Maybe your own adblocker, I thought about doing that myself, I use the public one from adguard on my phone (dns.aguard-dns.com) but having it on your own device would be pretty slick perhaps. But thinking about it more, Google wouldn’t just let you use an internal IP for the private DNS. I have tried it with my locally hosted adblocker and it rejects it.

Or you could set up a dashboard like Homepage or Dashy, or Flame or ? Ultimately, your imagination would do! :)

NFS4 I don’t think its obsolete.

I use it for my Desktop computers to connect to the server. All of my systems use Linux so that’s my primary use. They backup to the server nightly.

I discovered about a few months ago that XCP-NG does not support NFS shares which was a huge dealbreaker for me. Additionally, my notes from my last test indicated that I could not mount existing drives without erasing them. I’m aware that I could have spun up a TrueNAS or other file sharing server to bypass this, but maybe not if the system won’t mount the drives in the first place so it can pass them to the TrueNAS . I also had issues with their xen-orchestra which I will talk about below shortly. They also at the time, used an out of date CentOS build which unless I’m missing something, is no longer supported under that branding.

For the one test I did which was for a KVM setup, was my Home Assistant installation, I have that running in Proxmox and ccomparativelyit did seem to run faster than my Proxmox instance does. But that may be attributed to Home Assistant being the sole KVM on the system and no other services running (Aside from XCP-NG’s).

Their Xen-Orchestra for me was a bit frustrating to install as well, and being locked behind a 14 day trial for some of the services was a drawback for me. They are working on the front end gui to negate the need for this I believe, but the last time I tried to get things to work, it didn’t let me access it.

Pushed Wireguard back onto my network. I’ve been a Tailscale user for a couple of years, but never really saw the need for it for me as I’m the only user of the service. :)

I will freely admit though, there’s nothing wrong with the service and honestly is great if you are behind a CGNAT router or don’t want to use Cloudflare for your tunneling.

You said

I’m only really running a caddy reverse proxy on the VPS which forwards my home server’s services through Tailscale. "

It seems then that you are using a Tailscale Funnel to expose your services to the public web. Is this the case? I ask because the basic premise of Tailscale is that you have to be logged into your Tailscale network to access the services and if you are not logged in, then the site you try to access won’t even appear to exist. Unless it’s setup via the Funnel.

Assuming then that you setup a funnel, then you are now 100% exposed to the WWW. AI Bots and bots in general crawl the WWW daily and eventually your site will be found. You have a few choices here, rely on a Web Application Firewall (WAF) such as Bunkerweb which would replace Caddy, but would provide a decent firewall of sorts. Or…you can use something like Config Server Firewall but I’m not sure if they have AI Bot protection. The last I used them was before AI was a thing.

If hardware service counts. :) I have been fighting for the last few months with my Promxox server telling me a drive went read only , from a SSD and even a HDD, very odd behavior and it finally pulled the last straw with me last Thursday. I had a 4TB drive acting as my Storage/backup drive which this complained about so I put a 1TB drive in which is pretty much 2 yrs old so plenty of life on it.

I went through and tested the SSD with extended tests and it passed with flying colors, so it dawned on me, maybe it’s the SATA data cable, and sure enough, it was. When I had run the sudo smartctl -x -T permissive /dev/sdb it only presented very little information on it, swapping the cable and it now presents the full SMART data and stats as it should. Additionally, it’s been more stable with the performance so far. So I call that a win.

In the software side, I have been going through the Home Assistant instance and removing dead/old entities I never had gotten to removing

I’m not the host or author of this one, but I know it already covers what you are wanting to do. ;)

https://awesome-docker-compose.com/apps

https://github.com/ArabCoders/watchstate

I use this one for my Emby server and it keeps track of what we watch, and so far so good. I made it our Trakt.tv replacement and have no complaints so far.

For Home Assistant, I use the installation script from here, it works flawlessly:

https://community-scripts.github.io/ProxmoxVE/scripts

This group took over the project after the main developer passed on, they are quite easy to install and just need you to be in the Proxmox host shell (Once you install it, you will know where it is) :)

I moved my Home Assistant from Proxmox VM to a older Lenovo Laptop we had stored as we thought the charger wasn’t working. We are preparing to move so it was my job to check that laptop as well as 2 others. 2 I am not going to use and e-scrap those later this week after yanking the drives out (I don’t trust anyone with my old drives). It turned out, the charger works just fine! I just installed it early in the morning (Midnight) and so far, it seems just as responsive if maybe more than what I had on the Proxmox host so that’s a win on my end. Plus, I was able to give it the full 8gb of RAM it has instead of the 4gb I gave it in Promxox and somehow it’s showing lighter use than what I had in the VM. 2.8gb vs. 4-5gb it reported from the Home Assistant Hardware details when in the VM.

