Why not use Macvlan and join your Dockers to that rather than a bridge to Tailscale or Cloudflared? Then they are broken out so you can apply monitoring.

There are some ARM chips that go down to microamps in low power mode and draw only 1 Watt at full power but might drive you nuts trying to run Linux on them.

Pihole will integrate with unbound. Pihole already caches as well. The advantages of unbound are debatable.

OPNSense ban list is WAY too aggressive.

How much are you paying for Google storage? I have terabytes of photos and video, not a teeny 15 GB. Google ended unlimited photos about 2-3 years ago. Where have you been?

Bitwarden is annoying when they are down and as a personal account that’s one thing but it’s not free if you share a family group vault.

May want to look seriously at Pihole. Lots of other things like nocodb, excalidraw, private VPN (Tailscale). Also I’m an engineer so I have thousands of documents. I convert the raw PDFs with the OCR/PDF utility then Sist2 can search them in like 2 seconds. No way to do it manually. Been collecting since 1989 and a lot of stuff doesn’t exist outside my files. There is NO equivalent.

Plus when I run Google Photos on my phone, Google grabs my photos, location, and number and delivers it to every criminal spam/scam system in India. Within minutes I get spam calls. They can go fuck themselves.

Disagree with 99% of the other posts. If you self-host your email it is archived on your system. So-called “private” email isn’t after 6 months in the US. And it is more stable and higher performance to run my own Roundcube webmail on my own server. And I can control the spam filtering. All reasons to host your own.

However there is some “maintenance” involved with unscrupulous black list sites and overzealous email filter software. Google likes to declare basically everything not coming from their buddies as spam Microsoft wants you to kiss the ring. On a work account just this week I tried contacting a German company called Beckhoff and after just 3 “dead” email accounts from previous contacts they decided to ban my entire company (about 100 employees, been in business over 75 years). They also don’t answer their phones. Not sure if they’re still in business or just being German jerks. As a result of their poor performance we may switch to a competitor. I do not put up with that crap.

Also I’m not sure how to phrase this politely but despite promises unless you are using PGP to end-to-end encrypt your email, and even then it’s not 100%, you can’t ever totally make it private. Also it is impossible to totally ensure identity of the sender although we’ve come a long way. Protonmail recently published how they delivered a criminal to the authorities using the small amount of public information they log.

As a result I do agree that you should let someone else deal with the black listers, bans, etc. But I strongly disagree with keeping it on a remote server more than about 10 minutes. That means one of three options (for receiving:

1. If you have a static ipv4 IP use the email service on Cloudflare to act as a mail relay and forward email to your server. Thus Cloudflare’s reputation not yours is what matters.
2. If you don’t have a static address, you can rent a VPS. Low end box (lowendbox.com) has some great coupons all the time. You can get easily under $12/year. In this case tunnel from your actual server to the VPS. We really don’t “need” the VPS.
3. Pay for a forwarding server. I used Dynu in the past. Never had an issue. It was I think $10/year. Again this assumes you have an accessible server on a static or dynamic ip. And you are basically paying for what Cloudflare does for free.
4. Pay for webmail. Again Dynu is $20. Then just program your local webmail to call imap and download everything say every 5 minutes. But it limits you to ONE user or each user doing their own thing.

On server dovecot and sendmail work well. Roundcube looks exactly like an improved gmail.

For sending I use smtp2go. At my low usage entire family is free.

Don’t backup the container!!

Map volumes with your data to physical storage and then simply backup those folders with the rest of your data. Docker containers are already either backed up in your development directory (if you wrote them) or GitHub so like the operating system itself, no need tk backup anything. The whole idea of Docker is the containers are ephemeral. They are reset at every reboot.

Here is the problem you face speaking very generically. If you cache everything on the clients access is fast but storage is an issue. If you cache on the LANs speed is an issue. You can try to store on an internet VPS but storage costs are high. You can cache just the index, “Google Drive” style and download/cache only as needed. This probably works the best because you control it down to the file level and speed is not an issue because you work iff local copies. Otherwise any scenario is going to be up against the bandwidth problem.

Those are interesting but what’s not obvious to me, are those regular rates or teaser rates? I mean a static ip costs roughly $0.69/month from what I’ve read. So that leaves very, very little meat on the bone.

Fly.IO gives you 3 VPSs for free and doesn’t randomly delete them but the free ones are VPS or ipV6 only. That’s not a problem for your use case. A static ipv4 IP is $2/month. IONOS is your next cheapest at $3 then Digital Ocean at $5.

One big advantage of VMs is better resource allocation. If you have multiple different server types load leveling is better (fewer idle cores) with VMs. You also have the security implications. These days I tend to run Docker though and eliminate VM overhead even more.

Another major benefit is security. Say someone hacks your web server. Ok so from there they are stuck inside the VM. Assuming you’ve practiced zero tier compromising that one server is useless against the others. Plus there is not just backups but maintenance and recovery. If a server has a hardware failure (say one of a couple PSUs or a fan) with a VM environment you can just move the servers over or set them to auto boot on a second hardware server. And recovery is simply copying over the VM and booting it in seconds.

I ran performance tests years ago on a couple Dells with VMWare vs Xen vs bare metal. What I found is that VMWare has better advertising than Xen but basically uses the same software on a buried RHEL host. Performance wise on any load it was something like 99.7% throughput/CPU vs bare metal. So there is a difference but it literally comes down to roughly the overhead of running the VM if it was a process on the VM instead of the host.

As far as pass through hardware this has gotten to be less and less of a thing. Only a few annoying products “require” bare metal (TrueNAS). Not so much licensing as just stupid implementations. You aren’t “losing benefits of VMs” though except perhaps storage allocation flexibility or sharing a GPU.

Hint: don’t bother. You really aren’t going to remember more than 3 properties. Just keep track of your top 3. Usually on an extended house hunt you spend less and less time after the first few. Often we walk in or just drive up and it’s an instant no. You quickly narrow down to the ones you want.

Second hint: the internet is great for pre screening (getting rid) of choices. But many issues such as big layout issues, a smoker or vapor or pothead lived in the house, or any negative detail they don’t want to advertise can only be found by inspecting the house.

If you can live on ipv6 only fly.IO is free for 1 CPT shared with low RAM and disk. Up to 3 are free. An ipv4 ip is $2 per month.

Oracle is supposed to be the better deal but refuses to accept my credit card and I’ve heard lots of issues like erasing servers.

At $2-3 IONOS is the next step up. Digital Ocean is popular too but at$5 blows up your budget.

May want to look for stable storage first.

Trouble is many IT departments blindly purchase install whatever crap a security company recommends, without following step 2 (white listing).

I’ve been blocked by these stupid filters from Amazon while in engineering having to order parts to get the equipment running because it was flagged as “Japanese porn” on the guest (contractor) network. And yes I resorted to a proxy/socks tunnel to my VPS.

The thing about containers is they usually have no NÉED in general for pure ope file system access. No need for full network access (host, LAN, WAN). So the smaller the privileges the better. So even if it is compromised there’s very little you can do with it.

This is also a general principle for network management. For instance when does the TV need to print or access any server other than Jellyfin?

Umm, a static ipv4 ip?

NEVER transcode. Do it as a background task offline. Even GPUs and desktop servers are best offline.