• 0 Posts
  • 6 Comments
Joined 1 year ago
Cake day: June 10th, 2023
  • lidstah@lemmy.sdf.orgtoSelfhosted@lemmy.world[RANT] I pay $70/mo for this privilegeEnglish
    8·
    11 months ago

    1Gbps down/700Mbps up here, 35€/month (another french provider), no data caps - for 5 bucks/month more I could have 5Gbps down/1Gbps up, but… well, my home network is still using 1Gbps switches - but all the cabling was built with 10Gbps in mind.

    Data caps are pure robbery. We run a non-profit ISP/hosting platform and a non-profit IXP with friends in West France, the only thing you pay (and the only thing end users should have to pay) is goddamn bandwidth.

  • lidstah@lemmy.sdf.orgtoSelfhosted@lemmy.worldrun my own authoritative DNSEnglish
    1·
    11 months ago

    Kudos for mentionning powerDNS, it’s an amazing software :)

    One thing I love with powerDNS is the various backends available, notably the postgreSQL and mariaDB/mysql ones. Only the primary powerdns instance modifies the database records, the secondary instances just read from database (master or replicas). Thus, no real need for AXFR: as soon as you added/modified a record on the primary, the secondary pdns servers will see it in the database.

    The pdnsutil CLI tool is also really convenient, and the powerDNS API is a godsend when you need to automatise stuff for thousands of domains and hundred of thousands of records. There’s also a nice third-party webUI (powerdns-admin, docker image: pdnsadmin/pda-legacy). Bonus, Terraform does have a powerdns provider.

    At work we use dnsdist (from powerDNS too) to load-balance between our powerdns instances (with caching!), and to filter out/rate-limit/temporary ban bad actors (dns laundering, records enumeration and such for example).

  • lidstah@lemmy.sdf.orgtoSelfhosted@lemmy.worldWhat are YOU self-hosting?English
    4·
    1 year ago

    Everything runs in a kubernetes cluster hosted on my homelab, except the public services access point which is a VM hosted on a non-profit ISP and service provider infrastructure, which I contribute to, through a wireguard VPN between the VM and home:

    Public-facing:

    • an old static website (nginx-unprivileged), which was my first website and which I keep online because nostalgia
    • Ghost, personal blog
    • OpenSMTPd + rspamd + dovecot (dovecot only accessible from home, not public)
    • privatebin
    • picoshare
    • Whoogle + Tor
    • SearxNG

    Work related (I work from home 75% of time), not public-facing:

    • dolibarr ERP for managing prospects and clients billing
    • gitea
    • bookstack for personal documentation
    • edit: forgot Harbor as container registry.
    • vaultwarden
    • eck-operator
    • wireguard operator for personal, family and friends access from outside
    • awx operator
    • draw.io
    • zalando postgresql operator for postgres needs
    • mariadb-galera for mariadb needs
    • bitlbee-libpurple for all clients’ slack needs
    • Authentik as OIDC/LDAP/SAML provider (also used to identify family and friends)
    • internal DNS (pdns-resolver + powerdns with postgres backend) serving work zone and home zone.

    Home stuff, not public-facing:

    • Games: Minetest, EQEmu server (Everquest), planar ally, bzflag, veloren
    • Home-cinema/music: Jellyfin, Koel, alltube, and the usual tools to share Linux isos.
    • Immich to sync photos
    • homeassistant (more a PoC than anything else right now)
    • mealie for recipes (I like cooking original meals for friends and family) and lunch/dinner planning
    • another instance of vaultwarden for family
    • piHole to keep the children a bit safer online (notably blocking malware/scams/nsfw sites)

    all of this running on a 3 control-planes/6 workers talos linux k8s cluster, itself hosted on a franken-proxmox cluster (a mix of server/“old” desktops/Ryzen NUCs) and a bunch of NAS (VM dedicated NAS, data storage NAS, backup NAS).