With containers, most will have a persistent volume that is mapped to the host filesystem. This is where your config data is. When you update a container, just the image is updated(pihole binaries) but it leaves the config files there. Things like your block lists and custom dns settings, theme settings, all of that will remain.

They make a pill for that…

I’ve been really happy with fedora, specifically the KDE spin. Looks amazing and a lot of things just work.

I’m a sysadmin and we are in the very early stages of rolling out windows 11 to our users. Windows is windows, but I just can’t help but have observations that windows 11 looks like KDE did maybe 10 years ago? It’s like a badly themed linux distro from 2015…

Can’t speak for OP but I can say that I switched to proxmox from just running docker and services native. Proxmox offers a lot of flexibility, you can do snapshots, build many different LXC containers very easily, to keep things separate or have better control over resource usage. Also I run mine in a 3 node cluster so I can do live migration of VMs and pretty quick migrations of LXC containers. This all allows me to run my services with little to no downtime and have redundancy.

This looks really cool. Any recommendations on clients(speakers)? I have a couple of older raspberry pies I could use if as remote speakers, but I’d need a few more.

What are you using for client devices?

I’m coming back to linux as a main desktop, finally ditching windows (again). I tried out fedora workstation and the fedora KDE spin. KdE looks so good now, before i atteibuted it to a windows wanna-be knock off. This was back in the windows xp days… now it looks so polished. I probably prefer it to gnome because I’ve been a windows user for so long but gnome is nice with its minimal approach, looks nice and clean. Can’t get away from how nice KDE looks though, I’m going to stick with that I think.

I host vaultwarden at home. No real need for a vps since your passwords are synced to your phone or laptop(whatever client you’re using) and you can just sync it when you’re home if you make changes, or setup a VPN (I use wireguard) and sync on demand when needed.

That said, I do sync my database to a vps for dr purposes incase my home server suddenly vanishes… for critical services I follow a 3-2-1 backup rule but it’s not absolutely essential.

I run pihole on a proxmox cluster (lxc containers), 2 separate IPs and I setup keepalived and made the virtual IP the primary dns ip that my dhcp server hands out, pihole1 is the master and pihole2 secondary. I use gravity sync to keep both piholes in sync. Works very well and I can reboot one at a time without losing dns at all. Techno tim on YouTube has a guide on how to setup keepalived on 2 pihole servers that helped me set it up.

I’m not very familiar with kubernetes or k3s but I thought it was a way to manage docker containers. Is that not the case? I’m considering deploying a k3s cluster in my proxmox environment to test it out.

Not sure what you’re looking for, like a cloud mounted file system that’s encrypted? I’ve used fuse s3fs before which is like mounting a s3 bucket to a mount point on the local server, it supports encryption as well.

If you’re looking for a Dropbox like experience you may want something like nextcloud, not sure if it supports client side encryption though.

here is a good video on how to do it: https://piped.video/watch?v=qlcVx-k-02E

pretty much exactly what you’re trying to do.

How is that currently plugged in to your odroid? You’ll face similar limitations with beelink or intel nucs. Those small form factor pcs generally don’t support 3.5inch hdds. Most can fit a single 2.5incch ssd.

So the opening of ports works, but it’s not the most secure or best way to do it imo… what happens is the certbot registers with letsencrypts api and attempts to request a cert via http challenge, it then hosts a small website with a code from letsencrypt to prove that you do in fact own the domain and are who you say you are. Let’s encrypt then goes to the url, verifies it sees the text, and issues a cert to the certbot. The problem here is you have to open these ports to the internet, and they need to be open when certificates are renewed (let’s encrypt only issues a 90 day cert)… if you want to leave those ports open that’s not exactly a safe practice, and manually doing it every 3 months is less than ideal…

With dns challenge, the certbot uses the api of your dns provider (cloudflare or porkbun), the process is similar, it talks with letsencrypt, let’s encrypt gives it a string and a dns record it expects to see, then certbot talks to your dns, makes a txt record with the string provided, then let’s encrypt checks for that dns record, if it finds it, it issues a cert to the certbot. In this scenario, certbot is connecting out to your dns provider and making the record for you, no opening of ports. And if you leave the api key active, it will auto renew on a schedule so you don’t have to really worry about it.

I highly recommend looking into dns challenge some more, watch some videos on it there are lots on YouTube.

As for the dns record, not sure if it’s not allowing the wildcard record or what but I wouldn’t use *.example.com, make an entry for the actual host/service you are hosting, like portainer.example.com.

I needed something for compute not really storage, regardless these hp’s have two nvme slots, and an optional ssd tray (lower modules come with the ssd, these did not have the tray but can buy separately if needed) so the storage upgradeability is pretty good.

I like the “1 liter PCs/home servers” for this kind of stuff. I have a 3 node proxmox cluster running on hp elitebook mini 800 g4’s. I got them for around $120 each on ebay (prices vary). Other big manufacturers have their own mini modules (hp, lenovo, dell) Generally these have a lower price tag than something like a similar generation intel nuc because it’s less of a niche market, these are used in business office environments and usually sold used pretty cheap when hardware is refreshed or businesses are closed. You can find replacement parts easily also. Just make sure they include a power adapter if you do search for one.

Mine are running i5-8500t processor which supports Intel quicksync and performs very well for video transcoding in plex. Should easily be able to do a couple of 4k transcodes easily. If you’re not interested in running proxmox, this would run OMV easily and have plenty of power to run lots of containers.

I use nginx proxy manager with dns challenge to get a *.example.com cert that I then use to host services internally. I just checked, it supports dns challenge for porkbun, you may want to give it a try again. Also, you shouldn’t really need to forward dns to duckdns. You can have public dns records point to an internal ip.

This is what I do, I have example.com (dns registered with cloudflare but should work the same with porkbun) I then create an a record for portainer.example.com to 192.168.0.5.

Internally my nginxproxymanager is running at 192.168.0.5 and portainer is running at https://192.168.0.6:9443

Then in nginxproxymanager I create a dns challenge (you’ll have to look up some videos on how to do this, it’s not very difficult it usually just takes a api key and secret key) then I create a new proxy host for portainer.example.com pointing to https://192.168.0.6:9443 and you select the *.example.com as your ssl cert for the proxy host

Now internally go to https://portainer.example.com and it should work.

I use it to send backups to backblaze b2 also, it works very well for me.

That’s fair, we should all test our backups from time to time. I haven’t had any issues over the years with it though i’ve never had to rely on it for a full restore.