I am finally making the push to self host everything I possibly can and leave as many cloud services as I can.
I have years of linux server admin experience so this is not a technical post, more of an attempt to get some crowd wisdom on a complex migration.
I have a plan and have identified services i would like to implement. Take it as given that the hardware I have can handle all this. But it is a lot so it won’t happen at once.
I would appreciate thoughts about the order in which to implement services. Install is only phase one, migration of existing data and shaking everything down to test stability is also time consuming. So any insights, especially on services that might present extra challenges when I start to add my own data, or dependencies I haven’t thought of.
The list order is not significant yet, but I would like to have an incremental plan. Those marked with * are already running and hosting my data locally with no issues.
Thanks in advance.
Base system
- Proxmox VE 8.3
- ZFS for a time-machine like backup to a local hdd
- Docker VM with containers
- Home Assistant *
- Esphome *
- Paperless-ngx *
- Photo Prism
- Firefly III
- Jellyfin
- Gitea
- Authelia
- Vaultwarden
- Radicale
- Prometheus
- Grafana
swap Photoprism with Immich. Its a lot better imo
Are both immich and photoprism container-dependent, or just immich?
(If they fail 27002, they’re a hard no for me).
I would like to hear a bit more about the main differences. I tried immich first on a resource constrained system and it was a real pig naturally. PhotoPrism seems to be less resource intensive, but my new AMD Ryzen 7 mini pc is also a lot more powerful than a pi 4.
Im willing to go either way and this one will probably be near the bottom of the list anyway, so I have time to learn more and perhaps change my mind.
Photoprism is less “resource intensive” because it’s offloading face detection to a cloud service. There are also many who don’t like the arbitrary nature of which features photoprism paywalls behind its premium version.
If you can get past immich’s initial face recognition and metadata extraction jobs, it’s a much more polished experience, but more importantly it aligns with your goal of getting out of the cloud.
Authelia
Think about implementing this pretty early, if your plan is to use it for your own services ( which I’d assume).
You are correct that I will be using it only for internal authentication. I want to get away from my bad habit of reusing passwords on internal services to reduce pwnage if mr robot gets access ;)
Any experience on how authelia interacts with vaultwarden? They seem sympatico but should I install them in tandem? Would that make anything easier?
No, but Vaultwarden is the one thing I don’t even try to connect to authentik so a breach of the auth password won’t give away everything else
May I ask why you’d want to selfhost bitwarden if the free hosted version is almost as good aside from the few unimportant paid perks?
I don’t?
But you mention having vaultwarden and not connecting it to authentik. So you basically have bitwarden selfhosted.
Yes, but I don’t plan to host bitwarden. I was referring to op’s question regarding vaultwarden+auth. Sorry, I think I can’t follow you
No, but Vaultwarden is the one thing I don’t even try to connect to authentik
Implying you have it deployed in active use, no?
I’d recommend migrating one service at a time (install, migrate, shake down; next service).
Either prioritize what you want declouded the most, or start with the smallest migration and snowball bigger.
Looks good, I use a lot of the stuff you plan to host.
Don’t forget about enabling infrastructure. Nearly everything needs a database, so get that figured out early on. An LDAP server is also helpful, even though you can just use the file backend of Authelia. Decide if you want to enable access from outside and choose a suitable reverse proxy with a solution for certificates, if you did not already do that.
Hosting Grafana on the same host as all other services will give you no benefit if the host goes offline. If you plan to monitor that too.
I’d get the LDAP server, the database and the reverse proxy running first. Afterwards configure Authelia and and try to implement authentication for the first project. Gitea/Forgejo is a good first one, you can setup OIDC or Remote-User authentication with it. If you’ve got this down, the other projects are a breeze to set up.
Best of luck with your migration.
LDAP server is also helpful, even though you can just use the file backend of Authelia.
Samba4ad was easy to set up and get replicating. Switch over soon as you can.
What hardware are you looking at?
I would do a three node cluster (maybe even 5 node)
Why clustering? What do you need HA ina home environment.
I could care less if my Jellyfin server went under for some hours of downtime due to some config change.
Will some be unhappy because my stuff isnt available? Maybe. Do I care about it? Depends on who it is.Anyway: Way overkill outside of homelabbing and gaining experience fpr the lols.
I don’t want to spend a bunch of time troubleshooting something. Having a way to move my stuff to a different host when the host crashing is very nice.
This might be the last chance to migrate from Gitea to Forgejo and avoid whatever trainwreck Gitea is heading for. It’s going to a hardfork soon.
Forgejo became a hard fork about a year ago: https://forgejo.org/2024-02-forking-forward/ And it seems that migration from Gitea is only possible up to Gitea version 1.22: https://forgejo.org/2024-12-gitea-compatibility/
