I wrote this ansible role to setup dovecot IMAP server. Once a year I move all mail from the previous year from various mailboxes to my dovecot server (using thunderbird).

I use the Netdata agent (with cloud features disabled). Easy installation, FOSS, 0 configuration required, tons of metrics.

Second this, always have a device preloaded with Kiwix and one of the wikipedia dumps. A new vesrion is uploaded every few (~6 months). The full English wikipedia dump with images (low-res versions only though) is only 103GB.

What’s your existing setup? For such a simple task, check if any of the tools you use currently can be adapted (simple text files on a web server? File sharing like Nextcloud and text files? Pastebin-like? Wiki? …). Otherwise a simple Shaarli instance could do the trick (just post “notes” aka. bookmarks without an URL). I use this theme to make it nicer. Or maybe a static site generator/blog.

I would never recommend Odoo anymore, given how painful it is to upgrade from a major version to another. Their answer to it is basically “yeah, some complex migrations need to be done, just send us a copy of your database with highly sensitive company data, pay us to do the migration and we’ll send it back to you”. Yeah, lol, no.

• monitoring: https://github.com/awesome-foss/awesome-sysadmin?tab=readme-ov-file#monitoring
• sending commands: https://github.com/OliveTin/OliveTin

Windows Servers

No

setup automatic responses to the alerts

It should be possible using script to execute on alarm = /your/custom/remediation-script https://learn.netdata.cloud/docs/alerts-&-notifications/notifications/agent-dispatched-notifications/agent-notifications-reference. I have not experimented with this yet, but soon will (implementing a custom notification channel for specific alarms)

restarting a service if it isn’t answering requests

I’d rather find the root cause of the downtime/malfunction instead of blindly restarting the service, just my 2 cents.

I use netdata (the FOSS agent only, not the cloud offering) on all my servers (physical, VMs…) and stream all metrics to a parent netdata instance. It works extremely well for me.

Other solutions are too cumbersome and heavy on maintenance for me. You can query netdata from prometheus/grafana [1] if you really need custom dashboards.

I guess you wouldn’t be able to install it on the router/switch but there is a SNMP collector which should be able to query bandwidth info from the network appliances.

• rsync + basic scripting for periodic sync, or
• distributed/replicated filesystems for real-time sync (I would start with Ceph)

10000RPM SAS drives are noisy (and expensive), something to keep in mind. If I needed this kind of performance I would probably go full SSD.

I agree that desktop/ATX tower PCs are the most useful form factor, you can stuff all your old junk hardware in there and offer it a second life without much investment.

However with current electricity prices buying more power efficient hardware can be a better medium-term investment. 1kWh bills at 0.2516€ currently where I’m at (~EU average price), assuming an average power consumption of 50W this gives you (50×24×365)/1000×0.2516=110€/year. At this rate a 200€ investment in hardware would pay for itself in 2-3 years.

Buying a <100€ setup is not worth it for general purpose servers in my opinion, it will either be underpowered or power hungry.

My current solution is to to run all my services in KVM (libvirt) VMs on my beefy desktop computer which is already on most of the time anyway. Best of both worlds.

If I had to redo everything I would probably buy a NUC/mini-PC with a good CPU, 64GB RAM and low power consumption, stash a single huge SSD in there, migrate my VMs there and call it a day. But this is not a cheap setup.

Netdata can also expose metrics to prometheus which you can then use in Grafana for more advanced/customizable dashboards https://learn.netdata.cloud/docs/exporting-metrics/prometheus

I just don’t have that much time to spend on initial implementation and upkeep

Well k8s is a poor choice of platform for you :D

lsblk also show block devices and is prettier than looking directly at /sys/class/block

https://github.com/chriswayg/ansible-msmtp-mailer/issues/14 While msmtp has features to alter the envelope sender and recipient, it doesn’t alter the “To:” or “From:” message itself. When the Envelope doesn’t match these details, it can be considered spam

Oh I didn’t know that, good to know!

The proposed one-line wrapper looks like a nice solution

You can definitely replace senders with correct mail addresses for relaying through SMTP servers that expect them (this is what I do):

# /etc/msmtprc
account default
...
host smtp.gmail.com
auto_from on
auth on
user myaddress
password hunter2

# Replace local recipients with addresses in the aliases file
aliases /etc/aliases

# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: default
www-data: root
default: [email protected]

(the only thing I changed from the defaults in the aliases file is adding the last line)

This makes it so all/most system accounts susceptible to send mail are aliased to root, and root in turn is aliased to my email address (which is the one configured in host/user/password in msmtprc)

Edit: I think it’s actually the auto_from option which interests you. Check the msmtp manpage

Don’t mind him. He’s always there ranting about who knows what whenever software he dislikes is mentioned. Lookup his comment history for more of the same.

Easiest method to summon him is to mention Nextcloud and Proxmox in the same sentence.

Usually you would have a second DNS resolver configured in /etc/resolv.conf (or whatever name resolution config system you are using, resolvconf, systemd-networkd, etc). The system will fall back to this resolver if the first resolver fails to respond (and/or replies NXDOMAIN, I’m not sure. The exact order and fallback conditions may vary depending on which system you use). This can be another dnsmasq instance, a public DNS resolver, your ISP’s resolver, etc. This allows at least basic DNS resolution to work before your dnsmasq instance comes back up.

I would also add automatic monitoring for dnsmasq (either check that the service/container is running, or check the TCP connection to port 53, or check that DNS resolution is working for a known domain, etc)

msmtp never failed me

Not an answer but still relevant: I actively avoid enabling unattended-upgrades for third-party repositories like Docker (or anything that is not an official Debian repository) because they don’t have the same stability guarantees, and rely on other upgrade notification methods instead.

how bad of an idea is this to run a DNS in docker and use it for the host and other containers?

Personally I would simply install dnsmasq directly on the host because it is one apt install and a configuration file away. Keep it simple.