this post was submitted on 05 Aug 2024
49 points (96.2% liked)

Selfhosted

40296 readers
343 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Before I dabbled a bit with Docker. I wanted to dabble a bit with Podman because it seemed quite interesting. I reinstalled Pi OS Lite on my Pi 3B+ and installed Podman. Then I figured out what to run and started digging through the documentation. Apparently Docker containers work quite similar and even Docker compose can be used. Then I came across the auto update function and stumbled upon quadlets to use auto update and got confused. Then I tried reading up on Podman rootless and rootful and networking stuff and really got lost.

I want to run the following services:

  • Heimdall
  • Adguard Home
  • Jellyfin
  • Vaultwarden
  • Nextcloud

I am not sure a Pi is even powerful enough to run these things but I am even more unsure about how to set things up. Do I use quadlets? Do I run containers? How do I do the networking so I can reach the containers (maybe even outside my home)?

Can someone point me in the right direction? I can't seem to find the needed information.

you are viewing a single comment's thread
view the rest of the comments
[–] MightyCuriosity@sh.itjust.works 2 points 3 months ago (3 children)

Thanks! Looks interesting. I am not quite a fan of the performance hit a VPN brings but I feel like it's something that I need to deal with in order to suit my usecase. I thought DDNS could help me out.

Yeah I might switch back to Docker and use Watchtower to auto update. Thank you again!

[–] terminhell@lemmy.dbzer0.com 2 points 3 months ago

Wireguard has effectively zero impact on my setup.

[–] tychosmoose@lemm.ee 1 points 3 months ago

VPN + DDNS is what I do. You may be thinking about the perf hit of putting all your home connections through a VPN. That's not the idea here. For self hosted services you would set up a wireguard "server" at your house. Then you connect your phone back to it to access your services.

With Wireguard it's pretty easy to do a split tunnel, so that the VPN connection is only used for traffic to your home servers. Nothing else is affected, and you have access to your house all the time.

This is better for security than DDNS + open ports, because you only need a single open UDP port. Port scanners won't see that you are hosting services and you wouldn't need to build mitigations for service-specific attacks.

As far as podman, I am migrating to it from a mix of native and docker services. I agree with others that getting things set up with Docker first will be easier. But having podman as an end goal is good. Daemonless and rootless are big benefits. As are being able to manage it as systemd units via quadlets.

[–] twizzay@behold.mylegendary.quest 1 points 3 months ago

@MightyCuriosity

Oh, well yeah, you can do that too. In fact, you may not even need a DDNS. I don't have one for my fedi server, and I only ever had to change the IP on my DNS after we got hit by an earthquake and all of the local datacenters went out.

I choose not to do the DNS option for 90% of the things I host. Partly because my ISP has limitations on which ports can be exposed and, in general, I prefer not to expose any ports especially when I am serving up my own data.

But that's just my paranoia talking. :cat_rock_on: