Microsoft deserves all the crap they’ve ordered, but skipping 9 on versioning was pretty smart move on their part. There’s still a ton of older software which just checks if windows version matches ‘windows 9’ to include both 95 and 98 (and all their variants). If 8.1 was released as 9 it would’ve broken a lot of compatibility which at least then was a big deal for Windows. And it still is, but now it seems that they’ll happily break everything from their most known product.

Even if your router acts as an DNS proxy it shouldn’t overload any pihole installation unless you have a crapload of devices doing millions of queries per hour. My pihole manages all my devices (20-30 individual things) without any problems and even if I hit some rate limit it’s going to be a change to default configuration, not a immovable object on your way. Based on quick glance over that reddit thread a new router might be a good option, but that’s another easy-ish task to accomplish. I use mikrotik device and I’m pretty happy with it but there’s a ton of good options.

For hiring someone to coach you I can see quite a few of potential issues. People who claim to know what they’re talking about but don’t really have the knowledge, straight up scammers obviously, mismatch in personal chemistry which will make learning unnecessarily difficult or even impossible, some people just aren’t good at teaching even if they do know their stuff and so on. By all means, use your money however you like, but I personally strongly advice against it unless you can get some courses on (preferably local) reputable vendor. You can look for online courses too, cisco has a ton of courses on networking, redhat has plenty of linux courses and other big players have their own training and even certificates if you want to go that far.

For pihole you don’t need support from router. It’s convenient if you can adjust dhcp-server settings so that pihole will automatically cover your whole network, but it’s not a requirement, you can just manually set each device to use pihole as DNS server. All you need is a static IP address outside your DHCP -pool. For spesific router configurations, you can ask those too, just include spesific model and possibly screenshots from your router interface.

That iMac of yours is more than enough to get you going. If you plan to run multiple things on it it might be good idea to look for hypervisors like proxmox or ovirt, but basic qemu+libvirt -setup on pretty much any linux-installation will work just fine too.

For the 3rd part, your concerns are mostly about networking and setting up pihole/other servers on your local network will gain you knowledge on how to manage that as well. Also, you can set up nextcloud/immich/whatever locally at first, get familiar with them and then allow access from the internet either via bitwarden or other tunneling or directly over public network. Latter has obviously way bigger threat models than using VPN and accessing stuff that way, but gladly the networking side of things is somewhat it’s own beast from the servers so you can build everything local only at first and then figure out what’s the best approach for you with remote access.

However right now I’m simply feeling overwhelmed and blocked.

I could explain to you in pretty decent detail how to build a setup which could cover pretty much every imaginable scenario for a home gamer, but that would also be suitable to serve a mid-sized company who’ll have multiple people on duty to manage the servers, storages, security, networking and other stuff. Also it’d cost roughly as much as a decent house. That’s close to the ‘big picture’ you’re looking for and equally overwhelming than your current situation. I’ve been earning my living with this stuff for quite a while now and there’s still a ton of things I’m at a very much beginner level. Maybe the difference now vs starting this is that I actually have some idea on things which I don’t know and thus I know when to learn more/ask from more experienced team members.

Just like eating an elephant, this field requires that you take it piece by piece. You’ll learn new things to build both your setup and your knowledge further, but if you try to eat it all at once it just doesn’t happen. First you need to decide a simple goal on what you want to get out of self hosting. DNS-based ad-blocking on your network is pretty neat and setting up pihole will get you started. Also with that you don’t need to allow any external connections to your network. Plus if something goes wrong you can easily just return to where you started from and try again. Setting your own router with DHCP, caching DNS and other stuff is pretty neat too and it’s also pretty simple to isolate from the rest of the network so you’ll have your ‘normal’ stuff still working while you learn for new things. Whatever it is, set up a relatively simple goal to work for. Then you can start to ask questions like ‘is raspberry pi 4 suitable for this’ or ‘what subnet I should use for my homelab’ or even ‘how to install debian on a old laptop to run pihole’.

Or if you really insist on going to the deep end, go to library and pick up TCP/IP Network Administration from O’reilly (altough that might be a bit outdated by now) or something similar and dig in. The o’reilly one has a bit over 700 pages to go trough. There’s equally in-depth books for linux administration, firewalls, network security and so on. Annas archive will most likely have some decent books too if you don’t care about legal issues and want to go trough brick-sized books as pdfs.

