Initally some local site, then I transferred to GoDaddy, then to OVH (since GD is shit). One is still at Cloudflare (tried to move there, but they don’t support al TLDs that I use, like “.eu”).
For DNS I use Cloudflare. They provide a layer of privacy, i.e. your server IPs don’t get exposed directly.
I recently started using https://github.com/immich-app/immich
It’s basically a self hosted Google Photos and it’s working really well. You can just mount your heap of photos into the container, declare it as external library and you’re good to go.
After a few hours/days of training the face recognition, extracting meta data, generating thumbnails ans possibly transcoding videos you’ll have a very responsive and easily searchable timeline of ALL your pictures and videos.
VPN limiting your bandwidth? Sounds like a CPU issue. You’ll be surprised how much CPU overhead it takes to encrypt and decrypt traffic at such high speeds.
One warning, though: After moving, you’ll probably need another Google account again, to use the Play Store… it sucks.
I did as well, but then I went Microsoft and never looked back. Google’s platform still feels like a shitty startup with missing stuff everywhere, compared to Azure (or AWS).
The only thing I’m missing is Google Photos, but there are self-hosted alternatives out, that I’ll try soon.
I mean, they kill services willy nilly. Sure Gmail will probably survive, but the rest drove me away (Reader, Music, …).
Regarding your Android purchases: At the time of my move I went through my list of apps I bought and tallied the ones up, that I still used. It was less than $50 of repurchases.
Don’t let those old purchases hold you back. Cut this old baggage loose.
Do NOT self-host email! In the long run, you’ll forget a security patch, someone breaches your server, blasts out spam and you’ll end up on every blacklist imaginable with your domain and server.
Buy a domain, DON’T use GoDaddy, they are bastards. I’d suggest OVH for European domains or Cloudflare for international ones.
After you have your domain, register with “Microsoft 365” or “Google Workspace” (I’d avoid Google, they don’t have a stable offering) or any other E-Mail-Provider that allows custom domains.
Follow their instructions on how to connect your domain to their service (a few MX and TXT records usually suffice) and you’re done.
After that, you can spin up a VPS and try out new stuff and connect it also to your domain (A and CNAMR records).
A self-hostes RSS reader? Probably the ability to read your stuff from anywhere without installing something. Like on your work PC… ;)
Media Server? No content backup at all.
If you lose everything, just download new stuff you want to watch, or redownload a few TV series/movies.
Music? There are streaming services.
Only backup configurations and maybe application data, so that the reinstall will be easy. Those few kB/MB could sit anywhere. I’m using GitLab for this purpose.
Edit: Images! If you have your photos on there, back them up! They can’t be replaced!
I have had this issue for about a year, while trying different monitoring and logging solutions to try and find out what’s going on.
This was such a bitch! Now I’m spreading the word, so that other won’t suffer as long as I have.
Hahaha! I’m keeping this typo 😂
Do you run your PiHole on top of Docker? There’s an issue with docker and Raspberry Pis which makes the network crap out periodically. So if your PuHole becomes unavailable until you restart your Pi it might be this:
https://github.com/raspberrypi/linux/issues/4092/
Solution is to add “denyinterfaces veth*” to the dhcpd.conf
Why not renting a few machines and virtualizing yourself? Can you install ESXi on a Hetzner server?
Oh man, that’s actually really good advice! I recently switched to Vaultwarden, but you’re right: If my server goes down, I can’t even restart it, because the password for my account is in there! Damn! Close call!
The thing is it’s not really a “documentation” but just a collection of configs.
I have organized my containers in groups like you did (“arrs”, web server, bitwarden, …) and then made a repository for each group.
Each repository contains at least a compose file and a Gitlab CI file where a aimple pipeline is defined with basically “compose pull” and “compose up”. There are alao more complicated repository where I build my own image.
The whole “Git” management is really transparent, because with Gitlab you can edit directly on the platform in a hosted VSCode environment where you can directlY edit your files and when your satisfied you just press commit. I don’t do weird stuff with branches, pushing and pulling at all. No need for local copies of the repository.
If you want to fulltext search all your repos, I can recommend a “Sourcegraph” container, but use version 4.4.2 because starting with 4.5.0 they have limited the number of private reositories to 1. But this is something for later, when your infrastructure has grown.
I’m defining my service containers via GitLab and I deploy them via tagged and dockerized GitLab Runners.
If something fails, I change the runner tags for a service and it will be deployed on a different machine.
Incl case of a critical failiure, I just need to setup a Debian, install docker, load and run the GL runner image, maybe change some pipelines and rerun the deployment jobs.
Some things aren’t documented well, yet. Like VPN config…
Ah yes, my router is able to access GitLab as well and pull the list of static routes etc. from it.
I learned a lot from the tutorials of https://ibracorp.io/
You’ll find rather advanced things there, but they are easy to follow and well explained.
Oh, I like that! Awesome, thank you!
Could you elaborate on this please? Isn’t cloudflared a tunnel INTO the machine running a service? Can you use the same tunnel for outbound traffic as well?? Where does the traffic end up? How does this work?
Have a look at GitLab.
I’m doing the same thing you are doing, but automatically. I have a repo per app and a few GitLab runners connected on my Raspis/servers. Everytime I push a change, the shell runner runs the commands configured for the pipeline. I don’t have to lift a finger after changes.