Nice, thanks for sharing. How did you solve the file permission issue?

Also I see you put all your services as a single pod quadlet what I am trying to achieve is to have every service as a separate systemd unit file, that I can control separately. In this case you also have a complication with the network setup.

You can actually set your user to linger with

sudo loginctl enable-linger $USER

I will test your setup and report back if it works.

By the way what was the reason to switch back to Docker Compose?

I don’t know, I tried even with uptime-kuma and Homepage but as soon as I start the service it kills it after 6 unsuccessful restarts. Maybe I will spin up a completely new VM tomorrow and start from scratch.

I think the problem might be with the data directory permissions, even though I have added the subuid and the subgid to my user and enabled the lingering on the user.

But I did so many things so there is a chance it is already quite messed up.

Obsidian with Syncthing running on both your Android and your server for syncing your notes.

I have a lifetime Plex pass, but recently I switched to Jellyfin because I got sick and tired of Plex’ shenanigans.

Here you need to decide if you want to run Plex/Jellyfin on the same server or not. And how important power consumption is for you.

You should also consider if you are planning to run only the NAS or some other VMs/containers on that machine. In that case you might consider 32 Gb of RAM to be more future proof.

The problem with unRAID is that you don’t really know when their product will be enshittificated. A very fresh example is Plex which was great for years and now is a bloated utter mess. They have changed their licensing policy and made the product legitimately worse for the end customers. And don’t want to be cynical but the chances are that unRAID will go that way too sooner or later.

Elasticsearch should work too

Why don’t you do some bash scripting and route files to different buckets depending on their extensions or mime types? You can easily do that with rclone for example.

To be honest I don’t really know, but I know that what you want can easily be solved with SOCKS5 proxy. I think Wireguard and other VPNs are added to encrypt the traffic. There are also other alternatives to SOCKS5 proxy adding encryption.

In Wireguard you have those Allowed IPs, you can allow only those IPs to be reachable from outside and you can configure them per client if I am not wrong. I think the easiest way would be for you to run those services over Docker, that way each server will have an IP from your docker network and you can isolate the traffic. https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/

My personal suggestion is to spin up a VM, install Debian, Ubuntu, or whatever your poison is, run docker compose or podman compose, spring up a Docker or two and Wireguard and try to achieve what you want. Heck you can even run Wireguard from a container. Once confident with your setup you can migrate it to Nix.

There is no need to have them on separate VMs, as containers are already isolated and additional VMs will add more overhead.

It is worth exploring the LXC containers too, even though I prefer Docker with compose for its declarativeness.

Yes, I also heard that he passed, and I really feel bad for the guy, he did an amazing job. Thanks for the link, I didn’t know there was a new place.

Check this project https://github.com/whyvl/wireproxy

I would suggest giving Proxmox a go and virtualise your VMs, as you can easily make snapshots and recover if something goes south.

You can also check https://tteck.github.io/Proxmox/ containing easy deployable scripts to make your life easier.

I would also try to run everything out of Docker compose and create a repo containing all configuration files.

https://distrowatch.com/dwres-mobile.php?resource=origin

And you are very wrong.

The whole idea of self-hosted is to build something yourself and learn your way around some new technology or software. Plus building something yourself allows you to change and upgrade it down the path, while Synology doesn’t provide any of the sort.

I think for the download option on the mobile app you need the Plex Pass. Do you have it?

You are increasing the attack vector immensely, and it is up to you to ensure that it is well protected and up to date. The attack effort won’t be high though and most of the attacks would be pretty basic, still I wouldn’t risk something so personal, like your image library.

I would suggest for you to look into Wireguard or Tailscale for accessing your personal Immich instance.

This looks pretty cool, I will give it a try. I am using Streamlit at the moment and I am quite content with it.

With this GPU you can install a media server like Plex or Jellyfin and offload the transcoding on the GPU, but mind you you will still have a high idle load consumption.

Normally in a headless home server I would need virtualisation and low idle power consumption. So this GPU and PSU are a bit of an overkill if you are not planning to fully utilise them.