this post was submitted on 30 Jul 2024
157 points (92.0% liked)

Selfhosted

40041 readers
636 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I saw this post today on Reddit and was curious to see if views are similar here as they are there.

  1. What are the best benefits of self-hosting?
  2. What do you wish you would have known as a beginner starting out?
  3. What resources do you know of to help a non-computer-scientist/engineer get started in self-hosting?
you are viewing a single comment's thread
view the rest of the comments
[–] traches@sh.itjust.works 53 points 3 months ago (2 children)
  • you do not need kubernetes
  • you do not need anything to be „high availability”, that just adds a ton of complexity for no benefit. Nobody will die or go broke if your homelab is down for a few days.
  • tailscale is awesome
  • docker-compose is awesome
  • irreplaceable data gets one offsite backup, one local backup, and ideally one normally offline backup (in case you get ransomwared)
  • yubikeys are cool and surprisingly easy to use
  • don’t offer your services to other people until you are sure you can support it, your backups are squared away, and you are happy with how things are set up.
[–] EncryptKeeper@lemmy.world 19 points 3 months ago* (last edited 3 months ago) (4 children)

To piggy back on your “You don’t need k8s or high availability”,

If you want to optimize your setup in a way that’s actually beneficial on the small, self hosted scale, then what you should aim for is reproducibility. Docker compose, Ansible, NixOS, whatever your pleasure. The ability to quickly take your entire environment from one box and move it to another, either because you’re switching cloud providers or got a nicer hardware box from a garage sale.

When Linode was acquired by Akamai and subsequently renamed, I moved all my cloud containers to Vultr by rsyncing the folder structure to the new VM over SSH, then running the compose file on the new server. The entire migration short of changing DNS records took like 5 minutes of hands-on time.

[–] dallen@programming.dev 3 points 3 months ago (1 children)

Ansible is so simple yet so elegant.

[–] UnityDevice@startrek.website 2 points 3 months ago

I've been in love with the concept of ansible since I discovered it almost a decade ago, but I still hate how verbose it is, and how cumbersome the yaml based DSL is. You can have a role that basically does the job of 3 lines of bash and it'll need 3 yaml files in 4 directories.

About 3 years ago I wrote a big ansible playbook that would fully configure my home server, desktop and laptop from a minimal arch install. Then I used said playbook for my laptop and server.

I just got a new laptop and went to look at the playbook but realised it probably needs to be updated in a few places. I got feelings of dread thinking about reading all that yaml and updating it.

So instead I'm just gonna rewrite everything in simple python with a few helper functions. The few roles I rewrote are already so much cleaner and shorter. Should be way faster and more user friendly and maintainable.

I'll keep ansible for actual deployments.

[–] xinayder@infosec.pub 2 points 3 months ago* (last edited 3 months ago)

I have a k3s cluster for fun and I can admit that k8s is way too complicated.

I don't want to dig hours through documentation to find what I'm looking for. The docs sometimes feel like they were written for software devs and you should figure part of the solution yourself.

I have a ExternalName service that keeps fucking up my cluster everytime it restarts, bringing down my ingresses, because for some reason it doesn't work and I have no idea where to look at to figure out why it doesn't work - I just end up killing the service and reapplying the yaml file and it works.

I had to diagnose why my SSL certificates would get stuck in "issuing" in cert-manager, had to dig through 4 or 5 different resources until I got to an actual, descriptive error message telling me that I configured my ClusterIssuer wrongly.

I wanted a k3s cluster to learn but every time I have issues with it I realize it's a terrible idea.

I wish I had podman + compose but it does seem like a docker-compose is more complicated. Also, I wish I could do ansible but I have no idea where to start (nor how it works).

EDIT: oh yeah I also lost IPv6 support because k3s by default doesn't enable v6 and I was planning on using Hetzner CCM to have a 2 node cluster until I realized Hetzner Networks don't support v6.

[–] vividspecter@lemm.ee 1 points 3 months ago

I had a similar experience with NixOS-anywhere and a VPS issue. Reset the OS, setup SSH key access and ran NixOS-anywhere and within like 15 minutes was back up and running.

[–] mesamunefire@lemmy.world 1 points 3 months ago (1 children)

I just moved everything from vultr to self host because of their latest changes.

[–] EncryptKeeper@lemmy.world 0 points 3 months ago* (last edited 3 months ago) (2 children)

EDIT: As I suspected, the changes that u/mesamunefire is referencing are the ones that taken out of context awhile back and incorrectly assumed to apply to user VPS’ and the data on them, which is not the case. Those terms only apply to information posted publicly to their website, like the community forums.

What changes would those be

[–] sugar_in_your_tea@sh.itjust.works 4 points 3 months ago* (last edited 3 months ago) (1 children)

Can't speak for OP, but I bailed on Vultr because of how they handled the arbitration agreement change. Basically, I couldn't access my containers without accepting the new TOS, so I "hacked" the website with Inspect Element so I could access support to close my account. For me, the arbitration change wasn't the issue (my current host has similar policies), but being forced to accept a new TOS to use my account. I had no option do disagree or "remind me later," I literally only had an "accept" button. I refuse to use any service that treats me like that.

I'm now with Hetzner, so we'll see if they pull that nonsense. I only use the VPS to get around my ISP's CGNAT (WireGuard VPN w/ HAProxy at the edge to route domains), so if they pull the same nonsense, I'll copy my config to another VPS.

