you will have to spend a lot of time learning the Nix language

I’d say you shouldn’t use any system (be it nixos, ansible or even bash scripts) if you are not willing to learn it.

That said, I too find pre-made modules less useful that I initially thought when I got into nixos: unless you want to do very basic stuff, a lot of times it’s easier to just generate whatever scripts/configuration files you need directly (using one of the trivial builders in lib or writing a custom derivation) rather than learning how the corresponding nixos module works.

One could say nixos modules make easy things slightly easier, and hard things much harder (this is adapted - possibly imprecisely - from a quote on ORMs, I think by Joel Spolsky).

In your shoes (and, in fact, in mine) I’d try to move away from interactive tools and into file-driven ones.

Personally I use nixos, run WUD (what’s up docker) to be notified of available updates, and manually test/update the containers once in a while (every couple weeks or so?)

There are a bazillion other solutions (from stuff like ansible/chef/puppet, to docker-compose, to kubernetes, to… a hand-written bash script) - the idea is to setup stuff via files that you can version, reference and write comments in rather than using some gui for interactive steps that you’ll forget to document in some wiki.

Monitoring is a whole different beast than configuring: you’ll be probably better off using something that does just that instead of some all-in-one solution. Try looking into something like beszel before going for the full prometheus/graphana stack.

It’s how URLs work: nothing flake specific

Does https://www.olivetin.app/ look like what you have in mind?

(OT) what did you use to annotate the picture?

I’ve not looked into it much yet, but https://radicle.xyz/ seems interesting.

It’s kinda a bittorrent-powerd codeberg and it looks like it’s worth playing around with (even though it might not get you rid of much bandwidth… IDK how popular it is, but source usually doesn’t weigh that much).

What does “powerful” distro mean? (no, I’ve not watched the video - just curious what it means)

Getting the router to actually assign an IP address to the server

You would typically want to use static ip addresses for servers (because if you use DHCP the IP is gonna change sooner or later, and it’s gonna be a pain in the butt).

IIRC dnsmasq is configured to assign IPs from .100 upwards (unless you changed that), so you can use any of the IPs up to .99 without issue (you can also assign a DNS name to the IP, of course).

all requests’ IP addresses are set to the router’s IP address (192.168.3.1), so I am unable to use proper rate limiting and especially fail2ban.

Sounds like you are using masquerade and need DNAT instead. No idea how to configure that in openwrt - sorry.

A NAS is just a computer and TrueNAS is just Linux (ok, TrueNAS CORE is Bsd).

You can run zfs on any machine: they recommend loads of RAM for optimal performance, which you don’t need at home (or at work, unless your job is running a data center).

You can choose from a number of FOSS NAS-specific operating systems, plus all linux distros (since you post here, I’d assume you either can or aim to administer a home sever?)… why would you go with a proprietary OS?

There are several FOSS operating systems for network equipment too (keyword “NOS”), but as far as I’m aware none that work on small soho/edge switches. OpenWrt runs both my router (mikrotik) and WAPs (tplink), but the two 8-port switches I have at home (also tplink) run their proprietary firmware.

Don’t tear down your server just to have fun - setup a vm (or get one of those minipcs), call i “playground” and have fun there.

Redo your server after you’ve tried different things, and only if you feel like you found something that is worth it.

Experimenting with different distros can teach you a lot (especially if you try very different ones - mint and debian aren’t that much different) and I do recommend you do it, just don’t do it in production :)

That just build t8plus becomes nixos-rebuild build --option eval-cache false --flake './nixcfg#t8plus' (the flake is at ./nixcfg/flake.nix).

Honestly, do we need a legal definition of what “self hosting” is and what isn’t?

I didn’t see your post and in the modlog I can only see it’s title: “Apparently I’m into Web3, says Netcup” [ed: Netcup is a hosting company].

If your post was discussing stuff specific to your hosting provider, then the mods did well in removing it - if you were talking about things that would have interested this community, then they have probably been too rash in removing the post.

IDK how much I’d trust them with tech stuff (not much, definitely). However I don’t see how encrypted storage may become an attack vector?

I mean, they could clog up the HDDs with crap, but they can already do that via non-encrypted network storage (and in several other ways).

I don’t remember them asking for any ID. Then again I gave them my real name/address and I payed with my credit card so… it’s not like they can’t confirm it’s me.

(I missed the first part so I’m not sure I follow)

How are the the subdomains resolved? If you registered them on a public DNS that might be what leaks them. Otherwise… maybe your browser?

I moved to infomaniak because registering domains come with a free mailbox (or at least they used to - IDK if it’s still like this).

It works fine with lego (as should any other supported one).

IDK where I’ve read that… should have double checked before posting, my bad.

Quick fact checking:

US police kills some 1,281 people last year (wikipedia).

1,281/340,110,988*100,000 gives around 0.38 police killings/100,000 people, which is below homicide rate in EU.

I couldn’t (be bothered to) find out what the overall European homicide rate actually is (it also depends on what you count as “Europe”), but Germany is at around 0.8, France at 1.8, Italy at 0.57, Spain at 0.9 and Poland at 0.8 (these are the five most populous countries). So… let’s guesstimate it at around 1? (numbers are from this random source).

We can conclude that US policemen are roughly 38% as deadly as European criminals (if it wasn’t clear, this last statement is a joke)

TLDR: Protesting or resisting privately inside your house does not lead to social change and is not the most rational way of protecting yourself if you feel threatened by your government.

Self-hosting is not “resistance”: at most, it’s prepping for nerds, with computers instead of guns.

Self-hosting is not even a rational/efficient way of making a statement. If that’s what you want, it’s far more efficient to follow the established tradition of declaring you are moving to Canada and not following up with actual actions.

Don’t get me wrong: I can relate to the nerdy way of coping with the ugliness around us (I say “us”, but thankfully I don’t live in the US), but - the way I see it - it’s that your society that needs change, and self hosting won’t help with that.

Frankly, the shit you US people are putting up with is unreal.

It has always been (US police forces kill far more people than the overall homicide rate in Europe - read that again and pause a second to think about it this isn’t true - see comments below), and it’s just getting worse.

If you feel threatened you can essentially respond by fighting, fleeing, or cowering.

If you wanna FIGHT (this is what “resistance” is about), try to use whatever power you have and apply your energies to bring actual change. If you don’t feel comfortable acting outdoors, this could include lending your nerd skills to protesters or (nonviolent) resistance groups. Heck, even being a keyboard warrior is more useful to changing society than being a hobbyist sysadmin.

If you wanna FLEE, just leave the country. Honestly, there are better places to live than the US, and (if you have or plan to have any) better places to raise your children.

If you wanna COWER, then be a prepper or a self-hoster or whatever, but be aware that, while misrepresenting your reaction as “resistance” may make you feel more heroic than you are, spreading the misrepresentation can also lead others to cower instead of fighting. Is that what you want?

By that reasoning, backup isn’t redundancy because you’ll lose your data if the backup gets corrupted while restoring.

That said, there’s nothing wrong in redefining “redundant” to mean “having two or more duplicates”… you should however tell people if you do, to avoid misleading people that assume the dictionary definition.

deleted by creator