this post was submitted on 26 Dec 2023
57 points (86.1% liked)

Selfhosted

39964 readers
363 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

First, I would like to thank this community for being an understanding, open-minded and Novice friendly like myself. I have learned a lot in the past few weeks thanks to this community, unlike Reddit's toxic communities where asking a question is illegal.

I have built most of my NAS; the only missing component (CPU) I will be collecting in the morning. I just wanted to ask general questions or tips. Dos and Donts. I will be using Unraid as OS.

all 19 comments
sorted by: hot top controversial new old
[–] [email protected] 55 points 10 months ago* (last edited 10 months ago) (3 children)

unlike Reddit’s toxic communities where asking a question is illegal.

I agree Reddit is toxic. I’d argue reddit actually stopped being Reddit around 2016. But it’s posts like this that clog it all up and are partially why it is the way it is today. You didn’t even ask a question. You just posted a comment and said give me information. You don’t respond to anyone kind enough to ask questions to you,so they can get the slightest insight into what information may be useful to you. I don’t see anything about what you have already looked into. I see nothing about intention or use case. You mentioned something about a CPU? I dunno. I’ll take the downvotes but just because you say please and thank you doesn’t make your post any less of a waste of bits.

Maybe provide some info about your setup. Your requirements?

  • what are you trying to accomplish with a raid setup? Speed, storage or maybe redundancy?
  • what kind of drives are you planning on using? This can be a huge deal.
  • what’s your budget?
  • how many drives?
  • what kind of data? Large files? Tons of small files?
  • what kind of storage controller are you using?

There are a lot of tech people in lemmy who do storage and compute for a living, but they are going to need something from you. Don’t be like Reddit. Meet us half way.

BTW. I’ve worked with a lot of folks in tech over the years. All at different levels of experience. I don’t care what field you are in or what your expertise is…. the most newb move is not knowing how to ask questions. The rest is just work and time. Best of luck friend.

[–] [email protected] 12 points 10 months ago

I agree Reddit is toxic. I’d argue reddit actually stopped being Reddit around 2016. But it’s posts like this that clog it all up and are partially why it is the way it is today.

I gotta agree with this. The toxicity in any reddit thread increases dramatically when the poster pre-emptively complains about all the toxicity they expect to receive. Whereas when you just ask straight without going into a whole speech about comment quality, you get much better replies. Particularly because it's hijacking your own thread; changing it from whatever question you wanted to ask into an analysis of the comments.

[–] [email protected] 11 points 10 months ago (2 children)

I apologise for not being clear.

These are the specs of my NAS build:

  • Node 804 case

  • 16GB DDR4 RAM

  • Seagate IronWolf Pro 2x 4TB

  • 1TB nvme Samsung 970 evo plus

  • Gigabyte H610M S2H V2 Intel H610 LGA1200 DDR4 Micro-ATX Motherboardd

  • DeepCool GAMMAXX GT CPU Cooler A-RGB 120mm PWM Addressable RGB LED Fan Intel AMD

  • 500W EVGA Power Supply Unit / PSU VAT INC

  • Intel core i5-12400t QS 6c/12t Support ASUS ROG Strix B660-I Gaming WiFi LGA1700.

  • I want to store all data onto the NAS, past projects, pics, etc.

  • Set up automatic backups for Windows, Mac

  • Set up media server (Jellyfin) with Arr apps using a VPN (I’m not sure how to set up a VPN with torrent client)

  • Set up headscale to access my NAS from anywhere (also, I can’t find any tutorials).

  • For 3-2-1 backups, I have decided to get an external HDD and use cloud storage.

  • Self-host services such as Nextcloud, Immich and Bitwarden.

  • VMs - Future

  • Web hosting - Future

  • Home assistant - Future

To be clear, I want to do all that; however, I have never done it before, so that any tutorials would be appreciated.

By "Dos and Don'ts," I'm referring to the settings that should be adjusted for optimal performance, security, and privacy.

Also, any other recommendations would be appreciated.

[–] [email protected] 4 points 10 months ago

Sounds like you've done a bunch of research! Since you're using unRAID, setting up your services shouldn't be too difficult.

