Homelab

Starting a new Cloud/HomeLab blog at this domain - let me know if you want a contributor invite!

I am running a Kubernetes cluster for this domain, and I'm looking at more services to run (right now I have Mastodon and Lemmy).

I was considering WriteFreely and PixelFed, but they don't seem to have an easy solution for running on Kubernetes (WriteFreely doesn't even have a production-ready docker image).

Is anyone else running federated services in their lab? Do you run any of them on Kubernetes?

Reposting some of my older popular blog posts. This one is probably out of date, I doubt the configuration examples still work as they did back in 2020.

!

I have a need for an internal SMTP relay inside a kubernetes cluster. What is everyone using for docker/kubernetes SMTP relays these days?

Goal is to have all internal services route emails through this relay and it in turn sends the emails out via SendGrid, should be a fairly easy task, just not something I've done for a few years.

Hey all! We're back after a couple of weeks of downtime on Lemmy due to some DB migration issues + Kubernetes liveness timeouts, and general lack of time to troubleshoot. For the latest status, you can view the status page for the cluster here: https://cloudhub-social.github.io/Status/

We are also well overdue for a What's in Your Homelab for the month of August, so we'll use this post for that as well!

Since it's been about a month since the last post, it's time for another one!

"What's in your homelab?" (July 2023)!

This could be anything from hardware to software to things your running in the cloud (#cloudlab).

Hardware and diagram pics are always welcome!

A rpi 4 running pihole and small scale backups through rsync, two HP elitedesks, one running ESXi 6.7, other running Ubuntu with multipass and docker, and a Dell SFF running unraid.

It ain't much, but it gives me some play areas and backup capabilities for the house.

A little update on the racking the basement lab.

New patch panel and cables made my life much easier. All the packets are flowing! Working out some KVM issues while I get rancher harvester deployed.

Oops! I just nuked my lemmy instance and the other post wasn't in by backups, sorry about that! please don't reply to the other post because I can't see it

Reposted: Hello, I’m looking for a good first server for a homelab. I do already have an old Dell poweredge 1950 I got for £30 but it’s:

Loud Draws 350W Costs too much to run Only has 2 HDD slots DRAC card needs Internet explorer

I’m not too bothered by the noise because I can just move it, but the electricity cost is quite ridiculous for something less powerful than my PC in every way. I live in the UK so electricity prices are a huge factor for this.

My Ideal specs are:

~16 cores (total) >= 128GB RAM ~100W idle power draw >= 4 3.5" HDD bays Preferably HBA mode on RAID card £100-200 2U

Is this completely unreasonable? I have found servers that match this all except the 3.5" bays and 2U. Initially I found a Dell server with 128GB of RAM and two 12 core CPUs for about £200 but I realised it only has 2.5" bays. There is a nice R720 on ebay I am watching but it will probably skyrocket near the end of the bid. Also, it probably draws a lot of power. Any suggestions? do I just need to raise my price? Thanks

Hello, I'm looking for a good first server for a homelab. I do already have an old Dell poweredge 1950 I got for £30 but it's:

• Loud
• Draws 350W
• Costs too much to run
• Only has 2 HDD slots
• DRAC card needs Internet explorer

I'm not too bothered by the noise because I can just move it, but the electricity cost is quite ridiculous for something less powerful than my PC in every way. I live in the UK so electricity prices are a huge factor for this.

My Ideal specs are:

• ~16 cores (total)
• >= 128GB RAM
• ~100W idle power draw
• >= 4 3.5" HDD bays
• Preferably HBA mode on RAID card
• £100-200
• 2U

Is this completely unreasonable? I have found servers that match this all except the 3.5" bays and 2U. Initially I found a Dell server with 128GB of RAM and two 12 core CPUs for about £200 but I realised it only has 2.5" bays. There is a nice R720 on ebay I am watching but it will probably skyrocket near the end of the bid. Also, it probably draws a lot of power. Any suggestions? do I just need to raise my price? Thanks

Rack is wired (patch cables ordered). Unfortunately the second hand patch panel is a bad idea, less than half the ports are functional...

I ordered a rj45 cat6 through panel and a bunch of premade cables. Should be here at the end of the month!

Hi, I was recently watching a few David Bombal videos, in which he talks about various pentesting methods (Eg: this and this).

My question is: if you're not looking to actively learn about pentesting, what other benefits would such efforts offer for your homelab? Setting up automatic pentesting routines to check if your network has been hacked? Just fun?

I'm not trying to be a pentesting expert but it seems really cool, it's just that since I will likely not be using it daily for my job/at home, I will quickly lose motivation to keep doing it. What do you use pentesting for in your homelab?

Thanks!

I'm looking to learn more by using a VPS and spinning up a few instances. Can anyone recommend a cheaper VPS service?

Please let me know if it would be better to post this in a different community. TYIA

Finally got around to racking up my lab! (Still needs wiring up, but that's tomorrows problem)

Top to bottom:

• 1u PDU
• 1u cable management
• 1u custom super micro pfsense build
• 1u tplink jetstream. 24x1Gbe 4x SFP
• 1u cable management
• 2u patch panel
• 4u custom super micro server
• A shelf with a UPS and a gaming rig (ryzen with a 1070ti)

Going to run rancher harvester + rancher vm + k8s cluster. Usual media stack, nextcloud, pihole, etc etc.

