A simple question to this community, what are you self-hosting? It’s probably fun to hear from each-other what services we are running.

Please mention at least the service (e.g. e-mail) and the software (e.g. postfix). Extra bonus points for also mentioning the OS and/or hardware (e.g. Linux Distribution, raspberry pi, etc) you are running on.

  • Ruud@lemmy.worldMEnglish
    421·
    1 year ago

    I host:

    Fedi servers

    • lemmy.world
    • mastodon.world
    • calckey.world
    • pool.social
    • musicworld.social
    • akkoma.nl
    • ruud.social
    • fotofed.nl
    • fediland.nl
    • blog.mastodon.world
    • play-my.video

    Software I use

    • Nginx Proxy Manager
    • Portainer
    • Kimai
    • Xwiki (3 of them)
    • Cryptpad
    • Grafana
    • Hedgedoc
    • Matrix/Synapse
    • Thelounge
    • Vaultwarden
    • Gitea
    • Nextcloud
    • Paperless-ngx
    • Zabbix
    • Zammad

    Probably forgot some…

  • sneakyninjapants@sh.itjust.worksEnglish
    29·
    1 year ago

    My long and mostly complete list:

    • Audiobookshelf (GH)
      • Using for audiobooks. Ebooks, comics, and podcast support in early stages.
    • Authelia (GH)
      • Using for two-factor authentication in front of all of my services. Critical infrastructure.
    • Bazarr (GH)
      • Using for automated subtitle management. Have not needed to rely on it much.
    • Code-Server (GH)
      • Using for a plethora of things. I could write an entire post on this alone.
    • Courier
      • Using (occasionally) for package-tracking from various carriers.
    • EmulatorJS
      • Using for retro-emulation.
    • Gitea (GH) x2
      • Using as a git repo server, package repository, and for CI/CD automation. Is critical infrastructure in my lab. Could also write an entire post on this one.
    • Headscale with Headscale-UI. Tailscale clients on various VMs LXCs, etc.
      • Using to securely network with my remote servers.
    • Homepage
      • Using as a “single-pane-of-glass” to get an overview of service health with links to the various services.
    • Invidious
      • Using in-place of YouTube.
    • IT-Tools (GH)
      • Using for the myriad of various useful tools it offers.
    • Jellyfin (GH)
      • My media player of choice. Using for movies and television, but supports music, ebooks, and photos in addition.
    • Kopia Server (GH)
      • Using for data backups to my Minio instance on local NAS and Wasabi. Simple, fast, and reliable.
    • Librespeed (GH)
      • Using for the occasional speedtest to my remote servers.
    • Matrix stack using Conduit back end and Element-Web front end
      • Federated Discord essentially. Using as a private instance for friends and family.
    • Minio
      • Using primarily as a gateway to storing backups, also serves git-lfs for Gitea.
    • N8N (GH)
      • Using for home-automation, backing up my Reddit saved posts to a database, deal-alerts, and part of a CI/CD pipeline.
    • NTFY (GH)
      • Using for infrastructure notifications mostly. Very simple and versatile alerting solution.
    • NZBGet
      • Using for getting “usenet articles”.
    • Paperless-NGX
      • Using for document archival. Important receipts, documentation, letters, etc. live here.
    • Portainer (GH) with multiple agents on VM’s LXCs and VPSs
      • High level management of my various docker containers.
    • Prowlarr
      • Using to provide torznab API to websites that dont natively have it. Integrates with Radarr and Sonarr
    • Radarr (GH)
      • Using for movie management.
    • Radicale
      • Using for contacts and calendar server.
    • Raneto (GH)
      • Using as a knowledge base. Lab documentation, lists, recipes, lots of things live here. Using with with code-server and Gitea.
    • Readarr (GH)
      • Using for book management
    • Recyclarr (GH)
      • Using for Radar and Sonarr to sync search terms for their automations. Very useful, hard to summarize.
    • Requestrr
      • Using (very rarely) as a requests bot for Radarr and Sonarr.
    • SFTP-Go
      • Using mostly in-place of Nextcloud. Used to back up phones mostly.
    • Shaarli (GH)
      • Using as a read-it-later service. Went through lots of these, and Shaarli has been good enough.
    • Singlefile-Archive
      • A hacky way of presenting pages saved with the singlefile browser extension. Not exactly happy with the solution, but for my ocasional use it does work.
    • Sonarr (GH)
      • Using as TV series manager
    • Speedtest-Tracker (GH)
      • Using to get periodic speedtests. Plan to automate results to blast my ISP if my service speed gets too low.
    • Traefik (GH) on each seperate host
      • Using as a web proxy in front of my various services. Critical infrastructure.
    • Transmission (GH)
      • Using to get “Linux ISOs”
    • Uptime Kuma (GH)
      • Using to monitor site and services status along with a few others. Integrated with NTFY for alerts.
    • Vaultwarden
      • Using as my password manager. Have been using for years, cannot recommend enough.
    • A handful of static websites served with NGINX
      • The old standby, its been reliable as a webserver.

