• paequ2@lemmy.todayEnglish
    9·
    2 hours ago

    Actually, one thing I want to do is switch from services being on a subdomain to services being on a path.

    immich.myserver.com -> myserver.com/immich
jellyfin.myserver.com -> myserver.com/jellyfin

    I’m getting tired of having to update DNS records every time I want to add a new service.

    I guess the tricky part will be making sure the services support this kind of routing…

    • suicidaleggroll@lemmy.worldEnglish
      2·
      48 minutes ago

      Why are you having to update your DNS records when you add a new service? Just set up a wildcard A record to send *.myserver.com to the reverse proxy and you never have to touch it again. If your DNS doesn’t let you set wildcard A records, then switch to a better DNS.

    • CorvidCawder@sh.itjust.worksEnglish
      7·
      2 hours ago

      Wildcard CNAME pointing to your reverse proxy who then figures out where to route the request to? That’s what I’ve been doing - this way there’s no need to ever update DNS at all :)

      I find the path a bit clunky because the apps themselves will oftentimes get confused (especially front-ends). So keeping everything “bare” wrt path, and just on “separate” subdomains is usually my preferred approach.

    • shadowtofu@discuss.tchncs.deEnglish
      2·
      2 hours ago

      I had the same idea, but the solution I thought about is finding a way to define my DNS records as code, so I can automate the deployment. But the pain is tolerable so far (I have maybe 30 subdomains?), I haven’t done anything yet

  • jeffep@lemmy.worldEnglish
    9·
    3 hours ago

    Can’t believe nobody here mentioned nixOS so far? How about moving all of your configs in a flake and manage all of your systems with it?

    • yabbadabaddon@lemmy.zipEnglish
      1·
      36 minutes ago

      I already have Ansible to manage my system and I like to have the same base between my pc and my server build muscle memory.

      If I was managing a pc fleet I would consider NixOS, but I don’t see the appeal right now.

    • FauxLiving@lemmy.worldEnglish
      6·
      3 hours ago

      I made a git repo and started putting all of my dot files in a Stow and then I forgot why I was doing it in the first place.

      • tal@lemmy.todayEnglish
        1·
        2 hours ago

        So that when setting up a new system, you can migrate all your user configuration easily, while also version-controlling it.

        • FauxLiving@lemmy.worldEnglish
          3·
          2 hours ago
          git commit --message 'So that when setting up a new system, you can migrate all your user configuration easily, while also version-controlling it.'
  • irmadlad@lemmy.worldEnglish
    2·
    2 hours ago

    OP, totally understand, but this is a level of success with your homelab. Nothing needs fiddling with. Now, there is a whole Awesome Self Hosted list you could deploy on a non-production server and run that through the paces.

        • Caveman@lemmy.worldEnglish
          7·
          4 hours ago

          I set my homelab up on Bazzite immutable with podman and SELinux. It took a while to work everything out and have it boot up into a valid state hahaha

              • epicshepich@programming.devEnglish
                1·
                22 minutes ago

                I honestly don’t know a ton about immutable distros other than that they let you front-load some difficulty in getting things set up in exchange for making it harder to break. I was just surprised that the distro of choice was Bazzite, since its target audience seems to be gamers.

        • The Stoned Hacker@lemmy.worldEnglish
          3·
          5 hours ago

          It’s not that difficult to get SELinux working with podman quadlets, especially if you run things rootless. I have a kerberized service account for each application I host and my quadlets are configured to run under those. I very rarely encounter applications that simoky can’t be run rootless but I usually can find an adequate alternative. I think right now the only thing that runs as root is one of the talk or collabora containers in my nextcloud stack. No selinux issues either.

          • epicshepich@programming.devEnglish
            1·
            4 hours ago

            I use podman-compose with system accounts and I don’t have a ton of issues. The biggest one is that I can’t seem to get bluetooth and pip working on Home Assistant at the same time. Most of the servers I manage have SELinux and it works fine as long as I use :z/:Z with bind mounts.

            A few years ago, I set up a VPS for my friend’s business; at the time, I didn’t know how to work with SELinux so I just turned it off. I tried to flip it back on, and it somehow bricked the system. We had to restore from a backup. Since then, I’ve been afraid to enable it on my flagship homelab server.

            • WhyJiffie@sh.itjust.worksEnglish
              1·
              4 hours ago

              are you sure it really bricked it? when turning it on, on next boot it needs to go over all the files and retag them or something like that, and it can take a significant amount of time

              • epicshepich@programming.devEnglish
                1·
                3 hours ago

                Honestly, I don’t know what happened, but it was unreachable via SSH and the web console. There shouldn’t have been a ton of files to tag since it was an Almalinux system that started with SELinux enabled, and all we added was a container app or two.

  • jenings@lemmy.worldEnglish
    2·
    3 hours ago

    Started running unmanic on my plex library to save hard drive space since apparently the powers that be don’t want us to even own hard drives anymore. So far it’s going great, it’ll probably take weeks since I don’t have a gpu hooked up to it

  • DownByLaw@sh.itjust.worksEnglish
    26·
    6 hours ago

    Have you already tried implementing an identity provider like Authentik, so you can add OIDC and ldap for all your services, while you are the only one that’s using them? 🤔

    • Pumpkin Escobar@lemmy.worldEnglish
      11·
      6 hours ago

      Behind a traefik reverse proxy with lets encrypt for ssl even though the services aren’t exposed to the internet?

      • suicidaleggroll@lemmy.worldEnglish
        1·
        40 minutes ago

        Who cares if it’s exposed to the internet?

        1. Encrypting your local traffic is still valuable to protect your systems from any bad actors on your local network (neighbor kid cracks your wifi password, some device on your network decides to start snooping on your local traffic, etc)

        2. Many services require HTTPS with a valid cert to function correctly, eg: Bitwarden. Having a real cert for a real domain is much simpler and easier to maintain than setting up your own CA

  • nucleative@lemmy.worldEnglish
    13·
    6 hours ago

    Never run:

    docker compose pull
docker compose down
docker compose up -d

    Right before the end of your day. Ask me how I know 😂

    • irmadlad@lemmy.worldEnglish
      1·
      2 hours ago

      Right before the end of your day

      Oh, gosh, I did this last evening. I didn’t check what time it was, and initiated an update on some 70 containers. I have a cron that shuts down the server in the evening, and sure enough, right in the middle of the updates, it powered off. I didn’t even mess with it and went to bed. Re-initiated the update this morning, and everything is up and running. Whew!

    • shym3q@programming.devEnglish
      7·
      5 hours ago

      compose up will automatically recreate with newer images if the new one were pulled. so there is no need for compose down btw

  • FauxLiving@lemmy.worldEnglish
    21·
    7 hours ago

    The comments in this thread have collectively created thousands of person-hours worth of work for us all…