A simple question to this community, what are you self-hosting? It’s probably fun to hear from each-other what services we are running.
Please mention at least the service (e.g. e-mail) and the software (e.g. postfix). Extra bonus points for also mentioning the OS and/or hardware (e.g. Linux Distribution, raspberry pi, etc) you are running on.
I host:
Fedi servers
- lemmy.world
- mastodon.world
- calckey.world
- pool.social
- musicworld.social
- akkoma.nl
- ruud.social
- fotofed.nl
- fediland.nl
- blog.mastodon.world
- play-my.video
Software I use
- Nginx Proxy Manager
- Portainer
- Kimai
- Xwiki (3 of them)
- Cryptpad
- Grafana
- Hedgedoc
- Matrix/Synapse
- Thelounge
- Vaultwarden
- Gitea
- Nextcloud
- Paperless-ngx
- Zabbix
- Zammad
Probably forgot some…
My long and mostly complete list:
- Audiobookshelf (GH)
- Using for audiobooks. Ebooks, comics, and podcast support in early stages.
- Authelia (GH)
- Using for two-factor authentication in front of all of my services. Critical infrastructure.
- Bazarr (GH)
- Using for automated subtitle management. Have not needed to rely on it much.
- Code-Server (GH)
- Using for a plethora of things. I could write an entire post on this alone.
- Courier
- Using (occasionally) for package-tracking from various carriers.
- EmulatorJS
- Using for retro-emulation.
- Gitea (GH) x2
- Using as a git repo server, package repository, and for CI/CD automation. Is critical infrastructure in my lab. Could also write an entire post on this one.
- Headscale with Headscale-UI. Tailscale clients on various VMs LXCs, etc.
- Using to securely network with my remote servers.
- Homepage
- Using as a “single-pane-of-glass” to get an overview of service health with links to the various services.
- Invidious
- Using in-place of YouTube.
- IT-Tools (GH)
- Using for the myriad of various useful tools it offers.
- Jellyfin (GH)
- My media player of choice. Using for movies and television, but supports music, ebooks, and photos in addition.
- Kopia Server (GH)
- Using for data backups to my Minio instance on local NAS and Wasabi. Simple, fast, and reliable.
- Librespeed (GH)
- Using for the occasional speedtest to my remote servers.
- Matrix stack using Conduit back end and Element-Web front end
- Federated Discord essentially. Using as a private instance for friends and family.
- Minio
- Using primarily as a gateway to storing backups, also serves git-lfs for Gitea.
- N8N (GH)
- Using for home-automation, backing up my Reddit saved posts to a database, deal-alerts, and part of a CI/CD pipeline.
- NTFY (GH)
- Using for infrastructure notifications mostly. Very simple and versatile alerting solution.
- NZBGet
- Using for getting “usenet articles”.
- Paperless-NGX
- Using for document archival. Important receipts, documentation, letters, etc. live here.
- Portainer (GH) with multiple agents on VM’s LXCs and VPSs
- High level management of my various docker containers.
- Prowlarr
- Using to provide torznab API to websites that dont natively have it. Integrates with Radarr and Sonarr
- Radarr (GH)
- Using for movie management.
- Radicale
- Using for contacts and calendar server.
- Raneto (GH)
- Using as a knowledge base. Lab documentation, lists, recipes, lots of things live here. Using with with code-server and Gitea.
- Readarr (GH)
- Using for book management
- Recyclarr (GH)
- Using for Radar and Sonarr to sync search terms for their automations. Very useful, hard to summarize.
- Requestrr
- Using (very rarely) as a requests bot for Radarr and Sonarr.
- SFTP-Go
- Using mostly in-place of Nextcloud. Used to back up phones mostly.
- Shaarli (GH)
- Using as a read-it-later service. Went through lots of these, and Shaarli has been good enough.
- Singlefile-Archive
- A hacky way of presenting pages saved with the singlefile browser extension. Not exactly happy with the solution, but for my ocasional use it does work.
- Sonarr (GH)
- Using as TV series manager
- Speedtest-Tracker (GH)
- Using to get periodic speedtests. Plan to automate results to blast my ISP if my service speed gets too low.
- Traefik (GH) on each seperate host
- Using as a web proxy in front of my various services. Critical infrastructure.
- Transmission (GH)
- Using to get “Linux ISOs”
- Uptime Kuma (GH)
- Using to monitor site and services status along with a few others. Integrated with NTFY for alerts.
- Vaultwarden
- Using as my password manager. Have been using for years, cannot recommend enough.