    These services are the result of years of development and administrating my lab and while there is still some cruft, it’s mostly services that I think have real utility.

    As far as hardware:

    • Running pfsense on a toughbook laptop as a router-firewall.

    • A SuperMicro 24 bay disk-shelf with Proxmox and ZFS for NAS duties and a couple services.

    • Lenovo Tiny boxes with a Proxmox cluster for the majority of my local services.

    • Dell managed switch

    • A few Raspberry-pi’s with Raspbian for various things.

    • Linksys AP for wifi

    Edit: Spelling is hard.

      • sneakyninjapants@sh.itjust.worksEnglish
        3·
        1 year ago

        It’s an older Panasonic ToughBook CF-C2 with an ExpressCard34 slot I’d say circa 2013. I have a gigabit Ethernet adapter jammed in there for WAN. I’ve been using the setup for maybe 8 years and it’s been ultra reliable for me.

    • samyboy@lemm.eeEnglish
      2·
      1 year ago

      That is impressive. For the sake of curiosity, do you have any photos or diagrams you could share?

      • sneakyninjapants@sh.itjust.worksEnglish
        8·
        1 year ago

        Hmmm. I don’t have a network/infrastructure diagram or anything yet, but I’ve been meaning to create one. I’ll probably put one together and post more about my setup if there’s any interest. I’ll be sure to tag you when I do. Thanks for the interest!

      • sneakyninjapants@sh.itjust.worksEnglish
        1·
        1 year ago

        I’m not sure what kind of link would be best, but sure. It’s a Dell PowerConnect-5524. Picked it up from eBay I believe maybe 6 or 7 years ago. Not a particularly great switch, but it was cheap, had plenty of expansion, and some management capabilities. Consumes more power than I’d like though (~20-25w), and doesn’t have some of the advanced capabilities of some newer switches.

        For power consumption, yes. I prefer to use power efficient devices. The big standout in my lab is the NAS and Dell switch. The NAS is running very little, but still idles at ~100-110w so I’m looking at lowering that usage with a motherboard / processor swap in the future. It’s using a server board and xenon processor which aren’t really built for power efficiency. Swapping this to a recent consumer-grade board with an i3 would likely address this, but depending on chipset I’ll probably loose ECC ram compatibility. I’d like to swap the switch to a more modern microtik 10g unit I think, with a large dumb swich; but I haven’t settled on the idea for sure.

  • Kresten@feddit.dkEnglish
    272·
    1 year ago

    Oh my jesus, does this thread really have 400+ comments

    Edit: respectfully as an atheist

  • Philip@endlesstalk.orgEnglish
    11·
    1 year ago

    Ubuntu server(Xeon CPU E5-2650 v4 with 86 GB Ram) running k3s(My home server):

    2 Ubuntu servers running k3s(VPS used for my infrastructure services)

    **Infrastructure services runing on all servers: **

    Lastly I’m hosting Lemmy on a leftover VPS, that I hadn’t used in a while. Might move to a bigger server though.

