Either self-hosted or cloud, I assume many of you keep a server around for personal things. And I’m curious about the cool stuff you’ve got running on your personal servers.
What services do you host? Any unique stuff? Do you interact with it through ssh, termux, web server?
This might be a better question for !selfhosted
Lenovo ThinkStation P330 Tiny. Debian + Podman systemd quadlets, running these services:
- Jellyfin
- Sonarr
- Radarr
- Qbittorrent w/ VPN
- Linkwarden
- Calibre Web
- Immich
- Lidare
- Postgres
- Prowlarr
- Vaultwarden
Do you have any tips (or examples) using quadlets? I tried using them but I couldn’t wrap my head around them.
I used this guide https://www.redhat.com/sysadmin/quadlet-podman
I have a folder on my in my home folder called containers symlinked to /etc/containers/systemd with my .container files. This is my jellyfin.container for using the Nvidia Quadro on my server.
[Unit]
Description=Podman - Jellyfin
Wants=network-online.target
After=network-online.target
Requires=nvidia-ctk-generate.service
After=nvidia-ctk-generate.service
[Container]
Image=lscr.io/linuxserver/jellyfin:latest
AutoUpdate=registry
ContainerName=jellyfin
Environment=PUID=1000
Environment=PGID=100
Environment=TZ=America/St_Johns
Environment=DOCKER_MODS=ghcr.io/gilbn/theme.park:jellyfin
Environment=TP_THEME=dracula
Volume=/home/eric/services/jellyfin:/config
Volume=/home/eric/movies:/movies
Volume=/home/eric/tv:/tv
Volume=/home/eric/music:/music
PublishPort=8096:8096
PublishPort=8920:8920
PublishPort=7359:7359/udp
PublishPort=1900:1900/udp
AddDevice=nvidia.com/gpu=all
SecurityLabelDisable=true
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
I use sudo podman auto-update to update the images to utilize the AutoUpdate=registry option.
Two old HP thin client PCs configured as 4TB SFTP file servers using vsftpd on Debian. Each one uses software RAID 1 with both an NVMe and SATA SSD internally, and are in two separate locations with a cron job which syncs one to the other every 24 hours.
People who actually know what they are doing will probably find this silly, but I had fun and learned a lot setting it up.
tell me about the cron thing. im thinking of doing just that on mine for backup.
are you scping them together?
I am using lftp and mirror. One server functions as the “main” server, which mirrors the backup server to itself once per day at a specific time (they both run 24/7 so I set it to run very early in the morning when it is unlikely to be accessed).
In my crontab I have:
# # * * * /usr/bin/lftp -e "mirror -eRv [folder path on main server] [folder path on backup server]; quit;" sftp://[user]@[address of backup server]:[port number]
On my Raspberry Pi 4 4gb with encrypted sd is:
- pihole
- wireguard server
- vaultwarden
- cloudflare ddns
- nginx proxy manager
- my website
- ntfy server
- mollysocket
- findmydevice server
- watchtower
Pi is overkill for this kind of job. Load average is only 0.7% and ram usage is only 400M
That was really hard to do. I created a note for myself and I will also publish it on my website. You can also decrypt the sd using fido2 hardware key (I have a nitrokey). If you don’t need that just skip steps that are for fido2.
The note:
Download the image.
Format SD card to new DOS table:
- Boot: 512M 0c W95 FAT32 (LBA)
- Root: 83 Linux
As root:
xz -d 2023-12-11-raspios-bookworm-arm64-lite.img.xz
losetup -fP 2023-12-11-raspios-bookworm-arm64-lite.img
dd if=/dev/loop0p1 of=/dev/mmcblk0p1 bs=1M
cryptsetup luksFormat --type=luks2 --cipher=xchacha20,aes-adiantum-plain64 /dev/mmcblk0p2
systemd-cryptenroll --fido2-device=auto /dev/mmcblk0p2
cryptsetup open /dev/mmcblk0p2 root
dd if=/dev/loop0p2 of=/dev/mapper/root bs=1M
e2fsck -f /dev/mapper/root
resize2fs -f /dev/mapper/root
mount /dev/mapper/root /mnt
mount /dev/mmcblk0p1 /mnt/boot/firmware
arch-chroot /mnt
In chroot:
apt update && apt full-upgrade -y && apt autoremove -y && apt install cryptsetup-initramfs fido2-tools jq debhelper git vim -y
git clone https://github.com/bertogg/fido2luks && cd fido2luks
fakeroot debian/rules binary && sudo apt install ../fido2luks*.deb
cd .. && rm -rf fido2luks*
Edit /etc/crypttab:
root /dev/mmcblk0p2 none luks,keyscript=/lib/fido2luks/keyscript.sh
Edit /etc/fstab:
/dev/mmcblk0p1 /boot/firmware vfat defaults 0 2
/dev/mapper/root / ext4 defaults,noatime 0 1
Change root to /dev/mapper/root and add cryptdevice=/dev/mmcblk0p2:root to /boot/firmware/cmdline.txt.
PATH="$PATH:/sbin"
update-initramfs -u
Exit chroot and finish!
umount -R /mnt
I have an orangepi zero 3 with pihole
Then an ITX PC with
-
mealie (meal planner, recipe parser, grocery list maker with a bunch of features and tools)
-
immich for self hosting a google photos alternative
-
*arr stack for torrenting Linux ISOs
-
Jellyfin for LAN media playing
-
home assistant for my VW car, our main hanging renovation lights, smoke and CO monitors, and in the future, all of the KNX smart systems in our house
-
Syncthing for syncing photo backup and music library with phone
-
Bookstack for a wiki, todos, journal, etc… (Because I didn’t want to install better services for journals when I don’t use it much)
-
paperless-ngx for documents
-
leantime for managing my personal projects, tasks, and timing
-
Valheim game server
-
Calibre-web for my eBook library backup
-
I had nextcloud but it completely broke on an update and I can’t even see the login fields anymore, it just loads forever until it takes down my network and server, so I ditched it since I never used it anyway
-
crowdsec for much better (preemptive) security than fail2ban
-
traefik for reverse proxy
