Old Profile: https://beehaw.org/u/Mikelius
Plus 1 to Venstar. Got myself the T7900 and even though it offers internet access, I just blocked it at my router and connected it to the network, controlling it through home assistant. No need for third party access and whatnot with it since it’s completely local.
Also hard to relate. Got my Gentoo server running full auto updates every morning and then send an ntfy alert on success or failure. Haven’t seen a failed update in so long (other than the occasional package that had a bad build or something once in a while).
Back when I was fresh in the Gentoo and Linux world (Gentoo is where I started) and updating once a month, I can definitely say I ran into issues… dunno if it’s that big of an issue these days though.
Raid 1 has saved my server a couple of times over from disaster. I make weekly cold backups, but I didn’t have to worry about it when my alert came in notifying me which drive went dead - just swap, rebuild, move along. So yeah I’d say it’s definitely worth it. Just don’t treat raid as a backup solution - and yes, continue to use an external cold storage backup solution as you mentioned. Fires, exploding power supplies, ransomware, etc don’t care if you’re using raid or not.
I’ve been using the fdroid syncthing-fork version for a long time now and haven’t had any issues at all… Doesn’t mean it’ll last forever but it’s been getting the job done for me even in its current state.
… And can’t remember my original reason to use the fork instead lol
Glad it’s getting a little more light. Been trying to tell people this for a few years now lol. It’s the reason I’ve stayed away from it since first learning of the tool and looking at the “source code”.
I’d say anyone wanting to go this deep into a home monitoring setup will likely go with what works best for them instead of reading and following the entirety of this guide… I’m one of those people…
Wrote my own log parsing software to put into a database, display and alert through grafana, which is alerting through a homemade webhook that sends a notification to ntfy based on severity… And I also use uptime Kuma like mentioned, but my notifications channel is ntfy. No cloudflare for my internal services, only wireguard to connect home and use everything. And definitely no telegram.
Plenty of other stuff setup, but my security alerts and monitoring rely heavily on the syslog/grafana server which helps me monitor everything.
Not an opinion, I have an actual situation with my eyes where they twitch uncontrollably when presented with bright lights for a long period of time. I have tried minimum screen brightness, lowered contrast/colors, auto brightness based on the environment, various software solutions to removing blue light 24/7 from the screen - none of it worked. Went permanently dark theme on everything, magically eyes haven’t twitched in years.
Light theme vs dark theme is not just a preference, it’s an actual accessibility need for some of us.
I converted my gaming machine into a server as well. I actually took the graphics card out as I couldn’t find a major use for it, but kept the 12 core Ryzen and upped it to 128gb memory. It now self host way too many things, including a few game servers my friends and I play… But even with all this, CPU carries along nicely and not even at half memory consumption (yet).
But as others have asked, what’s your goal? Don’t overkill it if you’re only hosting one service or something. If you’re doing a lot like I do, then up the RAM. And seriously consider whether the GPU is even useful or needed if you’re not using a desktop environment.
I’ve had this issue many times as well. I’ve found changing the MTU would help since it seems some filter specific ranges. Doesn’t always work but I’ve had more success than failure doing so
As a Gentoo user, I can confirm I started from sticks and rocks. I’m now in the space age though because of the customizability and performance boosts, so image is a little dated.
Hey this is pretty nice and simple, I like it. Had to hold down on the app to select the settings to change my server, would be nicer if that settings button was within the app itself… But got it pointing to my self-hosted instance and tested it out. Works perfectly! Thanks for sharing
My solution to this question a year or so ago was to take my gaming desktop, which was collecting dust after I moved to my gaming laptop, and gut it down to a 4U server rack case. Best decision I’ve ever made. 12 core Ryzen and 128gb memory. Got a 10g adapter in the pci express, 8xHDD for data and then 2 mirrored nvme for the OS itself. Only thing I kept out was the video card since I had no use for it (yet)
An equivalent “server” on the market would probably cost a fortune and cost you a ridiculous amount of electricity.
