What’s up, what’s down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
I finally finished my first iteration of my Minilab including a very smooth migration from the old server yesterday so I can go to the service side of things again. I plan to get some kind of selfhosters VPN for external access to stuff that’s not exposed to the internet, I’ll have to investigate which one.
Went through and verified that a number of things were backing up and updating correctly. I feel a little less weight on my shoulders knowing things are working as they should.
I recently setup a full matrix server. What I am currently worried about is my server. I am currently shopping for a used dual Xeon server. I am hosting close to 40 docker containers on 2 1 liter PCs with very low specs. I would love to bring it all in house to a single server with a separate NAD which I do have currently holding 60 terabytes of storage space.
I finally bought a tiny PC to replace my aging APU border router/firewall (OpenBSD), so I’m trying to wrap my head around building a router currently inside the network that it will be protecting.
I have Debian installed as hypervisor, Incus, and sticking with OpenBSD for the firewall.
pfmakes too much sense to me too switch to firewalld. I’ll also move the network-related containers off my main lab host once this is up and running.Configured changedetection.io to notify me when my usual bus is delayed or canceled.
Having electric stability issues this week in Bangkok - several 2-3 hour outages, which are too long for a UPS to cover the gap. I have several mid range but older PCs running docker, virtualbox, etc for various things including a postfix server for the family email, immich, QBittorrent, pihole, paperless, huly, postiz, a Minecraft bedrock server, a flightradar24 ads-b collector, and a variety of other homegrown projects.
Thinking about getting some or most of this over to a service like hetzner, perhaps even splurging on a baremetal dedicated system.
Recently I’ve been reading about/trying to learn qemu and proxmox, but don’t understand them yet. Is that where it’s at for managing a bunch of your own VMs? Or kubernetes/k8s?
I’ve been a little out of the loop for a few years and of course coming back up to speed IT wise judge take weeks. Looking for recommendations on offloading my home stuff to a cloud that I control.
K8S is a whole different approach and I find it to be a lot more complex, but you would not need virtual machines. If all your applications are running in containers anyways, you could consider it. Finding a good solution for persistent storage is probably the most important design decision.
Thinking about getting some or most of this over to a service like hetzner, perhaps even splurging on a baremetal dedicated system.
If I may, I find LUXVPS to be quite capable and responsive hosts.
Black Luxury Deal #1
4 vCores (Xeon Gold 6150) 26 GB DDR4 RAM 150 GB Raid 1 NVMe 1 Gbit internet speed | 40 TB Traffic 1x IPv4 1x /64 IPv6 3.2Tbit Premium DDoS Protection 24/7 Ticket Support 4 Backups For ONLY 10€/Mo (recurring)I’ve never used Hetzner, and I don’t know what you are hosting, but I’m sold on LuxVPS. I also use Contabo, and Ethernet Services. The latter would indeed be bare-bare-metal as there are no frills. However, for a test server and for $35 a year, it works.
proxmox
You will enjoy Proxmox. When you get it all jammy, check out the Proxmox Helper Scripts: https://community-scripts.github.io/ProxmoxVE/
Hey that’s awesome! thank you for the share. Planning to install proxmox this weekend and give it a try.
I’ve used a RV/Marine deep cycle battery attached to a UPS before, that would certainly give you enough for 2-3 hours on most setups.
Proxmox runs Qemu under the hood. It’s the current favorite for VM management.
I wouldn’t bother with k8s unless you’re deploying services in high availability, or groups of related containers.
Currently rewriting my homelab into terraform and adding some redundancies using cloud environments, in case of power outages or network issues.
I’m currently trying to figure out why my email server got blocked by Proofpoint and they refuse to talk to me. Really about ready to give up on email after self-hosting it for a decade with few problems.
Oh that sucks! One would think that after that long, it’d be somewhat established.
RIGHT?!
There is still the relay through the cloud route (SES, but also at least Scaleway)
Part of me thinks if I have to pay for a relay service, I should just pay for hosted email. But I’ve definitely been considering it!
Check RBLs a lot of times services just use one of those, and they can be flaky. Usually, you can fill out a form and get reinstated.
