Oh, routing, I remember watching an “off site back up” video where they set up IP tables, or IP forwarding, or some such, so when their parents tried to access jellyfin locally it was routed over tailscale. Maybe I’m misremembering though, I’m not confident enough to start thinking about it seriously, so I logged it as “that’s possible” and moved on.

That way I just have to keep one instance of jellyfin/immich/etc up to date. It’s all a bit beyond my ken currently but it’s the way I’m trying to head. At least until I learn a better way.

Ideally, I give someone a pi all set up. They plug it in go to service.domain.xyz and it routes to me. Or even IP:Port would be fine, I’ll write them down and stick it to their fridge.

My parents and I run each others’ off-site back up (tailscale-syncthing), but their photo and media services are independent from mine. I just back up their important data, and they return the favour, but we can’t access or share anything.

Guides like yours are great for showing what’s possible. I often find myself not knowing what I don’t know so don’t really know where to start learning what I need to learn.

What a write up, thank you for documenting this.

I understand a lot of people in this hobby do it professionally too, so a lot is assumed to be common knowledge us outsiders just don’t have.

While my system of using tailscale’s magic dns to use lxc:port works fine for my fiancée and I, expanding this a family wide system would prove challenging.

So this guide is next step. I could send my fiancée to <home.domain.xyz> and it’ll take her to homarr, or <jellyseerr.domain.xyz>

The ultimate dream would be to give family members a pi zero and a <home.domain.xyz> and then run a family jellyfin/immich.

I remember Watchtower helpfully stopping Pihole before pulling the new image when I only had the one instance running… All while I was out at work with the fiancée on her day off. So many teaching moments in so little time.

As a beginner in self hosting I like plugging the random commands I find online into a llm. I ask it what the command does, what I’m trying to achieve and if it would work…

It acts like a mentor, I don’t trust what it says entirely so I’m constantly sanity checking it, but it gets me to where I want to go with some back and forth. I’m doing some of the problem solving, so there’s that exercise, it also teaches me what commands do and how the flags alter it. It’s also there to stop me making really stupid mistakes that I would have learned the hard way without.

Last project was adding a HDD to my zpool as a mirror. I found the “attach” command online with a bunch of flags. I made what I thought was my solution and asked chatgpt. It corrected some stuff: I didn’t include the name of my zpool. Then gave me a procedure to do it properly.

In that procedure I noticed an inconsistency in how I was naming drives vs how my zpool was naming drives. Asked chat gpt again, I was told I was a dumbass, if thats the naming convention I should probably use that one instead of mine (I was using /dev/sbc and the zpool was using /dev/disk/by-id/). It told me why the zpool might have been configured that way so that was a teaching moment, I’m using usb drives and the zpool wants to protect itself if the setup gets switched around. I clarified the names and rewrote the command, not really chatgpt was constantly updating the command as we went… Boom I have mirrored my drives, I’ve made all my stupid mistakes in private and away from production, life is good.

You gotta TAWK TUAH to get to know 'er.

When I get tired of trends I take it as signal to get off social media for a bit. Lemmy’ll still be here when I get back, I scroll too much as it is.

Cheers

My unbound is on v1.13.1 (Raspbian) after update/upgrade. I’ve read it lags behind the main release by alot, should I trust the process that everything is fine.

Ah, I knew it was bypassing the pi-hole, I thought it was IPv6. I think I made the mistake of changing more than one thing at once, what I did worked and I moved on to the next functionality I was chasing. I’ll try enabling IPv6 on the pihole, I know at least if I get Ads with it on its not IPv6.

You have cleared up a lot of misconceptions for me, I have not been port forwarding, I have not learned how yet. I think I’m good. I don’t mind breaking functional stuff, and have a lot already, but I really don’t want to explain to my fiancée that the reason someone is in her bank is because I wanted to watch Samurai Jack.

