I don’t recommend auto updates, because updates break things and dealing with that is a lot of work.

Learnt this the hard way. Been version pinning ever since.

Nice setup! Are all those LXCs rootless docker containers?

I don’t like Ansible, other tools can be easier to use. But I don’t want to recommend something concrete.

Which ones do you like to work with? (Even though it’s not a recommendation ;) I’ve only dabbled in Ansible so far and found it overkill for most of the things I do, but maybe one of yours isn’t?

That’s what I use it for as well. Updating 7+ VMs is no fun. With Ansible? No worries.

But as a result you’ll have a self-documented configuration-as-a-code that will allow you to scale your setup as you need. Reproducing something won’t require reading your notes, remembering your actions etc.

Until you realise that

• you don’t really need to scale a homelab that much
• if something breaks, you just want to quickly fix it manually because “doing the Ansible” is more of a pain
• now idempotency and documentation-as-code is out of the window. ;)

(I’m being tongue-in-cheek here. I don’t doubt this may work for you, but it takes much more discipline than I have.)

How does Bento compare to local tools such as PDFSam?

If by “getting” music you mean “self-host stuff you already own”: Navidrome is an obvious choice, with Tempus for Android clients. It’s ridiculously low on resources, rich in features and quite pretty.

Nice setup! I particularly like the kitchenowl deployment - it’s such an amazing tool and relatively unknown.

One suggestion: the title header says “Family homepage”, yet the page contains admin tools that none other than you will ever use. I noticed that all this “admin clutter” was so off-putting that it kept others from actually using the dashboard. I’ve therefore created another homepage instance that showcases user-facing services only. It makes the UI much cleaner - and users more likely to actually find the services they may be looking for.

It’s not this or that. Security comes in layers. So while I would assume that the Jellyfin developers do their best to secure their application, I acknowledge the fact that bugs do exist and that Jellyfin is developed in and for hobbyist contexts, and thus not scrutinised and pentested for vulnerabilities in the way software meant for professional environments would be. Therefore I’ll add an extra layer of security by putting it behind a VPN that only whitelisted clients can access. If a vulnerability is detected, I can be sure it hasn’t already been exploited to compromise my server because we’re all “among friends” there.

This. And for everyone you just can’t figure it out on their own, there’s RustDesk for remote assistance. It, too, can be self-hosted.

YOU MIGHT WANT TO GET THAT CAPS LOCK KEY FIXED, MATE!

I can’t see why somebody objecting to TrueNAS flirting with closed source would want to switch to a fully proprietary system like Unraid.

Tbh, I’ve never bothered to figure out how SSHing into an Android device works.

You’re right about the security of older versions of Synching-Fork if you remember to configure it to only do syncs locally (it’s not configured like that by default).

I share your sentiment about Syncthing-Fork and the botched handoff to researchxxl. I have yet to implement the Termux-based workaround that allows me to use Syncthing from the browser without the Android app / wrapper. It looks pretty clean as it’s just pure Syncthing with a little starter script.

OpenMediaVault. CasaOS. There may be others.

No drop-in replacements for everything TrueNAS did, but at least something.

Self hosting […] P2P

You do realise that’s a contradiction, right?

Unless you’re hosting a TOR node (which is outside of the scope here and, in the case of exit nodes, extremely risky), there’s nothing here that’s relevant to self-hosting.

Sure, that’s what I do for hosting my stuff. DDNS does not help with SSH whitelisting because that is IP-based, not based on a URL.

Now I get it. Thanks for the explanation!

Set up a firewall and only open port 22 with your IP (you can look it up using ip.me).

I keep wondering about this part whenever I read it. Do y’all have static IP addresses so you can do this easily? If I did this, I’d probably lock myself out within a week (which is roughly the interval at which my public IPv4 will change).

Discovered and got psittsa up and running, a cool little project that combines Piper (TTS engine) with a web frontent that allows users to copy-paste text or URLs and to either stream the audio from the browser or download it as mp3. Apparently it even does clean-up of old files behind the scenes.