|
I'm a complete newbie to this, but over the past month or so I've been using an old Macbook Pro as a Plex media server. Getting everything set up was pretty easy, since there are OS native apps for most of what I need on there. But that has me entering more of a rabbit hole (or pihole, in my most current case) of other stuff I can do from my home machines. I managed to get pihole installed in a docker container using docker desktop, but I still haven't been able to get pihole working on ipv6, apparently due to the fact that docker sucks at ipv6(?). In that process, I've been looking at a ton of documentation and guides that reference linux to make changes to configurations and such. Translating where /etc/pihole/setupVars.conf is in macos isn't particularly difficult, but it's time consuming, and a lot of commands in linux just aren't there on macos. I know I can use brew to grab certain things, but the lack of consistency with linux in terms of file infrastructure means I'm going to have to translate the majority of guides I find, which just adds a lot of time to the configuration and troubleshooting process. It seems like a foregone conclusion that if I jump into more self-hosted projects, I'm going to need to get a linux system built out. I used to run linux as a desktop OS nearly exclusively back in the early 2000s, so I'm reasonably confident I can get to a point where I have an opinion on systemd relatively quickly. But I have a few questions to help get started:
|
#
¿
Jan 9, 2023 21:11
|
|
|
|
| # ¿ May 14, 2024 08:20 |
|
|
Cool, thanks. Been doing a bit of side research and it sounds like I could power most of what I need on a ~$400 NUC with Unraid, then connect a Synology NAS when I grow beyond external USB SSDs. That sounds like the expensive option, but it also seems like I could run OMV on the NUC in the meantime. Is that correct?
|
|
#
¿
Jan 9, 2023 22:57
|
|
|
Ah, interesting. With proxmox, I could toss it on the NUC and just run services inside VMs, right? Sounds like a better alternative than docker just for the customization options. Sorry if these questions are overly basic. I'm not a developer and most of my experience with linux was on the desktop side, so it's a different world than what I've experienced.
|
|
#
¿
Jan 9, 2023 23:41
|
|
|
Gotcha. Generally speaking, would something like this cover me for a NUC? Figure I could drop like 32 gigs RAM and a 2.5" SSD in there and be up and running.
|
|
#
¿
Jan 9, 2023 23:57
|
|
|
Nitrousoxide posted:I run my setup on this at $150: OK, yeah, this is a better option that I can more easily convince the wife of. Thank you!
|
|
#
¿
Jan 10, 2023 01:08
|
|
|
Nitrousoxide posted:
Good to know. I was thinking of either what you linked or maybe this one. I figure double the hard drive space for $4, but I also know Dell tends to be more driver-friendly.
|
|
#
¿
Jan 10, 2023 04:16
|
|
|
Found a dude in the reviews that as of October of last year was using it pretty much for my newbie use case - proxmox and plex for random stuff. Said the SSD is slow but otherwise seems like a good get. Thing gets here Thursday. Thanks for the help everyone. Looking forward to a million more dumb questions to send your way.
|
|
#
¿
Jan 10, 2023 08:52
|
|
|
Welp, it's happening. I grabbed a GT-AX6000 so I can control the network better than the Google Fiber router. The SFF machine gets here Thursday along with a 1TB SSD to drop into it. My plan is to install Proxmox and get a Pi-Hole/Unbound VM running with ubuntu server as a first project. I think for now I'm going to leave the Plex suite on my Macbook and eventually migrate media storage to OpenMediaVault next time I need to add a new drive. I'm also pretty jazzed about getting a VM with Docker/Portainer just to learn it better. This poo poo is cool. It's pretty amazing how much you can do.
|
|
#
¿
Jan 11, 2023 04:52
|
|
|
My tiny little server machine got here last night! I got proxmox up and running with pi-hole and unbound running in a Debian 11 VM. Took longer than I’d hoped but for a first run it was still surprisingly straightforward thanks to YouTube. Proxmox is really loving cool. That console virtualization in the browser blew me away. I think my next thing is gonna be a Portainer VM that I throw Heimdall or something similar on to try out. That or a reverse proxy because I’m tired of typing port numbers into everything. One question: my “networked” storage (a few terabytes of external SSDs) is attached to the server and my MacBook. For my current purposes that seems to be working well enough, but is that pretty much how it works until you get a dedicated NAS? I saw some Synology boxes on eBay and Craigslist that weren’t shockingly expensive for 4-drive plus setups that were a few years old, but I’m not quite ready to drop more money into this just yet.
