farcaller
@farcaller@fstab.sh
- Comment on Ubiquiti U7 Pro Max WiFi 7 Access Point Teardown: To fan or not to fan 1 day ago:
FWIW that java app isn’t much memory hungry and it’s not cpu-intensive at all. There are no issues with running java apps at all if you spend 5 minutes figuring the basix flags on how to set the memory limits or run it in a memory-limited cgroup via some containers runtime.
- Comment on Should I stick with Docker Swarm for self-hosting? 4 days ago:
I run k3s in my homelab as a single node cluster. I’m very familiar with kubernetes in general, so it’s just easier for me to reason with a control plane.
Some of the benefits I find useful:
- ArgoCD set to fire and forget will automatically update software versions as they happen. I use nix to lower the burden of maintaining my chart forks. Sometimes they break, but
- VictoriaMetrics easily collects all the metrics from everything in the cluster with very little manual tinkering, so I am notified when things break, and
- zfs-localpv provides in-cluster management for data snapshots, so when things do break I can easily roll back to a known good state.
k3s is, of course, a memory hog, I’d estimate it and cilium (my CNS of choice) eat up about 2Gb ram and a bit under one core. It’s something you can tune to some extent, though. But then, I can easily do pod routing via VPN and create services that will automatically get a public IP from my endless IPv6 pool and get that address assigned a DNS name in like 10 lines of Yaml.
- Comment on remote assistance software suggestions 1 month ago:
Your requirements sound a lot like Chrome Remote Desktop and it’s pretty trivial to install, which might be a handy thing for family members that aren’t tech-savvy.
- Comment on Fediverse Apps on Kubernetes? 1 month ago:
I don’t like helm, so I use nix to maintain my fediverse deployments in kubernetes. Typically that’d just autoupdate itself to new releases, but for lemmy specifically I upgrade by hand nowadays since one release some time ago broke my deployment and its schema change was incompatible with the automated rollback.
My setup is a combination of github.com/farcaller/nixdockertag (auto-updated docker imagesfor things where I fully own the deployments) and github.com/farcaller/nixhelm (for helm charts that I either consume verbatim PR have local patches on). Both just auto update nightly thanks to github.
- Comment on Discord is nuking Nintendo Switch emulator devs and their entire servers 2 months ago:
It’s much more than just “http requests”, honestly. A Matrix server and e.g. nginx have very little in common.
- Comment on Discord is nuking Nintendo Switch emulator devs and their entire servers 2 months ago:
That’s what their docs say:
At an absolute minimum, Dendrite will expect 1GB RAM. For a comfortable day-to-day deployment which can participate in federated rooms for a number of local users, be prepared to assign 2-4 CPU cores and 8GB RAM — more if your user count increases.
That’s not accounting for Postgres.
- Comment on Discord is nuking Nintendo Switch emulator devs and their entire servers 2 months ago:
I got that. What I mean is that you can easily have a tiny 256mb VPS for a bunch of static websites or even some WordPress and the official matrix servers would require you to easily double or triple the bill.
- Comment on Discord is nuking Nintendo Switch emulator devs and their entire servers 2 months ago:
I looked into matrix servers the other day for an unrelated reason and tbh the amount of resources they ask for is way more than you need for a webpage (dendrite asks for 1gb ram minimum for a number of users, and that’s without accounting for postgres)
- Comment on BitTorrent is No Longer the ‘King’ of Upstream Internet Traffic 3 months ago:
2M per BitMagnet instance. That’s about 18Gb in postgres. Not significant, but around where you start to think about query optimization.
- Comment on BitTorrent is No Longer the ‘King’ of Upstream Internet Traffic 3 months ago:
BitMagnet isn’t a silver bullet. Its datastore use makes it rather unreliable past about 2M torrents mark.
- Comment on Hosting on Oracle 3 months ago:
I got my account closed with no reason a hair after 12 months. It was good while it lasted, and I have the backups outside of oracle’s cloud.
- Comment on Linux distro for selfhosting server 3 months ago:
I wouldn’t specifically say nixOS is stable in the same sense debian is but yes, it can totally handle this use case. I mainly run k8s on it, but a few home machines run docker (or, rather, podman) containers.
