farcaller

@farcaller@fstab.sh

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨What are some self hosted services that you think are essential?⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
I have a dedicated vm for things that are crucial to the home network, either latency-critical or network related.

That’d be my dns resolver (I enforce it over VLANs by hijacking anyone trying to do DNS to other resolvers, like random IoT devices), homebridge for less important home automaton and my own matter controller for most important home automaton (controlling the lights).

My router of choice is RouterOS in another VM. I tried opnsense, pfsense, vyatta, and a bunch of others (even a containerized Cisco route), and I settled on ROS, because it was the only one who could do IPv6 properly (apart from Cisco, but that has other issues).

For the less important things I run them on k8s and really, there are only two bits worth mentioning as essential: ArgoCD and nixhelm. Together, they provide effortless and mostly automated software updates with very easy rollbacks. I don’t have to go and manually update every single bit of software and that saves huge amounts of time.
⁨Comment⁩ on ⁨Dropbox is laying off 20% of its staff⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
The windows client does, yes. But I’ve found that to be fragile on occasions.
⁨Comment⁩ on ⁨Dropbox is laying off 20% of its staff⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Technically, it does have a windows client. It’s just in various states of being broken.
⁨Comment⁩ on ⁨How annoying is it to connect to VPN/use Tailscale instead of being able to access the service directly?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
For the last 10 days tailscale clocked 1% battery on my phone. I honestly didn’t even consider turning it off for battery savings.
⁨Comment⁩ on ⁨Running Tailscale docker image vs. binding port to Tailscale IP⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
If tailscale inside a container allows you to talk to it via “direct” connection and not a derp proxy, then it will offer you better service isolation (can set the tailscale ACLs for this specific service) without sacrificing performance.

Tailscale pushes for it because it just ties you in more. It allows to to utilize the ACLs better, to see your thing in their service mesh, and every service will count against the free node limit.

In practice, I often do both. E.g. I’ll have my http ingress exposed to tailscale and route a bunch of different services through it at a single tailscale node, where the access control is done by services individually. But I’ll also run a pod-to-pod tailscale between two k8s clusters because tailscale ACL is just convenient.
⁨Comment⁩ on ⁨Network Switch⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
TIL, thanks!
⁨Comment⁩ on ⁨Network Switch⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I had exactly the same use case and I ended up with a 40G DAC fiber for that case. It ended up cheaper than converting the whole lan to 10G.

That said, it feels like used 10G equipment is easier to come by than 2.5G for now, and if you have 2G fiber uplink and only 1G past the router then it’s a waste.
⁨Comment⁩ on ⁨Should I keep shared or separate k8s clusters?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Actual public services run there, yeah. In case if any is compromised they can only access limited internal resources, and they’d have to fully compromise the cluster to get the secrets to access those in the first place.

I really like garage. I remember when minio was straightforward and easy to work with. Garage is that thing now. I use it because it’s just co much easier to handle file serving where you have s3-compatible uploads even when you don’t do any real clustering.
⁨Comment⁩ on ⁨Should I keep shared or separate k8s clusters?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I’ve dealt with exactly the same dilemma in my homelab. I used to have 3 clusters, because you’d always want to have an “infra” cluster which others can talk to (for monitoring, logs, docker registry, etc. workloads). In the end, I decided it’s not worth it.

I separated on the public/private boundary and moved everything publicly facing to a separate cluster. It can only talk to my primary cluster via specific endpoints (via tailscale ingress), and I no longer do a multi-cluster mesh (I used to have istio for that, then cilium). This way, the public cluster doesn’t have to be too large capacity-wise, e.g. all the S3 api needs are served by garage from the private cluster, but the public cluster will reverse-proxy into it for specific needs.
⁨Comment⁩ on ⁨Server Monitoring software recommendations⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
and swap Prometheus for VictoriaMertics, or your homelab ram usage becomes Prometheus ram usage.
⁨Comment⁩ on ⁨Tryong to figure out the best way to set up a self hosted matrix server.⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I’ll second conduit. You can tune up its caching, reducing the ram usage significantly. It does become a bit painful to sync the mobile clients, but at least it’s not gigabytes of ram wasted.
⁨Comment⁩ on ⁨Should I use a reverse proxy in a homelab?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Specifically, use home.arpa, if you must use a private domain.
⁨Comment⁩ on ⁨Ubiquiti U7 Pro Max WiFi 7 Access Point Teardown: To fan or not to fan⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
FWIW that java app isn’t much memory hungry and it’s not cpu-intensive at all. There are no issues with running java apps at all if you spend 5 minutes figuring the basix flags on how to set the memory limits or run it in a memory-limited cgroup via some containers runtime.
⁨Comment⁩ on ⁨Should I stick with Docker Swarm for self-hosting?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I run k3s in my homelab as a single node cluster. I’m very familiar with kubernetes in general, so it’s just easier for me to reason with a control plane.