|
|
#
¿
Jan 13, 2023 16:12
|
|
|
Yeah I have a domain that I have hosted through a provider to facilitate a personal protonmail service. I’m thinking I’ll eventually want to take that mail server internal to save the $80/year or whatever the hosting costs, but they offer LetsEncrypt. I’m pretty in the dark on reverse proxies though. Searching wasn’t super helpful either. Is there a dummies guide on how they work?
|
|
#
¿
Jan 13, 2023 17:39
|
|
|
I think I'm gonna get a VM going with Portainer to set up this reverse proxy and other docker-oriented apps. I'll probably throw Debian 11 or whatever on it. I'm not sure how much hardware to provision it, though. The machine I have is a quad-core i5 with 16 gigs of RAM. Can I get away with giving it a couple cores and like 4-5 gigs of RAM? Is that too little, too much?
|
|
#
¿
Jan 13, 2023 22:13
|
|
|
Fantastic, thanks!
|
|
#
¿
Jan 13, 2023 23:52
|
|
|
corgski posted:Counterpoint: postfix comes with sane defaults now, at least in Debian, and packages like https://www.iredmail.org/ make it even more trivial. The challenge is getting a static IP with good reputation and knowing which RBLs are actually extortion scams and shouldn't be considered when receiving mail. (UCEPROTECT, that's the big extortion scam) I have had to deal with email deliverability issues in the past and understand the nightmare from the "I just wanna send transactional emails gently caress" fence. I didn't even think about having to send to ESPs from a brand new IP with at best zero reputation. I was thinking more about hosting the personal domain so I could send MX records and such to push the name@customdomain through Proton's mail servers.
|
|
#
¿
Jan 14, 2023 04:53
|
|
|
I found a dude selling a DS220+ with the 4GB RAM upgrade for like $289 on eBay, then grabbed a couple 6TB WD Red Pluses off Amazon. I figure it’s a good entry into the NAS world assuming it’s not a scam. For the stuff I wanna store - media for the most part, with some space reserved for future VM projects when I get tired of external drives connected with USB 3 - the 6TB RAID should cover me until I’m ready to spend money again. Please god let me stop spending money.
|
|
#
¿
Jan 14, 2023 08:46
|
|
|
Yeah, I currently set up my VMs to monthly backups to the local storage on the server, but will work up a full proxmox backup once I get the NAS up and running. That's a great idea. I had a similar thought on media given it's not the end of the world if it goes poof; it's more annoying than anything else. If instead I used the NAS to hold the media and back up the server/MacBook running the media management, I could stripe the two HDDs in the NAS for extra capacity, then leave the low-risk media on it plus have the server backups as a fallback. That way all three systems would need to die at once to lose everything, and I have 12TB of storage. If I get really crazy, I could pick up a bigger NAS for more redundancy. The flaw with this plan is I'm pretty interested in pulling our family photos and poo poo away from Google/iCloud, and my wife has made it clear that if we do that and we lose all our photos, my time on the planet will be limited. I guess I could always RAID 1 this thing, and if I run out of storage get a bigger NAS machine and turn the 2-bay one into an SSD drive to hold a litany of VMs and move the exsting drives into the new one, then complement them with additional drives using SHR or something? This is way ahead of myself but it's fun to think about.
|
|
#
¿
Jan 14, 2023 14:59
|
|
|
Will do. Everything NAS related should show up next weekend. Pretty excited about all this. I think in the meantime I’m gonna get a reverse proxy going and then get a homepage set up.
|
|
#
¿
Jan 15, 2023 18:59
|
|
|
Got Portainer up and running on a VM. That was surprisingly easy. I installed Calibre-web on it just to see how it works, and aside from some database funkiness between it and Readarr, I got it up and running. One thing I noticed is it takes the containers a good bit of time to fully initialize. I thought I broke something when getting Calibre-web to start up because the web GUI wasn't immediately available. Then I looked at the logs and realized it was still initializing 3-5 minutes after I ran the container. Is that normal, or is the external SSD I have everything on poo poo? (Maybe both?) Other note: I really need to get a homepage/reverse proxy set up. poo poo's everywhere now and I'm forgetting which service is on which VM.