- A handful of static websites served with NGINX
- The old standby, its been reliable as a webserver.
These services are the result of years of development and administrating my lab and while there is still some cruft, it’s mostly services that I think have real utility.
As far as hardware:
-
Running pfsense on a toughbook laptop as a router-firewall.
-
A SuperMicro 24 bay disk-shelf with Proxmox and ZFS for NAS duties and a couple services.
-
Lenovo Tiny boxes with a Proxmox cluster for the majority of my local services.
-
Dell managed switch
-
A few Raspberry-pi’s with Raspbian for various things.
-
Linksys AP for wifi
Edit: Spelling is hard.
- Audiobookshelf (GH)
Oh my jesus, does this thread really have 400+ comments
Edit: respectfully as an atheist
Ubuntu server(Xeon CPU E5-2650 v4 with 86 GB Ram) running k3s(My home server):
- App-daemon(Used with home assitant for more complicated automation)
- Bazarr
- Browserless(Currently used for rendering js pages for huginn)
- Dpaste
- Filerun
- Homeassistant
- Homer(My dashboard)
- Huginn
- Jellyfin
- Kaizoku(For downloading manga)
- Nzbget
- Nzbhydra
- Ombi
- Paperless
- Photoprism
- Pihole
- Plex
- Prowlarr
- Radarr
- Scrutiny(For checking my drives)
- Sonarr
- Qbittorrent with vpn
- Wiki.js
- Christmas-Community(Wishlist)
- ZwaveJS(For homeassistant)
2 Ubuntu servers running k3s(VPS used for my infrastructure services)
- Keycloak
- Offical docker registry
- Bitwarden
- Gitea
- Headscale
- Healthchecks(For checking backups)
- Uptime-kuma - Hashicorp vault
Infrastructure services runing on all servers:
- ArgoCD(For deploying everything on k3s)
- Longhorn(For storage)
- Vault-secrets-operator(For getting secrets from vault into k3s)
- Traefik(My reverse proxy)
Lastly I’m hosting Lemmy on a leftover VPS, that I hadn’t used in a while. Might move to a bigger server though.
I was not familiar with App-daemon. Can you share what type of automations you are achieving that are not possible with home assistant alone? Thx
I don’t think App-daemon can do automations, that homeassistant alone can’t. I just think it is simpler to manage more complicated automations in App-daemon, since I can script the automations in python.
I don’t think that App-daemon can automations, that homeassistant alone can’t. I just think it is easier and simpler to create more complicated automations in App-daemon, since I can script everything in Python.
I don’t think that App-daemon can automations, that homeassistant alone can’t. I just think it is easier and simpler to create more complicated automations in App-daemon, since I can script everything in Python.
As an offensive security worker… I can’t help but read people listing out their attack surface 😂
My RISV-V server (I have removed all binary blobs and have no closed source code ofc) is airgapped inside a Faraday cage.
For security reasons I never turn it on.
I like how you think.
All my deploys are written in binary on a stack of index cards that we then burn, put in a zip lock bag, encase in concrete, surround in a welded closed steel box, and throw in the Mariana Trench. The documentation sucks though.
Nah, it’s all safe, it’s in containers
</s>
I’m not sure the list is really that big of a deal for a home gamer. They’re probably more in danger from their choice of home audio appliances and that microwave that has been sitting on their network for 10 years which no longer gets updates. Or that 2019 Plex server they have put forwarded straight outside.
It’s actually one of my beefs with containers, You can’t keep track of The versions for everything and you’re at the mercy of the maintainers to keep individual packages updated.
deleted by creator
It was meant more as a joke than criticizing hosting your own services. I personally have a VPN with MFA, and services that I host for my self that are segmented to a paranoid level (home camera system on own vlan, restricted from being able to reach any other vlan or the Internet, etc) with a deny all and explicit allows on per host and traffic type. The amount of work that went into building the network is probably overkill, and it is still susceptible to nation state and supply chain compromise but hopefully whoever gets in will curse me if they try to move around the network.
Realistically, every added service and host is added attack surface and chances for misconfiguration \ supply chain attack, but being alive is a risk too…
I’m guessing system admins and dev op is over represented here so some of our home networks may be targeted as a path into a corporate environment, but I’m guessing the chances are low. Sadly even the most secure networks are not an impossible target. The attackers are well ahead of defenders of networks. Attackers need exceptions, while defenders need everything perfect. Much harder to accomplish.
deleted by creator
For best practice, my personal recommendation would be to not have any service public facing besides a VPN that requires MFA. segment self hosted services into separate VLANs based on how sensitive the content is. Disallow all traffic between VLANs unless required and only allow based on port number, specific resources needed. Don’t forgot to disable outgoing Internet access unless required. Devices like Chinese made video cameras should never have an Internet connection.
