irotsoma

Really the first issue is your IP address. How does your ISP hand out IP addresses IPv4 and/or IPv6?

If you have an ISP that gives a static block of IPv6 addresses that simplifies things immensely. But also consider that many legacy, monopoly ISPs have not implemented IPv6 for their customers, especially in the US, and so domains without an IPv4 address aren’t accessible from people’s homes that use those ISPs. But it means you could assign static IPv6 addresses to each service if you wanted to and add subdomains for each. Then you just need to deal with security on that system.

Otherwise you’ll likely need to deal with dynamic DNS. If your router and your domain registrar’s DNS can work together for DDNS that’s ideal. For example, my OpnSense router updates my cloudflare registered domain directly when my ISP changes my IPv4 address (I have one of those ISPs that doesn’t assign IPv6 still but I don’t have any choice if I want > 5-10Mbps upload speeds).

Then you need to deal with routing. The best way is with a reverse proxy like Caddy or I actually like Traefik a lot because it works well with my complex setup with docker and kubernetes among other things. Basically your router needs to route all the inbound traffic on the appropriate inbound ports to the reverse proxy to it to then route to the appropriate service based on the subdomain and/or port of the request.

Once you route the subdomain to the appropriate service you need to deal with security. Once a service is exposed, it’s going to eventually start getting hit by bots trying to access it. Best to implement something like fail2ban to stop them from wasting your processing power with failed logins and 404 errors and such.

I set up separate VLANs for devices that do or don’t get filtering with different DNS servers assigned. And I have two different wifi SIDs on my access point for the different VLANs as well as having ports on my primary switch aligned to one or the other VLAN. I did end up having one other switch that has devices from both VLANs in a different area and had to set up one port on the primary switch with a couple of MAC-based filters for assigning the VLAN for just devices on that remote switch, but those are static devices, so that wasn’t an issue. I don’t attach any other devices to that.

My servers that have been around for a while get thousands of scans per day. In fact I am going to move away from crowdsec because I exceed the free limits on log entries within the first day of the month usually, sometimes just an hour or so. I mean it still works and blocks stuff, but the web portal is basically useless for any research into what I need to give attention to. That and the fact that you can no longer delete decisions on the web portal with the free account.

As others mentioned Esc during boot. You can also configure this in your grub config so you don’t have to hit escape, assuming your distro uses grub. Other boot config options will exist in other systems.

For grub it also depends on the distro as to where it is, but look for /etc/default/grub edit that and on the lone that has GRUB_CMDLINE_LINUX_DEFAULT remove the quiet and splash options. So if it looks like this:

GRUB_CMDLINE_LINUX_DEFAULT=“quiet splash”

change it to

GRUB_CMDLINE_LINUX_DEFAULT=“”

Then run “sudo update-grub2” to make it effective.

Icons for pictures, detail view for everything else. Easier to sort in the detail view.

That was a lot of really good info. I’ve been having to deal with some more complex systemd configurations at work which has gotten me interested in the subject. This was a really good intro and will help a lot in my own self-hosted activities as well as work.

If she has an Android, you can use the DNS blocker in ReThink to do something similar to pihole outside of your LAN. That’s what I use. There are others, but ReThink is pretty good and has lots of other stuff it can do as well, or just use the DNS option.

I’ve used java Scanner objects to do this extremely efficiently with minimal memory required even with multiple parallel searches. Indexing is only necessary if you want to search for information many times and don’t know what exactly the search will be. For one time searches, it’s not going to be useful. Grep honestly is going to be faster and more efficient for most one time searches.

The initial indexing or searching of the files will be bottlenecked by the speed of the disk the files are on, no matter what you do. It only helps to index because you can move future searches to faster memory.

So it greatly depends on what and how often you need to search and the tradeoff is memory usage, but only for multiple searches of data you choose to index from the files in the first pass.

I use Fedora with KDE and never have issues. Though I no longer have NVIDIA cards in any of my computers. The drivers suck on Linux in general and were the cause of many of my previous issues with Linux overall.

Yeah, companies have abused that to release buggy, incomplete products faster and only make the software stable and feature complete if they make a good profit.