|
|
#
¿
Jan 17, 2023 18:43
|
|
|
Lotta stuff here, thanks y'all.odiv posted:Maybe what you allocated the VM for resources? Or is the external SSD on like USB2 or something? It's USB 3, but the drive was one I had laying around to archive old photos we had before upgrading our iCloud subscription, so I wasn't looking for speed from it. I have a new Crucial SSD I'm planning to add to the unit via USB 3. Maybe I'll just move the backups over to that and run off it to see if I see improvement. Nitrousoxide posted:First start up of a container might take a bit as it creates the config files. But after that it should be faster. I don't use ANY remote mounted directories (except media directories) for my containers. The config folders all live locally on the server to maximize the performance. If you're using an external harddrive for your persistant volumes, try the internal ssd instead. Since it's a tiny PC, the only internal SSD is the one that's running Proxmox, and it wouldn't let me use it to store any of the VMs on it. Matt Zerella posted:Try to stick to a single distributor for images who builds off the same base image. I sorta did this by accident, or have so far. Linuxserver is where I grabbed Calibre-web, so I'll keep using that as my main source.
|
|
#
¿
Jan 17, 2023 20:25
|
|
|
Not trying to turn this into my blog, so if this is getting annoying I'll stop, but! I managed to get Nginx Proxy Manager up and running. I decided not to try to set up DDNS for remote access because my use case doesn't really justify that level of internet exposure. I figure I can make Wireguard a project if I ever really need to remote into my little command center. One problem I've run into, though, is I wasn't able to figure out how to log in to Proxmox from the proxy host I set up for it. It'll load the site correctly, but after logging in, it throws me a 401 error that says: "No ticket." I googled around a bit but didn't find a solution that worked for me. I imagine it's all SSL related, but I wasn't able to find anything on the internet about getting that working without exposing the NPM VM to the internet. In the meantime, I can connect by hitting the IP directly, so it's not a huge deal outside of it being the one thing dangling that isn't working.
|
|
#
¿
Jan 18, 2023 21:28
|
|
|
I managed to get it running after finding a tutorial to create self-signed keys. I whipped one up with a 10-year expiration and threw it into NPM, and now everything's over https and Proxmox et al are happy campers. Now I just gotta figure out why Firefox is being a dick about the pem I created. Well Played Mauer fucked around with this message at 23:40 on Jan 18, 2023 |
|
#
¿
Jan 18, 2023 23:35
|
|
|
Yeah, I found a couple tutorials to set up self signed certs and put your own CA together but I haven’t had the time, so I started thinking about just doing it the usual way and decided I’d rather just VPN into everything. I’m still using a self signed cert so I can easily get into proxmox but I just turned SSL off for the other stuff so I’m not clicking a buncha times to open, like, Plex.
|
|
#
¿
Jan 20, 2023 02:00
|
|
|
I've read that streaming media is against the Cloudflare TOS. Would setting this up with DNS challenge and just running everything locally keep me out of their crosshairs?
|
|
#
¿
Jan 20, 2023 17:45
|
|
|
Ah, got it. I'll give this a try, then. Thanks, y'all. e: Got that working. Thanks again, I just wasn't googling properly. Well Played Mauer fucked around with this message at 19:16 on Jan 20, 2023 |
|
#
¿
Jan 20, 2023 18:31
|
|
|
I’ve been adding more stuff to the stack since I got up and running and noticed some pretty big performance hits on other services when making changes or rebuilding docker containers on my proxmox machine. After looking at the CPU/memory consumption during the slowdowns and seeing nothing out of the ordinary I finally got off my butt and put a new external SSD onto the machine. Going from a five-year-old Toshiba drive I got as a photo backup to a crucial drive from this decade immediately resolved the issues. I also post this because my god did proxmox make changing drives on the VM easy. Just go into the hardware allocation and tell it to switch the storage to the other drive. It cloned everything and then I just restarted each VM.
|
|
#
¿
Jan 27, 2023 06:06
|
|
|
I got Tailscale set up so I can access stuff from away when/if I ever need to. I really dig thatI don't need to open ports for Plex or Synology Photos. This has sent me down a security hardening path. I'm not exactly a target and everything is behind a firewalled router, but I also figure it's worth taking some time to at the very least get some basic self defense created. Some of what I've been getting set up:
Is there any obvious/non-obvious stuff I'm missing? I don't really need Fort Knox over here and I don't feel comfortable/need to expose poo poo via open ports, so some of this is more for learning than necessity, but it still seems important to do right.
