A simple question to this community, what are you self-hosting? It’s probably fun to hear from each-other what services we are running.

Please mention at least the service (e.g. e-mail) and the software (e.g. postfix). Extra bonus points for also mentioning the OS and/or hardware (e.g. Linux Distribution, raspberry pi, etc) you are running on.

  • Ruud@lemmy.worldM
    link
    fedilink
    English
    arrow-up
    94
    arrow-down
    1
    ·
    1 year ago

    I host:

    Fedi servers

    • lemmy.world
    • mastodon.world
    • calckey.world
    • pool.social
    • musicworld.social
    • akkoma.nl
    • ruud.social
    • fotofed.nl
    • fediland.nl
    • blog.mastodon.world
    • play-my.video

    Software I use

    • Nginx Proxy Manager
    • Portainer
    • Kimai
    • Xwiki (3 of them)
    • Cryptpad
    • Grafana
    • Hedgedoc
    • Matrix/Synapse
    • Thelounge
    • Vaultwarden
    • Gitea
    • Nextcloud
    • Paperless-ngx
    • Zabbix
    • Zammad

    Probably forgot some…

  • sneakyninjapants
    link
    fedilink
    English
    arrow-up
    60
    ·
    edit-2
    1 year ago

    My long and mostly complete list:

    • Audiobookshelf (GH)
      • Using for audiobooks. Ebooks, comics, and podcast support in early stages.
    • Authelia (GH)
      • Using for two-factor authentication in front of all of my services. Critical infrastructure.
    • Bazarr (GH)
      • Using for automated subtitle management. Have not needed to rely on it much.
    • Code-Server (GH)
      • Using for a plethora of things. I could write an entire post on this alone.
    • Courier
      • Using (occasionally) for package-tracking from various carriers.
    • EmulatorJS
      • Using for retro-emulation.
    • Gitea (GH) x2
      • Using as a git repo server, package repository, and for CI/CD automation. Is critical infrastructure in my lab. Could also write an entire post on this one.
    • Headscale with Headscale-UI. Tailscale clients on various VMs LXCs, etc.
      • Using to securely network with my remote servers.
    • Homepage
      • Using as a “single-pane-of-glass” to get an overview of service health with links to the various services.
    • Invidious
      • Using in-place of YouTube.
    • IT-Tools (GH)
      • Using for the myriad of various useful tools it offers.
    • Jellyfin (GH)
      • My media player of choice. Using for movies and television, but supports music, ebooks, and photos in addition.
    • Kopia Server (GH)
      • Using for data backups to my Minio instance on local NAS and Wasabi. Simple, fast, and reliable.
    • Librespeed (GH)
      • Using for the occasional speedtest to my remote servers.
    • Matrix stack using Conduit back end and Element-Web front end
      • Federated Discord essentially. Using as a private instance for friends and family.
    • Minio
      • Using primarily as a gateway to storing backups, also serves git-lfs for Gitea.
    • N8N (GH)
      • Using for home-automation, backing up my Reddit saved posts to a database, deal-alerts, and part of a CI/CD pipeline.
    • NTFY (GH)
      • Using for infrastructure notifications mostly. Very simple and versatile alerting solution.
    • NZBGet
      • Using for getting “usenet articles”.
    • Paperless-NGX
      • Using for document archival. Important receipts, documentation, letters, etc. live here.
    • Portainer (GH) with multiple agents on VM’s LXCs and VPSs
      • High level management of my various docker containers.
    • Prowlarr
      • Using to provide torznab API to websites that dont natively have it. Integrates with Radarr and Sonarr
    • Radarr (GH)
      • Using for movie management.
    • Radicale
      • Using for contacts and calendar server.
    • Raneto (GH)
      • Using as a knowledge base. Lab documentation, lists, recipes, lots of things live here. Using with with code-server and Gitea.
    • Readarr (GH)
      • Using for book management
    • Recyclarr (GH)
      • Using for Radar and Sonarr to sync search terms for their automations. Very useful, hard to summarize.
    • Requestrr
      • Using (very rarely) as a requests bot for Radarr and Sonarr.
    • SFTP-Go
      • Using mostly in-place of Nextcloud. Used to back up phones mostly.
    • Shaarli (GH)
      • Using as a read-it-later service. Went through lots of these, and Shaarli has been good enough.
    • Singlefile-Archive
      • A hacky way of presenting pages saved with the singlefile browser extension. Not exactly happy with the solution, but for my ocasional use it does work.
    • Sonarr (GH)
      • Using as TV series manager
    • Speedtest-Tracker (GH)
      • Using to get periodic speedtests. Plan to automate results to blast my ISP if my service speed gets too low.
    • Traefik (GH) on each seperate host
      • Using as a web proxy in front of my various services. Critical infrastructure.
    • Transmission (GH)
      • Using to get “Linux ISOs”
    • Uptime Kuma (GH)
      • Using to monitor site and services status along with a few others. Integrated with NTFY for alerts.
    • Vaultwarden
      • Using as my password manager. Have been using for years, cannot recommend enough.
    • A handful of static websites served with NGINX
      • The old standby, its been reliable as a webserver.

