vegetaaaaaaa

@vegetaaaaaaa@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

gitlab.com/nodiscc/ · github.com/nodiscc/

⁨Comment⁩ on ⁨Any nice playbook or tutorial to host a static website from home?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Sometimes you need to understand the basics first. The points I listed are sysadmin 101. If you don’t understand these very basic concepts, there is no chance you will be able to keep any kind of server running, understand how it works, debug certificate problems and so on. Once you’re comfortable with that? Sure, use something “simpler” (a.k.a. another abstraction layer), Caddy is nice. The same point was made in the past about Apache (“just use nginx, it’s simpler”). Meanwhile I still use apache, but if needed I’m able to configure any kind of web server because i taught me the fundamentals.

At some point we have to refuse the temptation to go the “easy” way when working with complex systems - IT and networking are complex. Just try the hard way first, read the docs, and if it’s too complex/overwhelming/time-consuming, only then go for a more “noob-friendly” solution (I mean we’re on c/selfhosted, why not just buy a commercial NAS or use a hosted service instead? It’s easier). I use firewalld but I learned the basics of iptables a while ago. I don’t build apache from source when I need to upgrade, but I would know how to get 75% there - the docs would teach me the rest.
⁨Comment⁩ on ⁨Any nice playbook or tutorial to host a static website from home?⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
By default nginx will serve the contents of /var/www/html (a.k.a documentroot) directory regardless of what domain is used to access it. So you could put your index.html and all other files directly under that directory, and access your sever at https://ip_address and have your static site served like that.

Step 2 is to automate the process of rebuilding your site and placing the files under the correct directory with the correct ownership and permissions. A basic shell script will do it.

Step 3 is to point your domain (DNS record) at your server’s public IP address and forwarding public port 80 to your server’s port 80. From there you will be able to access the site from the internet at mydomain.org

Step 3 is to configure nginx for proper virtualhost handling (that is, direct requests made for mydomain.org to your site under the /var/www/html/ directory, and all other requests like http://public_ip to a default, blank virtualhost. You may as well use and empty /var/www/html for the default site and move your static site to a dedicated directory.) This is not a requirement but will help in case you need to host multiple sites, and is a requirement for the following step.

Step 4 is to setup SSL/TLS certificates to serve your site at https://my_domain (HTTPS). Nowadays this is mostly done using an automatic certificate generation service such as Let’s Encrypt or any other ACME provider. certbot is the most well-known tool to do this (but not necessarily the simplest).

Step 5 is what you should have done at step 1: harden your server, setup a firewall, fail2ban, SSH keys and anything you can find to make it harder for an attacker to gain write access to your server, or read access to places they shouldn’t be able to read.

Step 6 is to destroy everything and do it again from scratch. You’ve documented or scripted all the steps, right?

As for the question “how do I actually implement all this? Which config files and what do I put in them?”, the answer is the same old one: RTFM. Yes, even the boring nginx docs, manpages and 1990’s Linux stuff. Reading guides can still be a good start for a quick and dirty setup, and will at least show you what can be done. After a few months of practice you will be able to do all that in less than 10 minutes.
⁨Comment⁩ on ⁨Landing page for all my services⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I wrote my own, using plain HTML/CSS. Actually the final .html file gets templated by ansible depending on what’s installed on the server, but you can easily pick just the parts you need from the j2 template
⁨Comment⁩ on ⁨What are some self hosted services that you think are essential?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Please not these posts again This thread is pinned for a reason: lemmy.world/post/60585
⁨Comment⁩ on ⁨Podman or rootless docker?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Podman
- rootless by default
- daemonless
- integration with systemd, made even easier by podman-generate-systemd
- no third-party APT repository required, follows the same lifecycle as my LTS (Debian) distro
- podman and docker command-line are 100% compatible for my use cases
⁨Comment⁩ on ⁨Static site generator for an idiot who doesn't want to learn a new templating language just to have a blog?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
www.sphinx-doc.org + pradyunsg.me/furo/ theme + myst-parser.readthedocs.io markdown parser + sphinx-design.readthedocs.io extensions.

Just drop all your markdown files in a directory and run sphinx-build. Highly customizable but also works out of the box
⁨Comment⁩ on ⁨Excluding shorts from Youtube RSS feeds in FreshRSS, regardless of #shorts in the title⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:

You just have to find the channel_id buried in the page source

I use this Firefox addon for that: addons.mozilla.org/en-US/…/youtube-rss-finder/ - really useful
⁨Comment⁩ on ⁨Store (and access) old emails⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I wrote this ansible role to setup dovecot IMAP server. Once a year I move all mail from the previous year from various mailboxes to my dovecot server (using thunderbird).
⁨Comment⁩ on ⁨Results comparison 8B parameter LLM x Gemini⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Interesting post, but what does this have to do with selfhosting? This is not /c/llm
⁨Comment⁩ on ⁨Latest Macrium Reflect Version (X) will be a Subscription⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
⁨Comment⁩ on ⁨Self-hostee storage for Gmail⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I wrote this ansible role to setup dovecot IMAP server. Once a year I move all mail from the previous year from various mailboxes to my dovecot server (using thunderbird).
⁨Comment⁩ on ⁨Server Monitoring software recommendations⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
I use the Netdata agent (with cloud features disabled). Easy installation, FOSS, 0 configuration required, tons of metrics.
⁨Comment⁩ on ⁨Tryong to figure out the best way to set up a self hosted matrix server.⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
I wrote my own ansible role to deploy/maintain a matrix server and a few goodies (element/synapse-admin). If you’re not using ansible you should still be able to understand the deployment logic by starting at tasks/main.yml and following includes/tasks from there.
⁨Comment⁩ on ⁨What self-hosted services can help during a crisis or emergency? This is for those affected OR those who want to help⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

host maps

It does require a beefy server (rendering tiles is CPU/RAM-intensive, storing pre-rendered tiles is expensive on storage) It should be doable on limited hardware if only a small area.

