Not just UNIX-like, but actual UNIX.

IIRC there were some UNIX-certified Linux distros out there too, not sure if they’re still around.

Only one of them is UNIX.

Cool, I recommend it!

I have my public facing reverse proxy point to my public services, and I also have it set up as a “roadwarrior” VPN to my home. So, I can connect my phone via WireGuard to my VPS, and a local DNS resolves my private services to the private IP addresses in my home network (so, I also run a reverse proxy on my server, for internal services).

I also have an off-site backup using this — just a raspberry pi and an HDD at family’s, that rsyncs+snapshots over the WireGuard network.

I’m sure I’m not following all the best practices here, but so far so good.

VPS with a public ip (which just takes all the fun out of selfhosting)

Why do you say this? My VPS only runs a reverse proxy and WireGuard, with all services hosted on my computers at home.

Remember that RAID and redundancy is not backup.

Try to 3-2-1, or something similar/better, if you can.

I am fairly sloppy here, and I am also very cheap. I have multiple copies in my home for important stuff (mainly Immich), the in use copy being on SSD and a few backups on spinning rust. I have a raspberry pi with an external HDD at family’s place, with a daily rsync+snapshot, for off site backups.

Of course, I’ve never had a catastrophic failure, so who knows how smooth that would be…

I switched to Technitium and I’ve been pretty happy. Seems very robust, and as a bonus was easy to use it to stop DNS leaks (each upstream has a static route through a different Mullvad VPN, and since they’re queried in parallel, a VPN connection can go down without losing any DNS…maybe this is how pihole would have handled it too though).

And of course, wildcards supported no problem.

Maybe take a look at Outline. (Not affiliated, but I host it for myself.)

I also host KitchenOwl, but mostly just as a grocery list.

I’ve been pleased with it. Family is very relaxed about projects like this, but yeah it’s low power draw. I don’t think I have anything special set up but the right thing to do for power would be to spin down drive when not in use, as power is dominated by the spinning rust.

Uptime is great. Only hiccups are that it can choke when compiling the ZFS kernel modules, triggered on kernel updates. It’s an rpi 3/1GB RAM (I keep failing at forcing dkms to use only 1 thread, which would probably fix these hiccups 🤷).

That said, it is managed by me, so sometimes errors go unnoticed. I had recent issues where I missed a week of rsync because I switched from pihole to technitium on my home server and forgot to point the remote rpi there. This would all have been fixed with proper cron email setup…I’m clearly not a professional :)

Not the same, but for my Immich backup I have a raspberry pi and an HDD with family (remote).

Backup is rsync, and a simple script to make ZFS snapshots (retaining X daily, Y weekly). Connected via “raw” WireGuard.

Setup works well, although it’s never been needed.

If Gentoo can be both Chad and Schizo, Slack should definitely be in the Chad category too.

I mean, it’s Torvalds’ distro of choice iirc, which should count for something.

Yeah, good point. The “app setup” is built into android and iOS as far as I can tell (generating matter credentials, etc.). Better than 3rd party IMHO but not ideal, and a nonstarter for a lot of folks. Hopefully HA will come out with their own onboarding process at some point.

Fair enough; I have a dedicated SSID which is VLAN’d off from the rest of my network with no Internet access. Only my HA server can talk to those devices.

+1 for ThirdReality. They’re a little pricey but I’ve generally had good luck with them.

I’ve also had pretty good luck with cheap Matter-over-wifi bulbs. Pairing them can be a little finicky and needs to go through an Android or iOS process, but after pairing you can block Internet access for them and they work great local-only.

There’s a bug in some wifi matter bulbs where they crash, especially when going from off to a desired brightness/color state (as in, “light on” works but “light to 50%, 3000K” will crash the bulb).

I don’t think you understand what local control of smart devices means…

Chuck Yeager’s Air Combat would ask for various airplane specs (“what is the service ceiling of an F-4E?,” “what is the ferry range of a MiG-15?”), and you had to flip through a booklet to find the answer.

You could copy the book, but it was fairly long so I guess the friction kept you in check.

VNC? You have your choice of servers, and clients are ubiquitous.

A big gotcha is that you need to be careful with encryption/security, as in classic UNIX style VNC does one thing (remote desktops). It’s easy to forward over ssh though.

You can also use VNC to share, which is not what you want; this depends on the type of server/settings. But you can definitely create a new virtual X11 session and access it remotely.

Yeah, one of the issues I was having with running VPN on router is that you need a somewhat beefy router if you want to use your full bandwidth—my router maxes out at about 90Mbps with WireGuard, even though it can NAT around 1Gbps (which is our service).

I implemented two workarounds, one was to use my access point as a VPN router since it had a beefier CPU, and the other was to just use an ARM SBC with Linux to handle that task. (I ended up with the latter, as the former ended up maxing out at around 400Mbps, and introduced some additional headaches.)

I also have an SSID that doesn’t get VPN’d, though my DNS is always VPN’d.

As for accessing JellyFin, etc., I think we have somewhat different setups. My self hosted services are by default accessible without a VPN (SSID is on a VLAN with e.g. 192.168.0.0/24, servers are on 192.168.1.0/24, router routes between them). For the blanket VPN’d SSID I have a routing rule that routes over the main, not VPN, table, so local services can be accessed.

So: local traffic has a rule to route without VPN, reddit routes with a specific VPN, and general traffic routes with a different VPN.

There are lots of VLANs involved in my setup, and I’m sure it’s overly complicated and has gaping security issues, but it’s just a home network and it’s kinda fun :(

I have this set up on my router. My wifi is blanket tunneled through a VPN. For annoying sites that restrict access like reddit, my router routes through a specific VPN server that doesn’t (yet) get blocked (I don’t post/comment/browse, but occasionally find a post that answers a question). That way it works on my whole home network, regardless of device.

Same could be done for YouTube presumably, but maybe a little more complicated (reddit seems to work with a single /32 address).

Plus, it’s fun to set up—MikroTik router, Mullvad, and an ARM SBC doing the VPN duties for me, but myriad ways to get it working for other configurations.