For your torrents and VPN, there's a few in the unRAID community store - I'd recommend qBittorrentVPN from Binhex - here's the documentation for setting up their VPN-enabled containers.

For Headscale, I don't have any direct experience but unRAID has a decent Wireguard plugin, and should get you up and running in a pinch.

And for your self-hosted services (especially Bitwarden) ensure you're not exposing this on the net, by VPN is the only option I'd recommend. Even so, I prefer to use Bitwarden's hosting with a family plan, for peace of mind and resiliency. It's also much easier for my family.

UnRAID is a great place to start - it allows you to scale cheaply as you need and is easier to fix mistakes. Good luck, and happy homelabbing!

[–] [email protected] 3 points 10 months ago (1 children)

Please let me know what you find for jellyfin with arrs and VPN. I have found that the VPN always interferes with jellyfin and other stuff and haven't been able to figure out gluetun.

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago) (2 children)

version: "3.4"

volumes:
  sonarr-config:
    name: sonarr-config
    driver_opts:
      type: nfs
      o: addr=192.168.37.25,nolock,soft,rw
      device: :/zfspool1/dockerData/arr-stack/sonarr
  radarr-config:
    name: radarr-config
    driver_opts:
      type: nfs
      o: addr=192.168.37.25,nolock,soft,rw
      device: :/zfspool1/dockerData/arr-stack/radarr
  prowlarr-config:
    name: prowlarr-config
    driver_opts:
      type: nfs
      o: addr=192.168.37.25,nolock,soft,rw
      device: :/zfspool1/dockerData/arr-stack/prowlarr
  sabnzbd-config:
    name: sabnzbd-config
    driver_opts:
      type: nfs
      o: addr=192.168.37.25,nolock,soft,rw
      device: :/zfspool1/dockerData/arr-stack/sabnzbd
  qbittorrent-config:
    name: qbittorrent-config
    driver_opts:
      type: nfs
      o: addr=192.168.37.25,nolock,soft,rw
      device: :/zfspool1/dockerData/arr-stack/qbittorrent
  media-tv:
    name: media-tv
    driver_opts:
      type: nfs
      o: addr=192.168.37.31,nolock,soft,rw
      device: :/mnt/user/media/TV Shows
  media-movies:
    name: media-movies
    driver_opts:
      type: nfs
      o: addr=192.168.37.31,nolock,soft,rw
      device: :/mnt/user/media/Movies
  media-downloads:
    name: media-downloads
    driver_opts:
      type: nfs
      o: addr=192.168.37.31,nolock,soft,rw
      device: :/mnt/user/downloads

networks:
  traefik_proxy:
    name: traefik_proxy
    external: true


services:
  arr-stack-gluetun:
    container_name: arr-stack-gluetun
    hostname: arr-stack-gluetun
    image: qmcgaw/gluetun
    deploy:
      resources:
        limits:
          cpus: '4'
          memory: 4G
        reservations:
          cpus: '2'
          memory: 1G
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    env_file:
       - ../stack.env #get mullvad key from here "WIREGUARD_PRIVATE_KEY", "WIREGUARD_ADDRESSES", "SERVER_CITIES"
    networks:
      # only this container needs access to the proxy network. It also doesn't need any ports exposed to access
      # the other services like qbit, etc. Traefik points to this container and because the other services use
      # the service network type they can be accessed through here. 
      traefik_proxy:
        ipv4_address: 172.18.0.6
    environment:
 
      - VPN_SERVICE_PROVIDER=private internet access
      - OPENVPN_USER=xxxxxxxxz
      - SERVER_HOSTNAMES=lu.privacy.network
      - TZ=America/Chicago
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_proxy"

      # qbittorrent traefik labels
      - "traefik.http.routers.arr-stack-qbittorrent.entrypoints=websecure"
      - "traefik.http.routers.arr-stack-qbittorrent.rule=Host(`torrent.local.domain.com`)"
      - "traefik.http.routers.arr-stack-qbittorrent.tls=true"
      - "traefik.http.routers.arr-stack-qbittorrent.service=arr-stack-qbittorrent"
      - "traefik.http.services.arr-stack-qbittorrent.loadbalancer.server.port=8085"
      - "traefik.http.routers.arr-stack-qbittorrent.middlewares=authentik"

