The only one I haven’t seen mentioned here that is a requirement for me is OPNsense. I’ve been using it for a couple years, and pfSense before that for a very long time. Never going back to commercial routers and their shitty / buggy / backdoored software. I highly recommend OPNsense over pfSense for the UI improvements alone, but there are other reasons to use/support OPNsense over pfSense.
On my network it handles internet firewall, internal firewall, and all routing across 5 VLANs and between two internet gateways. It does 1-1 NAT for my public IPs, inbound VPN, outbound VPN for my *arr stack, and RDNS blocklists with the data source being a script I wrote that merges from several sources and deduplicates the list. It is my internal certificate authority (I don’t miss you at all, Windows CA), DHCP for the guest wifi, and does pihole-like ad blocking via DNS for my entire network. And it does all that running in a VM with 2GB of RAM, of which it only uses about 60% on my install.
It is an incredibly powerful tool, not terribly difficult to learn, has a pretty damn good UI for FOSS, and in my opinion is a fantastic foundation for a complex home network / homelab. Unlike pfSense, which corrupted itself twice over the years I ran it, it has never let me down. And every update has been painless over the years.
I understood some of those words. It make network go?
It make network go very good.
I’m still using pfsense and considered switching over to opnsense but I found out it doesn’t have something similar to pfblocker.
Second OPNsense. pfSense also is maintained by some pretty shitty individuals.
Yeah I hinted at it but didn’t feel like going into it. It’s why I switched though, and happily I found OPNsense to just be better anyway.
Why “shitty individuals”?
https://web.archive.org/web/20160314132836/http://www.opnsense.com/
This was the website that pfsense maintainers made as soon as OPNsense was announced. They sniped the name, derided the project and only ended up handing over the domain after they were legally compelled to.
One person affiliated with Netgate in particular can be seen around forums and social media and has serious axes to grind. He’s… not pleasant.
Add to that Netgate’s practices (IIRC secret proprietary blob required to build pfsense, double-check that fact / unremovable installation tracking) and the picture painted is one of petulance and anger.
[edit] oh yeah, and this gem! https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/
Damn, now I get where is your “shitty individuals” coming from. Thanks for the info.
How many NICs do you have on your opnsense machine?
It’s a VM so technically none I guess, but my hypervisor hosts have a 4 port gigabit card and a 10 gig fiber card, plus another gigabit port on the motherboard.
OPNsense is using 6 interfaces, 2 WAN and 4 LAN, but it’s all virtualized.
I highly recommend OPNsense over pfSense for the UI improvements alone, but there are other reasons to use/support OPNsense over pfSense.
Can you list or summarize some of the other reasons?
Eh, I’ve forgotten a lot of the details and it’s drama that I don’t care to relearn about. Easy to find online with some basic searching if you want to read about it.
Thanks for that info, @AtariDump@lemmy.world
Went to try pfSense. Need to register to their shop to buy a free download link.
Then during installation it won’t install unless it can phone home and report.
OpnSense all the way.
That’s new, it didn’t used to do that back in the days when I used it but that was a couple years ago. Sounds like it’s just getting worse.
- Pihole (if that service goes down, everyone in my house gets mad at me)
- Jellyfin
Everything else is a nice to have, not essential
The arr family with a torrent client is great for feeding Jellyfin. If you are a developer, you can host your own shit there too. Game servers for playing with family and friends (so far Minecraft, Terraria, Project Zomboid, V Rising). I like to host a bunch of different telegram bots I wrote for fun. Discord bots are another interesting side. I also run some automation runners for helping out with testing, building and deploying my projects.
Focus on your needs and what you want to improve of your online life, there is probably a project you can self host for it.
(if that service goes down, everyone in my house gets mad at me)
I bought a PiZero and set it up as a redundant pihole for this reason. It’s slower because it’s wireless, but not super noticeable since it’s ‘just’ DNS. I have the router pointed at the main and backup all the time and if I need to do something (or break the main one messing with dockers) there’s still the backup until I get the main up.