  • r0ckr@lemmy.worldEnglish
    8·
    1 year ago

    AMD EPYC 7B12 / 256GB RAM / Supermicro H12SSL-i / 4x2TB Samsung 980 Pro in ZFS RAIDZ-10

    Total overkill for what is currently running on it. But who knows what the future brings.

    Current:

    Docker-based

    • Portainer
    • SabNZBD
    • Radarr
    • Sonarr
    • Prowlarr
    • Gotify
    • Jellyfin
    • Bitwarden
    • Paperless NGX
    • Watchtower

    As a VM in Proxmox VE

    • KASM workspaces because it’s really cool
    • Random Windows 11 VM attached to KASM for some remote work
    • Random Windows Server 2022 to play around with

    As an LXC in Proxmox VE

    • Ubuntu-based SSH jump-host
    • Ubuntu-based Unifi-controller
    • Ubuntu-based crowdsec concentrator
  • Sinister_Crayon@beehaw.orgEnglish
    8·
    1 year ago

    Oh jeez… there’s quite the list. I have a Ceph cluster of 3 nodes with 15x HDD’s and 3 SSD’s… on that cluster I run some VM’s that in turn run a Docker swarm. All Ubuntu 22.04, all commodity hardware. Currently I’m running;

    • Portainer to help manage this beast
    • NGINX which proxies all my web facing services on multiple websites.
    • Wordpress for my personal site which sync my Instagram pictures to it as well
    • MariaDB Galera cluster
    • Nextcloud for file sharing but also provides lots of plugin services like a password manager, email client and so on
    • Photoprism for my photos… I use the Nextcloud client to automatically upload new pics from my phone to Nextcloud then Photoprism is attached to that same library
    • OnlyOffice as a plugin to Nextcloud to allow O365-like functionality
    • ElasticSearch plugged into Nextcloud for full-text searching
    • OpenProject for project management in my own businesses
    • Jellyfin and Plex both attached to the same media library
    • E-Mail using Docker-Mailserver… so Postfix with a bunch of ancillary tools for 3 domains
    • Droppy as a quick-and-dirty file repo for when I need to get files to people easily
    • FreePBX (Asterisk) with 4 extensions around the house
    • MeshCentral for managing my family’s PC’s and also doing remote tech support for family, friends and customers as necessary
    • FOGProject for imaging PC’s and VM’s as necessary
    • ReactiveResume
    • Docker Registry set up as a caching proxy
    • YoutubeDL-Material
    • Karaoke Eternal for those nights when you just get drunk enough to karaoke

    Then there’s a whole host of ancillary services; BackupPC, Unifi controller container, piHole on a couple of Raspberry Pi’s, ts-dnsserver for internal DNS management… probably a dozen other containers and tools I’m forgetting.

    Oh yeah, and a Synology NAS as a backup target :)

    • jcg@halubilo.socialEnglish
      2·
      1 year ago

      What’s it like hosting your own mail? Been considering it for a while but Gmail features/spam filter/deliverability has been tough to beat.

      • Sinister_Crayon@beehaw.orgEnglish
        2·
        1 year ago

        Well, consider I’ve run my own mailserver on one of those domains since 2001 so I’ve had plenty of time to “grow” with it. I have no issues with GMail and the like but as I said my domain has been around a long time and so I may well be grandfathered in a lot.

        Having said all that, even with my newest domain (less than a year old) I don’t have any issues so long as I make sure to comply with all the caveats around ensuring my MX records are good, making sure my DMARC, SPF, DKIM and even PTR and reverse DNS records are all in place (the latter is one a LOT of people forget when self-hosting but reverse lookups are a big deal with mail). The amount of mail that my mail server spam-buckets from domains with only forward lookups and no reverse is astounding. But having said that it’s a GREAT way to block spam.

