What’s up, what’s down and what are you not sure about?
Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.
You must log in or register to comment.
Finally switched from plex to jellyfin, seems to be ok so far. Needed to make some small scripts for metadata management but it’s running smoothly. Finally decided I’m hosting enough software with user accounts that I’ve made an authentik instance for SSO with each (ofc jellyfin first)
Hey, we’re also thinking about setting up authentik. Could you answer the following, where I haven’t found answers to yet: does introducing SSO impede logging into Jellyfin on a TV / phone app at all?
no, works fine. there’s an LDAP plugin for jellyfin so you can use the jellyfin internal login page and the server will verify the login against authentik. took some setting up though.
Alright, thank you!
Ann reason you choose authenik? There are a nmber of options and I’m not sure why to choose one over the other.
I’m not the person you’re replying to, but Authentik:
- Has a UI for configuring it, including adding users.
- Supports LDAP if you need it. Authelia needs a separate LDAP server.
- Supports practically every two factor auth protocol you’d need: OIDC (OpenID Connect), OAuth2, SCIM, SAML, RADIUS, LDAP, and proxying for apps that don’t support any of them (which is getting rarer).
- Supports permissions and permission groups, i.e. only allow certain users to access particular apps.
- Can be used as the source of truth for Google Workspace and Microsoft Entra. Maybe not as relevant for home use.
I haven’t tried Keycloak but I hear it’s pretty good, albeit a heavier app to deploy.
I have tried Authelia, and it’s much less powerful than Authentik. Authelia requires you to manually modify config files rather than using a web UI. It also only supports OIDC (which is in beta) and proxying. Proxying is not recommended and has several issues since it’s not “true” single sign-on.
I’m considering Keycloak myself because it’s trusted by security professionals (I think it’s a RedHat project), whereas Authentik is basically a passion project.
Was using realvnc to vnc from remote, it was easy and cloud driven.
Fully swapped to tailscale and normal VNC sever now.
Performance is good and works great for the troubleshooting and small GUI stuff I need to do.
Recently been working on setting up forgejo to migrate away from GitHub. My open source stuff I’ve actually put onto codeberg and I’ve set up a handful of pull mirrors on my local instance for redundancy. This weekend I’ve been testing out woodpecker-ci for automating pushing files to s3 for some static websites for repos on codeberg as well as my forgejo instance. Today will tell if that is successful!
I’m moving to Podman quadlets for self hosting infrastructure and Kubernetes for the actual services.
Nextcloud will be moved to Nextcloud AIO
Finished my migration from Plex to Jellyfin
I’ve just set up Wireguard, so I can access my home network from everywhere, but the old laptop that I wanted to use as a server has just quit. So now I have to find a different machine
Last week got my new epyc server with GPU running ollama and all the trimmings.
This week linked my 2 home bases with wire guard, all the subnets mesh and the wifi isolation is solid. Performance is surprisingly good considering they’re 9 time zones apart on different hemispheres.
Migrating plex to jellyfin to get hw accel working.
Also trying to get my second base multiple statics and 10gb if possible, rural fiber in Europe is unbelievably aweome, hope to drop Comcast business back home if it works.
Got someone to work with on a new company, so that’s part of this, though my day job relies on this too.
I’ve been learning bash and working on scripts to automate stuff in my homelab. It’s been a lot of fun. I’m currently working on a script that will rename the movies and TV shows I rip from my DVD collection.
The script queries the tmdb api, presents me with a mwnu of matches if there’s multiple matches, renames the media files according to jellyfin spec, and then places them in the proper folders to be indexed by Jellyfin and Kodi.
I’ve setup Nextcloud on Hetzner, and have ordered a mini PC to run Immich and experiment with.
Still trying to decide on a good cheap email host that I can also move my family on to eventually.
I recently moved from Gmail to mailbox.org with my own domain. Works as it should so far. And for 2.5€ per month I can’t complain about the price either.
And switching email addresses has actually been less painful than I expected. Most services let you change the associated Mail easily.
I’ve been fending off AI bots the last week or so; wrote about it here:
https://gerowen.substack.com/p/the-ai-data-scraping-is-getting-out
I’m switching my immich instance to an SSD one and switching my VPN from zerotier to tailscale.
