Hi, I’m looking for some recommendations, mostly looking for pointers of where to go and look at/research stuff as I have no idea what is good and what is just well advertised.
Intro: I have finally entered the world of (almost) Gigabit internet, which is opening up options with what I can host.
I currently have:
- Pi hole on an actual RP (will probably remain there because its easy)
- Inbound Wireguard VPN on my old router (will stop working when my old ISP stops service) EDIT: my new ISB gave me a router, but it doesn’t have VPN functionality
- Foundry VTT that I run up on my gaming machine when needed
I will probably also be upgrading my gaming PC in the next few months, so my current rig will probably be put behind the TV to use as a server and for couch gaming.
Info/recommendations I would like:
- VPN software (I want to VPN INTO my network) My goto would be wireguard, is that still a good option? (I assume I just port forward the VPN ports to the server?)
- Private cloud/File server: I both want to be able to occasionally (but permamently) host files publicly, but still have the main store be available on the local network only. Is that going to be two pieces of software, or just one?
- Is a local video streaming app actually useful for a rare watcher of movies etc, or can they be streamed directly from the file server? its something that I see a lot of people talk about, but don’t really understand why…
- Is Docker the way to go for everything? or just install on the machine directly?
- Piracy VM - Enabling the virtualisation stuff for Docker mostly breaks virtualbox (at least on windows) any recommendations for how to nicely run a VM alongside docker (if that’s the recommendation)?
- Should/Could I be hosting anything else? Foundry will probably be on there. I don’t feel like I have a use for smart home stuff, so home assistant wouldn’t be much use etc.
- Should/Could I be hosting anything else? - If you deal with a lot of paperwork, paperless-ngx and paperless-ai are very good for managing it. I bought a good scanner (edit: it’s a ScanSnap iX1600) and have been digitizing a bunch of paperwork. I feel like a proper adult now lol - Maybe something for recipe management - Mealie or Tandoor? - Audiobookshelf for audiobooks and podcasts. - Healthchecks and Uptime Kuma for monitoring and alerting when things go down. - What scanner do you have? My biggest hurdle in making real use of paperless revolves around the annoyance of using a flatbed that’s not within arms each of my desk lol - ScanSnap iX1600. I bought mine from B&H: https://www.bhphotovideo.com/c/product/1615326-REG/fujitsu_pa03770_b635_scansnap_ix1600_document_scanner.html. There’s two scanners that usually get recommended for paperless: this one, and a cheaper (but not as nice) Brother one. - It’s a really compact unit - smaller than I thought it’d be! You can put up to 50 sheets in the feeder and it scans them all, on both sides (no need to manually flip the pages). Can scan 40 pages per minute. - I’ve combined it with ASN (archive serial number) QR code stickers for documents that I need to keep a physical copy of. I’m using Avery 5267 stickers + Avery’s online designer site to design and print them. If I need to keep a physical copy of the document, I stick a sticker on the document, scan it, and Paperless automatically detects the QR code and sets the ASN. Then I keep all the physical copies in a binder, ordered by ASN. If I need to locate a physical document, I find it in Paperless, check the ASN, then go to the right document in the binder (easy to find the right place since they’re all in order). - There’s just a few minor issues with the scanner, but otherwise it’s perfect: - It was a bit expensive, at $400 in the USA.
- You need a Windows or MacOS system to do the initial setup. Setting it up is done through a desktop app rather than through the touchscreen on the device.
- Some of the options need a computer connected to the scanner via USB, or signing up to their cloud service. However, it does support scanning to a SMB share without a computer connected, which is all I needed. I have my paperless-ngx “consume” directory shared via Samba. You just need to delete the default scanning profiles and add a network scan (SMB) one.
 - For everybody, who hasn’t that much of paperwork: I’m kind of doing the same, but without barcode stickers. Just scan the document into paperless and then stick it in a box or a folder. If you need the physical document sometimes in the future (which you won’t), paperless of course has the date of the scan / date of the document available. It then it quite easy to take your chronolocical sorted documents and find the one that came in on 2023-04-14 
- Interesting approach with the ASN — haven’t started using that feature yet. If I understand correctly, you add a QR ASN to each document you need to keep a physical copy of? And that sticker also has the ASN in human readable form? So you would then add many documents at once to the feeder, and Paperless will read the QR and also split documents whenever a new code appears? - What about documents you don’t want to keep physically? Is there a way to get Paperless to split them automatically as well if you add many to the feeder? - And that sticker also has the ASN in human readable form? - Yes! They look like this:  - So you would then add many documents at once to the feeder, and Paperless will read the QR and also split documents whenever a new code appears? What about documents you don’t want to keep physically? Is there a way to get Paperless to split them automatically as well if you add many to the feeder? - Paperless supports two different splitting methods: - If it encounters an ASN QR code, it’ll split at that point and keep the page with the barcode
- If it encounters a special barcode that’s used as a separator sheet, it’ll split at that point and delete the page with the barcode. By default it looks for a “Patch T” barcode, and you can a page with a Patch T barcode from https://www.alliancegroup.co.uk/patch-codes.htm
 - so all you need to do is have a “Patch T” page between each document and it’ll split them automatically. - Docs: https://docs.paperless-ngx.com/advanced_usage/#document-splitting - I’m also using - paperless-aito automatically tag and set a title for scanned documents. Very useful. I’d love to run my own AI locally using ollama, but I don’t have good enough hardware so for now I’m using Google’s Gemini 2.0 Flash. I trust Google’s privacy policy far more than OpenAI’s, Google Gemini is very cheap, and if you use the paid version they don’t retain any of your data nor use it for training.- Thanks, this sounds really useful. Patch T sounds like some manual sorting work, but I guess with the option to reuse those separator pages it is still better than manual splitting or - worse - single scanning. - I haven’t looked into paperless-ai yet, but I hope my machine would be beefy enough for this task — worst case I guess it might take a little longer to process all docs. - Now I only still need to decide on a good archiving method. I read some article a long time ago about the pros and cons of different document archiving methods used by professional archivers. Some prefer horizontal stacking in boxes, while others prefer vertical stacks in vertical boxes. Pretty interesting nerdy topic 😀 - I haven’t looked into paperless-ai yet, but I hope my machine would be beefy enough for this task - You need a GPU with a decent amount of VRAM to get LLMs working well locally. I don’t have a new enough GPU to be useful - my server just has the Intel iGPU, and my desktop PC only has a GTX1080, which is from before Nvidia added Tensor cores for AI. - Thanks, I’ll look into it. For completionists: This is the article about how to properly archive paper: https://peelarchivesblog.com/2024/09/10/how-do-archivists-package-things-the-battle-of-the-boxes/ 
 
