A simple question to this community, what are you self-hosting? It’s probably fun to hear from each-other what services we are running.

Please mention at least the service (e.g. e-mail) and the software (e.g. postfix). Extra bonus points for also mentioning the OS and/or hardware (e.g. Linux Distribution, raspberry pi, etc) you are running on.

  • Ruud@lemmy.worldM
    link
    fedilink
    English
    arrow-up
    39
    arrow-down
    1
    ·
    1 year ago

    I host:

    Fedi servers

    • lemmy.world
    • mastodon.world
    • calckey.world
    • pool.social
    • musicworld.social
    • akkoma.nl
    • ruud.social
    • fotofed.nl
    • fediland.nl
    • blog.mastodon.world
    • play-my.video

    Software I use

    • Nginx Proxy Manager
    • Portainer
    • Kimai
    • Xwiki (3 of them)
    • Cryptpad
    • Grafana
    • Hedgedoc
    • Matrix/Synapse
    • Thelounge
    • Vaultwarden
    • Gitea
    • Nextcloud
    • Paperless-ngx
    • Zabbix
    • Zammad

    Probably forgot some…

  • sneakyninjapants@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    29
    ·
    edit-2
    1 year ago

    My long and mostly complete list:

    • Audiobookshelf (GH)
      • Using for audiobooks. Ebooks, comics, and podcast support in early stages.
    • Authelia (GH)
      • Using for two-factor authentication in front of all of my services. Critical infrastructure.
    • Bazarr (GH)
      • Using for automated subtitle management. Have not needed to rely on it much.
    • Code-Server (GH)
      • Using for a plethora of things. I could write an entire post on this alone.
    • Courier
      • Using (occasionally) for package-tracking from various carriers.
    • EmulatorJS
      • Using for retro-emulation.
    • Gitea (GH) x2
      • Using as a git repo server, package repository, and for CI/CD automation. Is critical infrastructure in my lab. Could also write an entire post on this one.
    • Headscale with Headscale-UI. Tailscale clients on various VMs LXCs, etc.
      • Using to securely network with my remote servers.
    • Homepage
      • Using as a “single-pane-of-glass” to get an overview of service health with links to the various services.
    • Invidious
      • Using in-place of YouTube.
    • IT-Tools (GH)
      • Using for the myriad of various useful tools it offers.
    • Jellyfin (GH)
      • My media player of choice. Using for movies and television, but supports music, ebooks, and photos in addition.
    • Kopia Server (GH)
      • Using for data backups to my Minio instance on local NAS and Wasabi. Simple, fast, and reliable.
    • Librespeed (GH)
      • Using for the occasional speedtest to my remote servers.
    • Matrix stack using Conduit back end and Element-Web front end
      • Federated Discord essentially. Using as a private instance for friends and family.
    • Minio
      • Using primarily as a gateway to storing backups, also serves git-lfs for Gitea.
    • N8N (GH)
      • Using for home-automation, backing up my Reddit saved posts to a database, deal-alerts, and part of a CI/CD pipeline.
    • NTFY (GH)
      • Using for infrastructure notifications mostly. Very simple and versatile alerting solution.
    • NZBGet
      • Using for getting “usenet articles”.
    • Paperless-NGX
      • Using for document archival. Important receipts, documentation, letters, etc. live here.
    • Portainer (GH) with multiple agents on VM’s LXCs and VPSs
      • High level management of my various docker containers.
    • Prowlarr
      • Using to provide torznab API to websites that dont natively have it. Integrates with Radarr and Sonarr
    • Radarr (GH)
      • Using for movie management.
    • Radicale
      • Using for contacts and calendar server.
    • Raneto (GH)
      • Using as a knowledge base. Lab documentation, lists, recipes, lots of things live here. Using with with code-server and Gitea.
    • Readarr (GH)
      • Using for book management
    • Recyclarr (GH)
      • Using for Radar and Sonarr to sync search terms for their automations. Very useful, hard to summarize.
    • Requestrr
      • Using (very rarely) as a requests bot for Radarr and Sonarr.
    • SFTP-Go
      • Using mostly in-place of Nextcloud. Used to back up phones mostly.
    • Shaarli (GH)
      • Using as a read-it-later service. Went through lots of these, and Shaarli has been good enough.
    • Singlefile-Archive
      • A hacky way of presenting pages saved with the singlefile browser extension. Not exactly happy with the solution, but for my ocasional use it does work.
    • Sonarr (GH)
      • Using as TV series manager
    • Speedtest-Tracker (GH)
      • Using to get periodic speedtests. Plan to automate results to blast my ISP if my service speed gets too low.
    • Traefik (GH) on each seperate host
      • Using as a web proxy in front of my various services. Critical infrastructure.
    • Transmission (GH)
      • Using to get “Linux ISOs”
    • Uptime Kuma (GH)
      • Using to monitor site and services status along with a few others. Integrated with NTFY for alerts.
    • Vaultwarden
      • Using as my password manager. Have been using for years, cannot recommend enough.
    • A handful of static websites served with NGINX
      • The old standby, its been reliable as a webserver.