Hopefully that means my Immich will be a little more reactive.
I added a cheap PCI 4 slot NVMe expansion card and a couple of SSDs for a new pool and then migrated all the database-heavy stuff over to it. Required some use of local ZFS send/receive which I didn’t know was possible, but it has gone smooth so far. Very happy with it! It no longer sounds like my HDD pool is trying to escape from hell and some of the services are much snappier, especially Bitmagnet. I’d highly recommend it as an upgrade for anyone still running purely HDDs. I thought I could get away with it but ZFS speeds are no faster than single drives and the amount of stuff I had was hammering it non-stop.
I also bought my own domain finally to escape the free-tier dynamic DNS woes and I can finally feel good about sharing links with other people. I slapped a file share container with disabled registrations on a sub domain. I put it all behind free tier Cloudflare to hide my server’s IP, it took a little bit of learning what the different records are but so far much easier than I thought. Although I have yet to do the hardest part of setting up dynamic IP for my DNS records. I see a bunch of scripts floating around, but none seem that easy or well-maintained…
Oh, and the PI I’ve had running Pi-Hole v5 for god knows how long with no maintenance couldn’t run Tailscale, so I wiped the entire thing to start fresh and got it up and running with Pi-Hole v6, Tailscale, and Unbound. I like having these separated from my other services as they are more critical to have at all times and I have had 100% uptime with my Pi so far. Although I chose Dietpi for my OS on a whim because it looked interesting and am not sold on it. I like that it has easy software installs with sane defaults so I probably saved time overall, but the amount of time I spent debugging the weird choices Dietpi made for basic shit like networking options really threw me off.
Debatting with myself and to a lesser degree what to do in terms of our homeserver situation. While the proxmox node has more than enough CPU and RAM capacity left, the NAS, an older Synology, is full to the brim, EOL and needs replacement.And sadly being a mini PC the proxmox node is unable to get the HDs connected.
So something new is needed and I would rather have my setup streamlined and combine the two.
But that is… More difficult than anticipated. I really would like something power saving with ECC ram that can take at least two PCI-e (SFP+ and a potential graphic card for AI later on). That can take 4,better 6 HDs. And at least one,better two NVMe. …that basically means self building which I am happy with, but all current builds I calculate come out somewhere south of 2000€ (including two new HDs, as two old ones need to go). And that’s sadly out of the financial possibility at the moment.
If only the fucking Ugreen (DXP6800)would support ECC. While not ideal in terms of PCI-e it would be enough to do the trick.
I use a little mini PC with a DAS connected via USB. So you don’t need to go full server to expand the storage.
A catalog for organizing various Roms you have. It can pull metadata from a number of courses and properly add all the details, cover art, and platform information to each game. It’s smart enough to auto-generate collections based on game series, and embed YouTube videos for gameplay of each one without even any configuration.
The best part? It has Ruffle and EmulatorJS built in so you can play any games supported by EmulatorJS in your browser. I tested games up to N64 and they all ran smooth as butter right in the browser with gamepad configurations built in. They even support local multiplayer.
Shoutout to @Estebiu for helping me appreciate the joy of docker compose. I got to set up Navidrome and it’s been great!
With that said, I have a security-related question: at what point in self-hosting am I exposed to the outside internet that warrants things like reverse proxies and other security measures? I’m currently typing router IPs (e.g. 192.168.x.x) to access the services, so is my machine exposed if the only people intending to connect are local on our wireless network?
There’s nothing wrong with making a reverse proxy only for use inside your homelab. It’s one way to resolve internal DNS queries and give addresses to your services. It’s perhaps the best, because it’s the only way I know that doesn’t necessitate remembering port numbers.
E.g. You are hosting something at 192.168.1.20 on port 3310. Even if you set a local DNS record for pihole.itjust.donn to resolve to 192.168.1.20, you’ll still have to type pihole.itjust.donn:3310 to access it. The same isn’t true with a reverse proxy.
This is good to know because I’m learning about nginx currently, so I’m glad it has practical use without opening up my network 🤘