I have been keeping it as insular as possible for this reason, and the next thing I intent to learn is to make it more insular by putting the pi on a subnet of its own. Actually, thank you for writing that up. I have been actively resisting using people for IT support, as I know it takes time. I have been trying to find everything I can, there isn’t much or what there is assumes knowledge I don’t have.

There’s a comment with a list of stuff to do that I’ve saved. So I’ll probably start knocking that out one by one.

When it was active I was getting ads. I disabled the pi-hole registered an increase in traffic and there were no more ads. I don’t know why. It’s working as it is and I’ll tinker when I know more.

That’s a relief. Thank you.

Both pi’s have static IPs.

I asked the *arrs to talk to each other, and when they didn’t work (and only when they didnt work) I "ufw allow"ed the relevant port.

I just want to patch up my firewall layer as best I can, and then start building security layers on top/below it as I learn how.

So I told Sonarr that qBit it at 192.168…:port. The test failed, “ufw allow port”, then the test passed. Could I instead have told Sonarr qBit is at 172.18…:port(dockers network address) and then close up the firewall. Or can I set them all to “ufw limit”. Or set the firewall to only allow local local traffic… You get the idea, I know enough to be dangerous but not enough to ask the right questions.

I don’t know, what’s more I don’t know how to check.Which ever most likely?

ISP plastic box didn’t allow custom DNS, I disabled DHCP and IPv6. On pihole I enabled DHCP with IPv6 disabled.

I know, I know enough to be dangerous now, and I’m trying to get the system through my dangerous phase. I don’t think I know enough to ask intelligent questions yet…

ISP modem. I have a pi3 running pihole-dhcp-unbound, ufw and log2ram.

My system is a pi4 running *arrs, qBit, fail2ban, portainer in docker and ufw for now. Use case is: via mobile phone access *arrs, let them do their things and manually play files via hdmi or move files via thumbdrive. I was thinking giving up the phone access to put them on their own network, but subnets are beyond my ken for now.

Hoping to increment my security, and then the system as my skills develop.

Edit, qBit and prowlarr are behind gluetun set up for mullvard. I’m in the UK so had to put the indexer behind a VPN. UFW

Just trying to keep outside/malicious actors from entering my stuff while also bring able to use my stuff. More safer is more better, but I’m trying to balance that against my poor technical ability.

My priority list is free>easy>usable>safe. Using UFW seemed to fit, but you’re right, punching holes in it defeats the purpose Which is why I wanted to only allow local network and have only the necessary ports open. You have given me lots of terms to Google as a jumping off point so thank you.

Current obstacle: dockstarter qbittorrent immediately flips torrent to ‘errored’. Edit to current progress. Bottom left has “free space: unknown” so I think it’s a storage issue. sudo lsblk" has sdb1 mounted to /mnt/hdd correctly I think. The “storage” volume in Portainer is set to /mnt/hdd so I think that’s correct. The storage in qbit is set correctly as well I think, /data/torrents. I think I’ve set permissions to allow things to happen to the HDD “sudo chmod 777 /mnt/hdd” on the Pi’s cli. I dont kmow if I was supposed to gove docker those permissions somehow, I haven’t been smart enough to find anything in any documents.

Yay learning

Matches my experience. It doesn’t matter what guide I’m following, I seem to have to troubleshoot every other step. On the plus side, stumbling over every obstacle possible has been a great learning experience and I am primarily doing this as an exercise… Fuck me would I like something to just work though.

Thank you.

I am sorry, I am but a worm just starting Docker and I have two questions.

Say I set up pihole in a container. Then say I use Pihole’s web UI to change a setting, like setting the web UI to the midnight theme.

Do changes persist when the container updates?

I am under the impression that a container updating is the old one being deleted and a fresh install taking its place. So all the changes in settings vanish.

I understand that I am supposed to write files to define parameters of the install. How am I supposed to know what to write to define the changes I want?

Sorry to hijack, the question doesn’t seem big enough for its own post.