 
 
 
 
 
 
- Docker + Caddy (for reverse proxy) fits most use cases IMO. I really like this person’s approach: https://github.com/DoTheEvo/selfhosted-apps-docker. They use Docker networks to avoid unnecessary port mapping - it’s a very clean method. 
- I have documented my journey here: https://wiki.gardiol.org/ - On short, rent a vps and setup wireguard, then start self hosting everithing you can put yours hands on!! - That’s some nice documentation - way overkill for what I need though. - Out of interest - Why is the VPS required, and why the mention of a non residential IP address? Could that not all be hosted locally if your ISP has given you a static IP address? - The VPS is required specially if you, like me, are behind CG-NAT with no way to escape from it. Using a VPS (or any other kind of server with a public IP). Using a VPS is the cheapest option… - residential IPs can be blocked for ports like 80, 443, 22 and the email ports in general (25, etc), using a non-residential IP could give a better experience. Moreover, even if not behind CG-NAT, having a public static and not-changing IP is a good advantage. - Everything is hosted locally! the VPS is only a tunnel between internet and the home server. 
- Advantage of a VPS over home server is uptime. - Also, it’s on a higher quality, faster network (a lot of VPS providers use either 10Gbps or 40Gbps networking these days) and more reliable, newer, enterprise-grade hardware. 
 
