What other projects are you working on?

[lBasket]

Free advice: In addition to your local backup, have a "cloud" backup as well. I use something called "iDrive", but there are others, including the heavily advertised Carbonite.

Thanks yeah! I keep reading about the "3-2-1" strategy, I think it's like "make 3 copies, across 2 storage types, and 1 off-site" or something like that. I have time to figure that out and it's just a bit of a pet project til I actually pull the plug on Photos, though I do want to get there.

 

[Zorba]

Thanks yeah! I keep reading about the "3-2-1" strategy, I think it's like "make 3 copies, across 2 storage types, and 1 off-site" or something like that. I have time to figure that out and it's just a bit of a pet project til I actually pull the plug on Photos, though I do want to get there.

You can NOT have too many backups. Back when I wrote code for a living, I had six, count them SIX copies of my code extant. One time I had to go all the way out to copy #6 to get my world recovered.

Offsite is great! When I worked IT, I had one client to religiously backed up her laptop to a portable USB drive. That she kept IN THE BAG with the laptop. The laptop was stolen. Megabytes of science data was lost - NOT a good thing. She had to reconstruct as best she could using incomplete secondary sources. That even included a poster she had made on the subject...

 

[WestCoastDan]

Finished up a few little projects on the Harley this week.
I had added some additional lighting and that meant cutting down the extraordinarily-long wiring harness that came with them and then routing wires under the tank etc.
Then, since I had it apart I finished the RGB, LED accent lighting that I have been putting off.
I think they came out great.

Today I think I'll work on the Cannondale. I need to replace the cassette on my 'new' rear wheel & mount my preferred GP5000 tires.
I also have new bar tape, but I think I'll wait to do this until I get a new set of cables since I'll have the old ones exposed.

 

[Tranz Zam]

Primer time!

 

[red02tj]

I am attempting to claw back some semblance of online privacy.

Then you may want to delete the photo on the second row all the way to the right.

 

[lBasket]

Then you may want to delete the photo on the second row all the way to the right.

Damn I'm an idiot.

 

[red02tj]

I will need to get a few more HDDs so that I can have a backup and setup the non-backup drives in a RAID setup. This way I don't lose the availability or security of what Photos offers me.

Not poking to be a jerk, but I spend a decent amount of my professional career managing this stuff. You’ve already identified you’ll need to run RAID for local drive protection.

Now you need a dedicated offsite backup incase you’ve got a catastrophic local event, like power, fire, etc, so either tapes or a second set of drives in a safety deposit box, and they need to be moved offsite on a regular basis.

Then you need to test those backups, at minimum monthly.

If you do go with an additional backup (which you should) and you use a commercial service like Idrive, Carbonite, etc you’ve essentially gone full circle.

Additionally, your screenshot shows you’re IP of 192.168.x.x. In it of its self, doesn’t mean anything, except you’re probably using the default settings of an off the shelf router. I hope as you configure your new open to the internet photos app, you’ve got appropriate firewalling, as well as VLAN if not physical separation of your now open to the public internet server. And don’t forget monitoring and alerting on the entire environment.

If you’ve got that level of commitment, Kudos. Otherwise, unless you’ve got a government level security clearance, taking reasonable precautions like strong and unique passwords, using private encryption keys wherever possible and using more than one cloud service like google photos and iPhotos is probably the more practical approach.

End Soapbox
Time for a bourbon.

 

[lBasket]

Not poking to be a jerk, but I spend a decent amount of my professional career managing this stuff. You’ve already identified you’ll need to run RAID for local drive protection.

Now you need a dedicated offsite backup incase you’ve got a catastrophic local event, like power, fire, etc, so either tapes or a second set of drives in a safety deposit box, and they need to be moved offsite on a regular basis.

Then you need to test those backups, at minimum monthly.

If you do go with an additional backup (which you should) and you use a commercial service like Idrive, Carbonite, etc you’ve essentially gone full circle.

Additionally, your screenshot shows you’re IP of 192.168.x.x. In it of its self, doesn’t mean anything, except you’re probably using the default settings of an off the shelf router. I hope as you configure your new open to the internet photos app, you’ve got appropriate firewalling, as well as VLAN if not physical separation of your now open to the public internet server. And don’t forget monitoring and alerting on the entire environment.