        Finally, mail on residential IP blocks or even a lot of cloud provider blocks are just plain not good for mail hosting. One of my MX hosts is on a Linode which gets blacklisted periodically in one of the less reputable blacklists, but it usually doesn’t affect mail flow all that much. I do subscribe to services to monitor for blacklist listings and delistings for my IP’s as well mostly to keep track but it’s handy to know if there might be something wrong with your mailserver.

        Mail hosting isn’t for the faint of heart… but once it works it pretty much just works. My primary personal domain I haven’t changed anything in a couple of years… and I’ve had no need to change much with the mail server itself. It comes out of the box with some nice secure settings and it’s kinda nice to have two decades of mail I can refer back to on an IMAP server :)

      • Sinister_Crayon@beehaw.orgEnglish
        2·
        1 year ago

        No, that’s what I’m using. Thankfully it works fine and I don’t worry too much about security because I just leave it turned off until I need it. The “/droppy” url directs to it but if it’s off then it just throws an error back.

          • stueja@feddit.deEnglish
            2·
            1 year ago

            Script kiddies these days got really fast. Configured a new subdomain, started droppy, within a couple seconds, all types of requests were visible in the log.

  • Stimmed@reddthat.comEnglish
    113·
    1 year ago

    As an offensive security worker… I can’t help but read people listing out their attack surface 😂

    • AyyLMAO@exploding-heads.comEnglish
      14·
      1 year ago

      My RISV-V server (I have removed all binary blobs and have no closed source code ofc) is airgapped inside a Faraday cage.

      For security reasons I never turn it on.

      • sshff@lemmy.sdf.orgEnglish
        1·
        1 year ago

        All my deploys are written in binary on a stack of index cards that we then burn, put in a zip lock bag, encase in concrete, surround in a welded closed steel box, and throw in the Mariana Trench. The documentation sucks though.

    • linearchaos@lemmy.worldEnglish
      5·
      1 year ago

      I’m not sure the list is really that big of a deal for a home gamer. They’re probably more in danger from their choice of home audio appliances and that microwave that has been sitting on their network for 10 years which no longer gets updates. Or that 2019 Plex server they have put forwarded straight outside.

      It’s actually one of my beefs with containers, You can’t keep track of The versions for everything and you’re at the mercy of the maintainers to keep individual packages updated.

    • punkskunk@sh.itjust.worksEnglish
      0·
      1 year ago

      Question from someone learning security - if no firewall ports are opened and UPnP is off, does running these sorts of services on your LAN substantially increase your attack surface? I imagined risks were minimal outside of running a compromised application.

      • Stimmed@reddthat.comEnglish
        1·
        1 year ago

        It was meant more as a joke than criticizing hosting your own services. I personally have a VPN with MFA, and services that I host for my self that are segmented to a paranoid level (home camera system on own vlan, restricted from being able to reach any other vlan or the Internet, etc) with a deny all and explicit allows on per host and traffic type. The amount of work that went into building the network is probably overkill, and it is still susceptible to nation state and supply chain compromise but hopefully whoever gets in will curse me if they try to move around the network.

        Realistically, every added service and host is added attack surface and chances for misconfiguration \ supply chain attack, but being alive is a risk too…

        I’m guessing system admins and dev op is over represented here so some of our home networks may be targeted as a path into a corporate environment, but I’m guessing the chances are low. Sadly even the most secure networks are not an impossible target. The attackers are well ahead of defenders of networks. Attackers need exceptions, while defenders need everything perfect. Much harder to accomplish.

        • punkskunk@sh.itjust.worksEnglish
          2·
          1 year ago

          Thanks, I agree with you and have a similar approach. I’m mostly interested in learning best practices, I don’t bother hosting juicy targets like Bitwarden. If an attacker really wants to put in the work to get the scanned manual for my 2009 Black & Decker toaster oven I probably can’t stop them.

