Emulating Switch games is pretty solid these days too if you have the hardware to run it.
Emulating Switch games is pretty solid these days too if you have the hardware to run it.
Ansible vault. All my config files and scripts are deployed with Ansible. Usually they are pushing those into a file or environment variable but if you scope permissions narrowly and don’t run services/containers as root you should be somewhat safe. If someone has filesystem access you’re already in big trouble.
Instead I’d focus on keeping your attack surface as small as possible. Keep services behind a VPN or segment public facing services to a separate VLAN or docker network.
Back in 2016 or so you could get a RaspberryPi 3 for $35. Add a $5 power supply, $5 SD card and $10 case (or 3d print your own) and you’ve got a nice little piece of hardware for running a tiny project at home for ~$50. More than enough for hosting some simple web services, backup software or something like Home Assistant.
Plus it was popular (which makes it even more popular). It’s always been very easy to find guides written specifically for the hardware, despite it’s limitations.
I think the value proposition has been dropping steadily though. They cost more, are hard to find and there are now a lot more competing SBCs on the market. RaspberryPi still has name recognition though, for now.
There is a community Ansible module for the Uptime-Kuma API that I’ve been trying to get working so I can trigger the maintenance window when I run my playbook to update services but I haven’t quite figured it out yet.
I’m in the same boat though, I start updating containers and my slack channel blows up for like five minutes straight.
I’ve got Uptime-Kuma internally for watching all my internal services and then I’ve got one running on a VPS that watches all the external services and public endpoints.
Such a great project and so easy to use…
FreeDNS requires you to log in to their website once a month or so to keep your DNS name active or they will revoke it. DuckDNS doesn’t require that. It’s free and it works. I set it up forever ago and never have to touch it, with FreeDNS I was risking losing my name or having my services go down if I missed their nag email.
ansible-nas
Wow, yeah this is exactly the sort of roles/playbooks that I’ve been building. I’m definitely using this as a source before starting my own from scratch. Thanks for sharing.
I’m actually doing both right now since I had quite a huge compose file that I haven’t converted to ansible yet. The biggest frustration I have is that there doesn’t seem to be an ansible module that works with compose v2 (the official plugin) which means I’m either stuck on the old version of compose or I have to use shell commands to run stuff like ‘docker compose up -d’.
One nice thing I’ve gained though is for services like Plex. I have an ‘update’ playbook that I use and it will check to see if Plex is actively streaming before updating the container which isn’t something I could do easily with compose.
Hahaha, I’ve been using ChatGPT in the exact same way. It requires a bit of double-checking but it really speeds things up a lot.
I’ve started replacing my docker compose files with pure ansible that is the equivilent of doing docker run. My ansible playbooks look almost exactly like my compose file but they can also create folders, set config files or cycle services when configs are updated.
It’s been a bit of a learning process but it’s replaced a lot what was previously documentation with code instead.
I’d recommend Duck DNS over Free DNS these days.
And Wireguard over OpenVPN.
But yes, this is the easiest free way to stand up a solid website. Only other thing I’d add is to put sites and services behind a reverse proxy. Typically I’ve used Nginx but I’m quickly becoming a Caddy convert.
Notoriously mature and level headed mods that spend all day on the internet putting an excessive amount of emotional energy into something most people barely care about… Who could have predicted this?
Using Google apps used to be a smooth and seamless experience but it’s become a slog. The best you can hope for is that they’ll just stop supporting whatever service you like and just let it rot without updates for years while you are allowed to keep using it. Otherwise they’ll just force you to migrate around constantly while merging or fragmenting the experience until the former happens anyway.
It’s exhausting and it’s utterly destroyed my desire to check out anything new in their ecosystem.
It’s pretty hilarious how badly they’ve fucked this up. I have no interest in Google Chat at all because it’s almost certain they’ll replace it with yet another service before I even have a chance to settle in.
Why does everyone think we are collectively too stupid to figure out how to use the internet? Like holy crap.
Normies are not very tech savvy and they are completely unwilling to deal with even the most minor inconveniences. Most people just want to open their mouth and have someone dump some internet in there. “Having to curate an experience” is not something many people are willing to do.
I should have learned Ansible earlier.
Docker compose helped me get started with containers but I kept having to push out new config files and manually cycle services. Now I have Ansible roles that can configure and deploy apps from scratch without me even needing to back up config files at all.
Most of my documentation has gone away entirely, I don’t need to remember things when they are defined in code.
Converting my environment to be mostly containerized was a bit of a slow process that taught me a lot, but now I can try out new applications and configurations at such an accelerated rate it’s crazy. Once I got the hang of Docker (and Ansible) it became so easy to try new things, tear them down and try again. Moving services around, backing up or restoring data is way easier.
I can’t overstate how impactful containerization has been to my self hosting workflow.
Replying to confirm that this works and went very smoothly! If you can see my profile picture, it’s on S3 instead of disk now.
I’m using pure ansible to deploy my containers (instead of docker compose) so I had to figure out how to start the pictrs container without actually starting pictrs so that I could run the migration. I ended up stopping the container and then running this to perform the migration:
docker run --name pictrs-migration \
--user 991:991 \
-v /my-pictrs-path/:/mnt \
--rm \
asonix/pictrs:0.4.0-rc.14 \
pict-rs \
migrate-store \
filesystem \
object-storage \
-e https://my-s3-endpoint \
-b my-s3-bucket-name \
-r my-region \
-a my-key-id \
-s my-key-secret
Then I used ansible to redeploy the container with volume mount removed and the new s3 environment variables.
Super easy!
Thank you for sharing this. I’m going to try to go through this migration shortly.
Right now I’m running my instance on a fairly lean VPS so being able to lighten the CPU load and not have to pre-allocate disk space is super useful.
I’m not sure how this would work, but what about the concept of cross-instance communities? For users it would be a bit like a multi-reddit where you group various communities together into one aggregate list but when posting content you’d have to choose which instance it lands on. Mods would have to agree on a set of rules (and you’d have some communities split off due to differences), but otherwise it seems somewhat plausible.
That would be one way to solve the problem of every instance having a version of one specific type of community.