[HN Gopher] Why I self host my servers and what I've recently le...
___________________________________________________________________
Why I self host my servers and what I've recently learned
Author : transpute
Score : 113 points
Date : 2024-09-04 01:00 UTC (1 days ago)
(HTM) web link (chollinger.com)
(TXT) w3m dump (chollinger.com)
| rented_mule wrote:
| I self-host a lot of things myself. There is one scary downside
| I've learned in a painful way.
|
| A friend and I figured all this out together since we met in
| college in the 1980s. He hosted his stuff and I hosted mine. For
| example, starting in 1994, we had our own domain names and hosted
| our own email. Sometimes we used each other for backup (e.g.,
| when we used to host our own DNS for our domains at home as well
| as for SMTP relays). We also hosted for family and some friends
| at the same time.
|
| Four years ago he was diagnosed with cancer and a year later we
| lost him. It was hard enough to lose one of the closest friends I
| ever had. In his last weeks, he asked if I could figure out how
| to support his family and friends in migrating off the servers in
| his home rack and onto providers that made more sense for his
| family's level of technical understanding. This was not simple
| because I had moved 150 miles away, but of course I said yes.
|
| Years later, that migration is close to complete, but it has been
| far more difficult than any of us imagined. Not because of
| anything technical, but because every step of it is a reminder of
| the loss of a dear friend. And that takes me out of the rational
| mindset I need to be in to migrate things smoothly and safely.
|
| But, he did have me as a succession plan. With him gone, I don't
| have someone who thinks enough like me to be the same for my
| extended family. I'm used to thinking about things like
| succession plans at work, but it's an entirely new level to do it
| at home.
|
| So, I still host a lot, but the requirements are much more
| thoroughly thought through. For example, we use Paperless-ngx to
| manage our documents. Now there's a cron job that rsync's the
| collection of PDFs to my wife's laptop every hour so that she
| will have our important papers if something happens to me.
|
| Thinking carefully enough to come up with reliable backups like
| this makes things noticeably harder because not all solutions are
| as obvious and simple. And it's not something that ever occurred
| to us in our 20s and 30s, but our families were one tragedy away
| from not knowing how to access things that are important soon
| after we were gone (as soon as the server had trouble). There is
| more responsibility to this than we previously realized.
| zeagle wrote:
| I've given this some thought too and am doing some documenting
| for friends. Hard to know the answer.
|
| I have paperless photos seafile and a few other things copying
| to a usb drive nightly that my spouse may remember to grab
| unencrypted. I'm tempted to throw a 2tb ssd in her laptop to
| just mirror it too. But access my nas let alone setting it up
| somewhere else after a move or with new network equipment,
| email hosting for our domain, domain registration are all going
| to be voodoo to my spouse without some guidance. I'm tempted to
| switch to bitwarden proper instead of self hosted too.
| transpute wrote:
| Data recovery instructions can be documented on paper in the
| same physical location used for financial accounts, e.g.
| fireproof safe, trusted off-site records, estate attorney.
| These recovery instructions are also required for data hosted
| by third parties.
| transpute wrote:
| Continuity and Recovery are required by all infrastructure
| plans, since the number of 3rd-party suppliers is never zero,
| even with "self" hosted infrastructure.
| ipaddr wrote:
| I went back and read some previous blog posts. He was part of the
| great 2023 layoff. I'm curious where such a talented guy landed.
| Did he find a position?
| ydnaclementine wrote:
| ngrok apparently https://www.linkedin.com/in/chollinger/
| kkfx wrote:
| A small suggestion about resources: try using NixOS/Guix System
| instead of containers to deploy home services, you'll discover
| that in a fraction of resources you get much more, stability,
| documentation and easy replication included.
|
| Containers now, like full-stack virtualization on x86 are and was
| advertisement stuff pushed because proprietary software vendors
| and cloud providers need them, other do not need them at all and
| devs who works for themselves and generic users should learn
| that: if you sell VPS et al. obviously you need them, if you made
| your own infra from bare metal adding them it's just wasting
| resources and add dependencies instead of simplify life.
| snowpalmer wrote:
| I agree that removing the container would be better on
| resources.
|
| However, most self-hosted software is already "pre-packaged" in
| Docker containers. It's much easier to grab that "off-the-
| shelf" than have to build out something custom.
| transpute wrote:
| NixOS improves the reproducibility of both self-hosted
| software and configuration state.
| kkfx wrote:
| In NixOS/Guix System there is no need of such package, the
| configuration language/package manager takes care of
| anything, configuration included.