[–] mesamunefire@lemmy.world 1 points 3 months ago (1 children)
[–] sugar_in_your_tea@sh.itjust.works 2 points 3 months ago (1 children)

Seems to work fine and meets my needs. I'm in the US though, and options are pretty limited. So far the only snag I've had was having to upload my ID, I guess their signup process is a little strict.

[–] mesamunefire@lemmy.world 1 points 3 months ago

Nice. I'm all about new providers

[–] mesamunefire@lemmy.world 1 points 3 months ago* (last edited 3 months ago) (2 children)

https://old.reddit.com/r/webdev/comments/1boz5ne/vultr_new_tos_claims_all_commercial_rights_to/ " You hereby grant to Vultr a non-exclusive, perpetual, irrevocable, royalty-free, fully paid-up, worldwide license (including the right to sublicense through multiple tiers) to use, reproduce, process, adapt, publicly perform, publicly display, modify, prepare derivative works, publish, transmit and distribute each of your User Content, or any portion thereof, in any form, medium or distribution method now known or hereafter existing, known or developed, and otherwise use and commercialize the User Content in any way that Vultr deems appropriate, without any further consent, notice and/or compensation to you or to any third parties, for purposes of providing the Services to you."

And you could not opt out. You had to click agree in order to login. That's the biggest one.

It was later removed after the fact but there were other changes that sucked.

[–] EncryptKeeper@lemmy.world 1 points 3 months ago* (last edited 3 months ago) (1 children)

That only applies to posts on their forums. Not the content on your VPS

[–] mesamunefire@lemmy.world 0 points 3 months ago (1 children)
[–] EncryptKeeper@lemmy.world 1 points 3 months ago* (last edited 3 months ago) (1 children)

Incorrect. It applies only to the forums. It does not apply in any way, shape, or form to your VPS or the content on it. It’s one thing to be mistaken, but let’s not spread misinformation on purpose.

A Reddit post incorrectly took portions of our Terms of Service out of context, which only pertain to content provided to Vultr on our public mediums (community-related content on public forums, as an example) for purposes of rendering the needed services – e.g., publishing comments, posts, or ratings. This is separate from a user’s own, private content that is deployed on Vultr services.

Since our inception, Vultr has been committed to upholding and adhering to the strictest data privacy and protection standards across the world (including HIPAA, GDPR, and DPDPA). Our customers own 100% of their content.

[–] mesamunefire@lemmy.world 0 points 3 months ago (1 children)

It appears after the controversy they removed the parts https://arstechnica.com/tech-policy/2024/03/after-overreaching-tos-angers-users-cloud-provider-vultr-backs-off/

But when I read the tos, it was pretty clear it was not limited.

You also had to agree without an opt out which was scammy. There are better providers out there.

[–] EncryptKeeper@lemmy.world 0 points 3 months ago* (last edited 3 months ago) (1 children)

I don’t think you read the TOS. I think you read the out of context snippet and assumed that it applied to your VPS. They removed that bit because it was confusing, not because it was not limited.

Being forced to agree to a TOS change without an opt out is scummy, but that’s not limited to Vultr. Companies are not out there with multiple versions of TOS based on what people agree to or not. At that point you’re better off not using a VPS.

[–] mesamunefire@lemmy.world 0 points 3 months ago

Welp I'm an anonymous person on the Internet so you can believe what you want. I could say that my job is literally mass deploying servers (devops) but if you don't believe me that I said that I read it then I'm not sure what we can agree on.

Let's just stop while we are both ahead. It's a Thursday, good day for coffee yeah? Hope you have a good day.

[–] mesamunefire@lemmy.world 1 points 3 months ago* (last edited 3 months ago)

I had customer data as well as some personal stuff on a couple of servers. It was low hanging fruit so I just started self hosting. It's silly how much rights they suddenly wanted. Not worth the hassle, they just provide basic boxes to begin with.

They also would not let you login without accepting those new rights now were you able to opt out. So I just threw my infa on some local systems, deleted everything and then had to say yes to their TOS. Again silly and great way to lose business.

[–] Findmysec@infosec.pub 3 points 3 months ago (2 children)

Not needing Kubernetes is a broad statement. It allows for better management of storage and literally gives you a configurable reverse-proxy configured with YAML if you know what you're doing.

[–] Nomecks@lemmy.ca 9 points 3 months ago (1 children)

Yes, but you don't need Kubernetes from the start.

[–] Findmysec@infosec.pub 2 points 3 months ago (1 children)

Well I guess podman works fine for the first few months. Interestingly I still use build-ah heavily for building my custom images

[–] Nomecks@lemmy.ca 1 points 3 months ago (1 children)

I find a lot of stuff is using docker compose, which works with Podman, but using straight docker is easier, especially if it's nothing web-facing

[–] Findmysec@infosec.pub 2 points 3 months ago

Funnily enough Docker compose has never worked for me on Podman. There always seems to be something that is incompatible (also due to me running on Debian). However, I feel like it should become a standard amongst homelabbers and professionals to use Kubernetes manifests going forward, since it is the most portable.

[–] keyez@lemmy.world 2 points 3 months ago (1 children)

Heavy disagree on the storage statement from what I've used and seen but it works for lots of people so not going to detract. NFS is always a pain but longhorn seems to have advantages

[–] Findmysec@infosec.pub 2 points 3 months ago

NFS is a pain, no question about it. I used to use longhorn but these days since I'm doing a single node k3s I'm just doing hostpath. It's that PVCs make intuitive sense to me, but I guess podman will likely work just fine for such cases other than canary deployments and OOTB service-meshes