A thing about nixOS is that quite often you won’t need containers at all and would be better off without them, managing your apps as part of the system state as a whole. I only do that because I can’t be bothered to properly switch to nixOS services for ELK (which is supported by nixOS).
It’s a very stable solution in general and usually ends with a configuration that either doesn’t apply at all or applies with no issues. Gitops included for pretty much free. It requires understanding nix, and it can be tricky, but not overly tricky.
All and all I haven’t had an Ubuntu in homelab for two years now and can’t be happier about that.
- Comment on What are some good games with *zero* replayability? 3 months ago:
I replayed it the other week after not touching it since the original release. Was fun. I managed to forget a bunch of puzzles, and the new graphics made it fun to just explore the Ages.
- Comment on What's Your Preferred Server Monitoring Method? 4 months ago:
Try VictoriaMetrics. Basically the same feature set as Prometheus, but so much more resource friendly for homelab scale. I store some metrics for 12 months now, because it’s easy.
- Comment on Let's talk about free/FOSS routing platforms for the homelab 4 months ago:
oh, that’s actually a fair point! You’re correct.
DHCPv6-PD is still effectively broken, though.
- Comment on Let's talk about free/FOSS routing platforms for the homelab 4 months ago:
I tried opn/ pfsense, VyOS (the rolling one. Stable is paid only), and a couple commercial options. Surprisingly not a single free/foss option can do IPv6 properly (I was looking specifically for prefix delegation for downstream routers). Cashed out for a single RouterOS CHR license and never bothered since.
But otherwise I tend to like VyOS. the rolling releases as the only free option make it somewhat questionable for something more serious though.
- Comment on [deleted] 4 months ago:
You mentioned failing to find the github markdown specs. Those are the specs.
- Comment on [deleted] 4 months ago:
- Comment on SilverBullet: the self-hosted notes app for people with a hacker mindset 4 months ago:
I’d be curious to see comparison with Logseq. As it’s rightly mentioned, there are thousands of note taking apps and I’m not quite sure I see the selling point of SB. I really love the idea of notes as a database, but the query langauage seems subpar, more akin to obsidian’s dataview than the overwhelming power of tiddlywiki’s filters or Logseq’s queries.
I went from evernote to tiddlywiki to Obsidian to Logseq and somewhat stuck here now because I got the powerful queries in a very neat UI. With the market oversaturated as it is, I’d be nice to see what Silverbullet brings to the game that others don’t, what are the distinguishing features.
- Comment on Uncomplicated firewall rule set for a *arr stack. 4 months ago:
I disabled DHCP and IPv6
Why, though?
- Comment on What are your favorite cloud-based logging providers which do not require a business email to sign up? 4 months ago:
Why would you need specifically “cloud” logging for that? Spinning up grafana and loki is rather trivial in the modern containerized world and that’d cover 90% of what you want from logs. Neither is a resource hog, too, it’s so much better that e.g. the ELK stack for logs that you only look through occasionally.
- Comment on Sudo is coming to Windows 11 4 months ago:
Honestly, it’s hardly newsworthy given how sudo was a thing in windows for quite a while now. I use it pretty often, especially
sudo pwsh
for elevated shells. - Comment on Which OS do you use for your homeserver? 4 months ago:
I went for a much simpler approach lately as I downscaled my hardware for efficiency.
I run NixOS on the bare metal. It gives the system management a declarative approach, just like kubernetes would. On top of that, I run libvirt as a hypervisor. In other scenarios I’d use tinyvmm and cloud-hypervisor, but I found qemu way better for the variety of homelab workloads and libvirt is pretty straightforward.
Some vms have pci passthrough, e.g. my routeros vm gets a bunch of NICs directly, some have various funny network topology. Libvirt used to be a pain in that regard, but it’s actually fine with NixOS because you manage both sides of the networking stack in declarative configuration.
I run NixOS on the vms too (now for the sake of easy upgrades), and I have a bit of a split between running services natively (systemd is very good about “containerizing” things nowadays) and using docker (mostly because of laziness, e.g. Elastiflow was easier to deploy this way). Finally, I have a single dokerized Ubuntu that’s more like a VM (as in, I never had a dockerfile for it, it’s fully stateful) running the matter home automaton bits because I gave up on properly containing the matter python stack and went for an easy way out.
Now, a word about alternatives.