I alias traditional stuff to better, usually drop-in versions of that thing on computers that have the better thing. I often forget which systems have the better thing, so this helps me get the better experience if I was able to install it at some point. For example I alias cat to bat, or top to htop, or dig to drill, etc.

Battery circuits come on enough to be a load that needs to be considered and will show up if you measure load on the device vs load consumed by the components connected to the power supply. In terms of low power devices, it is significant, though not the primary concern. But compared to the pi PSU, the charger not to mention the battery and internal PSU of a laptop, consume way more power and produce way more heat.

All of the rest assumes needing always on, heavy load processing which isn’t what the post I replied to was talking about. I was specifically replying to idle power load. And in my case, even with a bunch of self hosted applications, most of the time my servers are idling. If I was running a virtualization farm or something that was always under heavy load, then yes, as I mentioned, a single board server isn’t ideal.

As for disks, I don’t use SSDs on my pis except one that actually does a lot of local data processing. Everything else runs in memory and stores persistent data on my NAS, including logging. Virtual memory/swap is disabled on all and things that need temporary storage/cache of small amounts of data is cached on RAM disks where applications can’t be configured to not use disk caching. The only need for the SD card is for boot and some minimal IO needed for local OS operation. I have a Raspberry Pi 3 B i got about 8 or 9 years or so ago with the same SD card in it.

They aren’t what I use as a database server, obviously, but they are extremely low power compared to what an old laptop would need and work great for things like pihole, and other network applications as well as being a part if my home kubernetes cluster and run the majority of the cluster’s processes on demand.

Only if you’re running it at full load all the time and comparing that to a comparable number of raspberry pis it would take to do the same amount of work. Also, only if you live in a cold climate and the heat generated is not a concern and power is supplied by a renewable source so power isn’t a concern.

Not quite. Unless the system has pretty advanced power management and is using very recent technology with high density, it’s unlikely that an x64 chipset will use less power than a comparably powered arm64 chipset. Not just the processor, but the smaller board is actually a power saver and allows it to generate less heat meaning both less power wasted and dissipated as heat as well as less power needed for fans to properly dissipate the heat. I’ve never seen a laptop use 3W at idle when considering the whole device, maybe just the CPU, but not if you include the rest of the components like RAM and disks and power supply. And especially true in a laptop that is old enough that it’s being recycled. Heck, the power supply and charger alone might be using 3W at idle with full battery.

With a raspberry pi 4, the typical power usage for the 2GB RAM model is 5W under load for the whole device and about half that for idle. Add a couple of watts for the extra memory and wider bus on the 8GB model and other things can add to that, but that’s mostly accurate. The pi 5 is a little more and the 3 is a little less. Of course, the efficiency of the laptop at full load might end up being better than a comparable number of raspberry pis it would take to do the same amount if work, but comparing a single pi or any other reputable arm-based, single board computer to a single laptop at idle is always going to be that way.

Yeah, and it was a one off restore, so others who are mentioning self hosting will still be taken down as long as that policy remains.

Yeah one thing I find these kinds of tools good for is warranty tracking I’d something breaks and insurance claims if there’s a fire or robbery or something.

Personally, I find Traefik much simpler than Nginx, especially with Kubernetes, but even with pure docker, but it’s definitely not as performant. That’s balanced by the fact that it does a lot of automatic detection and has dynamic config loading so I don’t have to break other services when changing configurations.

Yeah, video streaming is not a good thing to put on a limited bandwidth server either directly or as a VPN or proxy passing data.

Best bet would be if you can set up a reverse proxy on your router and have that accept all inbound requests and direct to the correct internal server and port.

Yeah, that kind of defeats the purpose of using a “stable” distro though. As you mentioned, other better distros are available.

Problem with Manjaro is they have their own opinionated repository that is not always in sync with Arch because they try to introduce more “stability”. I found this actually caused the opposite in most cases as there are a lot of dependencies that end up being behind and so you can’t install more stable versions of a lot of software. With the complexity of modern software dependencies, it has become a big problem. Also, they have in the past caused lots of problems with AUR and have let their SSL certs expire multiple times. Overall, they just haven’t been reliable IMHO, so I moved to Fedora a while back.