I am finally making the push to self host everything I possibly can and leave as many cloud services as I can.

I have years of linux server admin experience so this is not a technical post, more of an attempt to get some crowd wisdom on a complex migration.

I have a plan and have identified services i would like to implement. Take it as given that the hardware I have can handle all this. But it is a lot so it won’t happen at once.

I would appreciate thoughts about the order in which to implement services. Install is only phase one, migration of existing data and shaking everything down to test stability is also time consuming. So any insights, especially on services that might present extra challenges when I start to add my own data, or dependencies I haven’t thought of.

The list order is not significant yet, but I would like to have an incremental plan. Those marked with * are already running and hosting my data locally with no issues.

Thanks in advance.

Base system

  • Proxmox VE 8.3
    • ZFS for a time-machine like backup to a local hdd
    • Docker VM with containers
      • Home Assistant *
      • Esphome *
      • Paperless-ngx *
      • Photo Prism
      • Firefly III
      • Jellyfin
      • Gitea
      • Authelia
      • Vaultwarden
      • Radicale
      • Prometheus
      • Grafana
  • JASN_DE@lemmy.worldEnglish
    1·
    5 months ago

    Authelia

    Think about implementing this pretty early, if your plan is to use it for your own services ( which I’d assume).

    • meyotch@slrpnk.netOPEnglish
      0·
      5 months ago

      You are correct that I will be using it only for internal authentication. I want to get away from my bad habit of reusing passwords on internal services to reduce pwnage if mr robot gets access ;)

      Any experience on how authelia interacts with vaultwarden? They seem sympatico but should I install them in tandem? Would that make anything easier?

      • tofuwabohu@slrpnk.netEnglish
        1·
        5 months ago

        No, but Vaultwarden is the one thing I don’t even try to connect to authentik so a breach of the auth password won’t give away everything else

        • Appoxo@lemmy.dbzer0.comEnglish
          0·
          5 months ago

          May I ask why you’d want to selfhost bitwarden if the free hosted version is almost as good aside from the few unimportant paid perks?

            • Appoxo@lemmy.dbzer0.comEnglish
              0·
              5 months ago

              But you mention having vaultwarden and not connecting it to authentik. So you basically have bitwarden selfhosted.

              • tofuwabohu@slrpnk.netEnglish
                0·
                5 months ago

                Yes, but I don’t plan to host bitwarden. I was referring to op’s question regarding vaultwarden+auth. Sorry, I think I can’t follow you

                • Appoxo@lemmy.dbzer0.comEnglish
                  0·
                  5 months ago

                  No, but Vaultwarden is the one thing I don’t even try to connect to authentik

                  Implying you have it deployed in active use, no?

  • Nouveau_Burnswick@lemmy.worldEnglish
    1·
    5 months ago

    I’d recommend migrating one service at a time (install, migrate, shake down; next service).

    Either prioritize what you want declouded the most, or start with the smallest migration and snowball bigger.

  • just_another_person@lemmy.worldEnglish
    1·
    5 months ago

    The biggest thing I’m seeing here is the creation of a bottleneck for your network services, and potential for catastrophic failure. Here’s where I forsee problems:

    1. Running everything from a single HDD(?) is going to throw your entire home and network into disarray if it fails. Consider at least adding a second drive for RAID1 if you can.
    2. You’re going to run into I/O issues with the imbalance of the services you’re cramming all together.
    3. You don’t mention backups. I’d definitely work that out first. Some of these services can take their own, but what about the bulk data volumes?
    4. You don’t mention the specs of the host, but I’d make sure you have swap equal to RAM here if youre not worried about disk space. This will just prevent hard kernel I/O issues or OOMkills if it comes to that.
    5. Move network services first, storage second, n2h last.
    6. Make sure to enable any hardware offloading for network if available to you.
    • corsicanguppy@lemmy.caEnglish
      1·
      5 months ago

      Are both immich and photoprism container-dependent, or just immich?

      (If they fail 27002, they’re a hard no for me).

    • meyotch@slrpnk.netOPEnglish
      0·
      5 months ago

      I would like to hear a bit more about the main differences. I tried immich first on a resource constrained system and it was a real pig naturally. PhotoPrism seems to be less resource intensive, but my new AMD Ryzen 7 mini pc is also a lot more powerful than a pi 4.

      Im willing to go either way and this one will probably be near the bottom of the list anyway, so I have time to learn more and perhaps change my mind.

      • non_burglar@lemmy.worldEnglish
        1·
        5 months ago

        Photoprism is less “resource intensive” because it’s offloading face detection to a cloud service. There are also many who don’t like the arbitrary nature of which features photoprism paywalls behind its premium version.

        If you can get past immich’s initial face recognition and metadata extraction jobs, it’s a much more polished experience, but more importantly it aligns with your goal of getting out of the cloud.