I’m not on any of those blacklists, luckily. I guess Proofpoint doesn’t publish theirs. At least iCloud and Gmail both use them. I saw one hint that they may require mail servers to literally have the word “mail” as the subdomain, so I’m working up the courage to mess around with my perfectly working DNS.
I am re-re-factoring my plans for homelab 3.0 and the migration to it. Hardware budget is non-existant so I am trying to figure out how to do everything with what I already own, while re-organizing to better use what I have to make some room. Adding a few sticks of RAM and replacing some older cat5 are all I will do this year.
For some reason Grafana started to sync roles with my IdP (google) and now my own user keeps getting a read only role, so I decided to take this opportunity to finally move away from google and start hosting keycloak instead.
It was a busy week so I could not get the time to finish it yet.
You may also have a migration path by hosting keycloak and add Google as an Identity Provider. Gives you much more flexibility and control this way
Thanks for the tip! I didn’t know that setup was possible.
Weirdness: My Authentik instance had a PostgreSQL upgrade prerequisite in order to update it.
I’d followed instructions 3-4 times completely unsuccessfully and had to keep reverting to backup.
So, I gave up for a couple weeks and left it be in order to get over my frustration.
Yesterday, I followed the instructions again. As far as I can tell, I did nothing different than I’d tried previously and it worked first try and then I was also able to upgrade Authentik.
NOTE: The instructions aren’t exactly difficult! So, I don’t see how I’d have gotten it wrong!
NOTE: The instructions aren’t exactly difficult! So, I don’t see how I’d have gotten it wrong!
Dude, don’t feel pregnant. It took me an embarrassingly long time to wrap my noodle around Caddy. Seriously, I just couldn’t grasp what was going on in the Caddyfile. Then, after extensive trial and error, I happened upon one tutorial that changed everything. Now it’s so simple for me, but at the time, I felt like a complete dumbfuck.
It’s always crazy how that happens sometimes and after weeks of banging your head, everything just ‘clicks’ when you’re exposed to the information in the way that works best for you!
Dude, don’t feel pregnant.
Context clues, I assumed this autocorrect was some variation of crazy/bad/dumb? :-D
was some variation of crazy/bad/dumb?
No, no, no. I wouldn’t call you crazy or dumb. It was meant as ‘don’t feel singled out’ or ‘don’t feel like you’re the only one’.
Sorry, I didn’t mean to insinuate you were being insulting!
“Don’t feel crazy/bad/dumb, I’ve had the same thing happen to me!” is a pretty common phrasing in my region to show sympathy and understanding and I thought that’s what you had meant (and it sounds like for your area, ‘pregnant’ serves the same general purpose!).
“Don’t feel crazy/bad/dumb, I’ve had the same thing happen to me!”
There you go. As far as ‘my area’ I didn’t grow up in the US or any particular area. I grew up around the world and multiculturaly, so there is no telling where I picked that up at. LOL
I’m still trying to get a good backup strategy. I am currently using Duplicati but I cannot get the before script execution to work. I will eventually look at Kopia.
What kind of hardware are you using for a mini lab? I want to switch from a raspberry pi 5 to a small form factor Intel based system so I can run Proxmox. I was looking at the Lenovo m920q or an Optiplex 79xx series machine.
Do you have any recommendations for backups or the hardware switch I mentioned?
If you do make a switch to Proxmox, then Proxmox Backup Server is where it’s at for backups. Its de-duplication feature is incredible. I backup all my Proxmox VMs/LXCs with it, as well as my non-Proxmox hosts (laptop, etc.), with
proxmox-backup-client.Personally, I’m using a few of those tiny Beelink PCs (a couple Mini S12 and an EQ12) with the N100 processor, as well as a couple larger rackmount PCs I built for situations where I needed to add an HBA or some other PCI-Ex device. I do recommend something like a Beelink before building, though - they run Proxmox fine, they’re inexpensive, efficient, quiet, and each one can run a handful of VMs.
Yeah, I heard about Proxmox backup and that sounds really nice. Love the idea of being able to take a snapshot before any major changes to a VM and then if it goes south restore from snapshot very quickly.
I use cron schedules to run scripts that backup my important stuff to s dedicated backup drive, then copies the backups to a different external drive, then upload the backups to a dedicated backup cloud storage account. Then it deletes any backups older than a month.
