Cool, I recommend it!

I have my public facing reverse proxy point to my public services, and I also have it set up as a “roadwarrior” VPN to my home. So, I can connect my phone via WireGuard to my VPS, and a local DNS resolves my private services to the private IP addresses in my home network (so, I also run a reverse proxy on my server, for internal services).

I also have an off-site backup using this — just a raspberry pi and an HDD at family’s, that rsyncs+snapshots over the WireGuard network.

I’m sure I’m not following all the best practices here, but so far so good.

VPS with a public ip (which just takes all the fun out of selfhosting)

Why do you say this? My VPS only runs a reverse proxy and WireGuard, with all services hosted on my computers at home.

Having kids has made random conversations somewhat frequent for me.

Remember that RAID and redundancy is not backup.

Try to 3-2-1, or something similar/better, if you can.

I am fairly sloppy here, and I am also very cheap. I have multiple copies in my home for important stuff (mainly Immich), the in use copy being on SSD and a few backups on spinning rust. I have a raspberry pi with an external HDD at family’s place, with a daily rsync+snapshot, for off site backups.

Of course, I’ve never had a catastrophic failure, so who knows how smooth that would be…

I switched to Technitium and I’ve been pretty happy. Seems very robust, and as a bonus was easy to use it to stop DNS leaks (each upstream has a static route through a different Mullvad VPN, and since they’re queried in parallel, a VPN connection can go down without losing any DNS…maybe this is how pihole would have handled it too though).

And of course, wildcards supported no problem.

Maybe take a look at Outline. (Not affiliated, but I host it for myself.)

I also host KitchenOwl, but mostly just as a grocery list.

The dot-com bubble burst, but…well, it got better.

Of course there were some casualties (famously pets.com), but Microsoft, Cisco, Intel, Amazon…yeah they got their clock cleaned at the time, but long term they were pretty successful.

“Can the US lose in a way that allows the crazies in office to save face in their eyes?” seems an important question to me. Because if the options are the US clearly losing vs. the US clearly losing but nuking Iran so everyone loses…

I’ve been pleased with it. Family is very relaxed about projects like this, but yeah it’s low power draw. I don’t think I have anything special set up but the right thing to do for power would be to spin down drive when not in use, as power is dominated by the spinning rust.

Uptime is great. Only hiccups are that it can choke when compiling the ZFS kernel modules, triggered on kernel updates. It’s an rpi 3/1GB RAM (I keep failing at forcing dkms to use only 1 thread, which would probably fix these hiccups 🤷).

That said, it is managed by me, so sometimes errors go unnoticed. I had recent issues where I missed a week of rsync because I switched from pihole to technitium on my home server and forgot to point the remote rpi there. This would all have been fixed with proper cron email setup…I’m clearly not a professional :)

Not the same, but for my Immich backup I have a raspberry pi and an HDD with family (remote).

Backup is rsync, and a simple script to make ZFS snapshots (retaining X daily, Y weekly). Connected via “raw” WireGuard.

Setup works well, although it’s never been needed.

Link(s) in post contain punctuation and break, at least on my client. Here’s the codeberg link (working);

https://codeberg.org/BobbyLLM/llama-conductor

https://www.superbowl-ads.com/1997-tabasco-mosquito/

Best ad ever IMHO (sorry for funky link, YouTube if you prefer).

No dialog, no rampant consumerism (hot sauce is a necessary food), no sex/sexism, no emotional manipulation.

From link:

NOTE: The script is broken, DO NOT ATTEMPT TO USE THE SCRIPT NOW. Attempting to run it may get your account flagged stopping you from trying face verification either temporarily or permanently, forcing you to use your ID.

pr: https://github.com/xyzeva/k-id-age-verifier/pull/12

Or, malicious compliance by someone with a moral compass. Best is to somehow leak documents wholesale. But if that’s not possible, I think the next best way to all but guarantee that the information gets out is to do a lousy job censoring, and let “The Internet” do the rest. It also makes the administration look even more stupid, especially in the eyes of technically minded folks.

But yeah, not the best and brightest, that’s certainly a possibility.

But I thought they smelled bad on the outside?

Chuck Yeager’s Air Combat would ask for various airplane specs (“what is the service ceiling of an F-4E?,” “what is the ferry range of a MiG-15?”), and you had to flip through a booklet to find the answer.

You could copy the book, but it was fairly long so I guess the friction kept you in check.

I would probably add “transmit power” in there somewhere, but I guess if you’re assuming regulatory limits then it’s not a big variable.

Global Outbreak World Response Outreach Network, perhaps?

Lots of local-only options out there for security cameras. Doorbell cameras may be a little harder to find, but it looks like they exist.

I have a few Amcrest PoE bullet cameras, and they work great local-only. They’re on a separate VLAN, only my server can talk to them, and I have had zero problems with them. They even support NTP, which my router provides, so the clocks stay synced with no intervention. I’m running them with Frigate.

Not sure how serious your comment is, but I could certainly imagine Microsoft introducing new dependencies/hooks/all-executables-must-support-copilot, etc., that break compatibility faster than Wine can keep up. Glad to hear that’s not the case!

For old stuff though…yeah, I’d hope it’s not moving backwards :)