So I've gotten to the point where my homelab has moved to a fun way to mess around with tech to starting to replace things like google photos and OneDrive. So as my next project I plan to add resiliency and backup solutions as low-cost/efficiently as I can. I'm thinking that 3 physical machines is a good and safe next step.

I purchased 7 used 4TB SAS drives for my planned storage as I was able to get them for a pretty good deal.

I plan to have a second machine in another state with family that I can setup to run as an off-site backup while the third can run at home or encrypted and put in the cloud (existing OneDrive or b2/S3 glacier) but cloud is obviously a long term cost/subscription.

Ente, a encrypted Google photos replacement, wants three S3 buckets in a production environment, I currently have 1. Until now I've been mirroring photos to Google photos and I have manual exports on my PC/external drives.

So my questions are:

1. What's the most cost effective way to backup proxmox VMs and the trueNAS storage while at the same time being able to move ente from "development" single S3 to the recommended S3 buckets?
2. Hardware is expensive, inefficient and/or loud. What can I get away with that's sub $100 and will be quiet enough to exist in living spaces?
3. Should I add resiliency for networking/DNS/etc on another device or just focus on making these devices just backups?
4. Automation and deployment of additional software. I'm comfortable with docker-compose and see recommendations for kubernetes/Ansible/k3s but I'm not sure if those are worth doing vs just unattended upgrades for security and manual upgrades that I've been doing.
5. Exposing and linking the devices. I have a consumer router w/o layer 3 and ipv6 still scares me with big numbers. So far, I've just exposed wireguard but eventually I need to start exposing ente and other services... For now, and the backups should I create a separate wireguard VPN service as a site-to-site or is there a better option?
6. If I host an S3 bucket at another location, ente needs it to be exposed to the internet as the app communicates directly with the S3 buckets: https://ente.com/help/self-hosting/administration/object-storage?

For hardware: Last I checked arm has some catching up when it comes to proxmox and trueNAS so I'm thinking an old tiny/mini office PC however there's the added complexity of getting SAS drives connected to them and looking decent. If I can source a midsized office PC locally I can probably recreate my existing setup with the off-site backup. I do have a 8GB CM4 thats underutilized since all it's doing is making my ancient printer work wirelessly via cupsd.

My current setup is a single ancient optiplex running proxmox. Within proxmox I have a debian VM running my docker stack and trueNAS with my "large" storage pool

• Dell optiplex 7010
  • Proxmox
    • Debian - docker/portainer - smb mounted TrueNAS
      • Ente Photos w/ S3 object storage via Garage
      • network stack (Adguard, nginx proxy manager, wireguard easy)
      • other services with mounted DB or media stored on trueNAS
    • TrueNAS - 2x4TB HDD via pcie passthrough/HBA card
      • SMB fileshare
      • Garage S3 bucket
    • Windows sever/AD (mostly for learning and managing windows devices)

TL;DR how do I securely/cheaply implement backups and S3 redundancy across multiple locations now that my homelab has important stuff.

Voiden is an offline-first, git-native API tool built on Markdown.

Instead of keeping API requests inside a cloud workspace, Voiden stores them as .void files that can live with your codebase, be versioned in Git, reviewed in PRs, and reused across a team.

We have now released the beta of @voiden/runner, a headless CLI for running those .void files outside the desktop app.

The runner executes the request, prints the result, and exits with a standard exit code that CI systems can use.

Important bits:

• runs on Node.js 18+
• works in terminal, CI/CD, Docker, and cron jobs
• supports REST, WebSocket, gRPC, and GraphQL
• supports JSON and CSV output
• supports request chaining through runtime variables
• works with core Voiden plugins like scripting, assertions, faker, advanced auth, and GraphQL

This is still beta, so APIs and flags may change.

The goal is to make .void files executable API workflows, not just files used inside the desktop app.

Github: https://github.com/VoidenHQ/voiden

Voiden CLI Runner : https://github.com/VoidenHQ/voiden/tree/beta/packages/voiden-runner

Visit Voiden here : https://voiden.md/

cross-posted from: https://lemmy.world/post/47170057

I just stumbled this fork that seems focused on giving Linux hosts a good boost. It promises no-headache Virtual Display support out of the box, and Bazzite seems like the primary target.

Hi all! i finally come around publishing a small side project i am running at my home for the last few years. This past month i have revamped it by rewriting the C++ backend and improving the web UI (single page HTML+CSS+AlpineJS) for a broader public.