Lots of comments already mentioning the differences. I have tried these, including the mentioned ipfire, and decided on the end to use opnsense plus openwrt on two different devices.
I chose opnsense at the time many years ago because it supported wireguard out of the box, where as pfsense required some weird install process I didn’t want to deal with. Plus I liked the UI to opnsense more.
My moden has been literally replaced by my firewall so I have the ONT connected to it and then use it to do all the heavy lifting for… Well, firewall stuff. It connects to a VPN so my entire network routes through the VPN. Then my openwrt device is connected to that. It also handles firewall stuff, but more at an internal level (keeping network devices only permitted to communicate with devices I say are okay, blocking internet access, etc) and also hosts my nginx setup to route to various servers.
While I could do everything on one machine with opnsense, I’ve got a particular setup that allows me to have multiple devices at the firewall level, truly isolated from the rest of my internal network (for a couple of internet open port services). And it gives me peace of mind that if someone found a zero day in opnsense, I’m not totally screwed unless they also got one in openwrt.
To answer “which is better to begin with”, I personally find opnsense way more flexible and robust than the other 2 options. Has a lot more capabilities and upgrading is super easy without requiring jumping through weird hoops and such like openwrt does.
I totally thought because of how long the equals looked, it was multiple equals characters, not just >>= lol. That’s what got me confused. Don’t think these are things I’d personally use but each to their own preferences right xD
What is that weird >>=== symbol? Looks like a cross breed between C and JavaScript here.
I hate short variable names in general too, but am okay with them for iterators where i and j represent only indices, and when x/y/z represent coordinates (like a for loop going over x coordinates). In most cases I actually prefer this since it keeps me from having to think about whether I’m looking at an integer iterator or object/dictionary iterator loop, as long as the loop remains short. When it gets to be ridiculous in size, even i and j are annoying. Any other short names are a no go for me though. And my god, the abbreviations… Those are the worst.
Not much for myself, like many others. But my backups are manual. I have an external drive I backup to and unplug as I intentionally want to keep it completely isolated from the network in case of a breach. Because of that, maybe 10 minutes a week? Running gentoo with tons of scripts and docker containers that I have automatically updating. The only time I need to intervene the updates is when my script sends me a push notification of an eselect news item (like a major upcoming update) or kernel update.
I also use a custom monitoring software I wrote that ties into a MySQL db that’s connected to with grafana for general software, network alerts (new devices connecting to network, suspicious DNS requests, suspicious ports, suspicious countries being reached out to like china, etc) or hardware failures (like a raid drive failing)… So yeah, automate if you know how to script or program, and you’ll be pretty much worry free most of the time.
Plus 1 to openvas. UI is indeed horrendous though.
Be careful running high load tests against sensitive devices. I once ran it against a PoE switch I used for my cameras and it did something so crazy that it required me not to only power cycle the switch, but to disconnect all the cameras first and then power cycle. Was super confusing and felt like it found a way to short the device lol. Scared the hell out of me.
That being said, I’ve found many many things to improve on my devices thanks to openvas.
If you have a pi or Linux box, try setting it up as a syslog server. Then tell opnsense to use that for forwarding logs to. Doesn’t guarantee you’ll see what went wrong, but maybe it’ll help.
I’m not sure opnsense has journalctl or something similar, but that would be a good place to look for some history, too.
My personal advice, secure it down to only permitting what needs it, regardless of your trust to the network.
Treat each device as if they’ve been compromised and the attacker on the compromised device is now trying to move laterally. Example scenario: had you blocked all devices except your laptop or phone to your server, your server wouldn’t have been hacked because someone went through a hacked cloud-connected HVAC panel.
I lock down everything and grant access only to devices that should have access. Then on top of that, I enable passwords and 2FA on everything as if it were public… Nothing I self host is public. It’s all behind my network firewall and router firewall, and can only be accessed externally by a VPN.