What limits do you set on yours?

In my opinion so far yes, I’ve only been on it a few weeks, but think of the immutable as locking down the root partition and any vital directories to the OS and not allowing your user to modify anything. In the event of a bad update, it’s easy enough to select the previous boot in Grub and be on your merry way.

I have a special needs adult step-daughter who’s PC I manage and I always need to keep it updated, setting it up on their Bluefin version which uses Gnome which she loves. So, I may do it this weekend. She’s currently on Endeavor OS (Arch based) but it keeps getting kernel updates daily it seems and with those a reboot. Additionally, for whatever reason, her system goes to sleep without warning sometimes so if I’m updating it, it’s gone to sleep. (Super weird). I’ve never had it do this before with Standard Arch linux so I think its something to do with Endeaver. I’ve never bothered to troubleshoot it to be honest. With a setup on the BlueFin (Aurora Linux is KDE), enabling Auto updates should be a breeze and then she’s golden for being updated without my intervention.

I use Aurora Linux which is the sister one to Bazzite, both are Fedora 41 based images. They strongly encourage using the FlatPak approach to installing software. After using it for a few weeks now, I can see why. One of the things with the immutable setup is once you install a program, you have to reboot to get it to run, but with Flatpak, it isn’t so. I think Flatpak has it’s merits - if they have an app which you normally use, then it’s easy enough to install and go.

For the Fedora side of things, you can “layer” apps over it using the rpm-ostree but they encourage you to only do that as a last resort. One of the things they enable you to do is install additional OS’s containerized which integrate with the desktop environment. For example, right now, I can only run Scrcpy in a different OS (That I’ve been able to figure out so far), so I just spin up an Arch OS container and launch it from there, and can interface with my phone normally. As I understand too, the developers plan on disabling layering in a future release. To be honest, I don’t think I have but one thing layered and that’s my Label Printer’s driver.

The benefit for me using the immutable system and this is the hardest thing to grasp for a lot of people including myself is that it truly is set and forget type of updating. With Arch, you can become sort of addicted to checking for new releases, and I’m not going to lie, it’s amazing to get some of the newest releases of your favorite app or browser especially when they fix something. With Arch, it’s generally there. With my system, I turned on auto updates, so it’s not too uncommon to bring the system up in the morning and see that updates have been given (I don’t notice them usually). It’s nice not having to worry about that as much.

https://9to5linux.com/mozilla-firefox-134-is-out-with-support-for-touchpad-hold-gestures-on-linux

At least has some of them. I think they always grab the betas and aggregate the release notes/changes during the nightly/beta tests.

Hmmm…my system is a Dell Optiplex 990 SFF PC so about 14 years old and seems to run Youtube without issues or buffering. I have yet to see if any local media does the same. But I’m also running 16gb of RAM which is the system’s max and it’s pretty much not had any issues since giving it that much.

I’m not 100% sure on the KDE release cycle, as I understood, the KDE update was full of bug fixes today to the 6.2.4 from 6.2.3, and the Fedora team integrated it in their releases quickly so this might have been a faster than usual release. I’m thinking when KDE fully releases their new OS to replace Neon, I may try that one, it’s also supposed to be immutable which would be the chef’s kiss for me. :)

I prefer the WYSIWYG get with Joplin and mostly because I’m stuck in my ways!! LOL
Nothing really wrong with it though, it’s just not for me. :)

To add to this, I have tried Obsidian notes which is super highly recommended by many. I also have tried self hosting Bookstack for logging my notes etc… But every time I tried it, nothing ever matched what I could do with Joplin which was exactly as what other said, rock solid and I have yet to run into any device which can’t handle the client. I will say that the launch time on the one on my machine (Arch Linux) is a bit slow, but after it’s launched, it’s very easy to bring up and use as needed. :)

I did, but it’s a home machine, personal use. So, it didn’t matter for me, but for family…that was another story! :) I just pulled the main boot drive, put a different one and installed it and went through the process. Then went back to the Proxmox drive after.

I’m in the same boat, I tried Incus or rather LXD a couple months back and gave up after a little while due to pressing business needing the Proxmox machine up again.

I have two main requirements which I have for my server:

• It must support Home Assistant OS as a VM and a USB Dongle (Zwave) I found this as a possible solution for LXD systems: https://seanblanchfield.com/2023/05/home-assistant-os-in-lxd

• It must support NFS exports so I can share my storage and data drives. I’m pretty sure since it’s on Debian, I can install Cockpit and it’s sharing plugin for this.

I think the thing which scared me off at the time too was the lack of GUI which I think I may have missed. This may be a solution: https://blog.simos.info/how-to-install-and-setup-the-incus-web-ui/

I was just thinking about Incus the other day so this might be a good time to look into it more!