    These services are the result of years of development and administrating my lab and while there is still some cruft, it’s mostly services that I think have real utility.

    As far as hardware:

    • Running pfsense on a toughbook laptop as a router-firewall.

    • A SuperMicro 24 bay disk-shelf with Proxmox and ZFS for NAS duties and a couple services.

    • Lenovo Tiny boxes with a Proxmox cluster for the majority of my local services.

    • Dell managed switch

    • A few Raspberry-pi’s with Raspbian for various things.

    • Linksys AP for wifi

    Edit: Spelling is hard.

  • Kresten@feddit.dk
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    2
    ·
    edit-2
    1 year ago

    Oh my jesus, does this thread really have 400+ comments

    Edit: respectfully as an atheist

  • Philip@endlesstalk.org
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    1 year ago

    Ubuntu server(Xeon CPU E5-2650 v4 with 86 GB Ram) running k3s(My home server):

    2 Ubuntu servers running k3s(VPS used for my infrastructure services)

    Infrastructure services runing on all servers

    Lastly I’m hosting Lemmy on a leftover VPS, that I hadn’t used in a while. Might move to a bigger server though.

  • Stimmed@reddthat.com
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    3
    ·
    1 year ago

    As an offensive security worker… I can’t help but read people listing out their attack surface 😂

    • AyyLMAO@exploding-heads.com
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      My RISV-V server (I have removed all binary blobs and have no closed source code ofc) is airgapped inside a Faraday cage.

      For security reasons I never turn it on.

      • sshff@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        All my deploys are written in binary on a stack of index cards that we then burn, put in a zip lock bag, encase in concrete, surround in a welded closed steel box, and throw in the Mariana Trench. The documentation sucks though.

    • linearchaos@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I’m not sure the list is really that big of a deal for a home gamer. They’re probably more in danger from their choice of home audio appliances and that microwave that has been sitting on their network for 10 years which no longer gets updates. Or that 2019 Plex server they have put forwarded straight outside.

      It’s actually one of my beefs with containers, You can’t keep track of The versions for everything and you’re at the mercy of the maintainers to keep individual packages updated.

      • HegemonSushi@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        You’d hope, but I have a few friends who simply port-expose their media servers.

        I guess it could be worse if they had ssh exposed.

        • constantokra@lemmy.one
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I’ll have to disagree with you there. SSH is super well maintained and understood, and massively useful for the risk you do run. Who knows what’s going on with all the random projects people are hosting. I’d rather have SSH exposed than almost anything else.

          What would you do to provide access to some less tech savvy friends. I’m thinking of dropping a SBC with wireguard and a proxy onto a friend’s network, that way everything is under my control, and I can lock down the wireguard connection however I want, but I haven’t gone down that route yet.

          • HegemonSushi@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            I was thinking more along the lines of simply thowing up a port to SSH into. No Fail2Ban and no keys, just a password.

            I would just containerize and reverse proxy, but I understand the hesitation, wireguard would be preferable.

      • Stimmed@reddthat.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        It was meant more as a joke than criticizing hosting your own services. I personally have a VPN with MFA, and services that I host for my self that are segmented to a paranoid level (home camera system on own vlan, restricted from being able to reach any other vlan or the Internet, etc) with a deny all and explicit allows on per host and traffic type. The amount of work that went into building the network is probably overkill, and it is still susceptible to nation state and supply chain compromise but hopefully whoever gets in will curse me if they try to move around the network.