    These services are the result of years of development and administrating my lab and while there is still some cruft, it’s mostly services that I think have real utility.

    As far as hardware:

    • Running pfsense on a toughbook laptop as a router-firewall.

    • A SuperMicro 24 bay disk-shelf with Proxmox and ZFS for NAS duties and a couple services.

    • Lenovo Tiny boxes with a Proxmox cluster for the majority of my local services.

    • Dell managed switch

    • A few Raspberry-pi’s with Raspbian for various things.

    • Linksys AP for wifi

    Edit: Spelling is hard.

  • Stimmed@reddthat.com
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    3
    ·
    1 year ago

    As an offensive security worker… I can’t help but read people listing out their attack surface 😂

    • AyyLMAO@exploding-heads.com
      link
      fedilink
      English
      arrow-up
      31
      ·
      1 year ago

      My RISV-V server (I have removed all binary blobs and have no closed source code ofc) is airgapped inside a Faraday cage.

      For security reasons I never turn it on.

      • sshff@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        All my deploys are written in binary on a stack of index cards that we then burn, put in a zip lock bag, encase in concrete, surround in a welded closed steel box, and throw in the Mariana Trench. The documentation sucks though.

    • linearchaos@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      I’m not sure the list is really that big of a deal for a home gamer. They’re probably more in danger from their choice of home audio appliances and that microwave that has been sitting on their network for 10 years which no longer gets updates. Or that 2019 Plex server they have put forwarded straight outside.

      It’s actually one of my beefs with containers, You can’t keep track of The versions for everything and you’re at the mercy of the maintainers to keep individual packages updated.

    • bosse
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Nah, it’s all safe, it’s in containers

      </s>

      • HegemonSushi@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        You’d hope, but I have a few friends who simply port-expose their media servers.

        I guess it could be worse if they had ssh exposed.

        • constantokra@lemmy.one
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          I’ll have to disagree with you there. SSH is super well maintained and understood, and massively useful for the risk you do run. Who knows what’s going on with all the random projects people are hosting. I’d rather have SSH exposed than almost anything else.

          What would you do to provide access to some less tech savvy friends. I’m thinking of dropping a SBC with wireguard and a proxy onto a friend’s network, that way everything is under my control, and I can lock down the wireguard connection however I want, but I haven’t gone down that route yet.

          • HegemonSushi@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            I was thinking more along the lines of simply thowing up a port to SSH into. No Fail2Ban and no keys, just a password.

            I would just containerize and reverse proxy, but I understand the hesitation, wireguard would be preferable.

      • Stimmed@reddthat.com
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        It was meant more as a joke than criticizing hosting your own services. I personally have a VPN with MFA, and services that I host for my self that are segmented to a paranoid level (home camera system on own vlan, restricted from being able to reach any other vlan or the Internet, etc) with a deny all and explicit allows on per host and traffic type. The amount of work that went into building the network is probably overkill, and it is still susceptible to nation state and supply chain compromise but hopefully whoever gets in will curse me if they try to move around the network.