I messed around with some High Availability configs where they both had the ‘same’ ip but could never get it working smoothly. I just use the teleporter functionality within pihole any time I update anything to keep them in sync, which is rare.
I did something similar, but then I turned my pizero in a portable retro console lol.
Gitea, wger, jellyfin, samba, *arr stack, jellyseer
Adguard home
and Wireguard pointed at AdGuard for DNS
Set the mobile app to enable WireGuard connection when not on home network and then you have AdGuard everywhere
I’ve pointed my domain to my wireguard tunnel VPS IP, same result. I can just set my private DNS in settings pointing to my AdGuard domain
No one metioned https://hoarder.app - bookmark app featuring offline archive, full text search and AI auto tagging
- AdGuard home (usable also as private DNS on Android)
- JellyFin
- Homeassistant
Jellyfin/Plex like many have mentioned.
I personally like Syncthing for petty much everything else. For general file syncing of course. But also with Joplin pointed to a synced directory for notes. With keepass as a password vault. With synced config directories for some apps across devices like newsboat for RSS, and neomutt for email. I also used to use it with rtorrent via a watch directory, though I currently am using a seedbox for that purpose.
VPN (openvpn/wireguard) is a good idea if you want to access your services outside your local network, without exposing them all globally.
I believe Syncthing has been discontinued unless someone else took up the project.
It doesn’t really look dead anywhere on their repo or website: https://github.com/syncthing/syncthing Or are there different things with the same name? :)
Syncthing discontinued its android app on the play store.
Just to be clear, what was discontinued was the official gui app.
Binaries are still updated and developed. The other gui app, syncthing-fork, still exists.
Both syncthing and syncthing-fork are on F-Droid.
This is absolutely not the case.
That would suck if so since I obviously utilize it heavily but this doesn’t seem to be the case? Latest release was just a month ago and their github repo is active.
Same, Syncthing is amazing. I use it with Mobius Sync on iOS and have it synching my keepass, Obsidian vault, photos, and a folder for random file transfers between devices. It’s so much better, faster, and more stable than all the most popular corporate cloud providers.
For me it’s the first thing i learned how to self host: Nextcloud …which in turn allows me to sync Joplin notes, which I use constantly
Audiobookshelf, Calibre-Web, Plex/Jellyfin, FreshRSS, NextCloud, DokuWiki.
In no particular order, the most essential ones are those I constantly use throughout my day and also weekly.
Proxmox holds all of these in different LXC’s and VM’s
- Home Assistant
- Pocket-ID - https://github.com/stonith404/pocket-id (Exclusive Passkey login system as in -no un/pw just your Passkey which - doubles as an OIDC provider)
- Homepage (By Ben Phelps of gethomepage.dev)
- Vaultwarden
- TechnitiumDNS which handles all of my DHCP and Adblocking in a one system, extremely capable software especially useful for SOHO too.
- Baserow - Airtable alternative. It holds certain items of importance like what MAC address each device in my home network holds and what IP It uses in an intelligent view. I also was using it for a while to log issues with my sleep where I deal with insomnia, so I logged how well I slept, how many times I woke up, how long it took me to fall asleep etc. That was a simple form I created using drag/drop in Baserow and called by a URL.
- OpenVSCode server - makes editing my Homepage (above) yaml and my docker-compose files a breeze! It’s especially nice when you edit it something and it auto saves almost instantly. Makes some of my services change in real-time!
- UptimeKuma - Simply one of the best out there for me
- Gotify - I get alerted to my Tuya based dehumidifer tank being full via Home Assistant, Downtime alerts from UptimeKuma and a variety of other services which I deem higher priority alerts over “fix when you can” ones.
Aside from that, i do have other services I use every so often like Memos, Joplin Server (holds most of my notes), Pingvin and a few others.
+1 for UptimeKuma. Works great.
I tried Baserow a while ago but decided not to use it because it started downloading the application after running the container and required an online account (that could also be NocoDB). How has your experience been after using it for longer?