LazyNVR is a different take on hosting webcams and centralizing access to them. Instead of working on the cameras feed, which is CPU/GPU heavy and doesn't scale much, it relies on cameras on-board capabilities to detect motion and upload recorded videos to your own server.

If you own IP cameras from brands like Dahua, Reolink and many others, you can leverage their on board motion detection capabilities and off-load your server computational power using LazyNVR.

I have some 15 cameras and tools like Frigate or MotionEye just kill my server CPU, but all my cameras can detect motions and automatically record a video and upload it to my server using different protocols (like FTP, sftp, and such). So LazyNVR was born.

The server is written in C++ and basically detect incoming videos, recode (without re-encoding) them to an MP4 web streammable format, and store them well sorted. It will also keep your incoming folders clean and purge stored videos when they are too old. The server will also fetch and refresh still live images from the cameras.

The client is a WEB GUI, actually a single HTML file with CSS and some AlpineJS, which will show the still live images and the list of all the recorded videos letting you download or view them directly.

I am running over 15 cameras from my RaspPi with basically 0% CPU overhead.

I have published LazyNVR on Codeberg (here https://codeberg.org/LazyNVR/lazynvr-sources) because well, i think it's better than GitHub. And there is also a pretty lazy web site on https://www.lazynvr.it/ (which mostly redirect to Codeberg).

Currently there are docker images for AMD64 and ARM64, but it's pretty easy to compile directly, with the provided instructions in the Codeberg Wiki.

Please, feel free to try it!

Mandatory AI disclaimer: i don't use AI for coding. Zero code (C++ or Javscript) has been written by or with AI support in this project. I have used AI extensively for the CSS stuff that i hate, but reviewed and mostly edited it anyway. I have also used AI for research and to write the dockerfile faster, since i am no docker expert. I have personally written the dockerfile anyway, and personally tested as well. The logo has been created with AI, probably it shows.

So you don't want to port-forward on your home router or have Cloudflare decrypt all your traffic? Check out Towonel.

Most open source Cloudflare Tunnel alternatives involve setting up a VPS, terminating TLS there on a reverse proxy, then setting up a Wireguard tunnel to your server at home.

Towonel is different: it does not decrypt your traffic on the VPS and you can easily share one, so not every self-hoster has to buy and maintain a VPS.

Check it out!

Mastodon link: https://gts.erwanleboucher.dev/@eleboucher/statuses/01KS4YNA2SYMSP0FSKJVNJA155

I don't know a ton about the internals of federated systems, it's been on my todo list for a while but it keeps getting pushed down by other things. But I still like that the fediverse exists and I'd like to pitch in, even if it's only a few bucks of processor time / month.

Are there compute tasks that could be offloaded to a network of volunteers? Monitoring tools that could be run from outside the system? Something else I'm not thinking of?

So, I've been running offsite copies to OVH S3 bucket via PBS running as an VM but I ran into an issue that verification of the backups is so slow that they're practically unusable.

Copies run nightly and I've set the storage to keep last 4 copies in place. Bigger VMs, like my immich-instance with a bit over terabyte of data, take several days to verify and logs show data rates at around 5MB/s or less. So, with the current schedule I'm running it'll mean in practise that backups expire before they're verified.

I could keep the copies longer, but that'd cost more, or run copies less frequently, which risks losing data if hardware fails at unfortunate moment (which it most likely will). Tuning settings are on default and based on what I've read, adding more runners wouldn't really help that much.

PBS VM itself shows very little load on proxmox monitoring and I've got plenty of bandwidth to use, so the verification shouldn't have any bottlenecks on my end at those speeds. Cache usage is at around 60% with ~30GB of total space available.

Does anyone have any ideas on how to speed that up? Or should I just give up and do something totally different? I attempted to run backups to Hetzner storagebox over cifs-mount, but that's pretty much the same or worse with performance.

Just wanted to share my feelings about the arr* stack, will keep it short !

First, thanks to all those beautiful people giving their free time to work on all thoses services ❤️ !

At first I wasn't that impressed and didn't understood all the hype arround all thoses services and only used sonarr to rename my files I had manually imported. It did a great job as a file renamer service, however I was still managing everything manually from hard links to qbittorrent organization creating in the end a total messed up file system with a lot of duplicated hardlinks and files scattered in different directories, renamed differently, etc.....