Some random thoughts about your points:

1. It’s a pretty damn big picture you’re looking at. Networking, backups, hypervisors, storage solutions, security and a lot of other topics are each big enough that you can make a career out of any of those alone. Obviously you don’t need to know everything about everything but as you learn more you’ll find more and more stuff to learn so I’d say there’s no practical way to learn ‘big picture’ just over a few hours of ‘lessons’. Also there’s a ton of variations on what one might consider as ‘self hosting’. Some will have setup comparable to decent sized company, others will have a single raspberry pi on top of their router.

2. Same goes here, it’s a pretty big field to go trough. The best setup for me is most likely very different from the best setup for you. Also with real world constraints (money, bandwidth, space available, electricity price…) the best setup is practically quaranteed to be some kind of compromise. Also, at least in my opinion, it makes sense to start with what you already have or can cheaply get, so that you’ll get something out of the system with as little investment as possible even if the first iteration might be a bit janky. Also your needs will likely change over time so the ‘optimal’ configuration for today might be wildly different from the configuration tomorrow.

3. This goes hand-in-hand with first point. You need to understand some basic networking, backup scenarios and proper threat mitigation against security threats, hardware failures, power outages and so on. Also there’s no ‘initial setup’ after which the system is complete as, again, your needs will change over time.

4. That’s why we’re here. Just describe your problems in a reasonably sized chunks. Don’t ask how to build a homelab but instead ask for something more spesific which doesn’t have a crapload of variables to figure out before getting to the actual problem.

For the money part, I’ve done stuff like this for companies (getting suitable hardware for their needs, setting it up, offering support…) as a freelancer and at least in here that’ll cost you 80-150€/h commercially. Even as a hobbyist I personally wouldn’t take that kind of contract as I heavily doubt that you’re willing to throw thousands of euros on the table (as properly going trough your list will take quite some time). However, if you can narrow things down and ask for something spesific I’ll happily reply to you around here for free if I happen to have time and/or knowledge about the matter.

So, figure out what you want from the system right now, what’s the first thing you want to build. It might be a hypervisor so you can keep experimenting with virtual machines, it might be a pihole for your network or something else, but you’ll need a pretty spesific goal. Then you can come back and ask more spesific questions and get deeper into the rabbit hole. Also, specially if you’re starting from scratch, there’s no such thing as a perfect setup. I’m working on a decent sized company with offices around the globe and even with those resources there’s still compromises with pretty much everything as cooling capacity, bandwidth, financial, man hours and other things aren’t infinite.

Just a few days ago I tried to feed my home automation logs to copilot in hopes that it might find a reason why my controller jams randomly multiple times per hour. It confidently claimed that as my noise level reported by controller is -100dB (so basically there’s absolutely nothing else on that frequency around, pretty much as good as it can get) it’s the problem and I should physically move the controller to less noisy area. A decent advice in itself, it might actually help on a lot of cases, but in my scenario it’s a completely wrong rabbit hole to dig in. I might still move the thing around to get better reception on some devices but it doesn’t explain why the whole controller freezes for several minutes on random intervals.

If it tries to start but doesn’t do anything it’s pretty much a lost cause then as the drive gets power but fails to initialize. In theory a simple broken solder joint somewhere might cause that and that might be fixable, but that requires at least somewhat decent soldering station and some experience. Or maybe you could get a donor board and swap out memory chips from the old one, but that’s even more tricky. Hopefully it’s not too expensive lesson.

I’ve had some luck with portable drives by removing the drive from enclosure and attaching it directly to sata-bus instead of USB. Also, as a general rule for anyone who might stumble on this, whenever attempting recovery at first create an image (I use ddrescue) and work with that. That way you’ll minimize risk of causing even more damage.

A while ago we “fixed” couple of hard drives with my brother. All of them had a single faulty diode, apparently it was a known failure point on those drives and brother found instructions online how to bypass that diode. Obviously that doesn’t really fix the drives, but a small piece of wire and some soldering was enough to get drives spinning again long enough that he could copy data over to new drives.