        Realistically, every added service and host is added attack surface and chances for misconfiguration \ supply chain attack, but being alive is a risk too…

        I’m guessing system admins and dev op is over represented here so some of our home networks may be targeted as a path into a corporate environment, but I’m guessing the chances are low. Sadly even the most secure networks are not an impossible target. The attackers are well ahead of defenders of networks. Attackers need exceptions, while defenders need everything perfect. Much harder to accomplish.

          • Stimmed@reddthat.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            For best practice, my personal recommendation would be to not have any service public facing besides a VPN that requires MFA. segment self hosted services into separate VLANs based on how sensitive the content is. Disallow all traffic between VLANs unless required and only allow based on port number, specific resources needed. Don’t forgot to disable outgoing Internet access unless required. Devices like Chinese made video cameras should never have an Internet connection.

            My network looks something like: home vlan, work vlan, Netflix \ hulu streaming devices, cctv, wireless work, wireless home, wireless guest, iot, servers, network management. Would be way overkill for vast majority of people, but I would be hypocritical not to considering what I do and I do have a different threat profile than most.

            Another thought: self hosted through VPN with MFA and nothing public facing is probably safer than cloud as long as you have cold backups.

  • foonex@feddit.de
    link
    fedilink
    English
    arrow-up
    25
    ·
    1 year ago
    • Plex and Jellyfin for movies and TV shows. I want to switch from Plex to Jellyfin but it is not quite there yet. It‘s very little effort to keep Jellyfin running in parallel though. I am keeping it around to regularly compare the two and re-evaluate.
    • Tube Archivist for archiving and watching YouTube videos.
    • Miniflux for reading feeds.
    • Nextcloud, mainly for calendars and contacts; occasionally for sharing files with others.
    • Syncthing for syncing files.
    • Financier for budgeting.
    • Paperless-ngx for managing documents.
    • Qbittorrent for downloading and sharing Linux ISOs.
    • Prowlarr for searching Linux ISOs.
    • Copyparty for sharing Linux ISOs with friends.
    • Shaarli for saving bookmarks.
    • Jekyll for statically generating my personal blog.
    • Caddy as HTTP server / reverse proxy for all of the above. Automatically provisions certificates from Let‘s Encrypt.
    • PostgreSQL as database for Nextcloud and Miniflux.
    • Simple Nixos Mailserver for emails with Postfix, Dovecot and rspamd.
    • Dehydrated for getting certificates from Let‘s Encrypt for the mail server.
    • Btrbk and Restic for backups.

    Most of this stuff runs on my server at home (ASRock J4105-ITX, 8 GB RAM , 250 GB SSD, 18 TB HDD). The mail server and the blog run on a cheap VPS (1 vCPU, 2 GB RAM, 20 GB SSD). Both servers run NixOS.

  • Kresten@feddit.dk
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    2
    ·
    edit-2
    1 year ago

    Oh my jesus, does this thread really have 400+ comments

    Edit: respectfully as an atheist

  • Shertson@lemmy.world
    link
    fedilink
    English
    arrow-up
    21
    ·
    1 year ago

    This assortment is run under a combination of Proxmox LXC containers, docker containers, and Yunohost. Mostly I use it to play around, but most are heavily used by my wife and I. I’m planning to rebuild everything and making things more “official”. Looking to convert from a “lab” to actually making it “production” with solid failure routes and backups. I am looking to move anything currently under Yunohost to docker/lxc and to start making use of podman. Recently saw CosmOS and think it might be a good alternative to portainer.

    Hardware:

    • Node 1: Lenovo m93p tiny with 16GB RAM and 250GB SSD - Proxmox
    • Node 2: Lenovo m93p tiny with 16GB RAM and 250GB SSD - Proxmox
    • Node 3: Gigabyte Brix with 16GB RAM and 500GB Sata SSD, 128GB m.2 SSD - Proxmox
    • Node 4: Trigkey Green G3 with 16GB RAM and 1TB Sata SSD - Proxmox
    • TPLink managed switch
    • TerraMaster 2-bay NAS with 2x 2TB HD (NFS host for containers)
    • Synology ds220j NAS with 2x 8TB HD (backup of home desktops, laptops, cell phones, and lab systems)
  • NovoDuck@beehaw.org
    link
    fedilink
    English
    arrow-up
    20
    ·
    edit-2
    1 year ago