|
|
#
¿
Feb 3, 2023 23:13
|
|
|
Just found a good deal on a HP 600 ProDesk G4 SFF with an i7-8700. I’m going to throw a bunch of RAM into it and make it my primary server/docker shenanigans, and keep the mini I have for pihole, unbound, and NPM. The extra room to expand seems nice, just in case my MacBook goes and I need a Plex backup, too. But this will put me one Ethernet port over what my router can handle so now I’m looking at switches. At this point I’m giving myself six months before I’ve got some rack mounted behemoth sitting in my office while my wife tells her friends she wishes I had a gambling problem.
|
|
#
¿
Feb 4, 2023 04:26
|
|
|
I bought a lot of goodwill with the PiHole and Plex setups, actually. I have a dumb switch question that I haven’t been able to find an answer for, and I’m pretty sure I’m overthinking it, but I’m trying to figure out the optimal setup for what gets plugged into the switch. My router has 1 2.5 gbps port and 3 1 gbps ports. The unmanaged switch I’m grabbing has all 2.5 gbps ports. Most of my equipment has only 1 gbps NICs. My question is more about lan bandwidth than wan. Basically, do I lose anything if I plug the switch into the 2.5 gbps port, then plug everything into the switch, leaving the 1gbps ports on the router empty? Or would I be better off putting some of the machines on the 1gbps ports on the router to spread the distribution around? Like I said, I’m thinking more about lan data transfer than anything else. Like, do two machines talking on separate 1gbps ports free up the stuff on the 2.5 gbps switch, since they wouldn’t be using overhead on the switch to talk, or does it not really work that way? I think I’m conflating hubs and switches here, but what’s adding to my confusion is the router claims it can handle 6 gbps over WiFi. So does that mean the router can move that amount of data and the maximum capacity is limited per port(and thus there’s some benefit to using all the ports on the router), or is the WiFi maximum separate from the Ethernet ports, and it’s better to just throw everything into the switch that’s connected to the 2.5 gbps port on the router? This really feels like a stupid question but I can’t quite turn it over in my head.
|
|
#
¿
Feb 4, 2023 15:14
|
|
|
Appreciated, thanks everyone. I figured this was in practicality a rabbit hole but wasn't entirely sure if there was a good practice I was missing.
|
|
#
¿
Feb 4, 2023 18:11
|
|
|
Well, got the new machine onto the network. It's a refurbed HP SFF machine with an i7-8700. I threw 64 gigs of RAM into it, along with a raided set of SDDs for Proxmox with an nvme drive for VMs. I have another SSD I wanna drop in there for some extra storage but I need to get another 3.5->2.5 conversion kit. I also may grab a low-profile nvidia card for passthrough purposes just in case I ever need it. I feel I've overbuilt for my current use case, but my other hobbies are cheap so gently caress it. I migrated my VM that has all my docker containers over to the new machine and upped its resources, and I think I'm going to clone my PiHole VM to have a backup DNS on the network. I also picked up a refurbed APC UPS that I need to get configured. The next windmill I may tilt at is setting up some publicly accessible services for friends and extended family. I'm thinking stuff like a Foundry-VTT server, a hosted game server if those are still things, etc. I'm guessing the way to do that in a manner that doesn't expose my home network is either Tailscale invites with really specific IP/port access (did this with my wife for Plex) or a vlan that hosts the public-facing stuff? The latter is a very different ball of wax for me, so I'm not sure it's a path I want to travel just yet.
|
|
#
¿
Feb 11, 2023 17:51
|
|
|
CopperHound posted:That is a funny term for cramming a drive wherever it fits with double sided tape. The thought definitely crossed my mind. I've had a weird desire to not take shortcuts on these builds, which is wildly out of character for me. What's annoying is the bays in the HP are built with those rubber spacers in mind to make it easier to swap drives in and out, but also makes the conversion trays I got not work since they didn't come with those types of screws. In a three-quarter-assed move, I'll probably just slot in the conversion kit and drive. At least it'll be somewhat secure and it's not like I'm moving the machine around.
|
|
#
¿
Feb 11, 2023 18:50
|
|
|
Warbird posted:Got around to playing with Synology drive the other day after a year or two of not really caring/bothering and it’s pretty magical. Being able to have those files be local when I need them is a hoot on the laptop. A bit less so on the desktop as it’s hardwired in all the time and not hurting for storage, but still. I hope they get a Linux ARM build out soon so I can replace borg with it for my RasPi workstation backups. I really like it, too. It's great for shuttling reference files around different machines. I've been using pCloud previously but have slowly been moving over to Paperless-ngx with files stored on the NAS, and Synology Drive for separate use cases.