Mostly just want a cluster to play with and harvester seems fun!

Hi!

I'm about to upgrade my homelab from a RAID1 with two 8TB drives to a new one with two additional dives. I mostly use my homelab for Nextcloud (Documents, photos, audiobooks, ...), media storage, jellyfin and whatever docker container I think would be cool to self host.

Since data availability is less of an issue for me and Backup Space is limited, I'm thinking of ditching the RAID in favour of btrfs and for additional safety: use one of my 8TB drives as a Snapraid parity drive. At least for the personal nextcloud data - I can get the media files from elsewhere in case of data loss.

However, tutorials of btrfs with Snapraid are a bt thin on the ground and with this being my first time using btrfs, I'm a bit hesitant. Some people suggest MergerFS with btrfs + snapraid, but I fail to see the advantage of MergerFS with btrfs.

So... is this actually a good Idea? It seems to me that this would be a good tradeoff and I could wait a bit before the next time I need to buy a storage upgrade.

Thanks in advance. :)

What's everyone using for status monitoring and/or status pages either in their lab or at work?

I setup a status page for my fediverse instances using Uptime Robot (have an existing subscription), and the features are kinda lacking. I feel like they haven't really updated anything in the last 5 years which is unfortunate.

cross-posted from: https://lemmy.dcrich.net/post/1150

> Boy howdy, there are a lot of people coming to the matrix chat trying to figure out how to get lemmy working on docker who are stuck on the official documentation. This document is my guide on how I got Lemmy working. I'll also share what I don't have working yet to inspire further. > > Please feel free to steal anything you want from this and put it into the official docs. I don't know the contributing policy and it sounds hard and I'm busy at the moment. > > Of note: I add a nginx container in this setup so that you don't have to do crazy hacks on your end for locations. If you already have an nginx reverse proxy that you are using, just use this one as a 2nd layer of nginx. There is low overhead, so don't worry about it. > > ## Setup > > For this guide, I'm requiring that you already have your own reverse proxy setup in place that can handle all the SSL termination. I'm doing this because I think that most people who are setting up Lemmy for the first time on Docker aren't setting up their first Docker container. > > Because I'm requiring that you setup your own SSL termination (caddy, ACME, Nginx Proxy Manager, etc.) before you begin, I will not talk further about https, certificates, or rotation. But before I do: Don't host a website in 2023 that doesn't serve content securely. Make sure that you get your stuff setup, including any certificate rotation. If you don't get this setup completed, I suggest that you shouldn't continue or host a public website. > > I also require that you be able to use docker-compose. > > ## Get Files > > Download these 3 files to your working directory from my github gist. You can download as zip or get them one at a time by scrolling down. > > ## Prepare Working Directory > > ~~~bash > mkdir -p volumes/pictrs > sudo chown -R 991:991 volumes/pictrs > ~~~ > > ## Edit Config Files > > * In the docker-compose.yml file, change the port, hostname, and database password. > * In the lemmy.hjson file, change the admin username/password, hostname, database password, and email settings. You can take out the entire email section if you want to. > * No changes to the nginx.conf file. > > ## Start It Up > Now you're ready to start the containers! > > You're pretty much good to go. Login to your lemmy instance. You should be able to use your docker host ip at your defined port OR via your reverse proxy lemmy domain host name. > > docker-compose up > > Watch the pretty log messages. > > You should be able to curl your new admin user and get valid json back: curl -H 'Accept: application/activity+json' https://lemmy.yourdomain.net/u/yourAdminUser > > Press Ctrl+C if everything is working great and start it up as docker-compose up -d to make it a persistent running setup. > > ## Troubleshooting > > If you get the default nginx start page, it means that your nginx container isn't reading/following any nginx config file. Figure out why. Do you accidently have a blank directory created that is called nginx.conf instead of an actual file? Did you comment out the nginx.conf bind mount? > > > ## Update the Images > > In order to update the image to the latest release of lemmy, you have to manually go to your docker-compose file and edit the docker image tag to the latest version number. Then, you need to bring your container back up. Steps: > > 1. Edit the docker-compose.yml file image tags from 17.3 to whatever else comes out > 2. Run a docker-compose up which will update images as needed: > > ~~~bash > docker-compose up > ~~~ > > Watch the pretty log messages. Press Ctrl+C if everything is working great and start