If you want to move your containers to a different location, look into configuring docker’s data-root: https://stackoverflow.com/questions/24309526/how-to-change-the-docker-image-installation-directory

You copy /var/lib/docker to a new location and update /etc/docker/daemon.json

I will say: Moving data-root to an NFS mount isn’t going to work well. I’ve tried it, and docker containers rely on filesystem features to run their overlays. On an NFS, this feature isn’t present, so your services will duplicate the container’s entire filesystem. This will tank your performance and is basically unusable for anything but trivial examples. Docker data-root basically needs to be a “physical” disk.

I’ve had no issues using NFS shares mounted as docker volumes. It’s just the data-root where it’ll fail.

Yep, the problem was that docker started before the NFS mount. Adding the dependency to my systemd docker unit did the trick!

isn’t it an annoyance having to connect to your home network all the time?

It’s less annoying than the gnawing fear that my network might be an easy target for attackers.

Yes, OP I highly recommend a GL.iNet device. It’s pocket sized and always does the job.

It’s also great for shitty wifi that tries to limit how many devices you can connect. The router will appear as one MAC and then all your other devices can route traffic through it.

As someone who has owned enterprise servers for self-hosting, I agree with the previous comment that you should avoid owning one if you can. They might be cheap, but your longterm ownership costs are going to be higher. That’s because as the server breaks down, you’ll be competing with other people for a dwindling supply of compatible parts. Unlike consumer PCs, server hardware is incredibly vendor locked. Hell, my last Proliant would keep the fans ramped at 100% because I installed a HDD that the BIOS didn’t like. This was after I spent weeks tracking down a disk that would at least be recognized, and the only drives I could find were already heavily used.

My latest server is built with consumer parts fit into a 2U rack case, and I sleep so much easier knowing I can replace any of the parts myself with brand new alternatives.

Plus as others have said, a 1U can be really loud. I don’t care about the sound of my gaming computer, but that poweredge was so obnoxious that despite being in the basement, I had to smother it with blankets just so the fans didn’t annoy me when I was watching TV upstairs. I still have a 1U Dell Poweredge, but I specifically sought out the generation that still let you hack the fan speeds in IPMI. From all my research, no such hack exists for the Proliant line.

Assuming that the disk is of identical (or greater) capacity to the one being replaced, you can run btrfs replace.

https://wiki.tnonline.net/w/Btrfs/Replacing_a_disk#Replacing_with_equal_sized_or_a_larger_disk

I’d recommend BTRFS in RAID1 over hardware or mdadm raid. You get FS snapshotting as a feature, which would be nice before running a system update.

For disk drives, I’d recommend new if you can afford them. You should look into shucking: It’s where you buy an external drive and then remove (shuck) the HDD from inside. You can get enterprise grade disks for cheaper than buying that same disk on its own. The website https://shucks.top tracks the price of various disk drives, letting you know when there are good deals.

“Remember: No PID”

Haven’t used it yet, but I’ve been researching authentik for my own SSO.

http://www.thecodelesscode.com/case/6

BTRFS should be stable in the case of power loss. That is to say, it ought to recover to a valid state. I believe the only unstable modes are RAID 5/6.

I’d recommend BTRFS in RAID1 mode over mdadm RAID1 + ext4. You get checksumming and scrubs to detect drive failures and data corruptions. You also have snapshotting, in case you’re prone to the occasional fat-fingered rm -rf.

For backup, maybe a blu-ray drive? I think you would want something that can withstand the salty environment, and maybe resist water. Thing is, even with BDXL discs, you only get a capacity of 100GiB each, so that’s a lot of disks.

What about an offsite backup? Your media library could live ashore (in a server at a friend’s house). You issue commands from your boat to download media, and then sync those files to your boat when it’s done. If you really need to recover from the backup, have your friend clone a disk and mail it to you.

Do you even need a backup? Would data redundancy be enough? Sure if your boat catches fire and sinks, your movies are gone, but that’s probably the least of your problems. If you just want to make sure that the salt and water doesn’t destroy your data, how about:

1. A multi-disk filesystem which can tolerate at least 1 failure
2. Regular utilities scanning for failure. BTRFS scrubs, for example.
3. Backup fresh disks kept in a salt and water resistant container (original sealed packaging), to swap any failing disk, and replicate data from any good drives remaining.
4. Documentation/practice to perform the aforementioned disk replacement, so you’re not googling manpages at sea.

This would probably be cheapest and have the least complexity.

I wouldn’t trust anything like that to the open internet. It would be better to access the system over a VPN when you’re outside the network.

Yeah, I believe there’s some kind of bridge mode you must enable on the host’s interface.

As others have said, a reverse proxy is what you need.

However I will also mention that another tool called macvlan exists, if you’re using containers like podman or docker. Setting up a macvlan network for your containers will trick your server into thinking that the ports exposed by your services belong to a different machine, thus letting them use the same ports at the same time. As far as your LAN is concerned, a container on a macvlan network has its own IP, independent of the host’s IP.

Macvlan is worth setting up if you plan to expose some of your services outside your local network, or if you want to run a service on a port that your host is already using (eg: you want a container to act as DNS on port 53, but systemd-resolved is already using it on the host).

You can set up port forwarding at your router to the containers that you want to publicly expose, and any other containers will be inaccessible. Meanwhile with just a reverse proxy, someone could try to send requests to any domain behind it, even if you don’t want to expose it.

My network is set up such that:

• Physical host has one IP address that’s only accessible over lan.
• Containerized web services that I don’t want to expose publicly are behind a reverse proxy container that has its own IP on the macvlan.
• Containerized web services that I do want to expose publicly have a separate reverse proxy container, which gets a different IP on the macvlan.
• Router has ports 80 and 443 forwarding only to the IP address for my public proxy

Did you mean source-available?

I guess? Always thought there was some pedantic Stallman-esque argument for the differentiation between FOSS and OSS, independent of the Open Source vs Source Available distinction.

Not sure if you’re able to edit the title, but this doesn’t look like FOSS, just open source.

I know this is a joke, but I couldn’t be a programmer without some pedantry. LUnix is actually a real OS! I booted it on my Commodore 64 once.

https://en.wikipedia.org/wiki/LUnix

Ooh! Thanks for the tip! Been looking for some affordable drives for my next system.

I bought a LFF Dell Poweredge back in the fall, and have been waiting on a good deal for 3.5" disks. My current machine is a SFF HP Proliant, and I hate how much a 2.5" drive with good capacity costs.

make up is my build command for pushing to prod