If you’ve got that level of commitment, Kudos. Otherwise, unless you’ve got a government level security clearance, taking reasonable precautions like strong and unique passwords, using private encryption keys wherever possible and using more than one cloud service like google photos and iPhotos is probably the more practical approach.

End Soapbox
Time for a bourbon.

Yeah, I do understand this is more work than "just paying someone to do it". But I think it's fun, it's pretty tangential to my career, and I get the "warm fuzzies" even if there might not be an appreciable difference in my security.

My setup is just my default starlink router, I'm waiting on an etherlink adapter (stupid gen 2 doesn't have any ethernet ports), and I want to try diving into PfSense for a virtualized router. I have done a bit in the past and I think it's fun to mess with KVM and VMs, I think I will try to do it all in Terraform this time though. I've already got some other routers that can just be used as a "dumb" access point. I do know I want/need to have VLANs - I've got some security cameras and a Roomba and that shits all from china so I don't want it to be on my normal network.

I'm no government official or important anything, so is it really something to worry about or rush to fix? Not really, just more "warm fuzzies".

Nothing I have is exposed to the wide internet yet, I honestly don't know 100% how I'm going to do that. I think the way to go is a VPN and a reverse proxy if I want to access anything else on the network, but I am in no rush to do that. I want to be more confident in all that before I expose anything. I just haven't gotten far enough to research that past "what should I lookup".

Eventually I want to do some things connecting my local server to clouds like Google or AWS. Halfway for the fun, halfway because I can get all the certs in the world from those platforms, but they will never compare directly to real world experience. So just having any kind of experience with the networking, proxies, VPNs, on-prem stuff will help me with work at the end of the day.

Plus maybe I have some cool website ideas that I'm not paying GKE type prices for, they can get pretty insane quickly for a hobbyist.

I've actually been reading about homelab setups for years, and have had my (admittedly fairly old) server and switch for a few as well. But I'm finally going to try to really dive into it.

 

[red02tj]

But I think it's fun, it's pretty tangential to my career, and I get the "warm fuzzies" even if there might not be an appreciable difference in my security.

Eventually I want to do some things connecting my local server to clouds like Google or AWS. Halfway for the fun, halfway because I can get all the certs in the world from those platforms, but they will never compare directly to real world experience. So just having any kind of experience with the networking, proxies, VPNs, on-prem stuff will help me with work at the end of the day.

In that case, 100% go for it. One of our standard interview questions is “tell me about your side project/homelab.” Guys that have a setup they like to tinker with and can talk about a personal project get way more consideration than “cert collectors”

 

[lBasket]

In that case, 100% go for it. One of our standard interview questions is “tell me about your side project/homelab.” Guys that have a setup they like to tinker with and can talk about a personal project get way more consideration than “cert collectors”

That's good to hear!! Hopefully it pays off then. But yeah it's also fun, just like how we get satisfaction out of building our Jeeps ourselves.

You guys have a good perspective then, I wasn't sure if anyone actually gave a crap about that kind of thing. I got my Masters and a cert and am working on another and like...... I wouldn't quite say they aren't useful. But man you learn way more by actually "doing", so many tiny details that you'll only really know when you bump into them and have to solve them yourself.

 

[PRNDL]

I am attempting to claw back some semblance of online privacy. This week I set up what is essentially a self-hosted open source version of Google Photos, it is called Immich. It's a pretty cool thing, runs in Docker, very easy to set up. It has a lot of the bells and whistles you'd expect from Photos, such as a similar mobile app that will sync with the server, machine learning so you can search by "people", a map for geotagged photos, etc. There is a demo on the website if you wanted to check it out.

It even looks very similar. (Yes I'm trying to sell that stupid infrared sauna)


Google actually makes it pretty easy to export everything from photos in .zip files using a service called Google Takeout, and Immich has a tool to consume its output. I only had like 80gb in there, but my server is on a 500mbps USB NIC until my StarLink ethernet adapter shows up. So... rsync is going to take a bit of time.