    Currently all LAN only, still in the experimental stage finding out what’s useful/preferable to me and what I want to keep:

    KEEPING
    Pi-Hole - ad/malware/tracker blocking
    Portainer - Easy Docker
    Syncthing - Sync folders between devices
    Planka - Kanban board
    I.T. Tools - Handy I.T. Tools
    Bookstack - Personal documentation
    Mealie - Recipe manager/meal planner
    Jellyfin + usual accompaniments - Media Management
    Navidrome - Music library
    Changedetection - Stock monitoring
    Gotify - For push notifications from other apps
    Filebrowser
    That Word Game ;)

    UNDECIDED (may swap for alternatives or just remove)
    Organizr - Homepage
    Jump - Homepage
    Homepage - Yup, another homepage!
    Linkding - Bookmarks
    Shiori - Pocket replacement
    Etebase - CalDAV & CardDAV
    Whoogle - Google without the crap
    Photoprism - Photo management
    Libreddit (not being used now!)
    QBittorrent - for Linux ISOs
    Uptime-Kuma (for when I do open a few services to family)
    Ryot (beta) “Roll Your Own Tracker” - Media Tracker

    PLANNING TO ADD
    Reverse-proxying (likely NPM) + Security (Fail2Ban, Autheilia?)
    Audiobooks
    Comic book management
    Translation service
    Document manager
    Home Assistant on its own Pi4 when I can get hold of one

  • Jamoke@lemmy.themainframe.org
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago
    • Lemmy Instance
    • VaultWarden - Password manager
    • Jellyfin - Movies/TV Shows
    • Roon / Roon ARC - Music
    • OneDev - Used to use Gitlab but couldn’t afford the self-hosted instance anymore and want the paid features, which this mostly has.
    • Dokuwiki - Used to use as a wiki, switched to…
    • Trilium - Similar to Obsidian but open source.
    • Kavita - Comics/books
    • TubeArchivist - YouTube video downloader/viewer
    • PodGrab - Podcast manager
    • Wallabag - Website article saver/bookmarker etc. If anyone has a better suggestion for FOSS bookmark management please let me know!
    • Mealie - Recipe manager (grabs recipes from a ton of different sites)

    I use TrueNAS Scale for my NAS and Ubuntu server for my VM’s/home server. I probably am forgetting something, but, that’s what’s listed in my Portainer :).

  • jason@fedia.io
    link
    fedilink
    arrow-up
    13
    ·
    1 year ago

    Too many things:

    Management:
    Proxmox
    Portainer

    Services:

    Pihole with Unbound
    Matrix
    cryptpad
    seafile
    Vaultwarden
    mailcow
    pterodactyl running Minecraft, Valheim, and Terraria servers
    emby though I am planning the switch to Jellyfin
    Paperless-NGX
    Photoprism
    SearxNG
    Wallabag
    Ghost
    Miniflux
    PrivateBin
    Calibre-web and Kavita
    Nitter and Troddit (for now…)
    Home Assistant and Frigate
    YOURLS
    Code-server
    Linkding
    Changedetection.io
    LanguageTool
    Uptime Kuma

    And more, but those are what I use the most.

  • Sinister_Crayon@beehaw.org
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    1 year ago

    Oh jeez… there’s quite the list. I have a Ceph cluster of 3 nodes with 15x HDD’s and 3 SSD’s… on that cluster I run some VM’s that in turn run a Docker swarm. All Ubuntu 22.04, all commodity hardware. Currently I’m running;

