marco's blog Profile Photo

marco's blog

[๐Ÿงช๐Ÿ‘จ๐ŸŽ“] [๐Ÿšด๐Ÿ’จ] [๐Ÿ‘จโ€๐Ÿ’ป]

self-hosting

    โˆž

    Down the Self-Hosting Rabbit Hole

    For a couple of years, I’ve had two Raspberry Pis running on my home network. One was for a Magic Mirror 2 server instance with a few self-written Python scripts. A very cheaply acquired Fire Tablet hangs on the fridge and displays its website in Full Kiosk Mode. The other Raspberry run Pi-Hole and filters ads for the entire home network. To become a little more independent from the big tech bros, in the middle of the year, a VPS from Hetzner joined the setup, running NextCloud. It now provides the entire family with cloud storage, calendar, and address book. The NextCloud software and the VPS are maintained by Hetzner; I only have to worry about the NextCloud configuration. I didn’t dare to do more. Self-hosting, I found and still find - without any (professional) knowledge of networks - quite scary.

    That changed a few weeks ago. I still find it scary, but I installed a bit of software anyway. It started, as so often, with a post from Marcus. He mentioned OwnTracks and Geo Activity Playground in his article. I was curious, and since I absolutely didn’t want to open up my home network1 yet, I rented a regular, very cheap VPS for a few Euros a month from Hetzner and installed OwnTracks there. That was almost too easy. But I didn’t want to install Geo Activity Playground as well on the same server as I didn’t know how to correctly limit access and separate both installations. So finally I started to look into Docker. Let’s fast forward a bit; I don’t want to bore you too much.

    I now have - and it’s all still very much in flux - a dedicated VPS running OwnTracks and another one running Docker. It took a while, but eventually, I understood this YAML syntax for Docker Compose and how to integrate drives, networks, etc. Now, Portainer.io, Watchtower, SWAG, FreshRSS, Linkding, and Dawarich 2 are running on it. I also looked at Actual Budget, ntfy, Wallabag, and KOReader Sync 3 and successfully installed and configured them. Everything runs with its own subdomains, secured with the Hetzner Firewall, backed by regular backups, and snapshots. I learned how to disable shell logins via passwords, generate SSH keys and put them on servers, how to close ports with ufw, and a few other things. Inside the SWAG container, fail2ban is running, and I’ve blocked foreign countries using the DBIP-SWAG-Docker-Mod and also tried to keep bots out. Thanks to FreshRSS, I canceled Feedbin. I’m currently reading my RSS feeds on my Mac and iOS with NetNewsWire (or Reeder Classic), as I don’t like the integration with Unread as much - I can cancel that subscription too. Linkding is so incredibly close to pinboard.in - I immediately felt at home. I love not having to wait for Anybox to finish syncing anymore.4 Geo Activity Playgrounds5 is now running peacefully in a Docker container on a new Raspberry Pi 5, with 16 GB Ram and a 256 GB SSD connected via M.2 hat, in my house. Portainer, Watchtower, and additionally Immich, Pi-hole, MagicMirror 2, Calibre-Web, Dashy, and Readeck are also running on it. If I want to access it on the go, I do it via VPN through my Fritz!Box. The two dedicated Pis for the ad blocker and MM2 have been retired and can now be used for other tinkering projects. BTW Calibre-Web is absolutely great, Dashy is fun, and I will switch to Readeck as soon as Readwise reaches Phase 4 of Enshittification.6 And I’m now looking at Immich in parallel. If I manage to break away from Apple Photos, it will probably be with its help.

    tl;dr I’ve learned a lot about self-hosting in the last two weeks, installed and tried out many services, and will now hopefully slow down, see how stable everything runs, and will certainly move one or two services to another server or turn them off again - we’ll see.

    What projects are you self-hosting? ๐Ÿ˜‡

    1. I did not want to run my iPhone with a VPN 24/7. ↩︎

    2. I’m still thinking about and trying out whether this might be an alternative to OwnTracks. I can’t get the former to run with user management etc. in a container and therefore have to operate a dedicated server. I’m not sure if it’s worth it in the long run. ↩︎

    3. Actual Budget: I find it a bit scary to self-host my financial data on my own server; I’ve managed it so far on the Raspi in the local network; ntfy: Runs great, but I don’t have a real use case yet; Wallabag: too ugly, Readeck seems much better; KOReader Sync: still need to figure out how to secure it properly, unfortunately doesn’t start on the Raspi. ↩︎

    4. The Linkding iOS clients aren’t great, but you can also simply upload your bookmarks via a shortcut. ↩︎

    5. It’s funny, the application that started it all would actually need a more powerful server/computer with my 4,000 imported routes; but the installation on my Mac aborted with an error message, and sometimes it’s helpful just to be a little patient. ↩︎

    6. The same applies to Actual Budget in relation to YNAB. ↩︎