Almost forgot before going to bed but I feel bi-weekly is a good rhythm for this.
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
You must log in or register to comment.
Pushed Wireguard back onto my network. I’ve been a Tailscale user for a couple of years, but never really saw the need for it for me as I’m the only user of the service. :)
I will freely admit though, there’s nothing wrong with the service and honestly is great if you are behind a CGNAT router or don’t want to use Cloudflare for your tunneling.
Many issues this week:
- Broke external-dns on my kube cluster because I updated my Pihole to v6
- Thinking of a way to expose a game server externally (usually used CF tunnels for specific services, but couldn’t get it to work cause it’s TCP/UDP and not HTTP traffic)
But at least i got my Velero backups working on an private S3
For no 2, in k8s, you can use MetalLB. Then the service will be of type LoadBalancer and you won’t have to create an ingress.
Good suggestion actually, i’ll head back to MetalLB docs. Thanks !
You’re welcome!
I finally got link warden up and running, but I’m chasing down some failures on a few websites.
Also realized that me biting the bullet for unlimited bandwidth (screw you Comcast!) means I can run archive team warrior, so that’s been going.
IMO linkwarden was a real PITA. I’ve been trying linkding and it’s been really great so far. I’ve had no issues like I had with linkwarden.
Experimented with selfhosting a Woodpecker CI as a complement to my Forgejo.
Works quite nicely, I just need to set up a native ARM64 agent as the overhead of cross compilation on x86_64 is quite big.
Why not just use forgejo’s actions and runner?
Woodpecker is more mature and I can control access better since I am not the only one using my Forgejo. But I think at some point the built in ones might reach feature parity.
Experimented with selfhosting a Woodpecker CI as a complement to my Forgejo.
If you need CI, check out OneDev. It’s a git solution that comes with an integrated CI solution.
I upgraded immich without breaking everything. That’s always reason to celebrate.
How exactly does stuff get broken? Never rly had a problem bumping up the version in docker. The only issue has been the playstore version taking longer to push updates sometimes for the mobile apps.
A few versions ago I upgraded it and some default port configs changed rendering it unusable. Since my upgrades are a docker command, I had to go hunt down the error message. It didn’t take long, but it def broke the setup.
I feel you 😂
I’m running the Immich
FlatpakSnap specifically for this reason. It’s always one version out of date but always self updates without issues :)flatpak
You mean as a client or a server?
I misremembered; I run “Immich Distribution” which is a snap and I run it on a Debian server.
I’ve been working on some bash scripts to help manage my media files. I’ve been slowly working on learning more bash and I’m pretty pleased with my progress. After I finish this bash book I’m reading (can’t remember the title atm), I think I’m gonna jump into awk.
Bash is a really great shell, but consider trying out a functional shell scripting language like Elvish (which is also a shell). Syntatically it’s pretty similar and not hard to pickup, but it’s stupid powerful. A cool example is updating different servers via ssh in parallel using a
servers.jsonfile;[ {"name": "server.com", "user": "root", "identity": "~/.ssh/private_key0", "cmd": "apt update; apt upgrade -y"}, {"name": "serverb.com", "user": "root", "identity": "~/.ssh/private_key1", "cmd": "pacman -Syu"}, {"name": "serverc.com", "user": "root", "identity": "~/.ssh/private_key2", "cmd": "apk update; apk upgrade"} ]and a little elvish magic;
var hosts = (from-json < servers.json) peach {|h| ssh $h[user]@$h[name] -i $h[identity] $h[cmd] > ssh-$h[name].log } $hostsJust run the script and boom, done. You can even swap out
peachwhich isparallel eachforeachif you want to do each command procedurally–but I really love using peach, especially with file operations over many different files. Linux is fast, but peach is fuckin’ crazy fast. Especially for deleting files (fd -e conf -t file | peach {|x| rm $x }, or one thing that I do is extract internal subs (so they play on my chromecast) in my Jellyfin server, using elvish makes it really fast;fd -e mkv | peach {|x| ffmpeg -i $x -map 0:s:0 $x.srt }Find all
*.mkvfiles, pass the filenames through ffmpeg (using peach) and extract the first subtitle asfilename.mkv.srt. Takes only about a few seconds to do thousands and thousands of video files. I highly recommend it for home-labbers.
Pretty dumb example, but
peachis like 6x faster;❯ time { range 0 1000 | each {|x| touch $x.txt }} 5.2591751s ❯ time { range 0 1000 | peach {|x| touch $x.txt }} 776.2411ms
Finally moved all my lxc onto a lower-power Xeon D host, consumes 1/3 the electricity of my previous Dell R430, same essential performance.