View attachment 589346

Since I paid for the annual 20$ of Photos storage a few weeks ago, I have time to run them both in tandem and make sure this serves my needs. I will need to get a few more HDDs so that I can have a backup and setup the non-backup drives in a RAID setup. This way I don't lose the availability or security of what Photos offers me.

Oh here we go. I'm a long time homelab-er. I've been running Immich for over a year now. I've completely disabled google photos backup and Immich is the primary photos app on my phone. I have it set up on all of the family devices too. In general, its been flawless. Do read the release notes every time before upgrading, they are good about listing breaking changes. I have broken my install a few times - thankfully I've always been able to recover. I've got it running on an SSD pool on my Unraid sever for speed and replicate offsite to a ZFS pool on a proxmox cluster. This year, I plan to set up encrypted backups to backblaze. I'm not 3-2-1 compliant, sure. but its better than shipping everything to google.

@red02tj is exactly right about everything he said, especially the bourbon. I started with a basic ISP modem/router and two HDDs 10 years ago. Now I'm on ubiquity gear, and an opnsense firewall and have 100TB of raw storage floating around. Start with what you have, just be aware of the risks and upgrade as you go.

Nothing I have is exposed to the wide internet yet, I honestly don't know 100% how I'm going to do that. I think the way to go is a VPN and a reverse proxy if I want to access anything else on the network, but I am in no rush to do that. I want to be more confident in all that before I expose anything. I just haven't gotten far enough to research that past "what should I lookup".

Look into Tailscale. It will change your life. Zero services exposed to the public internet. It creates a private, mesh, peer-to-peer network built on the wireguard vpn. Its free for up to 100 devices. I have a ton of stuff running on it and im no where near the limit. I was running a few local (vlan isolated) services over a reverse proxy/cloudflare to access them over the internet, but recently converted everything to tailscale and closed up my firewall completely. It really is magic.

I've been listening to the Self Hosted Show since covid. Its a great resource for home lab inspiration. I've recently set up SearXNG (i think you say it "searching"), a privacy focused local search engine based on their recommendation.

I'm into this stuff. Would love to help if you need anything.

 

[red02tj]

tailscale is good stuff! I’m also a fan of RaspberryPis, the newer ones have come a long way in terms of compute performance & it’s so easy to swap in another SSD/USB drive for another project.

Also checkout AWS Lightsail, it’s a more budget/tinker friendly option and easier to navigate than the sometimes overwhelming AWS console.
Amazon Lightsail offers easy-to-use virtual private server (VPS) instances, containers, storage, databases, and more at a cost-effective monthly price.
https://aws.amazon.com/lightsail/?tag=wranglerorg-20

 

[1o1proof]

Primer time!

View attachment 589489View attachment 589490View attachment 589491View attachment 589492View attachment 589493

Ant details, or did I miss it. I’m a sucker for early trans am/firebirds!

 

[ColoJeep]

Oh here we go. I'm a long time homelab-er. I've been running Immich for over a year now. I've completely disabled google photos backup and Immich is the primary photos app on my phone. I have it set up on all of the family devices too. In general, its been flawless. Do read the release notes every time before upgrading, they are good about listing breaking changes. I have broken my install a few times - thankfully I've always been able to recover. I've got it running on an SSD pool on my Unraid sever for speed and replicate offsite to a ZFS pool on a proxmox cluster. This year, I plan to set up encrypted backups to backblaze. I'm not 3-2-1 compliant, sure. but its better than shipping everything to google.

@red02tj is exactly right about everything he said, especially the bourbon. I started with a basic ISP modem/router and two HDDs 10 years ago. Now I'm on ubiquity gear, and an opnsense firewall and have 100TB of raw storage floating around. Start with what you have, just be aware of the risks and upgrade as you go.


Look into Tailscale. It will change your life. Zero services exposed to the public internet. It creates a private, mesh, peer-to-peer network built on the wireguard vpn. Its free for up to 100 devices. I have a ton of stuff running on it and im no where near the limit. I was running a few local (vlan isolated) services over a reverse proxy/cloudflare to access them over the internet, but recently converted everything to tailscale and closed up my firewall completely. It really is magic.

