Fresh Debian 13 (Trixie) install – was ich immer als erstes mache:

→ Root deaktivieren
→ SSH-Key only (ed25519)
→ UFW mit nur den nötigen Ports
→ Docker ready

Dokumentation für mich, vielleicht nützlich für andere.

https://m1ch4.net/blog/debian13-grundsetup/

#Debian #Linux #Docker #Selfhosting #Homelab

A poll to any admins who are self-hosting their own xmpp
what is your server running?

#xmpp #jabber #conversations #selfhosting #poll

friends, I need to run a receive only mail server
any suggestions for software, tips and best practices and what to absolutely never ever do are incredibly welcome

I've never hosted e-mail things before; assume I know nothing
I have a domain with DNSSEC, a VPS, and a lot of hope

#askfedi #duckduckfedi #selfhosting #selfhosted #emailhosting #email

Jeder (Self-)Hoster kennt diesen Moment:
Update klicken, kurz die Luft anhalten und hoffen, dass nicht wieder PHP, Datenbank oder Desktop-Client beschließen, heute kreativ zu werden.
Nach Jahren mit Nextcloud habe ich 2026 für meinen eigenen Usecase die Reißleine gezogen. Nicht aus Dogmatismus. Sondern weil digitale Souveränität für mich am besten funktioniert, wenn Infrastruktur wieder ein bisschen langweilig wird.
Darum bin ich bei #OpenCloud gelandet.
Schlanker, fokussierter, weniger bewegliche Teile. Kein PHP. Keine Datenbank. Go-basiert, unter 200 MB RAM im Idle. Auf K3s mit ZFS-Snapshots dahinter läuft das sehr viel näher an „funktioniert“ als an „braucht Aufmerksamkeit“.
Und dahinter steckt das Team von #mailbox.org,  #Heinlein Support. Kein US-Risikokapital, kein Exit-Druck. Keine fragwürdige Eigentümerstruktur. Einfach Leute, die seit 30 Jahren für datenschutzkonforme Infrastruktur in Deutschland kämpfen. Das ist kein Zufall, das ist eine Entscheidung.
Der schönste Nebeneffekt:
OpenCloud wurde bei mir quasi nebenbei zur souveränen E-Book-Bibliothek. DRM-freie EPUBs auf dem Boox Go 7, ohne Amazon-Ökosystem, ohne Plattform-Lock-in, ohne das übliche „wir kennen deinen Geschmack besser als du selbst“.
Amazon weiß sehr genau, was du liest, wann du liest, wie schnell du liest und wo du aufgehört hast. Das ist keine Paranoia. Das steht in deren  AGB.
Genau da wird digitale Souveränität sehr konkret:
nicht als politische Folie, sondern als gelebter Alltag.
Eigene Dateien - eigene Infrastruktur - eigene Regeln - eigene Verantwortung.
Wie der Umzug lief, wo die kleinen HTTPS-/Traefik-Fallen lagen und warum weniger Komplexität manchmal der eigentliche Fortschritt ist:

🔗 https://www.pandolin.io/warum-ich-2026-zu-opencloud-gewechselt-bin/

One person. One homelab. One less excuse. :-)
#Fediverse #DigitaleSouveränität #SelfHosting #Homelab #OpenSource #Nextcloud #K3s #Privacy #EBooks #Linux #Ubuntu #BigTechAlternatives

Alt...

Pandolins Desktop.

Having a "reflective" afternoon.

On the topic of free operating systems, I have been playing with these lately, and recommend if it suits usage (alpha order).

- Alpine Linux (my daily driver)
- Chimera Linux
- Elementary Linux
- FreeBSD
- OpenBSD
- Solus Linux

Not "mainstream" suggestions per se, and that's kinda the point. Caveats re: glibc/musl, nvidia support, etc. apply.

If I had to have nvidia support for my primary workstation I'd probably go with Solus (KDE), or at least try it, in spite of systemd.

