erev

I've been around selfhosting most of my life and have seen a variety of different setups and reasons for selfhosting. For myself, I don't really self host as mant services for myself as I do infrastructure. I like to build out the things that are usually invisible to people. I host some stuff that's relatively visible, but most of my time is spent building an over engineered backbone for all the services I could theoretically host. For instance, full domain authentication and oversight with kerberized network storage, and both internal and public DNS.

The actual services I host? Mail and vaultwarden, with a few (i.e. < 3) more to come.

I absolutely do not need the level of infrastructure I need, but I honestly prefer that to the majority of possible things I could host. That's the fun stuff to me; the meat and potatoes. But I know some people do focus more on the actual useful services they can host, or on achieving specific things with their self hosting. What types of things do you host and why?

Hello! I am migrating some services from an old cloud instance to my homelab. The cloud instance was running NextCloud and as I don't really need the entirety of NextCloud, I'm moving to individual services. It's now time for me to move the most important thing from this NextCloud instance: my calendars and contacts.

I'm looking for a good containerized service to run this. I've taken a look at both Baikal and Davis, but both seem to have issues running rootless. As I have Kerberos throughout my network and am storing the persistent volumes on an NFS share, I prefer to run all my containers under dedicated service accounts. This also means that I would like the DAV server to have LDAP or IMAP authentication. I am also using podman quadlets rather than docker compose, but I can figure out the translation on my own. Worst case scenario here is I just run Davis and talk to the dev about the issues I have (which will probably be done anyways), but I'd like to get something up and running sooner rather than later. Any solutions would be greatly helpful. If there isn't a good containerized solution, I'm also willing to make an LXC or VM but I'd prefer to stick to containers. Thank you!

So this is an interesting one I can't figure out myself. I have Proxmox on a PowerEdge R730 with 5 NICs (4 + management). The management interface is doing its own thing so don't worry about that. Currently I have all 4 other interfaces bonded and bridged to a single IP. This IP is for my internal network (192.168.1.0/24, VLAN 1). This has been working great. I have no issues with any containers on this network. One of those containers happens to be one of two FreeIPA replicas, the other living in the cloud. I have had no issues using DNS or anything else for FreeIPA from this internal network nor from my cloud network or VPN networks.

Now, I finally have some stuff I want to toss in my DMZ network (192.168.5.0/24, VLAN 5) and so I'll just use my nice R730 to do so, right? Nope! I can get internet, I can even use the DNS server normally, but the second I go near my FreeIPA domains it all falls apart. For instance, I can get the records for example.local just fine, but the second i request ipa.example.local or ds.ipa.example.local, i get EDE 22: No Reachable Authority. This is despite the server that's being requested from being the authority for this zone. I can query the same internal DNS server from either the same internal network or a different network and it works handy dandy, but not from the R730 on another network. I can't even see the NS glue records on my public DNS root server.

I'm honestly not sure why everything except these FreeIPA domains works. Yes, I have the firewall open for it and I have added a trusted_networks ACL to Bind and allowed queries, recursion, and query_cache for this ACL. The fact it only breaks on these FreeIPA subdomains makes me think it's a forwarding issue, but shouldn't it see the NS records and keep going? It can ping all the addresses that might come up from DNS, it's showing the same SOA when I query the root domain, it just refuses to work from my IPA domains. Can someone provide any insight on this please, I'm sick and tired of trying to debug it.

Basically title. If I make a quick wash isopropyl alcohol (QWISO) solution, would a vacuum extraction have a meaningful effect on the resulting concentrate? I'm doubt it would have a meaningful impact in terms of flavor and terpene content, but I can see it producing an interesting consistency. The only way I could see it affecting flavor would be if the low pressure caused some volatiles to change, but I kinda doubt that. For the vacuum extraction I would probably just put it in a vacuum chamber.

So I have two sites: my home network and my cloud VPSs. I have setup a FreeIPA domain that I would like to use for all my machines, local and remote. While I wait for Linode/Akamai to add their new VPC feature, I want to create Wireguard tunnels from each VPS to my home network with my UDMP as the router. I tried to set it up through the UI, however I can't ping to/from the server wireguard interface when connected. So I tried to set it up with wg-quick but alas that isn't working either. I have the firewall port for wireguard open with both Internet In and Internet Local. I'm not even trying to get LAN access yet because I can't even ping over the tunnel. This has seriously frustrated me and I need to see if I'm just majorly fucking up or if I'm sane afterall and the UDMP just isn't good for Wireguard.

Server conf:

[Interface]
Address = 192.168.84.1/24
ListenPort = 51820
PrivateKey = [server private key]

[Peer]
PublicKey = [client public key]
AllowedIps = 192.168.84.20/32

Client conf:

[Interface]
Address = 192.168.84.20/24
PrivateKey = [client private key]

[Peer]
PublicKey = [server public key]
Endpoint = [server hostname]:51820
AllowedIPs = 192.168.84.1/32

I had PostUp and PostDown rules set, but they didn't seem to make a difference. It seems they're mostly for configuring routing with iptables. Can I please get a sanity check here?

Edit: It was dns. It's always dns. Apparently the UDM Pro doesn't like IPv6 for Wireguard (and supposedly a lot) and the domain name I was using for my home network was double stack. I tested against it's current IP address and when that worked I made a subdomain that was IPv4 only and it's working great now.