My network looks something like: home vlan, work vlan, Netflix \ hulu streaming devices, cctv, wireless work, wireless home, wireless guest, iot, servers, network management. Would be way overkill for vast majority of people, but I would be hypocritical not to considering what I do and I do have a different threat profile than most.
Another thought: self hosted through VPN with MFA and nothing public facing is probably safer than cloud as long as you have cold backups.
A lot of them are likely behind wireguard. At least, I hope a lot of them are.
You’d hope, but I have a few friends who simply port-expose their media servers.
I guess it could be worse if they had ssh exposed.
I’ll have to disagree with you there. SSH is super well maintained and understood, and massively useful for the risk you do run. Who knows what’s going on with all the random projects people are hosting. I’d rather have SSH exposed than almost anything else.
What would you do to provide access to some less tech savvy friends. I’m thinking of dropping a SBC with wireguard and a proxy onto a friend’s network, that way everything is under my control, and I can lock down the wireguard connection however I want, but I haven’t gone down that route yet.
I was thinking more along the lines of simply thowing up a port to SSH into. No Fail2Ban and no keys, just a password.
I would just containerize and reverse proxy, but I understand the hesitation, wireguard would be preferable.
AMD EPYC 7B12 / 256GB RAM / Supermicro H12SSL-i / 4x2TB Samsung 980 Pro in ZFS RAIDZ-10
Total overkill for what is currently running on it. But who knows what the future brings.
Current:
Docker-based
- Portainer
- SabNZBD
- Radarr
- Sonarr
- Prowlarr
- Gotify
- Jellyfin
- Bitwarden
- Paperless NGX
- Watchtower
As a VM in Proxmox VE
- KASM workspaces because it’s really cool
- Random Windows 11 VM attached to KASM for some remote work
- Random Windows Server 2022 to play around with
As an LXC in Proxmox VE
- Ubuntu-based SSH jump-host
- Ubuntu-based Unifi-controller
- Ubuntu-based crowdsec concentrator
Part of my Reddit exodus plan was to get serious about my RSS setup.
I’ve settled on:
- FreshRSS as my feed manager (supported by Reeder app in iOS and MacOS)
- FiveFilters Full Text extractor
- rss-proxy site scraper
I may experiment with some replacements for rss-proxy, as I’ve run into a couple sites it doesn’t scrape well, but FreshRSS and FiveFilters have been smashing successes.
My lemmy instance :)
I used to self-host email with email and postfix, but I gave up with the amount of spam coming my way and moved to Proton
Currently all LAN only, still in the experimental stage finding out what’s useful/preferable to me and what I want to keep:
KEEPING
Pi-Hole - ad/malware/tracker blocking
Portainer - Easy Docker
Syncthing - Sync folders between devices
Planka - Kanban board
I.T. Tools - Handy I.T. Tools
Bookstack - Personal documentation
Mealie - Recipe manager/meal planner
Jellyfin + usual accompaniments - Media Management
Navidrome - Music library
Changedetection - Stock monitoring
Gotify - For push notifications from other apps
Filebrowser
That Word Game ;)UNDECIDED (may swap for alternatives or just remove)
Organizr - Homepage
Jump - Homepage
Homepage - Yup, another homepage!
Linkding - Bookmarks
Shiori - Pocket replacement
Etebase - CalDAV & CardDAV
Whoogle - Google without the crap
Photoprism - Photo management
Libreddit (not being used now!)
QBittorrent - for Linux ISOs
Uptime-Kuma (for when I do open a few services to family)
Ryot (beta) “Roll Your Own Tracker” - Media TrackerPLANNING TO ADD
Reverse-proxying (likely NPM) + Security (Fail2Ban, Autheilia?)
Audiobooks
Comic book management
Translation service
Document manager
Home Assistant on its own Pi4 when I can get hold of one- Nextcloud
- Mumble
- Mail (postfix/dovecot), though I regret that I did, cause running your own mail server is a PITA
I run an I2P instance and I’m starting to look at Plex. I wonder if those can be combined.
Thanks for running one. I ran an instance for over a year, but I stopped when I switched to a different home server that has less uptime.
