Not just UNIX-like, but actual UNIX.

IIRC there were some UNIX-certified Linux distros out there too, not sure if they’re still around.

Only one of them is UNIX.

Cool, I recommend it!

I have my public facing reverse proxy point to my public services, and I also have it set up as a “roadwarrior” VPN to my home. So, I can connect my phone via WireGuard to my VPS, and a local DNS resolves my private services to the private IP addresses in my home network (so, I also run a reverse proxy on my server, for internal services).

I also have an off-site backup using this — just a raspberry pi and an HDD at family’s, that rsyncs+snapshots over the WireGuard network.

I’m sure I’m not following all the best practices here, but so far so good.

VPS with a public ip (which just takes all the fun out of selfhosting)

Why do you say this? My VPS only runs a reverse proxy and WireGuard, with all services hosted on my computers at home.

Remember that RAID and redundancy is not backup.

Try to 3-2-1, or something similar/better, if you can.

I am fairly sloppy here, and I am also very cheap. I have multiple copies in my home for important stuff (mainly Immich), the in use copy being on SSD and a few backups on spinning rust. I have a raspberry pi with an external HDD at family’s place, with a daily rsync+snapshot, for off site backups.

Of course, I’ve never had a catastrophic failure, so who knows how smooth that would be…

I switched to Technitium and I’ve been pretty happy. Seems very robust, and as a bonus was easy to use it to stop DNS leaks (each upstream has a static route through a different Mullvad VPN, and since they’re queried in parallel, a VPN connection can go down without losing any DNS…maybe this is how pihole would have handled it too though).

And of course, wildcards supported no problem.

Maybe take a look at Outline. (Not affiliated, but I host it for myself.)

I also host KitchenOwl, but mostly just as a grocery list.

The dot-com bubble burst, but…well, it got better.

Of course there were some casualties (famously pets.com), but Microsoft, Cisco, Intel, Amazon…yeah they got their clock cleaned at the time, but long term they were pretty successful.

I’ve been pleased with it. Family is very relaxed about projects like this, but yeah it’s low power draw. I don’t think I have anything special set up but the right thing to do for power would be to spin down drive when not in use, as power is dominated by the spinning rust.

Uptime is great. Only hiccups are that it can choke when compiling the ZFS kernel modules, triggered on kernel updates. It’s an rpi 3/1GB RAM (I keep failing at forcing dkms to use only 1 thread, which would probably fix these hiccups 🤷).

That said, it is managed by me, so sometimes errors go unnoticed. I had recent issues where I missed a week of rsync because I switched from pihole to technitium on my home server and forgot to point the remote rpi there. This would all have been fixed with proper cron email setup…I’m clearly not a professional :)

Not the same, but for my Immich backup I have a raspberry pi and an HDD with family (remote).

Backup is rsync, and a simple script to make ZFS snapshots (retaining X daily, Y weekly). Connected via “raw” WireGuard.

Setup works well, although it’s never been needed.

Link(s) in post contain punctuation and break, at least on my client. Here’s the codeberg link (working);

https://codeberg.org/BobbyLLM/llama-conductor

https://www.superbowl-ads.com/1997-tabasco-mosquito/

Best ad ever IMHO (sorry for funky link, YouTube if you prefer).

No dialog, no rampant consumerism (hot sauce is a necessary food), no sex/sexism, no emotional manipulation.

From link:

NOTE: The script is broken, DO NOT ATTEMPT TO USE THE SCRIPT NOW. Attempting to run it may get your account flagged stopping you from trying face verification either temporarily or permanently, forcing you to use your ID.

pr: https://github.com/xyzeva/k-id-age-verifier/pull/12

Or, malicious compliance by someone with a moral compass. Best is to somehow leak documents wholesale. But if that’s not possible, I think the next best way to all but guarantee that the information gets out is to do a lousy job censoring, and let “The Internet” do the rest. It also makes the administration look even more stupid, especially in the eyes of technically minded folks.

But yeah, not the best and brightest, that’s certainly a possibility.

If Gentoo can be both Chad and Schizo, Slack should definitely be in the Chad category too.

I mean, it’s Torvalds’ distro of choice iirc, which should count for something.

Yeah, good point. The “app setup” is built into android and iOS as far as I can tell (generating matter credentials, etc.). Better than 3rd party IMHO but not ideal, and a nonstarter for a lot of folks. Hopefully HA will come out with their own onboarding process at some point.

Fair enough; I have a dedicated SSID which is VLAN’d off from the rest of my network with no Internet access. Only my HA server can talk to those devices.

+1 for ThirdReality. They’re a little pricey but I’ve generally had good luck with them.

I’ve also had pretty good luck with cheap Matter-over-wifi bulbs. Pairing them can be a little finicky and needs to go through an Android or iOS process, but after pairing you can block Internet access for them and they work great local-only.

There’s a bug in some wifi matter bulbs where they crash, especially when going from off to a desired brightness/color state (as in, “light on” works but “light to 50%, 3000K” will crash the bulb).

I don’t think you understand what local control of smart devices means…