Also, after the most known french piracy tracker had been hacked and shut down (finally !), a lot of new trackers opened like wildfire and had over 10 trackers to keep an eye on. Searching the web, I came across Prowlarr and seeing how It connects directly to sonarr I got curious.

That's the exact moment when I finally unsterstood what's all the hype about the ARR stack ! My god, what an amazing piece of software stack...

First came jellyfin, sonaar, then prowlarr, radarr, seerr and now I discovered profilarr. It's amazing to see how everything perfectly communicates with each part of the stack and everything is perfeclty automated and god does it work well... I'm impressed and still baffled how something so good is free and open source !!

Im still scratching the surface of this powerfull stack, but does it feel good to just ask seerr and after a few minutes having my media perfectly organized in qbittorrent, filesystem directories, renaming scheme, hardlinks, quality profiles, config synchronization......... 💥🤯

It does have it's own quirks right and there, and can become kinda weird if you do not know what you are doing (thanks Trash guides ❤️❤️) and seeing from all the issues the arr stack seems to hit a wall with the current code implementation. But IDK, i'm not a programmer so I may be wrong here.

And there seems always something new to complement the arr stack !

So that's it :) Just wanted to share my feeling and appreciation with all of you ! Happy self-hosting !!

Plex has announced a massive price increase on the service's Lifetime Plex Pass. On July 1, the lifetime subscription option will go from $249.99 to $749.99, an increase of 200%. The price hike will only apply to new subscribers, with no changes to monthly or annual subscription pricing.

Just came across this, and thought it was a pretty cool tool to self-host. You can use it to monitor price changes, or new events being added, or to check if that out of stock thing is back in stock.

Self-hosted nutrition + wellness tracker. Latest release rolls up two weeks of work.

New features (rc.21 → rc.26):

• Recipe yields — declare "this makes N servings" and per-serving math flows through the diary
• Intermittent fasting tracker — custom presets, history, recurring schedule that auto-starts at a chosen time on chosen days
• Adaptive TDEE — learns your true daily expenditure from a rolling 35-day window of weight + diary instead of a static estimate
• Android biometric sign-in — fingerprint / face unlock in server-connected mode
• Per-serving Open Food Facts import — when a barcode-scanned product has serving data, prefill nutrition per-serving instead of per-100g
• Health Connect → web — Android-synced Health Connect data now reaches the server and renders on the web Wellness page
• Sharing rework — per-category sharing form, source filter on Meals/Recipes, zxcvbn-backed password-strength policy

Bug fixes: cross-pollinated food images on diary entries, duplicate foods on rapid barcode scans, scheduler crash, Mealie Test button.

Repo: https://github.com/TraceApps/nutritrace Release: https://github.com/TraceApps/nutritrace/releases/tag/v1.0.0-rc.26

Single docker compose, SQLite, signed APK on the release page.

In the latest episode of "they will always sell you out" - they sold you out! Who would've thought.

Hoping for a good alternative client to appear, the writing is on the wall. Vaultwarden can't exist without "leeching" off of Bitwarden.

My homelab is essentially my own passion project and only really I access it except for when I spin up the occasional game server for friends.

I'm currently running Proxmox and run a debian LXC container for each docker stack I have, and have OpnSense routing incoming traffic with Haproxy with ssl offloading. My currently running LXCs are: mediawiki, amp game server(2 Minecraft servers), freshrss, and currently playing around with n8n.

I'm looking to collapse my LXC's to just VMs. I'd like to be able to have 3 VMs running in a Docker Swarm together so I can upgrade a VM at a time and just swing my running containers to another docker node and then swing back when the VM is stable again.

I've looked at k0s, k3s, and k8s and it just seems way too much work and overhead for what I'm willing to do. I also want to keep using docker compose and want a decent webgui to manage my containers/nodes/swarm. I'm using DockHand right now, but need to research swarm support.

Anyone have any advice for something like this? Any specific terms, tech, software I should look into?

Also, gonna throw a curveball, but what would the effects be of running 3 different distros as my nodes in my swarm? Like a Debian node, Rocky Linux node and potentially arch node? I'm guessing I shouldn't due to docker engine differences potentially.

I'm just trying to have fun with things, break things, fix them, learn, etc.

Finally managed to get my hands on 2x1TB NVMe's. Budgets are tight these days ... :-) They are Crucial P310 ... hope they are reliable, although I suspect nowhere near Samsung stuff.

I have a little Proxmox installation running a VM on a 256GB NVMe, which as you can imagine is tight. Is there a way of cloning this installing on one of the new NVMes?