I think the better move would be keeping/distributing a local copy of the OsmAnd android APK and a few maps for the app. Because you’ll not be able to provide map access to people from your server if the Internet/local fiber/phone network is down - this way everyone can have their own full copy of the map.

I’m not sure about the method to extract map data from the app storage directory though.
⁨Comment⁩ on ⁨What self-hosted services can help during a crisis or emergency? This is for those affected OR those who want to help⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Just download a copy of a recent wikipedia dump. You can open it in the Kiwix desktop application (work fine even on an old laptop), the android app (though I’ve never tried opening a full 100GB dump with a phone, not sure if it would work well), or install the kiwix-tool package and serve the .zim file with kiwix-serve (wiki.kiwix.org/wiki/Kiwix-serve). You’d also probably want a reverse proxy/usual basic web server/security setup around that.
⁨Comment⁩ on ⁨What self-hosted services can help during a crisis or emergency? This is for those affected OR those who want to help⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Second this, always have a device preloaded with Kiwix and one of the wikipedia dumps. A new vesrion is uploaded every few (~6 months). The full English wikipedia dump with images (low-res versions only though) is only 103GB.
⁨Comment⁩ on ⁨Proxmox on Laptop, Network Setup⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
libvirt/virt-manager is a nice VM management tool.
⁨Comment⁩ on ⁨Experience with IONOS?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Their cheap 1-6€/month VPS offers are actually fine. Not much to say about it, it just works.

awesome-selfhosted.net is hosted on a Ionos VPS.
⁨Comment⁩ on ⁨Homelab Organization⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
- ansible playbook for automated/self-documenting setup
- for one-off bugs or ongoing/long-term problems, open an issue on my gitea instnce and track the investigations and solutions there.
⁨Comment⁩ on ⁨Docker email server to host mail archive⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:

allows my mail clients to connect via IMAP to view and search emails

dovecot will be able to handle this part. This is what I use as a mail archive (once a year, archive all mail from the previous year from various mailboxes to my self-hosted dovecot instance). I wrote this ansible role for it.

downloads new emails via IMAP

As others recommended, imapsync should be able to handle that part.

downloads new emails via IMAP

These tools are simple enough to install and manage (one package, one config file), Docker is not needed. If you really need it to fit into your docker-based setup, build and maintain your own images.
⁨Comment⁩ on ⁨Little tool for quick work stories⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
What’s your existing setup? For such a simple task, check if any of the tools you use currently can be adapted (simple text files on a web server? File sharing like Nextcloud and text files? Pastebin-like? Wiki? …). Otherwise a simple Shaarli instance could do the trick (just post “notes” aka. bookmarks without an URL). I use this theme to make it nicer.
⁨Comment⁩ on ⁨Self hosted employee time clock?⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I would never recommend Odoo anymore, given how painful it is to upgrade from a major version to another. Their answer to it is basically “yeah, some complex migrations need to be done, just send us a copy of your database with highly sensitive company data, pay us to do the migration and we’ll send it back to you”. Yeah, lol, no.
⁨Comment⁩ on ⁨Alternative to RaspiCheck⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
- monitoring: github.com/awesome-foss/awesome-sysadmin?tab=read…
- sending commands: github.com/OliveTin/OliveTin
⁨Comment⁩ on ⁨Mirror all data on NAS A to NAS B⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
- rsync + basic scripting for periodic sync, or
- distributed/replicated filesystems for real-time sync (I would start with Ceph)
⁨Comment⁩ on ⁨Recommendations for cheap hardware upgrade⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
I agree that desktop/ATX tower PCs are the most useful form factor, you can stuff all your old junk hardware in there and offer it a second life without much investment.

However with current electricity prices buying more power efficient hardware can be a better medium-term investment. 1kWh bills at 0.2516€ currently where I’m at (~EU average price), assuming an average power consumption of 50W this gives you (50×24×365)/1000×0.2516=110€/year. At this rate a 200€ investment in hardware would pay for itself in 2-3 years.

Buying a <100€ setup is not worth it for general purpose servers in my opinion, it will either be underpowered or power hungry.

My current solution is to to run all my services in KVM (libvirt) VMs on my beefy desktop computer which is already on most of the time anyway. Best of both worlds.
⁨Comment⁩ on ⁨Proxmox server monitoring⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Netdata can also expose metrics to prometheus which you can then use in Grafana for more advanced dashboards learn.netdata.cloud/docs/…/prometheus
⁨Comment⁩ on ⁨Fediverse Apps on Kubernetes?⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:

I just don’t have that much time to spend on initial implementation and upkeep

Well k8s is a poor choice of platform for you :D
⁨Comment⁩ on ⁨HDD spins but OS doesnt see mountable disk⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
lsblk also show block devices and is prettier than looking directly at /sys/class/block
Routeable Loopback Addressesetherarp.net ↗
Submitted ⁨⁨10⁩ ⁨months⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨6⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Recommendation for outgoing-only SMTP server⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:

github.com/chriswayg/ansible-msmtp-mailer/…/14 While msmtp has features to alter the envelope sender and recipient, it doesn’t alter the “To:” or “From:” message itself. When the Envelope doesn’t match these details, it can be considered spam

Oh I didn’t know that, good to know!

The proposed one-line wrapper looks like a nice solution