Some of the benefits I find useful:
- ArgoCD set to fire and forget will automatically update software versions as they happen. I use nix to lower the burden of maintaining my chart forks. Sometimes they break, but
- VictoriaMetrics easily collects all the metrics from everything in the cluster with very little manual tinkering, so I am notified when things break, and
- zfs-localpv provides in-cluster management for data snapshots, so when things do break I can easily roll back to a known good state.
k3s is, of course, a memory hog, I’d estimate it and cilium (my CNS of choice) eat up about 2Gb ram and a bit under one core. It’s something you can tune to some extent, though. But then, I can easily do pod routing via VPN and create services that will automatically get a public IP from my endless IPv6 pool and get that address assigned a DNS name in like 10 lines of Yaml.
⁨Comment⁩ on ⁨remote assistance software suggestions⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Your requirements sound a lot like Chrome Remote Desktop and it’s pretty trivial to install, which might be a handy thing for family members that aren’t tech-savvy.
⁨Comment⁩ on ⁨Fediverse Apps on Kubernetes?⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I don’t like helm, so I use nix to maintain my fediverse deployments in kubernetes. Typically that’d just autoupdate itself to new releases, but for lemmy specifically I upgrade by hand nowadays since one release some time ago broke my deployment and its schema change was incompatible with the automated rollback.

My setup is a combination of github.com/farcaller/nixdockertag (auto-updated docker imagesfor things where I fully own the deployments) and github.com/farcaller/nixhelm (for helm charts that I either consume verbatim PR have local patches on). Both just auto update nightly thanks to github.
⁨Comment⁩ on ⁨Discord is nuking Nintendo Switch emulator devs and their entire servers⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
It’s much more than just “http requests”, honestly. A Matrix server and e.g. nginx have very little in common.
⁨Comment⁩ on ⁨Discord is nuking Nintendo Switch emulator devs and their entire servers⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
That’s what their docs say:

At an absolute minimum, Dendrite will expect 1GB RAM. For a comfortable day-to-day deployment which can participate in federated rooms for a number of local users, be prepared to assign 2-4 CPU cores and 8GB RAM — more if your user count increases.

That’s not accounting for Postgres.
⁨Comment⁩ on ⁨Discord is nuking Nintendo Switch emulator devs and their entire servers⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
I got that. What I mean is that you can easily have a tiny 256mb VPS for a bunch of static websites or even some WordPress and the official matrix servers would require you to easily double or triple the bill.
⁨Comment⁩ on ⁨Discord is nuking Nintendo Switch emulator devs and their entire servers⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
I looked into matrix servers the other day for an unrelated reason and tbh the amount of resources they ask for is way more than you need for a webpage (dendrite asks for 1gb ram minimum for a number of users, and that’s without accounting for postgres)
⁨Comment⁩ on ⁨BitTorrent is No Longer the ‘King’ of Upstream Internet Traffic⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
2M per BitMagnet instance. That’s about 18Gb in postgres. Not significant, but around where you start to think about query optimization.
⁨Comment⁩ on ⁨BitTorrent is No Longer the ‘King’ of Upstream Internet Traffic⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
BitMagnet isn’t a silver bullet. Its datastore use makes it rather unreliable past about 2M torrents mark.
⁨Comment⁩ on ⁨Hosting on Oracle⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I got my account closed with no reason a hair after 12 months. It was good while it lasted, and I have the backups outside of oracle’s cloud.
⁨Comment⁩ on ⁨Linux distro for selfhosting server⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I wouldn’t specifically say nixOS is stable in the same sense debian is but yes, it can totally handle this use case. I mainly run k8s on it, but a few home machines run docker (or, rather, podman) containers.

A thing about nixOS is that quite often you won’t need containers at all and would be better off without them, managing your apps as part of the system state as a whole. I only do that because I can’t be bothered to properly switch to nixOS services for ELK (which is supported by nixOS).

It’s a very stable solution in general and usually ends with a configuration that either doesn’t apply at all or applies with no issues. Gitops included for pretty much free. It requires understanding nix, and it can be tricky, but not overly tricky.

All and all I haven’t had an Ubuntu in homelab for two years now and can’t be happier about that.
⁨Comment⁩ on ⁨What are some good games with *zero* replayability?⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I replayed it the other week after not touching it since the original release. Was fun. I managed to forget a bunch of puzzles, and the new graphics made it fun to just explore the Ages.
⁨Comment⁩ on ⁨What's Your Preferred Server Monitoring Method?⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Try VictoriaMetrics. Basically the same feature set as Prometheus, but so much more resource friendly for homelab scale. I store some metrics for 12 months now, because it’s easy.
⁨Comment⁩ on ⁨Let's talk about free/FOSS routing platforms for the homelab⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
oh, that’s actually a fair point! You’re correct.

DHCPv6-PD is still effectively broken, though.
⁨Comment⁩ on ⁨Let's talk about free/FOSS routing platforms for the homelab⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
I tried opn/ pfsense, VyOS (the rolling one. Stable is paid only), and a couple commercial options. Surprisingly not a single free/foss option can do IPv6 properly (I was looking specifically for prefix delegation for downstream routers). Cashed out for a single RouterOS CHR license and never bothered since.

But otherwise I tend to like VyOS. the rolling releases as the only free option make it somewhat questionable for something more serious though.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
You mentioned failing to find the github markdown specs. Those are the specs.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
There you go!