|
| Let's say you want Jellyfin? jellyfin = {
| enable = true; user="whatyouwant"; }; #
| jellyfin
|
| under services and you get it. You want a more complex thing,
| let's say Paperless? paperless = {
| enable = true; address = "0.0.0.0"; port
| = 58080; mediaDir = "/var/lib/paperless/media";
| dataDir = "/var/lib/paperless/data"; consumptionDir
| = "/var/lib/paperless/importdir";
| consumptionDirIsPublic = true; settings = {
| PAPERLESS_AUTO_LOGIN_USERNAME = "admin";
| PAPERLESS_OCR_LANGUAGE = "ita+eng+fra";
| PAPERLESS_OCR_SKIP_ARCHIVE_FILE = "with_text";
| PAPERLESS_OCR_USER_ARGS = { optimize = 1;
| pdfa_image_compression = "auto";
| continue_on_soft_render_error = true;
| invalidate_digital_signatures = true; }; #
| PAPERLESS_OCR_USER_ARGS }; # settings }; #
| services.paperless
|
| Chromium with extensions etc? chromium = {
| enable = true; # see Chrome Web Store ext. URL
| extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm"
| # ublock origin
| "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" # privacy badger
| "edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about
| cookies "ekhagklcjbdpajgpjgmbionohlpdbjgc" #
| Zotero Connector # ... ]; # extensions
| # see https://chromeenterprise.google/policies/
| extraOpts = { "BrowserSignin" = 0;
| "SyncDisabled" = true; "AllowSystemNotifications"
| = true; "ExtensionManifestV2Availability" = 3; #
| sino a 06/25 "AutoplayAllowed" = false;
| "BackgroundModeEnabled" = false;
| "HideWebStorePromo" = false; "ClickToCallEnabled"
| = false; "BookmarkBarEnabled" = true;
| "SafeSitesFilterBehavior" = 0;
| "SpellcheckEnabled" = true; "SpellcheckLanguage"
| = [ "it"
| "fr" "en-US"
| ]; }; # extraOpts }; # chromium
|
| Etc etc etc. You configure the entire deploy and get it
| generated, a custom live? With auto-partitioning and auto-
| install? Idem. A set of hosts in a network similar
| (NixOps/Disnix) and so on. The configuration language do all,
| fetching sources and build if a pre-built binary is not
| there, setting up a DB, setting up NGINX+let's encrypt SSL
| certs, there are derivation (package) per derivation options
| you can set, some you MUST set, defaults etc., it's MUCH
| easier than anything else, only issue is how many ready-made
| derivations are there, and in packaging terms Guix is very
| well placed, NixOS is more than Arch, even if something will
| be always not there or incomplete as long as devs do not
| learn alone the system and start using Nix/Guix also to
| develop, so deps are really tested in dedicated environments
| and so on, and users always get a clean system, can change
| and boot in a previous version and so on.
| bovem wrote:
| Just today I had to sign up for a service and went to bitwarden
| app on my phone to generate password (linked to self hosted
| vaultwarden server) but the new password entry couldn't be saved
| into the app because the server was unreachable.
|
| Then I had to go restart my VM and reconnect my VPN. I am now
| thinking about switching to bitwarden premium and opt-out of self
| hosting for password managers.
| transpute wrote:
| Virtualization platform tooling can monitor VM operational
| status and restart when needed to maintain availability.
| greenavocado wrote:
| KeepassXC on Syncthing is so easy to use even my girlfriend
| uses it without problems
| renewiltord wrote:
| I used to self-host a lot of things:
|
| 1. My blog
|
| 2. My friends' blogs
|
| 3. BIND for all this
|
| 4. A mail-server on this
|
| 5. A MySQL database on this
|
| All this was on a Hetzner server that was nominally set up to be
| correct on restart. But I was always scared of that because I
| built this up from when I was a teenager onwards and didn't trust
| my younger self and couldn't find the time to audit. 10 years
| afterwards, with 10 years uptime, and no consequences of data
| loss or theft (it might have occurred, just that nothing affected
| me or my friends) Hetzner actually warned me they were going to
| decomm the underlying instance and no longer supported that VPS.
|
| I backed everything up, copied it, and for the last 8 years have
| faithfully moved from home to home carefully transporting these
| hard-drives and doing nothing with them.
|
| When I finally set up everything again, I did it much more
| manageably this time, with backups to Cloudflare R2 for the
| database and resources, and Dockerfiles for the code. I restarted
| the machine and brought everything up.
|
| And now I use GSuite instead of my own mail. I use Cloudflare
| instead of my own DNS. There's a lot I outsource despite "self-
| hosting". It's just far more convenient.
|
| So the answer is that I had no BCDR on the old thing. Maybe I'll
| train my kids and have them be my BCDR for the new thing.
| akira2501 wrote:
| Home labs are great. They are a good learning tool to understand
| systems in _isolation_.
|
| They're terrible for understanding emergent properties of
| production systems and how to defend yourself against active and
| passive attacks. Critically you also need to know how to unwind
| an attack after you have been bitten by one. These are the most
| important parts of "self hosting."
|
| Otherwise, you might be getting in the habit of building big rube
| goldberg machines that are never going to be possible to deploy
| in any real production scenario.
|
| Make it real once in a while.
| apitman wrote:
| I think we'll see some stratification in the self hosting
| community over the next few years. The current community,
| centered around /r/selfhosted and /r/homelab, is all about
| articles like this. The complexity and learning are sources of
| fun and an end in themselves.
|
| But I think there's a large untapped market for people who would
| love the benefits of self hosting, without needing to learn much
| if any of it.
|
| I think of it similar to kit car builders vs someone who just
| wants to buy a car to use. Right now, self hosting is dominated
| by kit cars.
|
| If self hosting is ever going to be as turnkey as driving a car,
| I think we're going to need a new term. I've been leaning towards
| "indie hosting" personally.
___________________________________________________________________
(page generated 2024-09-05 23:00 UTC)