Cool, I recommend it!

I have my public facing reverse proxy point to my public services, and I also have it set up as a “roadwarrior” VPN to my home. So, I can connect my phone via WireGuard to my VPS, and a local DNS resolves my private services to the private IP addresses in my home network (so, I also run a reverse proxy on my server, for internal services).

I also have an off-site backup using this — just a raspberry pi and an HDD at family’s, that rsyncs+snapshots over the WireGuard network.

I’m sure I’m not following all the best practices here, but so far so good.

VPS with a public ip (which just takes all the fun out of selfhosting)

Why do you say this? My VPS only runs a reverse proxy and WireGuard, with all services hosted on my computers at home.

Remember that RAID and redundancy is not backup.

Try to 3-2-1, or something similar/better, if you can.

I am fairly sloppy here, and I am also very cheap. I have multiple copies in my home for important stuff (mainly Immich), the in use copy being on SSD and a few backups on spinning rust. I have a raspberry pi with an external HDD at family’s place, with a daily rsync+snapshot, for off site backups.

Of course, I’ve never had a catastrophic failure, so who knows how smooth that would be…

I switched to Technitium and I’ve been pretty happy. Seems very robust, and as a bonus was easy to use it to stop DNS leaks (each upstream has a static route through a different Mullvad VPN, and since they’re queried in parallel, a VPN connection can go down without losing any DNS…maybe this is how pihole would have handled it too though).

And of course, wildcards supported no problem.

Maybe take a look at Outline. (Not affiliated, but I host it for myself.)

I also host KitchenOwl, but mostly just as a grocery list.

I’ve been pleased with it. Family is very relaxed about projects like this, but yeah it’s low power draw. I don’t think I have anything special set up but the right thing to do for power would be to spin down drive when not in use, as power is dominated by the spinning rust.

Uptime is great. Only hiccups are that it can choke when compiling the ZFS kernel modules, triggered on kernel updates. It’s an rpi 3/1GB RAM (I keep failing at forcing dkms to use only 1 thread, which would probably fix these hiccups 🤷).

That said, it is managed by me, so sometimes errors go unnoticed. I had recent issues where I missed a week of rsync because I switched from pihole to technitium on my home server and forgot to point the remote rpi there. This would all have been fixed with proper cron email setup…I’m clearly not a professional :)

Not the same, but for my Immich backup I have a raspberry pi and an HDD with family (remote).

Backup is rsync, and a simple script to make ZFS snapshots (retaining X daily, Y weekly). Connected via “raw” WireGuard.

Setup works well, although it’s never been needed.

Yeah, good point. The “app setup” is built into android and iOS as far as I can tell (generating matter credentials, etc.). Better than 3rd party IMHO but not ideal, and a nonstarter for a lot of folks. Hopefully HA will come out with their own onboarding process at some point.

Fair enough; I have a dedicated SSID which is VLAN’d off from the rest of my network with no Internet access. Only my HA server can talk to those devices.

+1 for ThirdReality. They’re a little pricey but I’ve generally had good luck with them.

I’ve also had pretty good luck with cheap Matter-over-wifi bulbs. Pairing them can be a little finicky and needs to go through an Android or iOS process, but after pairing you can block Internet access for them and they work great local-only.

There’s a bug in some wifi matter bulbs where they crash, especially when going from off to a desired brightness/color state (as in, “light on” works but “light to 50%, 3000K” will crash the bulb).

I don’t think you understand what local control of smart devices means…

Chuck Yeager’s Air Combat would ask for various airplane specs (“what is the service ceiling of an F-4E?,” “what is the ferry range of a MiG-15?”), and you had to flip through a booklet to find the answer.

You could copy the book, but it was fairly long so I guess the friction kept you in check.

VNC? You have your choice of servers, and clients are ubiquitous.

A big gotcha is that you need to be careful with encryption/security, as in classic UNIX style VNC does one thing (remote desktops). It’s easy to forward over ssh though.

You can also use VNC to share, which is not what you want; this depends on the type of server/settings. But you can definitely create a new virtual X11 session and access it remotely.

Mac at work. Yabai+sketchybar is no i3wm replacement, but it works ok.

My .zshrc is basically the same as I use on my personal computers, and aside from a few coreutils differences it…kinda just works. I have apt aliased to brew so I can feel more at home.

Stock terminal works fine—I use xterm on Linux, so I’m used to relying on tmux for nice features anyway.

Basically, I miss the window manager, but practically speaking that’s a about it. (I obviously have xscreensaver installed!)

nc is useful. For example: if you have a disk image downloaded on computer A but want to write it to an SD card on computer B, you can run something like

user@B: nc -l 1234 | pv > /dev/$sdcard

And

user@A: nc B.local 1234 < /path/to/image.img

(I may have syntax messed up–also don’t transfer sensitive information this way!)

Similarly, no need to store a compressed file if you’re going to uncompress it as soon as you download it—just pipe wget or curl to tar or xz or whatever.

I once burnt a CD of a Linux ISO by wgeting directly to cdrecord. It was actually kinda useful because it was on a laptop that was running out of HD space. Luckily the University Internet was fast and the CD was successfully burnt :)

I’m a ~/tmp man myself.

Maybe not a service in the typical sense, but setting up your router+server to route your home network traffic through a VPN is a fun project.

My router (MikroTik) supports WireGuard, so I can use it with Mullvad for the whole house—but wg is demanding and it’s a slow router, so while it can NAT at ~1Gbps, it can’t do WireGuard at more than ~90Mbps. So, I set up WireGuard/Mullvad on a little SBC with a fast processor, and have my router use that instead. Using policy based routing and/or mangling, I can have different VLANs/subnets/individual hosts selectively routed through the VPN.

It’s a fun exercise, not sure I implemented it in a smart way, but it works :)

I would recommend PoE security cameras. You probably want support for RTSP / ONVIF.

I have some Amcrest cameras talking to Frigate. It is completely local—cameras on a separate VLAN that can’t talk to the Internet, footage is recorded on a server running Frigate. Works very well for me. No vendor lock-in is also nice!

640k 780k ought to be enough for anybody…

If you search around you might find free ones. Oracle has/had a free tier (though it’s Oracle, so…).