The cli.
I have used management interfaces like coxkpit in the last but i do not really like it that much. I have E-Mail Notifications setup for updates via aptitude and monitor using prometheus and grafana and get additional notifications via prometheus alarm manager.
For an easy to use docker interface i use dockge, since i found it in this use case to be faster with a good, working, independend Interface.
But for the Linux underneath, for all 10-20 servers i managae, CLI.
Looking for a simple card/cal/WebDAV server that runs in docker.
Or maybe just because there is nothing simple in hosting a mail server for having card and caldav.
Maybe try to explain the struggles you have had, since to my knowledge the posted options are the best and simplest once out there.
Thats exactly my point. Both are not. But you keep claiming synology is compared to others.
I think you are missing the point how easy is to fuck things up in a console
No i think you are. Why should a beginner ever even touch the CLI? You can also SSH into the synology and fuck things up.
Using a ‘friendly environment’ like synology is not gurantee to not fuck things up.
Installing truenas when having no idea about almost anything is cumbersome, dealing with the millions options (some of them incompatible between them) is frustrating, cryptic error codes are discouraging…
What millions of options? You select a drive, and set a password and your done? 1 Set fewer then on synology.
You brought up TrueNas. TrueNas for example also gives you safe boundaries and suggestions how to set up things. Same as synology. There is literally also a setup wizard for backups.
AND AGAIN just because you follow the synology wizards does not mean your data is safe either. You always can fuck things up if you want to.
I see your point but in this world there is only 2 options, or you have the skills, the knowledge and the time to do it by yourself, or you need to outsource it.
But your not, outsourcing it?! You just choose a proprietary provider for a docker compose file! and some raid configuration. Everything ia still on you to fuck up.
Assuming that the op is a real noob it is clear that the 2 first prerequisites are missing making that option unacceptable, then you can only go to the buy something easy enough for the general public.
Reading the Post again from OP, its clear that OP is clearly interessted in learning those things.
And in top of that, in a homelab, the most sacred thing is the data, not the service, the data. If you misconfigure a nas or the automated backup system it could lead into the worst scenario: the data is lost forever.
The exact same ia true for you synology NAS. + the limitations on how synology thinks you should do backups vs how it actually suits you.
I would absolutely discourage the use of synology and probably any other brand in the NAS realm.
Synology has pulled of some really scummy things in the last few years with their certified SSDs where only a white list of SSDs could be used in an array or when they tried to push their own HDDa and show warnings and messengers to worry the user that something is wrong. Also they retroactively removed transcoding capabilities from their systems.
Those Systems are all quite limited for how expensive they are. They are great for just simple things but with the list OP posted, you would be heavily limited and have to jump through hoops in order to have a well functioning home lab/server.
I’ve heard AMD’s onboard graphics are pretty good these days, but I haven’t tried AMD CPUs on a server.
The main issue is afaik still the software support, here are NVIDIA and Intel years ahead.
The benefit of going with a dGPU is that in a few years when for example maybe AV1 takes even more off, you can just switch the GPU and you’re done and do not have to swap the whole system. That at least was my thinking on my setup. My CPU, a 3600x is still good for another 10 years probably.
Do not go for server hardware, used consumer hardware is good enough for you use cases. Basically any machine from the last 5-10 yeare is powerfull enough to handle the load.
Most difficult decision is on the GPU or transcoding hardware for your jellyfin. Do you want to be power efficient? Then go with a modern but low end intel CPU there you got quicksync as transcoding engine. If not, i would go for a low end NVIDIA GPU like the 1050ti or a newer one, and for example an old AMD CPU like the 3600.
For storage, also depends on budged. Having a backup of your data is much more important then having redundancy. You do not need to backup your media, but everything that is important to you,lime the photos in immich etc.
I would go SSD since you do not need much storage, a seperate 500 GB drive for your OS and a 4 TB one for the data. This is much more compact and reduces power consumption, and especially for read heavy applications much more durable and faster inoperation, less noise etc.
Ofc, HDDs are good enough for your usecase and cheaper (factor 2.5-3x cheaper here) .
Probably 8-16 GB RAM would be more then enough.
For any local redundancy or RAID i would always go ZFS.
Thats the only (sane without tons of work) way how you can have a rolling release distro without the need to compile everything yourself, everytime. Dependency issues will occure when glibc gets updated (or any other library) and you only update some programms but not all, its possible that those programms work or not.
Yes but that is on Manjaro if they do not follow basic rules from their upstream and not on arch. If you ignore design desicions then thats on you.
So, when you activate simple versioning, and keep the last 20 Versions, then an error occurs (or malicious actor) and overrides the file 20 times. Then the simple versioning is gone.
Yes with the correct setup you could probably backup via syncthing BUT no one in the comments ellaboborated and mostly just says “i sync to multiple devices via syncthing”
I am shocked how many ppl think synchronization like syncthing act as a backup.
No synchronisation is not a backup. If you accidentally delete the database and it syncs across all devices then the database is gone. If something is broken and overrides multiple times then the history if it is enabled is also gone.
Pls use proper backup methods to backup your database.
Edit: I sync my database also with syncthing across devices. But to back it up i have on multiple clients system backups running that include the database.
Why should that be a flaw on Arch’s side, when it ooses no issue on Arch’s side? Partial updates are explicitly not supported. That would be fine for Manjaro if they would not encourage the use or for some cases even enable the use of AUR by default.
Yes, it is called multithreading. Just one example: https://github.com/BrandonBerne/masscan
Stupid me, missed the IP whitelisting part.
LUKS may not make your server meaningfully more secure. Anyone who can snapshot your server while it’s running or modify your unencrypted kernel or initrd files before you next unlock the server will be able to access your files.
This is a little oversimplified. Hardware vendors have done a lot of work in the last 10-20 years to make it hard to impossible to obtain data this way. AMD-SEV for example.
There are other more realistic attacks like simply etrackt the ssh server signature and MITM the ssh connection and extract the LUKS password.
The whole port range can be scanned in under a second. A real attack does not care if your ssh port is 22 or 69420. Changing Port is just snake oil.
use ddns or similar to keep track of tour IP?
Yes.
And then the maintainers of the package on the package repository you use will release the patch there. Completely standard operation.
I recommend younto read up on package repositories on Linux and package maintainers etc.