Reason why I have 2x new NVMe is that I want to eventually get myself to Proxmox HA, so that the two machines (two little Optiplex 5070, one of which has the 256GB install) provide me with redundancy.

First thing is to clone the 256GB install to the larger NVMe. Would it be an idea to go this way: a) install 1TB new NVMe on spare Optiplex b) install Proxmox on this new machine c) find a way to replicate the whole 256GB install on the second machine (need to read the docs to see if/how this can happen) d) once second machine is up and running as a clone, remove machine with 256GB (current machine) and install the 1TB NVMe. e) do the same above process the other way around.

Do you think this will work or am I going to hit a wall? Is there a simpler way of doing this?

https://kb.synology.com/en-global/DSM/tutorial/Docker_container_cant_access_the_folder_or_file#x_anchor_idcd3f1170a3

Why allow "everyone" to have read write permission to shared folders in order to run container manager? Wouldn't this be insecure?

So here is my dilemma. I have a Truenas server that basically acts as a file server. I also have a little machine running Proxmox. I have an NFS share on the Proxmox machine for saving VM backups so that they are secure. On the Proxmox VM, I want to install docker instances. Some of them require large data repositories so I can't have the data stored on the VM. I'm thinking of creating an "apps" dataset on the Truenas machine, then exporting it via NFS and mounting on the VM. Then I redirect all the Docker volumes on this NFS share. Say I have Docker_App1 on the Proxmox VM, then I would create a folder in the /mnt/Truenas_share/Docker_App1. Do you think this will work? The alternative is to create an individual dataset on the Truenas machine for each Docker_App but this feels overkill and a nightmare to setup and maintain. How are you managing Docker volumes over NFS?

Is there a good android app thats dedicated to reading epubs from your ABS instance? I dislike a lot of things about the native reader in the native app and was wondering if there is something ('Still' seems good but its just for ios)

I usually use ReadEra for reading epubs (which is awesome) but i like the aspect of having my own cloud, not having to download every file manually and syncing my reading status.

Does not need to be free, I am willing to do one-time-payments for a good android reader app that connects to my ABS.

Recently I've installed luci-app-banip on my OpenWrt router and blocked most countries from accessing my services on my network. Not seeing why I would want any of that traffic I also blocked the whole of the ARIN registry, responsible for IP addresses from Canada and the United States.
Edit: Note this is only for inbound traffic. Outbound traffic is allowed no matter the target country.

Fast forward a few weeks and my certbot renewals fail with the following error: Failed to renew certificate enter.domain.here with error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

Confused af I start looking for solutions and as so often only find useless or completely ridiulous solutions (lowering my MTU to 1300, what? WHY?). Finally I find some enlighted figure that says they recently enabled a blocklist for certain countries and that was the issue for them.
Now I make the connection to my use of banIP, re-allow the USA and my cert renewals start working again. Hooray!

However, there are two things bothering me:

1. Why would such a block even interrupt my renewals? I'm using DNS challenges and the ACME servers should only check the DNS entries, not where those entries actually redirect to. The DNS server/root isn't in my home network, so isn't affected by any firewall shenanigans I do here.
2. How can I make an exception for the Let's Encrypt ACME servers while blocking the rest of the ARIN IP space?

I see there's the option for ASN selection and external allowlists:

Does anybody have an idea on how to configure this so that Let's Encrypt continues to work without compromising on my network security?

(Edit: And just for clarity, I do not live in the US or anywhere on the American continent.)

Our family watches TV trough IPTV and via streaming services and it's been fine enough for quite some time. However, now one of our broadcast companies got in a fight about streaming contract with our IPTV provider and we lost a few of the channels. Not that big of a deal for me personally, but apparently there's some shows the rest of the family wants to see. This isn't the first time and likely it won't be the last.

However, all the free channels are available over air as well (and that's one excuse for IPTV operators to exclude offerings, "you can watch it anyway"). We have an antenna, but previous house owners just left the cable loose at the outside wall and brough it trough a hole in window frame. I've removed the cable and patched the hole for it and it'd be pretty difficult to run antenna cable to our TV set cleanly. However, I could pull a new cable nearby to my server stack with reasonable effort.

It's been quite a while since I've played with capture cards and any kind of streaming, so maybe hive mind here has some ideas. TV already has Android TV box connected, so anything that works with it is a bonus, but not a requirement.

So, what software (and hardware) I could use to pull video from DVB-T2 and stream that over local network?