Selfhosted

I feel bi-weekly is a good rhythm for this.

What does biweekly mean to you? Twice a week, or once every two weeks? If it's the latter, I prefer to use fortnightly, since it's not ambiguous.

Pihole 6 broke my DNS (dnsmasq), and since I had a fw rule in opnsense to only use pihole's DNS, and deny public DNS access, it was an early rise for me :)

A third, and hopefully final attempt at getting an iredmail setup going. SPF, DKIM & DMARC all checking out fine. It's actually working this time. Need to get the ISP to change our PTR record though, last bit of the puzzle.

Also picked up a used negate device, so we now have pfsense fronting everything. That's allowed me to move the original router to a better location and put it in AP mode.

Emby media server moved off a Synology and into a proxmox container. Finally, we can stream high def with the hardware acceleration we weren't getting before.

I'm a new selfhoster and reached the limit on what my DS923+ can handle after setting up an Immich instance (on top of qbitorrent, radarr/sonarr, plex). So I picked up a mini PC this week and migrated the Immich stack over (pointing to an NFS mount for the NAS!) and now it's running super smooth 🙌 Now I'm hype to move over more services and eventually start separating out media services from mission-critical stuff like photos when I have another machine handy.

I wanted to set up local domain resolution for my devices in order to stop having to visit sites with the local 192.168.1.x IP, so I started following some guides to run dnsmasq on the mini PC (Ubuntu Server) and add entries to /etc/hosts. It was pretty easy to get working OK, but for whatever reason the DNS doesn't seem to be working on a fresh boot. My local workstation can't ping the custom DNS entries for my devices until I sudo systemctl restart dnsmasq on the mini PC, after which everything works fine, which leads me to believe it's some weird boot order problem? I'm trying not to screw with it too much before bed, but hopefully I can figure out what's going on this week.

ITT: lots of busted pihole v6 updates

Finally got started with Grafana, Prometheus and Meshtastic.

Pushed Wireguard back onto my network. I've been a Tailscale user for a couple of years, but never really saw the need for it for me as I'm the only user of the service. :)

I will freely admit though, there's nothing wrong with the service and honestly is great if you are behind a CGNAT router or don't want to use Cloudflare for your tunneling.

I finally got link warden up and running, but I'm chasing down some failures on a few websites.

Also realized that me biting the bullet for unlimited bandwidth (screw you Comcast!) means I can run archive team warrior, so that's been going.

Realised my jellyfin lxc had a maxed out bootdisk yesterday, haven't been using it for a while. Luckily I have decent backups setup so I was able to restore a backup from late January when it wasn't filled yet. A quick library rescan and everything was up and running again.

Personally I'm mostly involved with my homelab migration so there's not too much on the selfhosting page except os updates. I set up meshmini earlier to access my thin clients via vPro/AMT but I need to configure the clients before being able to actually using meshmini. Once I'm done with that I'll finally be able to set up Lemmy and Pine pods.

My selfhosted stuff currently works fine without me doing much which feels good and lets me focus on hardware stuff currently.

I'm setting up Seafile and trying to swap everything from docker to podman. The longer term goal is that once everything is on podman, I'll get a new NVME drive and install MicroOS so I can retire my old SATA SSD (I've had it for 10 years or so, across 3 PCs).

I'm also considering setting up Forgejo and getting a worker to build my Rust projects.

Immich. Wanted to exclusively use the external libraries features in read only.

Set it up once in its own Proxmox LXC under Docker. Set it up all properly started scanning my entire library. And when I woke up again it had crashed and I couldn't recover it.

Started over the following morning and only gave it access to 2024 instead of everything. And it filled up to 30gb/40gb I gave it with thumbnails and files and such. Guess it crashed the other day because it took up too much room.

Guess I'll start over again, and ensure all the config files and thumbnails are stored on my NAS so they can take up the space they need to without overloading the main (small SSD) on my server.

Experimented with selfhosting a Woodpecker CI as a complement to my Forgejo.

Works quite nicely, I just need to set up a native ARM64 agent as the overhead of cross compilation on x86_64 is quite big.

Got Prometheus and Grafana setup with https on my Talos Linux cluster. Tried to use cert-manager with a DNS01 Challenge with Let's Encrypt but was using a local TLD and found out it won't issue it. So I had to switch to a local issuer. Was using metallb to gain a routable ip, I used the nginx-ingress controller for Prometheus and Grafana. Next time I can tinker I'll place the rest of my services behind it.

Many issues this week:

• Broke external-dns on my kube cluster because I updated my Pihole to v6
• Thinking of a way to expose a game server externally (usually used CF tunnels for specific services, but couldn’t get it to work cause it’s TCP/UDP and not HTTP traffic)

But at least i got my Velero backups working on an private S3

After having upgraded my Pi-Hole to v6, for some reason yesterday it started to not recognize any of the blocklists. So, I resetted it and now it works.

My pihole exploded yesterday, all my fault. A couple of years ago, I created a script called via cron to update pihole's services every other week. This was great, until now when it updated to v6 at 4am. To make matters worse, I neglected to automate raspian updates, meaning it was very out of date, and was no longer compatible with pihole-FTL (thinking back, I thought I automated it too, but I guess not).

I took an image after creating a pihole "teleporter" backup, and began formatting. In my lack of caffeine and focus, I missed that my teleporter file was corrupt after I had successfully wiped the SD card. Thankfully I had that image as I was able to mount it and retrieve my blocklists via sqlite, otherwise I would have had to start from scratch.

One good thing that came out of it (for my taste, anyway) was that I swapped the OS on the pi to fedora. No more debian around here!

Tomorrow, I plan on setting up some backup automation for my pi, as it's the only machine missing backups at this point.

I'm in the process of doing an initial restic sync of my primary storage to B2 as offsite backup and while I'm at it finally got around having a look at resticprofiles to simplify my restic backups on all my systems. Highly recommend it as it reduced my mental overhead of doing regular backups quite a bit!

I spent half a dozen hours this weekend trying to get Proxmox running on a 2nd hand laptop, but I can't get it to run without sounding like a jet engine. The machine did fine when I ran Mint and used it as a laptop - but even after blacklisting the dGPU and forcing all the CPU cores to powersaving, I'm still making heat like crazy.

Plan B is to put Mint back on it and install podman and see if fan noise is a problem then. But I'd rather have podman running in an unprivileged LXC.

I like iOS shortcuts. This week, I created an iOS shortcut to scan my Plex library. Now this may seem weird since there is an option to scan a library from the official Plex iOS app and there are also options to scan the library automatically or periodically. For various reasons (excuses), I didn't like that the official app only lets you scan one library at a time and I have automatic/periodic scans turned off to avoid network drive access, so I created the shortcut to scan from my phone any time I felt like I wanted to trigger it.

1. Create a new iOS shortcut
2. Add the "Get contents of URL" action
3. Get your X-Plex-Token (see instructions on official website)
4. Set the URL in your action to: https://{ip_address}:{port}/library/sections/all/refresh?X-Plex-Token={plex_token}