So when I ask Let’s Encrypt for a cert, I ask for *.int.teuto.icu instead of specifically jellyfin.int.teuto.icu, that way I can use the same cert for any internally running service. Mostly I use SSL on everything to make browsers complain less. There isn’t much security benefit on a local network. I suppose it makes harder to spoof on an external network, but I don’t think that’s a serious threat for a home net. I used to use home.lan for all of my services, but that has the drawback of redirecting to a search by default on most browsers. I have my tailscale exit node running on my router and it just works with SSL like anything else.

I use a central nginx container to redirect to all my other services using a wildcard let’s encrypt cert for my internal domain from acme.sh and I access it all externally using a tailscale exit node. The only publicly accessible service that I run is my Lemmy instance. That uses a cloudflare tunnel and is isolated in it’s own vlan.

TBH I’m still not really happy having any externally accessible service at all. I know enough about security to know that I don’t know enough to secure against much anything. I’ve been thinking about moving the Lemmy instance to a vps so it can be someone else’s problem if something bad leaks out.

What you are looking for is a RAG and is one of the few legitimately useful implementations of LLMs outside the wall of hype.

For my single user instance, I can be charitable and say that it’s running on hardware that I already had that is running regardless on spare otherwise unused resources with a already registered domain so the only cost is time spent setting it up. Or I could apply all the costs from the server Lemmy, then it would be about $1200 initially plus ~$10/mo per user.

My one and only reason is that I’m a turbo-nerd. No professional or even educational tech background at all.

I had a squatter get mylastname.com after my dad died. After a while I guess they noticed that I registered mylastname.net and orffered to sell me mylastname.com I didn’t respond and they let it expire. I should probably register it.

For network cables, FS.com. Their specialty is fiber optics and they have good transceivers and cables for really cheap prices and they also sell a tool to flash vendor info onto transceivers so if you have some picky proprietary box you can still use generic transceivers with it. Their copper products, DACs, regular cat6 patch cables, etc are good too. I haven’t tried their NICs or switches though.

I have a used 2016 super micro server. It was $600, has 2 18 core/36 thread cpus and 256 GB of DDR4 and 12 HDD hot swap trays. It also idles at 180 watts. Way over kill but I have cheap electricity and it’s nice being able to spin up a vm with just about any specs I could want. If I got some more normal cpus it would probably burn a good bit less power.

Cloudflare if you want one of the handful of TLDs they support, namecheap otherwise. For namecheap I still point the nameservers at Cloudflare so they can manage the site. For DDNS I use DDclient, it works, that’s about all I can or should say about a DDNS client.

My interests line up pretty well with my admin. I think that the instance should be pretty reliable as long as I want to keep using Lemmy.

I appreciate all of the weird instance names in here

Well you can get a domain with a weird TLD for $2-5 a year and $40-80 once for a SBC like a raspberry pi to run it. Ideally you’d want a small 32-64gb ~$20 SSD or HDD for storage, but in a pinch a USB stick or micro SD card that you can get for ~$5 would do. Any old computer can handle it though, Lemmy is pretty lightweight, you would have resources left over on the host to run other services. So in total if you wind up in over $100 something went wrong somewhere.

For what it’s worth, once you get to the single user level, the cost is pretty much nil assuming you have the hardware and domain already

This is a big part on why I think self hosting is the way to go with federated platforms. At least I probably shouldn’t ever have an issue with the admins/moderators at lemmy.teuto.icu. Being able to just point the domain name somewhere else should make migrating as simple as spinning up a new container too.

I prefer to use a local DNS for internal services just so there is less publically available information about my internal network. No need to let everyone know what address space I use or which vlan certain services are on. Also means you don’t have to wait for public DNS servers to update.