I'm starting to scratch the surface on

- CachyOS

for my son's gaming rig. Pretty much what it says on the tin. I like it. Arch could use a bit of polish. We'll see how it goes on real hardware.

Others that I haven't run much beyond playing with the iso, but am intrigued by, mostly by intended use case tbh:

- Mint
- Zorin

I used to run these for years and years and years but don't nowadays:

- Arch
- Gentoo

Excellent, but the time intensity ...

~20 years ago I used to run Gentoo in a government research agency data centre. Even came up with an "ansible-like" set of deployment scripts/framework and whatnot in /bin/bash to manage them (pre-dates Ansible).

Fun times... the time... the time.

Gentoo was bracketed by RHEL in the past and CentOS as the successor. CentOS was fine but gave up a lot of performance way back then. Shifting priorities, server hardware was still following Moore's, and all that.

I flirted with Ubuntu a bit over the years. Could never really get into it back when it was decent. I won't touch it now.

Today, I think I'm done with Debian. Too static for my tastes - stuff gets too stale. Sure, there's Testing/Sid but there's also other options at that point.

Now that I'm a sysadmin just for myself I can embrace using whatever I want. Ha.

I'm all about community projects nowadays.

Corporate software will eventually disappoint you so it pays to just not go there in the first place.

Deep thoughts.

#Linux #RunBSD #HomeLab #SelfHosted #SelfHosting

ich hab jetzt ne Miniserverbrücke oder ist das schon ne Serverfarm 🤔
#selfhosting

So that's it. I've retired. Well, technically not quite because I'm still being paid for another week. However, my two work laptops have been wiped and handed back along with my security pass, and my development desktop machine has been cleaned up and shut down. I've deleted the various TOTP entries for my work accounts from my phone.

It's over. I'm free.

I'll keep myself mentally active with some #FOSS development, and will continue to enjoy tinkering with #SelfHosting on my #HomeLab , hopefully with a bit more mental energy available than before. Good times lie ahead, I hope.

What bring you to the path of self-hosting?

I guess for me is that because in the mid 2000's the free hosting services were quite terrible and I get my hands on the old family computer and some documentation about Debian.

#selfhosting

Mein #nobigtech journey ist irgendwie vorübergehend zum Stillstand gekommen. Alle bigtech-socialmedia-Accounts sind gelöscht, meine Daten aus Onedrive auf ne #nextcloud umgezogen, mein Freundeskreis auf #signal Mein neuer #linux PC macht mich immer noch glücklich. Und nu? Warten, bis der #raspberrypi geliefert wird und ich mit #selfhosting und #pihole experimentieren kann.. Gilt das jetzt schon als "Onni hat übrigens Ahnung von Technik"?

Am I the only dumbfuck to not use docker/containerization and host stuff the old way?

#selfhosting

Logiciel open source, prise en charge de DoH/DoT/DoQ, protections et architecture : j’ai documenté la stack de HostuxDNS ici :
https://dns.hostux.net/stack.html

#DNS #Privacy #OpenSource #SelfHosting #Hostux

Ok #homeautomation and #selfhosting folks, I am looking for opinions (boosts welcome).

I have this swimming pool controller that I built off a raspberry pi. It sits outside in a waterproof enclosure year-round. Temperatures range from -10ºC to 50ºC over the course of a year. It's running Raspbian or some Debian-flavored Linux.

I've tried spinning rust hard drives and SSDs. They die within 12-18 months and I'm on my third failure. I have a couple ideas.

1. Netboot: I could have it boot via PXE or TFTP or something and have no permanent storage outside.
2. SD flash cards. I could just run it off a micro-SD, and keep a few handy so when they burn out, I just swap it in. I can use NFS for permanent storage, so the loss of the SD doesn't matter.
3. Some kind of storage that is more resilient to this kind of temperature and humidity swing?

Thoughts on storage for this outdoor project? I'm asking other questions later in the thread.