Seems to be doing a good job. Around 3TB transferred over the last 50+ days. I’m happy that I don’t have a metered connection.
That seems about right. Mine was transferring between 500G-1TB per month.
Raspberry Pi 4B
- OS: Raspberry Pi OS Lite 64 bit
- Pi Hole (Ad block)
- NextCloud (File access)
- Home Assistant (Automation)
- Paperless NGX (Document management)
- Apache/Php/MariaDB (Web server)
- Jellyfin (Media streaming)
- Plex (will be removed once happy with Jellyfin)
- Sonarr (Show locator)
- Radarr (Film locator)
- Bazarr (Subtitle)
- Deluge (Torrent client)
- Jellyfin - Media streaming type app - basically use it for movies/shows and pictures.
- Joplin - Note taking app
- Syncthing - Sync for phones to PC for backing up pictures
- Miniflux - RSS reader
- Minetest - FOSS Minecraft voxel engine
- Veloren - FOSS Cubeworld game written in Rust
- GoToSocial - Microblogging server - aka Twitter/Mastodon
- Semaphore - Frontend for GoToSocial
- SearXNG - Search engine
- Conduit - Matrix server - chat
- Libremdb - IMBD frontend
- Invidious - Youtube frontend
- Nitter - Twitter frontend
- Libreddit - Reddit frontend
- Rimgo - Imgur frontend
- Proxitok - TikTok frontend
Failed to get working:
- Mobilizon - FB groups type alternative
- Peertube - YT alternative on the Fediverse
- Lemmy - Tried for a day and just couldn’t get it working. Found out there are issues with Rocky Linux and Lemmy that broke about two months ago but no further work was done it. I’ll try again someday.
- Matrix Synapse
- Paperless-ngx
- MediaTracker
- Lychee
- Immich
- AudioBookShelf
- Baikal
- Monica
- Nextcloud
- Calibre-web
- Piwigo
- Pinry
- Prosody
- Shaarli
- Wallabag
- mygpodder
- Peertube
- Mealie
- Mastodon
- Firefox sync
- Seafile
- Dokuwiki
- The Lounge
- Redmine
- Gitea
- Castopod
- Portainer
This assortment is run under a combination of Proxmox LXC containers, docker containers, and Yunohost. Mostly I use it to play around, but most are heavily used by my wife and I. I’m planning to rebuild everything and making things more “official”. Looking to convert from a “lab” to actually making it “production” with solid failure routes and backups. I am looking to move anything currently under Yunohost to docker/lxc and to start making use of podman. Recently saw CosmOS and think it might be a good alternative to portainer.
Hardware:
- Node 1: Lenovo m93p tiny with 16GB RAM and 250GB SSD - Proxmox
- Node 2: Lenovo m93p tiny with 16GB RAM and 250GB SSD - Proxmox
- Node 3: Gigabyte Brix with 16GB RAM and 500GB Sata SSD, 128GB m.2 SSD - Proxmox
- Node 4: Trigkey Green G3 with 16GB RAM and 1TB Sata SSD - Proxmox
- TPLink managed switch
- TerraMaster 2-bay NAS with 2x 2TB HD (NFS host for containers)
- Synology ds220j NAS with 2x 8TB HD (backup of home desktops, laptops, cell phones, and lab systems)
You’re doing that as a full-time job, right?
LOL
No, just a hobby. Been playing around for about a year. It started small with an old mac mini and Yunohost. Then I decided to play with Proxmox and bought a used m93p. Then I read about Proxmox clusters, so I got another m93p. I was going to use the mac mini in the cluster, but it was getting too slow, so I bought the Brix. Then I decided to migrate the Yunohost setup over to a VM in Proxmox. Then I figured I should learn a bit about docker. And it spiraled.
I spend maybe 10-12 hours a month on installation and configuration. I spend way more time using it. A couple of weeks ago I spent about 15 hours over the weekend importing/uploading my audiobooks into AudioBookShelf. Last year I spent several weekends getting my Calibre library in shape and moving it to the web.
I figure this is a much cheaper and safer hobby than drinking.
- tinyRSS
- paperlessNGX
- homeassistent
- navidrome
- spamassassin
Are you running your own mail server? I only ever integrated Spamassassin with postfix.
Currently not, I’m using the SMTP+IMAP service from a hosting provider and my Spamassassin classifies all Mails in that inbox. The anti spam solution they provided was not sufficient.
Do you recommend this email provider? Lots of people looking to get off gmail lately.
It is Hosteurope. Yes I can, works well for me since years without having complaints.