.

Another +1 from me. Very similar setup and it’s been working for me for years.

OpenScale works great and kind of does what you want. If you have an old Android phone laying around you can have it persistently connected to a cheap Bluetooth scale. Functional, but at a much have higher power cost than an ESP32 solution. Automated database exports to a local file (on the android device) and Syncthing can move your data around for analysis.

The good folks over at Gadgetbridge might have a solution too, although their list of supported scales looks pretty short.

You might also look into making a project like rmfakecloud to trick your Fitbit device into pushing data to a local server.

Not sure about home assistant though, I’ve never used it.

It’s mostly Mastodon. (Shoutout to @RmDebArc_5@sh.itjust.works for posting the link to FediDB)

I prefer Syncthing-fork for some more straightforward configuration. Mainly the three button options equating to “follow the run conditions, damnit”, “run damnit”, and “stop damnit”

Even faster – tailscale. For a cheeky way to play with your friends make a burner account with a shared login to get on the same tailnet for free. On the endpoints, turn off tailscale-ssh and any of their other “features” you don’t need.

Second this ^

I have one and it’s fine, but not directly supported by OpenWRT. Looks like Beryl and Slate are though

Excellent notes. If I could add anything it would be on number 4 – just. add. imagery. For the love of your chosen deity, learn the shortcut for a screenshot on your OS. Use it like it’s astro glide and you’re trying to get a Cadillac into a dog house.

The little red circles or arrows you add in your chosen editing software will do more to convey a point than writing a paragraph on how to get to the right menu.

Is there a reason you’re not considering running this in a VM?

I could see a case where you go for a native install on a virtual machine, attach a virtual disk to isolate your library from the rest of the filesystem, and then move that around (or just straight up mount that directory in the container) as needed.

That way you can back up your library separately from your JF server implementation and go hog wild.

Syntax-wise, it’s meant to be identical. I got on board when they were the only ones that enabled rootless (without admin privileges) mode. That’s no longer the case since rootless docker has been out for a while.

I’m personally a fan of the red hat docs and how-to’s on podman over the mixed bag of tech bro medium articles I associate with docker.

At the end of the day this is a bit of a Pokemon starter question. If your top priority is to get a reasonably common and straightforward job done just pick one and see where it takes you! :)

Avoid AMD? Why do you say that?

My solution is to use Rathole. I rent a wildly cheap (2 core, 4GB memory) VPS and basically just run Traefik there. Then I use Rathole to make some services hosted on my desktop available to Traefik.

I like this solution better than Wireguard for my application. It reduces attack surface to services you’ve explicitly set up, rather than a full data layer trunk between your machine and a potential malicious actor.

Ooh, I’ll definitely check out Voice!

I’m more of a desktop Jellyfin container person myself, but all roads lead to Rome in this case :) thanks for the input!

Does anyone know of a good alternative for Android?

Right now I just use Antennapod, but it would be nice to get chapters and whatnot built in.

My $0.02:

NixOS is excellent, and actually pretty easy if you’re not trying to do anything fancy (running all services under a single user, etc.). Personally this is my pick because I primarily host services for myself, so down time in exchange for learning a new thing is acceptable.

As I mentioned elsewhere, Debian + Incus is a great minimal and rock solid solution for longer standing services. Although, it’s not composeable :(

More directly to your preferences, I would also recommend considering Rocky. Being in the RHEL ecosystem has its perks (especially with rootless support for podman and podman-compose). I’m also generally a fan of SELinux. Rocky is a little less bleeding edge than Fedora with many of the same conveniences and recent packages. In my mind, for my purposes, that makes it a better choice than Fedora for a server OS.

Good bot

I tend to not use the webui, so I prefer the similarly useful combination of Debian + Incus (spawned from the LXC project).

Sure, HA isn’t baked into Incus (to my knowledge) but similar to OP I only have one physical box and don’t necessarily care to manage multiple.

That being said, Proxmox is a good solution in the scheme of things and generally a good recommendation.

Hm, so it’s encrypted from your beeper client to the bridge, decrypted, then re-encrypted with the outgoing platform’s protocol. Seems like a good reason to host your own bridge, and a good call on it being a glaring attack surface.

Seems like the secret sauce is in how they deal with messaging platform integrations? Maybe the goal is to avoid another iMessage lawsuit. With Beeper as a proof of concept it would be cool to start adding integrations in a fully open source way (legality permitting)

That’s a cool solution! I’d be interested in making a nix flake to do something similar to that Ansible project. Thanks for linking!!

Agreed! I’m pretty psyched about their transparency and the overall model. Especially in the universe where this Apple lawsuit results in Beeper being allowed to connect to iMessage again.

Would love to hear any results you find with hosting! I’ll give it a try too and maybe do a follow on post with what I learn.