Cool, I recommend it!

I have my public facing reverse proxy point to my public services, and I also have it set up as a “roadwarrior” VPN to my home. So, I can connect my phone via WireGuard to my VPS, and a local DNS resolves my private services to the private IP addresses in my home network (so, I also run a reverse proxy on my server, for internal services).

I also have an off-site backup using this — just a raspberry pi and an HDD at family’s, that rsyncs+snapshots over the WireGuard network.

I’m sure I’m not following all the best practices here, but so far so good.

VPS with a public ip (which just takes all the fun out of selfhosting)

Why do you say this? My VPS only runs a reverse proxy and WireGuard, with all services hosted on my computers at home.

Having kids has made random conversations somewhat frequent for me.

Remember that RAID and redundancy is not backup.

Try to 3-2-1, or something similar/better, if you can.

I am fairly sloppy here, and I am also very cheap. I have multiple copies in my home for important stuff (mainly Immich), the in use copy being on SSD and a few backups on spinning rust. I have a raspberry pi with an external HDD at family’s place, with a daily rsync+snapshot, for off site backups.

Of course, I’ve never had a catastrophic failure, so who knows how smooth that would be…

I switched to Technitium and I’ve been pretty happy. Seems very robust, and as a bonus was easy to use it to stop DNS leaks (each upstream has a static route through a different Mullvad VPN, and since they’re queried in parallel, a VPN connection can go down without losing any DNS…maybe this is how pihole would have handled it too though).

And of course, wildcards supported no problem.

Maybe take a look at Outline. (Not affiliated, but I host it for myself.)

I also host KitchenOwl, but mostly just as a grocery list.

I’m really really glad that I get root on my work computer.

“…I really don’t want to have to wipe the thing because it’s running a headless OS”

I feel like logging in as root on a headless system and hoping you type the command(s) to restore functionality is a rite of passage.

I’ve been pleased with it. Family is very relaxed about projects like this, but yeah it’s low power draw. I don’t think I have anything special set up but the right thing to do for power would be to spin down drive when not in use, as power is dominated by the spinning rust.

Uptime is great. Only hiccups are that it can choke when compiling the ZFS kernel modules, triggered on kernel updates. It’s an rpi 3/1GB RAM (I keep failing at forcing dkms to use only 1 thread, which would probably fix these hiccups 🤷).

That said, it is managed by me, so sometimes errors go unnoticed. I had recent issues where I missed a week of rsync because I switched from pihole to technitium on my home server and forgot to point the remote rpi there. This would all have been fixed with proper cron email setup…I’m clearly not a professional :)

Not the same, but for my Immich backup I have a raspberry pi and an HDD with family (remote).

Backup is rsync, and a simple script to make ZFS snapshots (retaining X daily, Y weekly). Connected via “raw” WireGuard.

Setup works well, although it’s never been needed.

But I thought they smelled bad on the outside?

Obviously you should use an exponential search, assuming you don’t know the age of the oldest human.

Torvalds uses it too I believe, so you’re in good company (Debian for me, though my heart belongs to Slackware).

Except it would probably end up being a sequel and prequel at the same time…

deleted by creator

13, without the pillow, is kinda how babies/toddlers sometimes sleep (once they can roll over).

Per the Linux kernel coding style:

Tabs are 8 characters, and thus indentations are also 8 characters. There are heretic movements that try to make indentations 4 (or even 2!) characters deep, and that is akin to trying to define the value of PI to be 3.

Maybe not a service in the typical sense, but setting up your router+server to route your home network traffic through a VPN is a fun project.

My router (MikroTik) supports WireGuard, so I can use it with Mullvad for the whole house—but wg is demanding and it’s a slow router, so while it can NAT at ~1Gbps, it can’t do WireGuard at more than ~90Mbps. So, I set up WireGuard/Mullvad on a little SBC with a fast processor, and have my router use that instead. Using policy based routing and/or mangling, I can have different VLANs/subnets/individual hosts selectively routed through the VPN.

It’s a fun exercise, not sure I implemented it in a smart way, but it works :)

I know right? What a poser!

/s

Americans had “unity” after 9/11

Uh, no we didn’t. Source: am American, lived through that period.

Yes we had a brief period of unity (and solidarity with NYC) following 9/11, but as soon as the American War Machine woke up, my country was intensely divided.