        Realistically, every added service and host is added attack surface and chances for misconfiguration \ supply chain attack, but being alive is a risk too…

        I’m guessing system admins and dev op is over represented here so some of our home networks may be targeted as a path into a corporate environment, but I’m guessing the chances are low. Sadly even the most secure networks are not an impossible target. The attackers are well ahead of defenders of networks. Attackers need exceptions, while defenders need everything perfect. Much harder to accomplish.

          • Stimmed@reddthat.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            For best practice, my personal recommendation would be to not have any service public facing besides a VPN that requires MFA. segment self hosted services into separate VLANs based on how sensitive the content is. Disallow all traffic between VLANs unless required and only allow based on port number, specific resources needed. Don’t forgot to disable outgoing Internet access unless required. Devices like Chinese made video cameras should never have an Internet connection.

            My network looks something like: home vlan, work vlan, Netflix \ hulu streaming devices, cctv, wireless work, wireless home, wireless guest, iot, servers, network management. Would be way overkill for vast majority of people, but I would be hypocritical not to considering what I do and I do have a different threat profile than most.

            Another thought: self hosted through VPN with MFA and nothing public facing is probably safer than cloud as long as you have cold backups.

  • r0ckr@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    1 year ago

    AMD EPYC 7B12 / 256GB RAM / Supermicro H12SSL-i / 4x2TB Samsung 980 Pro in ZFS RAIDZ-10

    Total overkill for what is currently running on it. But who knows what the future brings.

    Current:

    Docker-based

    • Portainer
    • SabNZBD
    • Radarr
    • Sonarr
    • Prowlarr
    • Gotify
    • Jellyfin
    • Bitwarden
    • Paperless NGX
    • Watchtower

    As a VM in Proxmox VE

    • KASM workspaces because it’s really cool
    • Random Windows 11 VM attached to KASM for some remote work
    • Random Windows Server 2022 to play around with

    As an LXC in Proxmox VE

    • Ubuntu-based SSH jump-host
    • Ubuntu-based Unifi-controller
    • Ubuntu-based crowdsec concentrator
  • NovoDuck@beehaw.org
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    1 year ago

    Currently all LAN only, still in the experimental stage finding out what’s useful/preferable to me and what I want to keep:

    KEEPING
    Pi-Hole - ad/malware/tracker blocking
    Portainer - Easy Docker
    Syncthing - Sync folders between devices
    Planka - Kanban board
    I.T. Tools - Handy I.T. Tools
    Bookstack - Personal documentation
    Mealie - Recipe manager/meal planner
    Jellyfin + usual accompaniments - Media Management
    Navidrome - Music library
    Changedetection - Stock monitoring
    Gotify - For push notifications from other apps
    Filebrowser
    That Word Game ;)

    UNDECIDED (may swap for alternatives or just remove)
    Organizr - Homepage
    Jump - Homepage
    Homepage - Yup, another homepage!
    Linkding - Bookmarks
    Shiori - Pocket replacement
    Etebase - CalDAV & CardDAV
    Whoogle - Google without the crap
    Photoprism - Photo management
    Libreddit (not being used now!)
    QBittorrent - for Linux ISOs
    Uptime-Kuma (for when I do open a few services to family)
    Ryot (beta) “Roll Your Own Tracker” - Media Tracker

    PLANNING TO ADD
    Reverse-proxying (likely NPM) + Security (Fail2Ban, Autheilia?)
    Audiobooks
    Comic book management
    Translation service
    Document manager
    Home Assistant on its own Pi4 when I can get hold of one

    • Ruapho@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Long Time Developer always googling for specific tools when needed just learned about I.T. Tools. Thanks.

    • constantokra@lemmy.one
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      How are you liking shiori? I’ve not found a bookmark manager that’s worth going through my horrible mess of bookmarks yet, but the offline archive option looks interesting.

      • NovoDuck@beehaw.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 year ago

        To be honest I’ve not really used it very much, but it’s functional and simple. I have nothing against it, other than “If I’ve not really used it, do I really need it?” (hence it being on my “Undecided” list.
        It’s worth mentioning the docker hub image is very out of date, but the github is active as someone else took over.