I've been listening to the Self Hosted Show since covid. Its a great resource for home lab inspiration. I've recently set up SearXNG (i think you say it "searching"), a privacy focused local search engine based on their recommendation.

I'm into this stuff. Would love to help if you need anything.

Now I know what people feel like when I talk about Classic Cars.

 

[lBasket]

Oh here we go. I'm a long time homelab-er. I've been running Immich for over a year now. I've completely disabled google photos backup and Immich is the primary photos app on my phone. I have it set up on all of the family devices too. In general, its been flawless. Do read the release notes every time before upgrading, they are good about listing breaking changes. I have broken my install a few times - thankfully I've always been able to recover. I've got it running on an SSD pool on my Unraid sever for speed and replicate offsite to a ZFS pool on a proxmox cluster. This year, I plan to set up encrypted backups to backblaze. I'm not 3-2-1 compliant, sure. but its better than shipping everything to google.

Nice!! Great to hear some real world experience. It does seem very easy to use and good to hear it works for people other than who set it up.

@red02tj is exactly right about everything he said, especially the bourbon. I started with a basic ISP modem/router and two HDDs 10 years ago. Now I'm on ubiquity gear, and an opnsense firewall and have 100TB of raw storage floating around. Start with what you have, just be aware of the risks and upgrade as you go.


Look into Tailscale. It will change your life. Zero services exposed to the public internet. It creates a private, mesh, peer-to-peer network built on the wireguard vpn. Its free for up to 100 devices. I have a ton of stuff running on it and im no where near the limit. I was running a few local (vlan isolated) services over a reverse proxy/cloudflare to access them over the internet, but recently converted everything to tailscale and closed up my firewall completely. It really is magic.

I've been listening to the Self Hosted Show since covid. Its a great resource for home lab inspiration. I've recently set up SearXNG (i think you say it "searching"), a privacy focused local search engine based on their recommendation.

I'm into this stuff. Would love to help if you need anything.

Cool you're way farther into it than me!! I have read good things about Tailscale - I think the other one I read a lot of good things about was Caddy, although I'm not 100% they serve the same purpose yet. In all reality I don't have a huge need to access it from outside my house yet, I'm a bit of a hermit LOL. Although it'll be good to have it ready by the Moab trip so I don't lose pics if I break my phone, I suppose.

I'll definitely be putting SearXNG in my research to-do list! Thanks for the idea, it would be really cool to have a search engine of your own that isn't monetized. Didn't really know that was even a thing!

Good to know there are others doing this on the forum!! My next step is/was going to be pi-hole. I think there is some other similar thing that goes along with PfSense, so we'll see which which I do first. I want these ads out of my damn house.

 

[lBasket]

tailscale is good stuff! I’m also a fan of RaspberryPis, the newer ones have come a long way in terms of compute performance & it’s so easy to swap in another SSD/USB drive for another project.

Also checkout AWS Lightsail, it’s a more budget/tinker friendly option and easier to navigate than the sometimes overwhelming AWS console.
Amazon Lightsail offers easy-to-use virtual private server (VPS) instances, containers, storage, databases, and more at a cost-effective monthly price.
https://aws.amazon.com/lightsail/?tag=wranglerorg-20

When I was getting into this, it was during that period when you couldn't get any of the pi models anymore. I don't remember when that was. I ended up with a Dell R710. Old, big, loud, and power hungry LOL. But it's also kinda cool to be able to support 288gb of RAM even if it's not really that fast anyways. It's not that slow, either though. Luckily the super expensive commercial Xeon processors back then are somewhat comparable to relatively cheap consumer grade hardware of today. Or a few years ago, anyway.

 

[PRNDL]

Nice!! Great to hear some real world experience. It does seem very easy to use and good to hear it works for people other than who set it up.

Cool you're way farther into it than me!! I have read good things about Tailscale - I think the other one I read a lot of good things about was Caddy, although I'm not 100% they serve the same purpose yet. In all reality I don't have a huge need to access it from outside my house yet, I'm a bit of a hermit LOL. Although it'll be good to have it ready by the Moab trip so I don't lose pics if I break my phone, I suppose.