There is a package for #Caddy reverse proxy for obtaining certificates using DNS challenge through #Hetzner's new Cloud API.

https://github.com/caddy-dns/hetzner

#homelab #reverseproxy #selfhosted #selfhosting #selfhost #ssl

Looks like not only backups but also my obsession^Wpassion to write detailed entries to my "selfhosting journal" pays back. Any change, I made in my main home server, has a date and a detailed description of changes made. Also, the process of #NetBSD installation and service installation is documented too, alongside with documented list of running services, opened ports, cronjobs, etc.

At one bad day, my main server started to hangup at near 18:00 and at nea 08:00. There weren't any cron (or any another) jobs at this time. In the logs and monitoring the problems with mosquitto (MQTT server) were visible — somehow it eats at near 100% of CPU, then monit restart it, then things become working, then (after some time) the server hangs completely. Investigation showed that write to my second ZFS disk (where the PostgreSQL DB lives) were extremely slowed, so ZFS panicked, crashed and crashes the kernel

[ 204836.661198] wd0d: device timeout writing fsbn 123148477 of 123148477-123148478 (wd0 bn 123148477; cn 122171 tn 1 sn 46), xfer 38, retry 1
[ 204863.837664] wd0: soft error (corrected) xfer 38
[ 206810.672323] wd0: autoconfiguration error: wd_flushcache: status=0x5128<TIMEOU>
[ 212327.420695] SLOW IO: zio timestamp 211326864412007ns, delta 1000556283358ns, last io 211280726737075ns
[ 212327.420695] panic: I/O to pool 'zfs' appears to be hung on vdev guid 1299234741086050345 at '/dev/wd0'.
[ 212327.420695] cpu0: Begin traceback...
[ 212327.420695] vpanic() at netbsd:vpanic+0x183
[ 212327.420695] panic() at netbsd:panic+0x3c
[ 212327.420695] vdev_deadman() at zfs:vdev_deadman+0x15e
[ 212327.420695] vdev_deadman() at zfs:vdev_deadman+0x31
[ 212327.420695] spa_deadman_wq() at zfs:spa_deadman_wq+0xe0
[ 212327.430704] workqueue_worker() at netbsd:workqueue_worker+0xef
[ 212327.430704] cpu0: End traceback...

At the same time, I hear a strange metal noises from server at near 08:00 too, so the destiny of second drive was specified.

The server restoration will take some time, but since anything were written in the log file, I'm able just to replay some actions and get all systems up as soon as possible

#selfhosting #HomeServer

Alt...

Emacs buffer with journal entries (in OrgMode) related to the administrative actions in the server.

Alt...

Emacs buffer with description of NetBSD installation process on the main server and with lists of TODO items, services, opened ports, etc.

Alt...

EGA colored photo of a 2.5 inches HDD

I've been running two degraded ZFS arrays for the last few weeks (Debian host).

Yeah, I know. Whatevs.

One of the pools was basically "scratch" backup space and one of the spindles died (breaking the utility of the mirror). Pulled the drive, wiped the remaining, put back in service with minimum fuss as a single drive. I'll throw another spindle at it when drive prices drop again.

The other array had the SSD cache die and it's been chugging along fine ever since. Not a big deal, but from a "experience" point of view it "feels slow" like a working md array.

New SSD arrived in the mail so that'll get sorted sometime today/tomorrow.

So, what's this post about?

Linux peeps, if you are thinking about md arrays, just stop, take the time, and throw 'yer leg over the zfs horse. It's worth it.

#Linux #RunBSD #zfs #md #mdadm #raid #homelab #SelfHosted #SelfHosting

Druga i na razie ostatnia część wpisu o moich ulubionych aplikacjach #selfhosted. Miłego odbioru 🧑🏻‍💻

https://blog.narecki.name/moje-ulubione-aplikacje-self-hosted-czesc-2

#selfhosting #yunohost

Dzisiejszym wpisem otwieram szeroki temat #selfhosting.u 🤓

https://blog.narecki.name/moje-ulubione-aplikacje-self-hosted-czesc-1

#selfhosted #yunohost

#SelfHosting tools I rely on and am very happy with (and I'll probably put on repeat to remind people):

• Pangolin: I have a tiny Hetzner VPS with it that fronts all my #SelfHosted in-house services so I can access them remotely
• Beszel: Monitoring of my servers, simple, shows me exactly the stats that I'm interested in

I'm looking for a simple web based chat app that I can selfhost . I'd prefer something with voice chat but I need to keep bandwidth low. IRC may be too key-board heavy for this use case

suggestions are welcome

#selfHosting #selfhosted

I'm Blake — reintroducing myself as I'm back on the timeline.