- You can host it at home. Most IPs are not static but for some reason mine hasn’t changed in half a year. If it changes often you can use duckdns. - I’m paying for a static IP (and to get off cg-nat) - I just have a free oracle server that I use with wire guard to access my home server. - Aka oracle server acts as a public facing server that relays traffic to my server. Im behind a cgnat btw and it works fine. 
 
 
 
 
- I used to use Wireguard, but Tailscale is a lot easier and has a lot of useful features. Tailscale is built on top of Wireguard but automates all the configuration - all you need to do is install it and log in on all devices. It handles NAT traversal using techniques like UDP hole punching, so you don’t need to configure port forwarding and it works behind firewalls. - What do you want to run in a VM that can’t run in Docker? If you’re using a VPN for torrents or whatever, you can easily use Gluetun and configure the Docker containers so that only done of them use Gluetun’s VPN connection, while the other containers directly connect to the internet. - I like Unraid. It supports Docker, VMs (via KVM), and Linux containers (via LXC), and has a nice UI to configure them. It’s a paid piece of software, but works very well. Proxmox is also very good and free, but it doesn’t directly support Docker. - What do you want to run in a VM that can’t run in Docker? - a VM with torrent client and a killswitched VPN was the easiest way to get a secure setup. also meant if it ever got virused I could just roll it back. I need to look more into what docker can actually do by the looks of it. - You are the second person to suggest unraid - is it ok to sit on the perpetual license (for a few years at a time), or are the updates really required? It supports GPU passthrough right, so I can have a ‘normal’ linux desktop for gaming while running the other stuff in the background? - TY for the response! - a VM with torrent client and a killswitched VPN - You can use Docker for the same setup using the - --network container:vpnflag to- docker runor- network_mode: "container:vpn"option in docker-compose.yml where- vpnis the name of the container to route through. This makes one Docker container use the network of another (the VPN one), so both containers will share the same internal IP address, and you’ll have to map any ports on the VPN container rather than the torrent/whatever one. This is just as safe as a killswitched VPN.- Unraid has a nice UI for it when editing a Docker container:  - also meant if it ever got virused I could just roll it back - Consider using a file system that has snapshots, like ZFS. Then you can get this same behaviour for your whole system rather than just a VM :) - is it ok to sit on the perpetual license (for a few years at a time), or are the updates really required? - I’m not sure, as the new licensing model is pretty new. I purchased Unraid in 2023, and back then, all licenses included lifetime updates. They switched to a subscription mode to make the business more viable long-term and afford to hire more developers, which I definitely understand. - It supports GPU passthrough right - It does. You can pass through any PCIe devices, so for example if you have multiple network cards, you can pass one directly to a VM (it’s a bit more efficient compared to using a virtual Ethernet adapter) - That’s a lot of useful info, thanks! 
 
 
 
- Wire guard is pretty easy to set up. Also Docker is great. 
- I’d figure out what exactly you’re wanting to do instead of just asking people what you should be doing. You’re going to get a lot of noise and subjective opinions just generally asking. - There isn’t anything you SHOULD be doing at all, just figure out what would be useful to you. - Just from the things you mentioned you were using, I’d suggest getting an OpenWRT router of some sort so you setup your VPN again. I recommend GL.inet Flint2 for those that ask, but looks like the Flint3 is coming out soon. - For the other stuff you mention…it’s all very subjective, and you’re going to get a lot of noisy opinions. Fact of the matter if you just do what you feel comfortable with. Maybe come back when you have a specific issue you want technical opinions or help with to make more informed decisions. - what benefit does a new router give over just putting the VPN software on the RP for example? - You said you have a router from your old ISP that is going away when that ends, or did I misunderatand that part? - An RPi can function as a router…sort of. It will not be a very good one though. Putting your network services on a device like the Flint I mentioned gives it all kinds of benefits over an RPi: - many Ethernet ports
- ability to reassign hardware ports
- hardware acceleration for network traffic
- WiFi 6 (for that particular model, W7 for the newer)
 - I can go and on with that one. RPi just doesn’t have the power to give the same kind of performance, especially since you mentioned having gigabit internet. - ah sorry, my new ISP gave me a router, but it doesn’t have any VPN functionality on it (Edited OP to make that clear). My old one probably can’t support the speed, and for some reason doesn’t let me change its MAC address, so I can’t use it as the ISP facing device. 
 