I used to run Ubuntu. No more. Upgrading the OS is always a huge pain even if everything is in docker. I want my OS to be managed in a config file and be able to easily roll back to the previous state. I used to run k3s, but even though it is much thinner than k8s, it is still very much ram hungry and I just don’t want to pay for that. Besides, complex networking is often non-trivial due to how its networking works, and multus is a world of pain. I used to run different hypervisors for the VMs (kubevirt, tinyvmm, a bunch others). I went way back to libvirt mostly because it’s straightforward in tuning very specific qemu bits I cared for in the homelab. I have some cpu overprovisioning, so I want to make my quotas set up extremely precisely, sacrificing the right workloads.
- Comment on Should I use a dedicated DHCP/DNS server hardware 5 months ago:
Here’s how it works: unifi devices need to communicate with the controller over tcp/8080 to maintain their provisioned state. By default, the controller adopts the device with
http://vontroller-ip:8080/inform
, which means that if you ever change the controller IP, you’ll must adopt your devices again.There are several other ways to adopt the device, most notably using the DHCP option 43 and using DNS. Of those, setting up DNS is generally easier. You’d provision the DNS to point at your controller and then update the inform address on all your devices (including the USG).
Now, there’s still a problem of keeping your controller IP and DNS address in sync. Unifi, generally, doesn’t do DNS names for its DHCP leases, and devices can’t use mDNS, so you’ll have to figure a solution for that. Or, you can just cut it short and make sure the controller has a static IP―not a static DHCP lease, but literally, a static address. It allows your controller to function autonomously from USG, as long as your devices don’t reach to it across VLANs.
- Comment on Should I use a dedicated DHCP/DNS server hardware 5 months ago:
Unifi is specific about expecting the controller address to not change. You have several options: There’s the “override controller address” setting, which you can use to point the devices at a dns name, instead of an ip address. The dns can then track your controller. It doesn’t exactly solve your issue, though, as USG doesn’t assign dns names to dynamic allocations.
Another option is to give the controller a static IP allocation. This way, in case you reboot everything, USG will come up with the latest good config, then will (eventually) allocate the IP for controller, and adopt itself.
Finally, the most bulletproof option is to just have a static IP address on the controller. It’s a special case, so it’s reasonable to do so. Just like you can only send NetFlow to a specific address and have to keep your collector in one place, basically.
I’d advise against moving dhcp and dns off unifi unless you have a better reason to do so, because then you lose a good chunk of what unifi provides in terms of the network management. USG is surprisingly robust in that regard (unlike UDMs), and can even run a nextdns forwarding resolver locally.
- Comment on Embrace, Extend, Enforce (ƎƎƎ): A practical Strategy against potentially abusive Instances like Meta’s Threads 5 months ago:
However, XAMPP didn’t just die because it opened itself up to Microsoft and got extinguished
So, we went from the somewhat imaginary “google killed xmpp” to fully fictional “Microsoft killed xampp” now? it’s almost like the fedipact people literally have no clue what they are talking about.
- Comment on Idea for future corporations trying to federate 6 months ago:
no Federation with instances that use altered versions or proprietary versions of AP.
It’s especially funny given (the last time I checked) neither kbin nor lemmy actually followed the spec properly. They ignore the jsonld requirements and resort to field names, that, by the spec, should be dropped.
- Comment on 41% of fediverse instances have blocked threads so far!!! 6 months ago:
I can easily imagine the future where “good” instances will then stop federating with the ones that don’t have threads blocked, all thanks to these lists.
- Comment on GitHub: Can no longer search code without being logged in 6 months ago:
FWIW Sourcegraph chrome extension adds a neat “open in Sourcegraph” to github pages and SG is just superior. Why would you use Github’s mediocre search either way ¯_(ツ)_/¯
- Comment on Docker or Podman for Jellyfin? 6 months ago:
Regarding firewall stuff, disable it on your machine and you are fine.
How do you know OP doesn’t have a bunch of unsecured services sticking out into their LAN ready to be a target for the next cryptolocking scam?
Slightly sarcastic, but yeah, OP, do not just turn your firewall without understanding pros and cons of doing such. At the very least, see what your server exposes to the network (
ss -tunlp
will give you a good starting point), and see if there’s nothing unexpected in there that might be abused.