        • constantokra@lemmy.one
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          That is worth mentioning, thanks. I probably would have missed it and thoughtbit wasn’t active.

      • NovoDuck@beehaw.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Thanks for the rec! I did try to install Paperless-ngx once, had an issue (I forget what now) and tried Papermerge instead (not impressed with that one). I’ll have to have another go at getting it working.

  • CAVOK@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    I run an I2P instance and I’m starting to look at Plex. I wonder if those can be combined.

  • legion@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Part of my Reddit exodus plan was to get serious about my RSS setup.

    I’ve settled on:

    • FreshRSS as my feed manager (supported by Reeder app in iOS and MacOS)
    • FiveFilters Full Text extractor
    • rss-proxy site scraper

    I may experiment with some replacements for rss-proxy, as I’ve run into a couple sites it doesn’t scrape well, but FreshRSS and FiveFilters have been smashing successes.

    • proycon@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Nice, RSS is great indeed. I use it extensively as well, but I didn’t even realize it was a thing people ran as a service on a server. I hadn’t heard of FreshRSS etc. I personally just run newsboat from my desktop/laptop, even my phone if need be.

      • legion@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Using a backend service provides things like synchronization, which is useful to me. Previously, I was using Feedly as that backend, but FreshRSS let me self-host that functionality and was pretty trivial to setup and start using.

  • pandarisu@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Raspberry Pi 4B

    • OS: Raspberry Pi OS Lite 64 bit
    • Pi Hole (Ad block)
    • NextCloud (File access)
    • Home Assistant (Automation)
    • Paperless NGX (Document management)
    • Apache/Php/MariaDB (Web server)
    • Jellyfin (Media streaming)
    • Plex (will be removed once happy with Jellyfin)
    • Sonarr (Show locator)
    • Radarr (Film locator)
    • Bazarr (Subtitle)
    • Deluge (Torrent client)
  • Shertson@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    This assortment is run under a combination of Proxmox LXC containers, docker containers, and Yunohost. Mostly I use it to play around, but most are heavily used by my wife and I. I’m planning to rebuild everything and making things more “official”. Looking to convert from a “lab” to actually making it “production” with solid failure routes and backups. I am looking to move anything currently under Yunohost to docker/lxc and to start making use of podman. Recently saw CosmOS and think it might be a good alternative to portainer.

    Hardware:

    • Node 1: Lenovo m93p tiny with 16GB RAM and 250GB SSD - Proxmox
    • Node 2: Lenovo m93p tiny with 16GB RAM and 250GB SSD - Proxmox
    • Node 3: Gigabyte Brix with 16GB RAM and 500GB Sata SSD, 128GB m.2 SSD - Proxmox
    • Node 4: Trigkey Green G3 with 16GB RAM and 1TB Sata SSD - Proxmox
    • TPLink managed switch
    • TerraMaster 2-bay NAS with 2x 2TB HD (NFS host for containers)
    • Synology ds220j NAS with 2x 8TB HD (backup of home desktops, laptops, cell phones, and lab systems)
  • !ozoned@lemmy.world@beehaw.org
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago
    • Jellyfin - Media streaming type app - basically use it for movies/shows and pictures.
    • Joplin - Note taking app
    • Syncthing - Sync for phones to PC for backing up pictures
    • Miniflux - RSS reader
    • Minetest - FOSS Minecraft voxel engine
    • Veloren - FOSS Cubeworld game written in Rust
    • GoToSocial - Microblogging server - aka Twitter/Mastodon
    • Semaphore - Frontend for GoToSocial
    • SearXNG - Search engine
    • Conduit - Matrix server - chat
    • Libremdb - IMBD frontend
    • Invidious - Youtube frontend
    • Nitter - Twitter frontend
    • Libreddit - Reddit frontend
    • Rimgo - Imgur frontend
    • Proxitok - TikTok frontend

    Failed to get working:

    • Mobilizon - FB groups type alternative
    • Peertube - YT alternative on the Fediverse
    • Lemmy - Tried for a day and just couldn’t get it working. Found out there are issues with Rocky Linux and Lemmy that broke about two months ago but no further work was done it. I’ll try again someday.