I don’t know Duplicati or Kopia, im mostly just using VM snapshots as backups. I store them in an NFS Share on my NAS.
I just posted my Minilab, check my history - I’m also using tiny Lenovos. m920q should be able to do anything you want it!
Have a look at Backrest for Restic. It works great with pre/post scripting and supports healthchecks for monitoring status and stats.
Also is a nice easy to use WebUI which is great for servers.
I’ll look at this again. I had it before and did not stick with it though I don’t remeber why now.
I finally dealt with the AI scrapers hammering my Forgejo instance - https://jade.ellis.link/blog/2025/05/18/actually-stopping-forgejo-ai-scraping Hopefully next week I’ll be able to get back to actually programming Continuwuity rather than fighting fires.
Anyone have a good guide on setting up a reverse proxy that works with tailscale? Not sure if there’s anything specific I need to keep in mind or if it would just be setting up the reverse proxy like normal. Thinking of using either traefik or caddy.
You can restrict Caddy access to use your tailscale. For instance in your Caddyfile:
For tailscale ip range:
myverycoolserver.duckdns.org { @allowed { remote_ip 100.64.0.0/10 # Allow Tailscale IP range } respond @allowed 200 # Allow access respond 403 # Deny access for others reverse_proxy localhost:YOUR_SERVICE_PORT # Your service configuration }For specific tailscale IP:
myverycoolserver.duckdns.org { @allowed { remote_ip YOUR_TAILSCALE_IP # Replace with the specific Tailscale IP } respond @allowed 200 # Allow access respond 403 # Deny access for others reverse_proxy localhost:YOUR_SERVICE_PORT # Your service configuration }Might look into the pangolin project if what you’re trying to do is expose services from your home network over wireguard to a reverse proxy on a vps.
The software suite is basically wireguard, traefik, and auth middleware wrapped in a trenchcoat. Much simpler than rolling your own implementation, but there has been recent controversy with the project over locking “basic” existing features behind a paywall after the project got popular, though after public backlash they’ve backpedaled on that iirc.Edit: Just realized you said tailscale. Above recommendation might be a deal breaker depending on your reason for wanting tailscale specifically
All good, thanks for the recommendation. I’m using tailscale as I currently don’t want to expose anything over the Internet and also don’t mind tailscale being a freemium service. I might still look at pangolin just to expand my knowledge.
You’re gonna need to provide more detail on what you’re trying to do
I have caddy on a vps that serves as a tailscale exit node and also reverse proxies over the tailnet. My pfsense router is also in the tailnet and exposes some subnet ip addresses to the tailnet. So for example I have public domain watch.example.com hits my caddy and gets proxied to internal IP 192.168.31.48 which is my jellyfin docker.
It should be the same setup regardless if you’re using a VPN or not.
Having used both I generally prefer traefik.
DOWN:
I’m currently fighting with my OliveTin config file. I added a simple new config for a button action and ylthe whole thing just shit the bed. Now OliveTin won’t load at all. Even after removing the new config. Stupid yaml.
UP:
After reading the Jellyfin docs and their Hardware Encoder Quality section which states
Apple ≥ Intel ≥ Nvidia >>> AMD*
I decided to spin up a test server on the m1 mini that’s been sitting unused in my basement for a couple of months now to see if I can get better performance out of jellyfin on the m1 vs where it’s running currently, which is on an i7 Intel that’s going on 10ish years old now.
I also spun up baserow and directus containers to see which one I want to use for my database needs.
A couple things I’ve been working on
First, I spun up a larger VPS to consolidate two smaller ones. This time I dockerized almost everything. Still a docker newb, but karakeep, redmine, mbin, lemmy (still deciding which I want), davical. Asterisk and postfix/dovecot are probably gonna stay on the vps root. I’m using zfs and compression. Interestingly, the postgres database that everything is using seems to get better compression than the mail spool.
A couple weeks ago I picked up a NetApp 7 bay disk shelf for $30. It uses fibre channel (AT-FCX) controllers and I’ve never used that before. I grabbed a $7 FC HBA (QLE2560), a 2m cable and an m2-to-PCIe adapter meant for an eGPU. The idea is to see if I can’t get the RK3588 board I’m playing with to see it. I did something similar with a $50 Dell 12 drive bay and my old C6100.