          • Stimmed@reddthat.comEnglish
            2·
            1 year ago

            For best practice, my personal recommendation would be to not have any service public facing besides a VPN that requires MFA. segment self hosted services into separate VLANs based on how sensitive the content is. Disallow all traffic between VLANs unless required and only allow based on port number, specific resources needed. Don’t forgot to disable outgoing Internet access unless required. Devices like Chinese made video cameras should never have an Internet connection.

            My network looks something like: home vlan, work vlan, Netflix \ hulu streaming devices, cctv, wireless work, wireless home, wireless guest, iot, servers, network management. Would be way overkill for vast majority of people, but I would be hypocritical not to considering what I do and I do have a different threat profile than most.

            Another thought: self hosted through VPN with MFA and nothing public facing is probably safer than cloud as long as you have cold backups.

      • HegemonSushi@lemmy.worldEnglish
        0·
        1 year ago

        You’d hope, but I have a few friends who simply port-expose their media servers.

        I guess it could be worse if they had ssh exposed.

        • constantokra@lemmy.oneEnglish
          1·
          1 year ago

          I’ll have to disagree with you there. SSH is super well maintained and understood, and massively useful for the risk you do run. Who knows what’s going on with all the random projects people are hosting. I’d rather have SSH exposed than almost anything else.

          What would you do to provide access to some less tech savvy friends. I’m thinking of dropping a SBC with wireguard and a proxy onto a friend’s network, that way everything is under my control, and I can lock down the wireguard connection however I want, but I haven’t gone down that route yet.

          • HegemonSushi@lemmy.worldEnglish
            2·
            1 year ago

            I was thinking more along the lines of simply thowing up a port to SSH into. No Fail2Ban and no keys, just a password.

            I would just containerize and reverse proxy, but I understand the hesitation, wireguard would be preferable.

  • smolgumball@lemmy.worldEnglish
    7·
    1 year ago

    A few LAN Minecraft instances for my wife and I, a personal Git server, Plex, SMB file share, and a few Docker containers on a MINISFORUM UM690 Mini PC. Been very happy with that little machine!

    • Cipher@beehaw.orgEnglish
      1·
      1 year ago

      I’m considering throwing a pi4 at Lemmy. How’s it going for you? Can you tell me about specific struggles you’ve had?

  • NovoDuck@beehaw.orgEnglish
    7·
    1 year ago

    Currently all LAN only, still in the experimental stage finding out what’s useful/preferable to me and what I want to keep:

    KEEPING
    Pi-Hole - ad/malware/tracker blocking
    Portainer - Easy Docker
    Syncthing - Sync folders between devices
    Planka - Kanban board
    I.T. Tools - Handy I.T. Tools
    Bookstack - Personal documentation
    Mealie - Recipe manager/meal planner
    Jellyfin + usual accompaniments - Media Management
    Navidrome - Music library
    Changedetection - Stock monitoring
    Gotify - For push notifications from other apps
    Filebrowser
    That Word Game ;)

    UNDECIDED (may swap for alternatives or just remove)
    Organizr - Homepage
    Jump - Homepage
    Homepage - Yup, another homepage!
    Linkding - Bookmarks
    Shiori - Pocket replacement
    Etebase - CalDAV & CardDAV
    Whoogle - Google without the crap
    Photoprism - Photo management
    Libreddit (not being used now!)
    QBittorrent - for Linux ISOs
    Uptime-Kuma (for when I do open a few services to family)
    Ryot (beta) “Roll Your Own Tracker” - Media Tracker

    PLANNING TO ADD
    Reverse-proxying (likely NPM) + Security (Fail2Ban, Autheilia?)
    Audiobooks
    Comic book management
    Translation service
    Document manager
    Home Assistant on its own Pi4 when I can get hold of one

  • thiccdiccnicc@sh.itjust.worksEnglish
    6·
    1 year ago

    On 3 Rpis and a NAS around my home:

