You shouldn’t have any user home for your services, you shouldn’t even allow them to login at all. They should only have group access to resources they need, and containers should restrict what directories they have access to.

Companies don’t typically host multiple containers on the same host. So having a different user for them is less important than securing the connection between machines, since a given biat isn’t particularly interesting. Attackers will still try to break out, so they have a backup.

As a self-hoster, you typically do the opposite. You run multiple services on the same host, and the internal network isn’t particularly secure. So you should be focusing more on mitigating issues, and having each service run as an unprivileged user is one fairly easy way to do that.

1. openSUSE Tumbleweed
2. 5+ years; Arch for 5+ before that
3. A few times per year? Then again, I do check ProtonDB before all starting most games just in case (i.e. before buying or while installing).
4. Nvidia was annoying a few times per year, but now I upgraded to an AMD card and no issues since.

Yeah, no worries! I like the idea of Aeon, I just had some trouble with it. I’ll see how the next few months go.

Yup, my first NAS was my first desktop PC, and I’ve upgraded it as I upgraded my desktop. My current NAS is still running my original Linux install, and currently has a Ryzen 1700 and Nvidia 750 Ti… Y desktop has a Ryzen 5600 and an AMD 6650XT, and I’ll upgrade my NAS to that when I upgrade my desktop.

I’ve been using Aeon since March or so this year, and I have a love/hate relationship with it. I don’t know if it’s my old hardware (AMD 3500U from ~2017), or if it’s a more common experience, but I’ve had to mess with the recovery key about 5 times (which is a super long, random key that i have to type from a picture), which is ridiculous IMO. Some updates trigger an SELinux check, which locks up boot for something like 10 minutes when it triggers, and given my use of my machine, I have to sit through it. That sucks.

I’m still using it on my laptop, but I’m not going to switch my Tumbleweed desktop to it because there has been just enough friction to bother me and I’d end up breaking the whole point of the system to fix it (e.g. I dislike bash as the default shell, distro-enter doesn’t do some important things, etc).

If the encryption key thing is just my hardware, I think it’s fine for most people. But if it’s as common as it was for me, I can only recommend it to power users, and those would be better off with Tumbleweed anyway.

So yeah, I think it’s a cool idea, but it needs something to help ease the friction of working with it.

If you have old parts, use those, it’ll probably overkill. Most server stuff isn’t very resource intensive, so a little goes a long way.

If you’re buying something new, I’d recommend something small, like a Mini PC or an N100 rig. 16GB RAM is probably enough, and anything with more than 4 cores is probably overkill. A dedicated GPU is unnecessary, something with a modern-ish iGPU will be plenty to transcode video.

RX6650 XT, everything works fine on my Linux desktop (Tumbleweed), my SO had had some issues on Windows with the 6700XT, but they run games in the background almost 24/7, so it could just be a heat issue in the ITX case.

Nice!

I self host Minecraft on our LAN so my kids can play together, and it’s super nice.

I look at what services I use and see if I can replace any of them w/ a self-hosted solution. Rinse and repeat.

Looking for more stuff to host will just overcomplicate things. I instead try to look for ways to consolidate services down.

It’s Debian based:

The 64-bit version is built directly from Debian for the arm64 platform, while the 32-bit version is derived from Raspbian, a customized Debian variant created in 2012 for the original Raspberry Pi.

The SOC also isn’t fully open, so you won’t get top tier performance with a purely FOSS stack. I push the limits on mine (Retropie mostly), so using their OS is the better bet (I use the one shipped by Retropie, which is super old).

I actually kinda hate the Raspberry Pi because of how closed it is. It’s gotten a bit better over the years, but the Pi 5 took a big step back. But unfortunately, its competitors aren’t much better, so I still use my RPis, but I probably won’t buy more.

I’m also not a fan of Debian in general, so if I switched, I would probably use openSUSE or Arch instead (I tried Arch, but it had issues syncing to disk after updates; they fixed that, but it shows that other distros will be a bit wonky). Raspbian works, so I stick with it.

Yup.

It’s pretty fun, and I think the studio that made it is located near me.

Nowhere near as big as yours. I haven’t bothered checking, but probably something like 100 movies and about the same number of TV shows (only a handful of series). It consists pretty much only of what I’ve ripped from physical media, plus a handful of things my SO uploaded. Total storage is about 2TB, and mostly DVDs w/ a handful of Blurays. Rips are full quality, and mostly ripped from MakeMKV, with a handful ripped w/ Handbrake.

We don’t watch a ton, but I do order new stuff periodically, so it slowly grows (most recent addition is Adventure Time).

Yeah, I always run Raspbian. It’s stable and let’s me largely forget about it.

Or just close off the most common vectors, such as disabling root ssh login, doing key-only SSH auth, and block traffic from regions of the world you don’t need to support.

Yup, we don’t have IPv6, so we’d need a VPN or something to do that.

Mine is a 3500U, which is pretty great for what I paid for it.

Nice!

Mine probably can’t run Skyrim, but I’m surprised what my 8yo laptop w/ a Ryzen APU can still run.