After having upgraded my Pi-Hole to v6, for some reason yesterday it started to not recognize any of the blocklists. So, I resetted it and now it works.
ITT: lots of busted pihole v6 updates
Finally got started with Grafana, Prometheus and Meshtastic.
I wonder why so many people had issues with the v6 pihole update.
I pulled the new docker container and it ran overtop the previous version just fine. The only issue I had was I had the admin password set to empty via an env variable and that variable name changed. Took like 10 min to find and fix. The rest migrated perfectly.
Now I’m just waiting on orbital-sync to add v6 support, but that’s just around the corner and not that critical.
I had a pair of v5 with unbound setup, and ran the pihole -up and it went down lol. Dunno what happened, but i reinstalled and it’s all good.
I only run the basic block list, so I am thinking more and more to setup docker on my main server and move my pihole, pyvpn and grafana there and free up my raspi.
Hmm, I wonder if the failed updates are only direct installs vs docker.
I run two piholes, a primary on a rpi 3b running pios, and a secondary on my main server. Both are installed via docker and both updated without issue (besides the password thing).
I like having the primary DNS on a separate machine; it’s kind of important and I like to mess with the main server a lot…
I also like to mess around so more and more docker seems like at least an ok idea if not a good idea.
I definitely recommend it, particularly using docker compose. It’s made it incredibly easy to add, remove, and modify software installs; keeping everything independent and isolated from each other.
This also makes backups and rolling back updates to individual projects much easier when you do run into problems.
I appreciate the motivation. Thanks!
I’m going through hell, trying to update from truenas scale 24.04 to 24.10
What’s not working? I just set up TrueNAS for the first time, went with 25.04 and figured I could just update my way out of potential bugs, but the updater is broken :D
Well, firstly I had this weird issue where the pools were giving me errors because some folder was missing, I fixed that but 24.10 has literally 0 compatibility with apps from 24.04 and it looks like I’m going to have to reset the whole pool in order to use their new apps ecosystem (because trying to install anything from 24.10 just errors out)… Which is extremely annoying as I have quite a lot of apps setup
Since it’s winter and I mostly don’t want to leave my house, I busted out an unused Raspberry Pi 4b a couple weeks ago. Started with CasaOS and AdGuard. Have now added a few other services including Navidrome to serve up a lot of local-area music for myself and friends. Got a Cloudflare tunnel set up, then some authentication through CF as well. And finally secured a static IP from my ISP. This is the farthest along I’ve ever gotten with any of this and it’s been going great. Nearly every hurdle I’ve encountered I’ve been able to work through.
Two things causing me grief today though:
-
I also have Nextcloud hosted on a VPS and I cannot get to the point of running occ commands. First it wasn’t found, then no php cli, then just errors. I gave up.
-
I’m using Homer because it’s just so simple, but the theming and CSS is driving me nuts. Sure, I can change colors, but will this little bar in the neon theme change from 4em to 100% for me? NOPE. Override fonts? Nosir. All good though.
Try the OCCWeb app in nextcloud apps.
Thanks! It just threw an error at me when I launched it, but I’ll see what I can do. Based of the warnings in the admin panel, there isn’t anything critical for me to address, I just hate that orange.
-
I’m a new selfhoster and reached the limit on what my DS923+ can handle after setting up an Immich instance (on top of qbitorrent, radarr/sonarr, plex). So I picked up a mini PC this week and migrated the Immich stack over (pointing to an NFS mount for the NAS!) and now it’s running super smooth 🙌 Now I’m hype to move over more services and eventually start separating out media services from mission-critical stuff like photos when I have another machine handy.
I wanted to set up local domain resolution for my devices in order to stop having to visit sites with the local 192.168.1.x IP, so I started following some guides to run dnsmasq on the mini PC (Ubuntu Server) and add entries to /etc/hosts. It was pretty easy to get working OK, but for whatever reason the DNS doesn’t seem to be working on a fresh boot. My local workstation can’t ping the custom DNS entries for my devices until I
sudo systemctl restart dnsmasqon the mini PC, after which everything works fine, which leads me to believe it’s some weird boot order problem? I’m trying not to screw with it too much before bed, but hopefully I can figure out what’s going on this week.Highly suggest putting Caddy on a machine, forwarding port 443 and 80 to caddy, and then letting it do your reverse-proxy stuff. Register a domain name, give it your IP address, and then tell caddy that ‘immich.yourdomain.bleh’ goes to port 78789 and plex goes to ‘media.yourdomain.bleh’ port 89898 – Caddy handles all of the TLS stuff, handshaking, you name it - so you can have secure sites with proper certs.