|
|
#
¿
Feb 17, 2023 20:46
|
|
|
If I were interested in starting to host some services on a machine that isn't in my house, how would I go about searching for guides? My thinking would be to use the domain I have for internal https certs and email, buy some hosting through dreamhost or whatever, and running some goofy poo poo like pastebins or an RSS reader that I don't have to Tailscale into. Just low risk stuff that if someone gets into the machine, they're not getting anything personal or valuable. Mostly I want to learn how to do it without exposing my home network. I'm just not sure if that's called anything special, so trying to figure out where to start.
|
|
#
¿
Feb 18, 2023 20:34
|
|
|
I started poking around in Linode's documentation and it's fantastic. Just looking at some of the basic security stuff, it really simplified some things that took me a lot longer to learn by reading from other sources.
|
|
#
¿
Feb 19, 2023 05:54
|
|
|
Yeah, I've been wanting try it out, but Synology Photos is covering me for my local backup. My latest project has been trying to make a switch over to desktop linux for my day to day poo poo. Frankly it's been harder than setting up everything else I've done over the past couple months. I finally landed on a KDE Neon to get the latest version of Plasma. It actually doesn't suck with the Nvidia proprietary drivers! I spent some time in Gnome but didn't like how closed off it felt without finding/adding a zillion plugins. I'd previously used Cinnamon on Mint and it was very solid but boring. And like 20 years ago I ran Fluxbox on a Debian unstable install, which made me feel like a linux hipster. Prior to this windmill, my last familial win was Tube Archivist. My kid now has "Plex Youtube" and it's not full of weird oversized families dressed as superheroes. (Why are all their kids blonde and why do they all look like the villains in Mighty Ducks movie?)
|
|
#
¿
Feb 22, 2023 23:15
|
|
|
I just have mine behind Tailscale, but I’m also thinking it’s time to reduce what the machine housing the media suite can do. It’s a Mac laptop that used to be a work machine, so there’s some baggage there to take care of. Beyond just ditching a bunch of apps and removing browser addons, maybe using ufw on my other network machines to block incoming ssh from its local IP? Not sure that’s enough. I’m on an asus router so I can’t easily vlan the thing.
|
|
#
¿
Mar 1, 2023 16:07
|
|
|
I have a synology NAS so I use their photo app, which works pretty well and has facial recognition. I still mirror to iCloud, though. The storage is cheap and it seems like photos are worth going overboard on in terms of backups. Immich is the hot app right now, though. I haven’t tried it but what I’ve read makes it sound like it’s gonna be awesome.
|
|
#
¿
Apr 1, 2023 17:10
|
|
|
Scruff McGruff posted:Also, I'm not sure if this is just because of how I have it configured but Wireguard lets me connect and then have regular access to my home network, Tailscale is device to device. You can do the same thing with Tailscale if you have a pihole set up. Their documentation assumes you’re running it on a Raspberry Pi but it works on anything that can run the software. I have it set up this way so I can access my home network remotely without having to run Tailscale on every machine. https://tailscale.com/kb/1114/pi-hole/
|
|
#
¿
May 10, 2023 14:52
|
|
|
I have a Hetzner instance that I have thrown some public facing stuff for a group of friends I play tabletop RPGs with (a wiki, FoundryVTT install, group scheduling software). I do it because I don’t like exposing my home network and I wanted to learn remote hosting. I think it ends up being $20/month and if someone gets past the firewall and reverse proxy all they’re gonna get is an info dump on a fake World of Darkness city and a relatively underpowered bot net machine.
|
|
#
¿
May 20, 2023 06:49
|
|
|
Yeah it tends to work pretty well. It’s a little wonky just getting your access key to install the software but not horrible. My main issue is the game we’re running has official support on Roll20 so we’re over there until I drag them all back to Cuberpunk Red, which has an amazing fan made module on Foundry.
|
|
#
¿
May 21, 2023 19:14
|
|
|
|
| # ¿ May 14, 2024 08:20 |
|
|
Yeah Proxmox rules. I haven't used a competitor to it, but even as a complete noob in the space, setting it up was as easy as following a YouTube video. I've got VM backups going to a Synology rather than a Proxmox backup server and it seems to be working well enough. When I retire my 5-year-old ~~gaming PC~~ I'm gonna toss Proxmox on it and add it to my two-machine cluster so I can finally play around with HA shenanigans. I figure it'll become the Plex machine if/when I retire my Macbook Pro from its current duties.
|
|
#
¿
Jun 20, 2023 18:09
|
|