I had to create an account as per the usual process for these types of apps, but it was all local. I never had to do one to connect to their servers. I know it generates a unique instance ID which I believe phones home to their servers but I don’t mind personally.
As for my experience, a lot of it is locked behind their paid plans, so I just keep it limited to what I use which is fine. I do like it as it does better than NocoDB for my needs (the input forms is what I needed) and it does better there. I don’t recall the other reasons for not using NocoDB otherwise, but it’s a long while.
Their pricing is here: https://baserow.io/pricing
So, that’s mostly what is locked behind. My sleep form I built which feeds the database:
Overall, it does meet my needs so that’s all I ask. :)
Does Technitium support DNS rewrites like Adguard Home?
I’m about 99% sure it does, I don’t use it that way but It does allow DNS zones. For example:
It’s a lot more technical then Adguard Home for sure. Both work just fine though, I came from Adguard Home as I use a PXE server to provision some of my devices and Technitium is super easy to configure that.
vaultwarden, jellyfin, freshrss, nextcloud, and wireguard
How is fressrss?
I am also running readarr and bookshelf
It’s perfect, better with themes
Any themes you specifically recommend? I just use native apps on my phone and laptop, but it would be nice to improve the theme when I administrate.
I’m using Mapco now but was previously using Swage. There are 11 options. Just fun to switch it up! I’m sure you can make your own as well but the options are an attractive change :)
I used freshrss for quite some time, but the themes always looked a bit “off” for me. Went to miniflux and its awesome in its minimalism.
No one’s mentioned Forgejo yet? Solid git and artifact repository.
Opnsense
Vaultwarden
Email
Home assistant
Emby
Gitea
Paperless-ngx
Firefox
Firefox
You mean you self-host your profile?
No. I host Firefox that runs in a browser.
It’s one of my favourite things. So places that may block certain sites can be bypassed.
Not sure why I was downvoted for answering a question accurately.
How do you self host Firefox? This is something I’d like to setup!
It’s this: https://github.com/jlesage/docker-firefox
Honest question, I’d love to host email but it seems like a huge pain in the ass these days with trying to keep from being delisted. Is there a decent, home user accessible email system that’s useable out there?
A decade ago it was easy and doable but even in professional life I don’t deal with email backend anymore, all google or o365.
You’ll never get away from maintenance for ant service you host, and you need a VPS at a minimum to handle mail unless your ISP allows it (which they probably don’t). There’s going to be front loading needed in order to make sure the IP you’re given isn’t on blocklists, and you’ll need to take appropriate measures with Apple, M$, Google, Yahoo, etc in order to send email to their domains. The good thing is that I’ve you do that, you’ll never need to touch it again.
I personally use iRedMail because of the breadth of documentation, but mailcow and others like that are allegedly nice. I prefer the omnibus solutions because I don’t care to do manual service configuration if it’s not necessary.
Been doing email hosting for my domain for 25 years, 12 years with iRedMail.
I’m also using iredmail. Apart from it needing more hardware than it used to its been pretty stable. I use an SMTP Relay for sending mail, so I don’t hit issues with sending. Not that I ever actually send many emails.
Highly recommend purelymail. No nonsense mail, with straight forward pricing.
I use an SMTP Relay for sending mail, so I don’t hit issues with sending.
Docker
TCP/IP
Sorry, this is an AppleTalk household.
I laughed my ass off when Chris from LUP podcast said they used Netbeui in their studio. I wouldn’t admit to that, myself.
Excuse me, what?
Biggest Linux podcast in the world, uses NetBEUI. Yah, there’s that.
Man, I haven’t seen a reference to that protocol in a very long time.
When I was studying for my first MCSE back in ancient times, my girlfriend heard me mention ‘netbeui’ and thought it was the funniest damn thing. She used to catch me throwing out all the computer jargon and just yell “NET… BOOEEEEEY” at me.
Omada software controller handles my wireless access points. HomeBridge lets me control various things from my iPhone, without having to use 5 poorly-made apps.