I'm a Cloud Engineer working in Site Reliability and DevOps in the healthcare industry. I design and build highly scalable, resilient infrastructure that powers modern healthcare systems. Day-to-day I work with .NET, JavaScript, and TypeScript to deliver reliable platforms.

Outside of work, I build with Go — creating tools that prioritize performance, privacy, and user empowerment.

A couple things I'm working on:

RideAware — A cycling training platform for building structured training plans, analyzing ride data, and completing indoor workouts all in one place.

Arcline Hosting — A self-hosted web hosting service for people who want to know exactly where their data lives. It runs on hardware I own and operate — no AWS, no Cloudflare, no third-party CDN. Shared, WordPress, and VPS plans with personal ticket and email support.

My core interests span SRE, cloud infrastructure, DevOps/automation, and network engineering. I spend a lot of time with Linux, Docker, Kubernetes, Terraform, and enjoy digging into routing, firewalls, and secure network design.

I'm here because I care about privacy, self-hosting, and building things that give people more control over their own data. Good to be back — looking forward to reconnecting with this community.

#reintroduction #CloudEngineering #SRE #DevOps #Go #Golang #Linux #Docker #Kubernetes #Terraform #SelfHosting #HomeLab #Privacy #DataSovereignty #WebHosting #Cycling #HealthcareIT #FOSS #BSD

The convenience of synchronisation between devices are the most common argument that I hear from friends why they are so invested in the respective walled gardens. But the same advantages can be obtained with old well-tested and open standards. Example: get an SMS with e-mail, add it to contacts and then have it autocomplete in @thunderbird@mastodon.online connecting to whichever mail provider your heart desires, thanks to the magic of CardDAV and IMAP. No need for Giant Mail :)

I am immensely grateful to the Fediverse for all the encouragement I got here to embark on a #selfhosting journey.

#YunoHost has empowered my digital life in immeasurable ways.

My way of giving back - and fighting the broligarchs of Big Tech - is to create a guide that demystifies the process. I have compiled all my posts so far in a single page:

🔗 : https://blog.elenarossini.com/a-newbies-guide-to-self-hosting-with-yunohost/

If you're curious about self-hosting but you haven't taken the leap yet, I hope my articles will be helpful to you ❤️

Just received an email from my mail server administrator. They sent me a link to change my password because it's 'insecure'.

My mail admin is so efficient...

...hey, wait a minute... I AM my mail administrator! 🤦‍♂️

#Phishing #SelfHosting #SysAdminLife #SecurityFail #InfoSec

Just spoke to a friend who's running OpenClaw (f.k.a. MoltBot f.k.a. Clawdbot). What I didn't get before is the "everybody is buying Mac mini's" element. I thought this was all about sandboxing, and it's partially that, but also partially because the Sillicon Valley AI-pilled crowd don't have a machine in their home that is on 24/7 yet.

OpenClaw may just end up being a gateway to #SelfHosting. Once this whole OpenClaw experiment implodes, because — I'm just guessing — people figure out it cannot be secured, is ludicrously expensive and actually not that useful. People will be left with little computers in their home that they have no use for anymore.

Hello! 👋 How about you start self hosting stuff. Like, I don't know @silverbulletmd ! #AlwaysASilverLining

Since my home server not intended for use by any people outside of my city (plus some VPN endpoints in other countries) — it is ok to ban some unwanted countries and cities from which I don't expect anything good, except attempts to hack my box to use my resources or set me up .