Then make sure those things are isolated from your home network through vlans if your router supports it.
You can get fancier with it using a tailscale and getting some datacenter IP to forward into your network
Thanks for the advice, I didn’t know a reverse proxy was what I was setting up though I’ve seen that term all over. I think Caddy is likely in my future but I already have basic access to my home network through a Wireguard tunnel for now so I was hoping dnsmasq could solve for my case without getting too fancy or exposing any ports. I think I should probably try to learn about reverse proxies more generally to figure out the next steps forward.
I set up DNS challenge with Let’s Encrypt with Caddy, and now I don’t need to forward anything to it if I don’t want to.
DNS challenge so you can get a wildcard cert? Or is it still per domain? I haven’t looked recently but it seemed difficult but I’d like to avoid transparency log installs where I can.
You can do both (not sure how wildcard works through Caddy though), I did it per domain. I prefer doing TLS trunking per device, hence no wildcard.
If you want to have domains assigned to local IP addresses, you can also use Pihole as a local DNS! It’s a very nice tool for adblocking on network level anyways, can only recommend it.
Awesome thank you, this is what I ended up setting up today. It’s a bit of an awkward solution for now, I would very much like to use it for its ad blocking functionality but I’m unsure if I want to make it my only DNS provider while I’m still migrating services over to the mini PC and messing with the server config. I had set up Pihole years ago and my wife ran into problems using some apps on her phone so I think I’d need to be more proactive about making sure that’s working this time around too.
I get that, I plan to add another pihole ad some point so I can enter 2 nameservers at my router. There are solutions to sync all config between the piholes.
My pihole exploded yesterday, all my fault. A couple of years ago, I created a script called via cron to update pihole’s services every other week. This was great, until now when it updated to v6 at 4am. To make matters worse, I neglected to automate raspian updates, meaning it was very out of date, and was no longer compatible with pihole-FTL (thinking back, I thought I automated it too, but I guess not).
I took an image after creating a pihole “teleporter” backup, and began formatting. In my lack of caffeine and focus, I missed that my teleporter file was corrupt after I had successfully wiped the SD card. Thankfully I had that image as I was able to mount it and retrieve my blocklists via sqlite, otherwise I would have had to start from scratch.
One good thing that came out of it (for my taste, anyway) was that I swapped the OS on the pi to fedora. No more debian around here!
Tomorrow, I plan on setting up some backup automation for my pi, as it’s the only machine missing backups at this point.
@AmbiguousProps @tofuwabohu why would you privilege fedora over Debian? Asking because I am trying to do the reverse.
It’s mostly personal preference, but I have grown to hate
aptin general. I used it for over a decade and constantly got in dependency hell. I’ve yet to have anything like that happen on Fedora, especially Silverblue and CoreOS.
Why so hostile sounding against debian?
What does fedora better?I don’t mean to sound hostile, that’s probably my past demons coming out. Like I said in my last comment, it’s really
aptthat I hate. It would constantly break or put me into dependency hell and I haven’t had to deal with that (yet) with Fedora.I haven’t put my finger on it, but Fedora, for whatever reason, also just feels faster.
Pihole 6 broke my DNS (dnsmasq), and since I had a fw rule in opnsense to only use pihole’s DNS, and deny public DNS access, it was an early rise for me :)
Unbound broke on both of mine day one of v6 and I’ve still not gone and fixed it. Sigh.
Damn… DNS issue early in the morning… What a nightmare 😂! Hope you got enough caffeine.
And that’s why you have either a backup for your DNS or know whats auto-updated ;)
As you mention opnsense:
What do you mean with fw rules to only use pihole dns?
This sounds partly like a DHCP config and partly like a deny (hardcoded) DNS requests and to please use what DHCP supplied (looking at you google/amazon)I did have backups, it was an easy fix. I had a
pihole -upon a crontab for years, probably not the best idea :)FW rule accept :53 from pihole only, deny :53 from all. I had some devices with hardcored DNS settings (8.8.8.8).
Immich. Wanted to exclusively use the external libraries features in read only.
Set it up once in its own Proxmox LXC under Docker. Set it up all properly started scanning my entire library. And when I woke up again it had crashed and I couldn’t recover it.
Started over the following morning and only gave it access to 2024 instead of everything. And it filled up to 30gb/40gb I gave it with thumbnails and files and such. Guess it crashed the other day because it took up too much room.
Guess I’ll start over again, and ensure all the config files and thumbnails are stored on my NAS so they can take up the space they need to without overloading the main (small SSD) on my server.