With cloud computing you get someone (or at least some entity) to blame when things go wrong which apparently has some value too. Also, if you don’t need a lot of resources cloud can be cheaper than setting up whole infrastructure by yourself, but that has a ton of variables. Plus with cloud there’s often option for colocation/high availability/ddos protection and other stuff around which can be pretty expensive to build yourself.

Obviously if you try to shoehorn your current modrate sized esx/hyper-v/whatever environment to the cloud as is, that’s going to be expensive.

You can get refurbished hard drives for around 300$/20TB (quickly searched estimation). So, 15 drives plus maybe another 5 for raid reundancy takes you back 6k$. Server to hold those drives 1-2k$ (used), UPS, internet connection and other bits’n’bobs and your total is very roughly around 8k$ (or €, as I threw the estimations on a pretty big ballpark).

Damn right. I paid for the device, it’s mine and I can use it solely to take pictures of my bare ass should I choose so. There’s of course, and for a reason, limitations on how I can use those pictures, but those apply to any device capable of taking a photo of anything. But I can still use pictures of my ass as a wallpaper in my own home if I want to.

Not spesifically helpful with your cgnat-situation, but my jellyfin runs on a isolated network and it’s just directly exposed to the internet via named reverse proxy in order to share the library with family and friends. Should someone get access to that they can obviously use the VM for nefarious purposes, but it’s a known risk for me and the attacker would need to breach trough either my VLAN isolation or out of the virtual environment to my proxmox host if they wanted to access my actually valuable data.

Sure, there’s bots trying every imaginable password combination and such, but in my scenario even if they could breach either the jellyfin server or reverse proxy it’s not that big of a deal. Obviously I keep the setup updated and do my best to keep bad actors out. but as I mentioned, breach for that one server would not be the end of the world.

With cgnat there’s not much else to do than to run a VPN where server is somewhere publicly accessible and route traffic via that tunnel (obviously running a VPN-client on jellyfin-server or otherwise routing traffic to it via VPN). Any common VPN-server should do the trick.

I don’t have any Hue devices so I don’t follow that too closely, but there’s quite a bit of info on the changes at The Verge which is linked on top of that previous blog post on my comment. Apparently you’ll need an account to get firmware updates and enabling functionality, but not continous connectivity.

But maybe more important point here is that they have changed their policy and there’s nothing stopping them from changing it again, potentially even removing functionality unless you use their app.

Philips has chaned their policy a while back and now they collect telemetry data from their bulbs: https://www.home-assistant.io/blog/2023/09/22/philips-hue-force-users-upload-data-to-cloud/

It’s pretty simple to set up. Generate CA, keep key and other private stuff stored securely, distribute public part of CA to whoever you want and sign all the things you wish with your very own CA. There’s loads of howtos and tools around to accomplish that. The tricky part is that manual work is needed to add that CA to every device you want to trust your certificates.

And given how “fast” IPv6 adoption has been, switch to something non-IP based is not going to happen any time soon.

Also, while I kind of get the idea author is talking about, pulling random addresses out of thin air and managing routing for that, even on a small scale, is going to have a crapload problems. Without subnet hierarchy with routes, gateways and stuff would mean something like globally broadcasted ARP packets and absolutely massive routing tables on endpoints. Plus with that approach the reslience of IP-networks would be lost (or routing tables would need to grow even more).

Also there’s some pretty big issues with malicious actors on the network, incompatibility with every router on planet and a ton more. What that kind of approach working globally would need is some scifi-level networking without latency or bandwidth limitations.

RTT is just ‘a bit’ slower than via usual transfer channels.

because it’s fun to gamble as to how many seconds it will take to pull up the start menu this time.

I also like how it randomly brings up some random website first instead of an installed application I’m looking for. Corporate policy says windows, so I get paid to deal with it, but it helps only so much.

Thanks. Unfortunately, even if ddrescue reported that it got all of the data, the situation didn’t change after writing that to a known good card. I’ve been busy with other stuff so new server is still missing z-wave stuff, but at least everything else was nicely restored from a backup.

RPi came before Proxmox and I just kicked the migration further down a road a bit too long. Also, specially at the start, I didn’t want to have anything ‘quality of life’ critical stuff running on proxmox since it is (was) kind of my own sandbox to mess around with.