 
 
- My coworker recommended me unraid, so I tried it and similarly I was upgrading to a new gaming rig so my old gaming rig became my server. It was a mini itx i7 and I started with two 2tb hard drives then just went from there. Learning all the arrs by following the ‘trash guides’ then expanding out. A lot of trial and error and slowly upgrading drives over time. - Now I’m close to 100tb of data and have several family members using my plex server as their only streaming service plus a ton of personal stuff like rss and audio books etc - I only know of it from LTT videos I think, not exactly the best endorsement! - That’s a lot of data (relatively)! Are you paying for the unraid license yearly, or just sitting on an old version? - I also started off with a converted gaming PC. I went with unraid because there was a simple path to upgrading my drives. I started off with 1 and 2 TB drives and eventually upgraded over the years to 12+ TB drives. - From my brief research back then growing a pool in freenas was a headache where upgrading in unraid was easy. 
- Yeah I have the lifetime license from before they switched to a yearly subscription, for me as I was pretty new to the whole thing it just made it super simple to get up and running, now I’m setting up dockers in compose so still learning but being able to just go to the community app store and use the templates to get things up and running right away was super nice, and the ability to upgrade drives as you go as well 
 
 
- Here ya go: https://selfh.st/apps/ - Will cover about 90% of your bases there. You can even look up proprietary software and it will show you self-hostable alternatives. - My goto would be wireguard, is that still a good option? - Yes. - Private cloud/File server - https://selfh.st/apps/?tag=File+Sharing - Is a local video streaming app actually useful for a rare watcher of movies etc, or can they be streamed directly from the file server? - You can do it any number of ways. I have it setup a pretty cool way, I think. I leave my PC on all the time. I also have a home NAS with all my media files on it. I host Jellyfin server on my PC and in the Jellyfin settings link to the network location of the files ( - \\nas\media\tv, etc). Works great, especially for transcoding because I run the server on my Windows PC, it gets access to my GPU for transcoding. Really great setup I like to think. Only drawback being you have to leave your PC on all the time, which doesn’t bother me.- Is Docker the way to go for everything? or just install on the machine directly? - There are alternatives to docker, like LXC but they’re not as widely used as Docker. So unfortunately… - Another option for you could be Hyper-V if you don’t mind using your PC to run containers. I like it better than running docker containers. - Here ya go: https://selfh.st/apps/ - oooh, TY! Now to guess which ones will still be maintained in 5 years 😆 - I guess I must as well have a play with some stuff like jellyfin to see if its useful. The ‘server’ in this case would have a 6 year old GPU in it, so should hopefully have enough grunt. - Thanks for the info! - Now to guess which ones will still be maintained in 5 years 😆 - If you figure it out, lemme know. lol 
 
 
- VPN: Headscale is an open source, self-hosted implementation of the Tailscale control server, which itself uses WireGuard under the hood. - For the file share, i’d say separate into two groups/VMs probably. 
 Whatever you might want to self-host publicly (are you sure?) keep it isolated. Its own VLAN, IP/host/subnet, container, VM heck its own hardware if possible. Or use a VPS and only self-host your private stuff in your LAN.- For what you should host: that’s up to you. I’ve heard jellyfin’s used a lot for media stuff. 