So I added some GeoIP blocking to the npf with script to update GeoIP list — I blocked China, Iran, North Korea, etc and Moscow (because there are a lot of government and commercial backed bots coming from here). Results are good — the bots don't disappeared completely but the speed of adding new IPs to the blacklist is decreased

Sadly, I was unable to add USA and UK to the list, because looks like there are some limits (not found how to increase them ), which disallows to load a lot of CIDRs for these countries to the blacklist.

#NetBSD #npf #bots #selfhosting

Alt...

Graph of the count of banned IPs per week. There are two red tangents on the two points — before and after the GeoIP bans were enabled. And the two red lines, parallel to the X axis. The resulting derivatives are 0.59 and 0.38, so the speed of raising the values (count of blocked bots) are decreased.

Alt...

Part of the script to update npf blacklists. Script contents: # List of blocked countries: # AE - United Arab Emirates # AF - Afganistan # BY - Belarus # CN - China # CU - Cuba # HK - Hong Kong # HU - Hungary # IR - Iran # KP - North Korea # KW - Kuwait # PK - Pakistan # PS - Palestine # TW - Taiwan # UA - Ukraine /usr/pkg/bin/curl --connect-timeout 30 --fail --interface re0 --ipv4 --silent \ --retry 3 --retry-connrefused --retry-delay 5 --retry-max-time 90 \ --show-error --proxy http://127.0.0.1:20172 \ -o - "$GEOIP_COUNTRIES_SOURCE" | \ /usr/bin/egrep '^[0-9.,]+((AE)|(AF)|(BY)|(CN)|(CU)|(HK)|(HU)|(IR)|(KP)|(KW)|(PK)|(PS)|(TW)|(UA))$' | \ /usr/bin/awk -F, '{ print $1, "-", $2 }' | \ /usr/pkg/bin/iprange > /usr/share/npf/blacklist.countries.new if [ "$?" -ne "0" ]; then echo "Failed to update countries blacklist" rm -f /usr/share/npf/blacklist.netset.new \ /usr/share/npf/blacklist.countries.new exit 3 fi # List of blocked cities: # Moscow /usr/pkg/bin/curl --connect-timeout 30 --fail --interface re0 --ipv4 --silent \ --retry 3 --retry-connrefused --retry-delay 5 --retry-max-time 90 \ --show-error --proxy http://127.0.0.1:20172 \ -o - "$GEOIP_CITIES_SOURCE" | \ gzip -d | \

Back to #dockge from #arcane as a web UI for docker compose management. Arcane has more bells and whistles (and required clicks) than I need, and the dockge repo seems to have become active again https://github.com/louislam/dockge also became a sponsor of the project while at at it. #SelfHosting

If you’re a self hoster or interested into getting into #selfhosting have a look at this series by @colocataires https://blog.colocataires.dev/

It’s very well written, informative and has a few projects listed I wasn’t aware of yet.

My ISP was kind enough to give me a learning opportunity in how I can manage access to my homelab. While access to #selfhosting can't be in my place by definition, I can at least have it on a VPS from a local company to resist monopolies :)

I'm running Forgejo in a container now to isolate SSH access, but I also had it installed directly for some time.

This is what I use now, after #selfhosting Apache SVN, Perforce, Tuleap, RhodeCode, Phorge and Gitea so far.

Live location is very sensitive data, but #selfhosting the server with TLS and basic authentication gives me more privacy than the big tech cloud. And it only needed reading a bit of MDN and making a basic #Docker image based on #NodeJS

This time it's #Debian with #Docker. I used to avoid containers, preferring to run services directly instead. But setting up backups made me appreciate the separation between the application data in image and persistent state in mounted volumes. The final piece that convinced me is the ability to self-host my own container registry with @forgejo@floss.social

I'm doing the initial setup through #Ansible (learned from @notthebee@tilde.zone), but specific applications are managed via dockge. The ambition to do every adjustment through playbooks burns out really fast when working with a single instance.