I'll definitely be putting SearXNG in my research to-do list! Thanks for the idea, it would be really cool to have a search engine of your own that isn't monetized. Didn't really know that was even a thing!

Good to know there are others doing this on the forum!! My next step is/was going to be pi-hole. I think there is some other similar thing that goes along with PfSense, so we'll see which which I do first. I want these ads out of my damn house.

Pihole is great. I've been running it for years, ironically never on a raspberry pi. I'm running it in an LXC container on proxmox.

I think Caddy is a reverse proxy, not a VPN. I do hear great things about Caddy though. I've used Nginx Proxy Manager and Traefik as well.

Tailscale cuts out all that noise of needing to mess with proxies, firewalls, dns, etc. Without any additional setup, hardware, or cost, you can have tailscale issue SSL certificates for your services/devices/machines. For example, on my tailnet, Immich is accessible at https://immich.ruffe-repeater.ts.net. Thats my actual url. I can share it because its only accessible if you're logged in to my tailnet. "ruffe-repeater" is randomly generated by tailscale. On my network, I can still access it directly using the IP and port too. Its all super cool.

When I was getting into this, it was during that period when you couldn't get any of the pi models anymore. I don't remember when that was. I ended up with a Dell R710. Old, big, loud, and power hungry LOL. But it's also kinda cool to be able to support 288gb of RAM even if it's not really that fast anyways. It's not that slow, either though. Luckily the super expensive commercial Xeon processors back then are somewhat comparable to relatively cheap consumer grade hardware of today. Or a few years ago, anyway.

lol an R710 is awesome. I couldn't find a good place for a big rack server. I've got one desktop tower as my main storage server and lately I've been getting into smaller, more efficient boxes. I have three 1 liter Lenovo M720q sff boxes and just recently I bought an Odroid H4+.

Ok, thats enough crazy from me for now. I can really get going on this stuff if you poke me.

 

[Cheesy]

Now I know what people feel like when I talk about Classic Cars.

Yeah, there's this 'WHOOSH" going over my head.

Carry on.

 

[lBasket]

Pihole is great. I've been running it for years, ironically never on a raspberry pi. I'm running it in an LXC container on proxmox.

Cool yeah I was thinking about something similar to that! But then when I got into reading about PfSense I saw some mention of it having a similar offering that is easier to package together. Something like that LOL.

I think Caddy is a reverse proxy, not a VPN. I do hear great things about Caddy though. I've used Nginx Proxy Manager and Traefik as well.

Tailscale cuts out all that noise of needing to mess with proxies, firewalls, dns, etc. Without any additional setup, hardware, or cost, you can have tailscale issue SSL certificates for your services/devices/machines. For example, on my tailnet, Immich is accessible at https://immich.ruffe-repeater.ts.net. Thats my actual url. I can share it because its only accessible if you're logged in to my tailnet. "ruffe-repeater" is randomly generated by tailscale. On my network, I can still access it directly using the IP and port too. Its all super cool.

Okay yeah this is cool! I'll definitely be looking into this! Sounds super convenient. Using nginx is more so "doing it manually" right? I like to try to start there to understand what's going on but we'll see if I am that motivated.

lol an R710 is awesome. I couldn't find a good place for a big rack server. I've got one desktop tower as my main storage server and lately I've been getting into smaller, more efficient boxes. I have three 1 liter Lenovo M720q sff boxes and just recently I bought an Odroid H4+.

Ok, thats enough crazy from me for now. I can really get going on this stuff if you poke me.

Haha yeah I mean they're super cheap I think I paid like 200$ for it with 88gb ram and the dual processors. But yeah it is big and inefficient. I have a kill-a-watt coming and my thinking is if I get to a point where I'm actually using it and running it all day, I'll be able to use that to justify buying new hardware that draws less power. Anything to justify new toys

 

[Tranz Zam]

Ant details, or did I miss it. I’m a sucker for early trans am/firebirds!

It's a numbers matching 70 RAIII 4 speed Trans Am. Sold new in Boston at Village Pontiac on Comm Ave.

It's white on bright blue interior. It's been a labor of love for years now. Finally seeing the light at the end of the tunnel!