    • NGINX which proxies all my web facing services on multiple websites.
    • Wordpress for my personal site which sync my Instagram pictures to it as well
    • MariaDB Galera cluster
    • Nextcloud for file sharing but also provides lots of plugin services like a password manager, email client and so on
    • Photoprism for my photos… I use the Nextcloud client to automatically upload new pics from my phone to Nextcloud then Photoprism is attached to that same library
    • OnlyOffice as a plugin to Nextcloud to allow O365-like functionality
    • ElasticSearch plugged into Nextcloud for full-text searching
    • OpenProject for project management in my own businesses
    • Jellyfin and Plex both attached to the same media library
    • E-Mail using Docker-Mailserver… so Postfix with a bunch of ancillary tools for 3 domains
    • Droppy as a quick-and-dirty file repo for when I need to get files to people easily
    • FreePBX (Asterisk) with 4 extensions around the house
    • MeshCentral for managing my family’s PC’s and also doing remote tech support for family, friends and customers as necessary
    • FOGProject for imaging PC’s and VM’s as necessary
    • ReactiveResume
    • Docker Registry set up as a caching proxy
    • YoutubeDL-Material
    • Karaoke Eternal for those nights when you just get drunk enough to karaoke

    Then there’s a whole host of ancillary services; BackupPC, Unifi controller container, piHole on a couple of Raspberry Pi’s, ts-dnsserver for internal DNS management… probably a dozen other containers and tools I’m forgetting.

    Oh yeah, and a Synology NAS as a backup target :)

  • wojtek@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    miniflux, nitter, seafile on my local RPi4

    pondered pixelfed (but they don’t have docker image) and calckey (no arm one)…

  • Philip@endlesstalk.org
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    1 year ago

    Ubuntu server(Xeon CPU E5-2650 v4 with 86 GB Ram) running k3s(My home server):

    2 Ubuntu servers running k3s(VPS used for my infrastructure services)

    Infrastructure services runing on all servers

    Lastly I’m hosting Lemmy on a leftover VPS, that I hadn’t used in a while. Might move to a bigger server though.

  • LanyrdSkynrd@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    I run everything in docker on Ubuntu 22.04 with the exception of Plex, which runs on bare metal on the same server. The server is a 16 core threadripper 1950, with 2 quadro gpu’s, m2000 and a p400, 128gb ram, mirrored ssd for system, platter HDD for media, CoralTPU pcie.

    I also run Home Assistant on a separate Lenovo MiniPC(forget which model), I did this so I can take down the server for various reasons without losing smart home stuff. Helps with the Partner Acceptance Factor.

    In no particular order the server runs: Calibre-web - Library managment Sonarr - TV series downloads Radarr - Movie Downloads Lidarr - Music Downloads QbittorentVPN - Torrents over vpn, guarantees no leaks Jackett - tracker management and proxying Podgrab - downloads podcasts Frigate - NVR, camera recording with object detection DoubleTake - Facial recognition middleware, works between frigate/homeassistant and Compreface/Deepstack Octoprint - 3d printer spooler Tautulli - Plex statistics Portainer - Docker Management Ombi - Media request app, users can request shows/movies and they can be automatically added to sonarr/radarr MeTube - Webui for youtube-dl/dlp, useful for downloading Youtube videos for offline and ad free use Spot-dl - parses spotify playlists and downloads them from youtube

  • legion@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    Part of my Reddit exodus plan was to get serious about my RSS setup.

    I’ve settled on:

    • FreshRSS as my feed manager (supported by Reeder app in iOS and MacOS)
    • FiveFilters Full Text extractor
    • rss-proxy site scraper

    I may experiment with some replacements for rss-proxy, as I’ve run into a couple sites it doesn’t scrape well, but FreshRSS and FiveFilters have been smashing successes.

  • LazyPyro@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 year ago
    • Jellyfin - film/tv, both locally and on a seedbox.
    • stable-diffusion-webui - self explanatory
    • Matrix/synapse - private instant messaging for myself and tech minded friends
    • MeTube - web UI for youtube-dl
    • Stash - like Jellyfin/Plex but for any adult media you may have (link is SFW).
    • Lemmy - only privately just seeing how it all works, I don’t intend to make a public instance.
    • A fairly typical LEMP (Ubuntu, Nginx, MariaDB, PHP) stack on my VPS

    Stuff I used to use or have at least tried out:

    • Plex
    • Calibre-web
    • Typical LAMP (CentOS, Apache, MySQL, PHP) stack back in the old days (PHP4/5) when I did a bit of web dev.