    • Nextcloud - Google replacement

    • Actual Budget - YNAB type server that’s super simple and meets my needs

    • Apache web server - portal to my projects

    • PiHole - DNS pass/allow list

    • PiVPN - Allows me to connect to my home VPN when abroad

    • 2009Scape - A little RuneScape Private Server I turn on and off on my desktop when I’d like to afk at work

    • Docker - A couple docker instances - one on my test pi I use to roll out onto my “prod” servers

    • Backup server - 14TB backup with an offsite copy :D

    • Joplin - Note-taking app - barely a server connected through Nextcloud

    • Plex - Everyone knows about Plex - I’m thinking of switching to JellyFin

    • rtorrent - kinda old-school compared to the *arr programs but I enjoy manually downloading all my media :)

    Hope I’m not forgetting any!

  • Shertson@lemmy.worldEnglish
    6·
    1 year ago

    This assortment is run under a combination of Proxmox LXC containers, docker containers, and Yunohost. Mostly I use it to play around, but most are heavily used by my wife and I. I’m planning to rebuild everything and making things more “official”. Looking to convert from a “lab” to actually making it “production” with solid failure routes and backups. I am looking to move anything currently under Yunohost to docker/lxc and to start making use of podman. Recently saw CosmOS and think it might be a good alternative to portainer.

    Hardware:

    • Node 1: Lenovo m93p tiny with 16GB RAM and 250GB SSD - Proxmox
    • Node 2: Lenovo m93p tiny with 16GB RAM and 250GB SSD - Proxmox
    • Node 3: Gigabyte Brix with 16GB RAM and 500GB Sata SSD, 128GB m.2 SSD - Proxmox
    • Node 4: Trigkey Green G3 with 16GB RAM and 1TB Sata SSD - Proxmox
    • TPLink managed switch
    • TerraMaster 2-bay NAS with 2x 2TB HD (NFS host for containers)
    • Synology ds220j NAS with 2x 8TB HD (backup of home desktops, laptops, cell phones, and lab systems)
      • Shertson@lemmy.worldEnglish
        3·
        1 year ago

        LOL

        No, just a hobby. Been playing around for about a year. It started small with an old mac mini and Yunohost. Then I decided to play with Proxmox and bought a used m93p. Then I read about Proxmox clusters, so I got another m93p. I was going to use the mac mini in the cluster, but it was getting too slow, so I bought the Brix. Then I decided to migrate the Yunohost setup over to a VM in Proxmox. Then I figured I should learn a bit about docker. And it spiraled.

        I spend maybe 10-12 hours a month on installation and configuration. I spend way more time using it. A couple of weeks ago I spent about 15 hours over the weekend importing/uploading my audiobooks into AudioBookShelf. Last year I spent several weekends getting my Calibre library in shape and moving it to the web.

        I figure this is a much cheaper and safer hobby than drinking.

  • !ozoned@lemmy.world@beehaw.orgEnglish
    6·
    1 year ago
    • Jellyfin - Media streaming type app - basically use it for movies/shows and pictures.
    • Joplin - Note taking app
    • Syncthing - Sync for phones to PC for backing up pictures
    • Miniflux - RSS reader
    • Minetest - FOSS Minecraft voxel engine
    • Veloren - FOSS Cubeworld game written in Rust
    • GoToSocial - Microblogging server - aka Twitter/Mastodon
    • Semaphore - Frontend for GoToSocial
    • SearXNG - Search engine
    • Conduit - Matrix server - chat
    • Libremdb - IMBD frontend
    • Invidious - Youtube frontend
    • Nitter - Twitter frontend
    • Libreddit - Reddit frontend
    • Rimgo - Imgur frontend
    • Proxitok - TikTok frontend

    Failed to get working:

    • Mobilizon - FB groups type alternative
    • Peertube - YT alternative on the Fediverse
    • Lemmy - Tried for a day and just couldn’t get it working. Found out there are issues with Rocky Linux and Lemmy that broke about two months ago but no further work was done it. I’ll try again someday.