it up as docker-compose up -d to make it a persistent running setup. > > ## Limitations > > I don't know anything about docker. I'm a docker noob. Please correct me for anything that you think is a bad idea. > > > Why are the docker tags for lemmy and lemmy-ui "latest" for arm64/v8? Shouldn't there be a latest-arm and a latest-x86 or something? Annoying that I have to pin my lemmy images to a specific version in docker. I would prefer to let them be set to 1 image that gets updated and have watchtower deal with updating the image on a schedule of my choosing. > > > ## Sources > I wouldn't be here without the matrix chat, https://join-lemmy.org/docs/en/administration/install_docker.html, and this post: https://lemmy.ml/post/1127760 > > > ## Reverse Proxies > There have been some suggested reverse proxy configs for Caddy and Apache! > > ### Caddy > Thanks to @[email protected] for this caddyfile: > > ~~~ > lemmy.tld { > header { > # Only connect to this site via HTTPS for the two years > Strict-Transport-Security max-age=63072000 > > # Various content security headers > Referrer-Policy same-origin > X-Content-Type-Options nosniff > X-Frame-Options DENY > X-XSS-Protection "1; mode=block" > # disable FLoC tracking > Permissions-Policy interest-cohort=() > > # Hide Caddy > -Server > } > > # Enable compression for JS/CSS/HTML bundle, for improved client load times. > # It might be nice to compress JSON, but leaving that out to protect against potential > # compression+encryption information leak attacks like BREACH. > @encode_mime { > header Content-Type text/css > header Content-Type application/javascript > header Content-Type image/svg+xml > } > encode @encode_mime gzip > > request_body { > max_size 8MB > } > > @pictshare_regexp path_regexp pictshare_regexp \/pictshare\/(.*) > redir @pictshare_regexp /pictrs/image/{re.pictshare_regexp.1} permanent > > # Supposedly better than having three different named matchers using standard matchers > # ¯\(ツ)/¯ > @backend > path('/api/*', '/pictrs/*', '/feeds/*', '/nodeinfo/*', '/.well-known/*') > || header({'Accept': 'application/*'}) > || method('POST') > > reverse_proxy @backend lemmy:8536 { > # This was needed because of a bug, but it probably has been fixed in the meanwhile. > # Will have to test later. > header_down -Transfer-Encoding > } > > reverse_proxy lemmy-ui:1234 > } > ~~~ > > > ### Apache > Here are a few apache configs you can draw from. > > The best apache config I've seen so far is by DeadCade in the comments here. > > ~~~ > <VirtualHost :443> > ServerName lemmy.deadca.de > SSLEngine on > ProxyRequests on > ProxyPreserveHost on > ProxyTimeout 600 > > SetEnv proxy-nokeepalive 1 > SetEnv proxy-sendchunked 1 > > <Location /> > Allow from all > ProxyPass http://127.0.0.1:(INTERNAL LEMMY PORT)/ > ProxyPassReverse http://127.0.0.1:(INTERNAL LEMMY PORT)/ > </Location> > > ErrorLog "ERROR LOG LOCATION" > CustomLog "ACCESS LOG LOCATION" common > > # Enable mod_rewrite (requires "a2enmod rewrite") > RewriteEngine on > > # WebSockets support (requires "a2enmod rewrite proxy_wstunnel") > RewriteCond %{HTTP:Upgrade} websocket [NC] > RewriteCond %{HTTP:Connection} upgrade [NC] > RewriteRule ^/?(.) "ws://127.0.0.1:(INTERNAL LEMMY PORT)/$1" [P,L] > > SSLCertificateFile FULLCHAIN.PEM LOCATION > SSLCertificateKeyFile PRIVKEY.PEM LOCATION > Include /etc/letsencrypt/options-ssl-apache.conf > </VirtualHost> > ~~~ > > If you need another apache config, this was suggested by Samsonite (though, he knows that it needs cleaned up). Comment if you have suggestions for what to remove: > > ~~~ > <VirtualHost :80> > ServerName mylemmydomain.com > RewriteEngine On > RewriteCond %{HTTPS} !=on > RewriteCond %{HTTP_HOST} !^(localhost|internallemmyip) > RewriteRule ^/(.) https://%{SERVER_NAME}/$1 [R,L] > > > </VirtualHost> > > <IfModule mod_ssl.c> > <VirtualHost :443> > ServerName mylemmydomain.com > SSLEngine on > ProxyRequests On > ProxyPreserveHost On > ProxyTimeout 600 > > SSLCertificateFile /etc/letsencrypt/live/mylemmydomain.com/fullchain.pem > SSLCertificateKeyFile /etc/letsencrypt/live/mylemmydomain.com/privkey.pem > # ProxyPreserveHost On > > # Proxy pictshare > <Location "/pictshare"> > ProxyPass http://internallemmyip:8537/ > ProxyPassReverse http://internallemmyip:8537/ > </Location> > > # Proxy iframely > <Location "/iframely"> > ProxyPass http://internallemmyip:8061/ > ProxyPassReverse http://internallemmyip:8061/ > </Location> > > > # # Correctly proxy websocket traffic > RewriteEngine On > RewriteCond %{HTTP:Upgrade} websocket [NC] > RewriteRule /(.) ws://internallemmyip:80/$1 [P,L] > # > # Proxy Lemmy > <Location "/"> > ProxyPass http://internallemmyip/ > ProxyPassReverse http://internallemmyip/ > </Location> > > ErrorLog /var/log/apache2/mylemmydomain-error.log > </VirtualHost> > </IfModule> > > ~~~

Figured we'd start this community off with a question about what you're running in your homelab!

This could be anything from hardware to software to things your running in the cloud (#cloudlab).

Hardware and diagram pics are always welcome!