I’m a syaadmin now, but self hosting nextcloud is what got me my first IT job. I now host a bunch of stuff (even email!), lemmy included.

how did you decide that you would like to self-host? I wanted my friends to play a cs1.6 map I had created.

dire problems, including those that accumulate over time

That’s not a thing. You create problems over time by experimening in what is, effectively, production load. If all you ever did was install any distro and kept it up to date - not much can break. Granted - shit happens, but it’s incredibly rare.

As an example - I’ve set up my mail server in May 2019. Chose archlinux, because I never wanted to go through a big upgrade. The only exta software installed there is mail-server related. Direct from the repos. I’ve become confident enough that now there’s a nightly cronjob to update the system with a hook to reboot if kernel or init gets updated.

In all those 5 a bit years I’ve had one issue where I hqd to revert a kernel update.

Another example is tang on an ubuntu server. This was at a previous workplace, but essentially it’s a piece of software from the repos. Originally installed on 16.04, has gone without reprovisioning all the way to 22.04. I’ve now left the company, but I hear it’s still running.

Upgrading an ubuntu desktop fleet with a myriad of custom software, on the other hand… let’s just not talk about it.

I’m not the best person to query about backups, but in your situation I would do the following, assuming both server and desktop run on BTRFS:

Have a script on the desktop that starts btrfs-receive and then notifies the server that it should start btrfs-send.

You can also do rsync if BTRFS is not a thing you use, but It would either be expensive storage wise, or you would only ever have 1 backup - latest.

I’m, using Nextcloud + KeePassXC (DX on android). Nextcloud part can, obviously, be replaced by another mechanism.

Wireguard works best for private traffic, but you can’t host a public site with that.

Of course you can! Nginx and wireguard on a VPS and actual services wherever you want.

If you can dedicate some time to constant keep up - pick a rolling distro. Doing major version upgrades has never not had problems for me. Every major distro has one.

My choice is Gentoo, but I’m weird like that. Having said that - my email server has been running happily on Arch for just over 5 years now.

The lemmy instance I host is on Debian testing - Gentoo was not available on DO - no issues so far.

Even when it’s mostly containers - why waste time every n years doing the big upgrade? Small change is always safer.

Is this the repo of the tool?

Never had a chance to give syncthing a shot, but nextcloud works very well. On top of that, if you ever want to ditch apple/google - it will also happily sync your contacts, calendar, etc, as well as more niche stuff like bike rides. It can become chonky, but that really depends on how much stuff you’re asking it to do.

Precision guesswork here, but I’ve had nginx (not on opnsense) redirecting me to the default host quite a few times recently - all times it was me cocking up its config. It could be that nginx is waiting for the actual target until it times out and then just gives a your opnsense gui as the most reasonable response.

I’d start checking its config. Or pasting it here, after removing secrets, it any.

Dunno, worked well for me. Give it a shot and see if anything needs to be disabled.

I’d been running OPNsense in a VM for some time. I used xen as a hypervisor, but that shouldn’t really be a requirement. Passed the nics through and it was golden! All the benefits of a VM - quick boot-up, snapshots on the hypervisor - it’s truly glorious :)

I don’t have your requirements, but nextcloud with Memories works well enough for me. Nextcloud does the file things, including auto upload from phones. Memories then displays those photos.

NFS comes to mind, naturally.

I remember some years ago scp had a big issue, can’t recall what, though. But that made me have a look at rsync, and I’ve been using that ever since. Flags are a bit atteocious, but I’ve aliases rsync -avz status=progress to copy and it’s been happy days. One other benefit - incremental copy. Helps in cases where a copy procedure had been stopped for whatever reason.

I did mean your android system. I’m not on jellyfin, yet, so not familliar with uts quirks.

Does importing the ca not help?

This is ridiculously good :D

What is a recommended SSD nowadays? I don’t really have a criteria other than avoiding the noise - sata works well enough for me.

I think this is the way!

Probably. Germany is having a bit of a fever with a fsr right party.

I didn’t add it to any lists, but to the network interface itself. You know the output of ip a? The one pihole listens on (wg0 in my case, because wireguard) has something like, say, 10.0.0.1, but also 8.8.8.8. So when a DNS packet is spit out by chromecast to go to 8.8.8.8 UDP port 53 - my pihole happily answers that request. You could also do a separate unbound instance on a new virtual interface with a quad8 ip and just forward everything to pihole, if you fancy.