      # prowlarr traefik labels
      - "traefik.http.routers.arr-stack-prowlarr.entrypoints=websecure"
      - "traefik.http.routers.arr-stack-prowlarr.rule=Host(`prowlarr.local.domain.com`)"
      - "traefik.http.routers.arr-stack-prowlarr.tls=true"
      - "traefik.http.routers.arr-stack-prowlarr.service=arr-stack-prowlarr"
      - "traefik.http.services.arr-stack-prowlarr.loadbalancer.server.port=9696"
      - "traefik.http.routers.arr-stack-prowlarr.middlewares=authentik"

      # sabnzbd traefik labels
      - "traefik.http.routers.arr-stack-sabnzbd.entrypoints=websecure"
      - "traefik.http.routers.arr-stack-sabnzbd.rule=Host(`sabnzbd.local.domain.com`)"
      - "traefik.http.routers.arr-stack-sabnzbd.tls=true"
      - "traefik.http.routers.arr-stack-sabnzbd.service=arr-stack-sabnzbd"
      - "traefik.http.services.arr-stack-sabnzbd.loadbalancer.server.port=8080"
      - "traefik.http.routers.arr-stack-sabnzbd.middlewares=authentik"

      # sonarr traefik labels
      - "traefik.http.routers.arr-stack-sonarr.entrypoints=websecure"
      - "traefik.http.routers.arr-stack-sonarr.rule=Host(`sonarr.local.domain.com`)"
      - "traefik.http.routers.arr-stack-sonarr.tls=true"
      - "traefik.http.routers.arr-stack-sonarr.service=arr-stack-sonarr"
      - "traefik.http.services.arr-stack-sonarr.loadbalancer.server.port=8989"
      - "traefik.http.routers.arr-stack-sonarr.middlewares=authentik"

      # radarr traefik labels
      - "traefik.http.routers.arr-stack-radarr.entrypoints=websecure"
      - "traefik.http.routers.arr-stack-radarr.rule=Host(`radarr.local.domain.com`)"
      - "traefik.http.routers.arr-stack-radarr.tls=true"
      - "traefik.http.routers.arr-stack-radarr.service=arr-stack-radarr"
      - "traefik.http.services.arr-stack-radarr.loadbalancer.server.port=7878"
      - "traefik.http.routers.arr-stack-radarr.middlewares=authentik"
    
  # _____________________________Downloaders__________________________
  arr-stack-qbittorrent:
    image: ghcr.io/linuxserver/qbittorrent:4.6.0
    container_name: arr-stack-qbittorrent
    network_mode: service:arr-stack-gluetun
    volumes:
      - qbittorrent-config:/config
      - media-downloads:/downloads:z
    deploy:
      resources:
        limits:
          cpus: '4'
          memory: 4G
        reservations:
          cpus: '2'
          memory: 1G
    depends_on:
      - arr-stack-gluetun
    environment:
      - WEBUI_PORT=8085
      - TZ=America/Chicago
      
      #file permissions need to be the same for all apps
      - PUID=1000
      - PGID=1000
      - UMASK_SET=022
    restart: unless-stopped
    labels:
    # Note 1: Default user is admin, pass is adminadmin
    # Note 2: Tools-> options-> web UI -> bypass localhost and whitelist:
    #    172.18.0.0/24, torrent.local.domain.com, arr-stack-gluetun

  arr-stack-sabnzbd:
    image: ghcr.io/linuxserver/sabnzbd:4.1.0
    container_name: arr-stack-sabnzbd
    network_mode: service:arr-stack-gluetun
    deploy:
      resources:
        limits:
          cpus: '4'
          memory: 4G
        reservations:
          cpus: '2'
          memory: 1G
    volumes:
      - sabnzbd-config:/config
      - media-downloads:/downloads:z
    depends_on:
      - arr-stack-gluetun
    environment:
      - TZ=America/Chicago
      #file permissions need to be the same for all apps
      - PUID=1000
      - PGID=1000
      #- UMASK_SET=022
    restart: unless-stopped
    
  # ______________________________Arrs__________________________________
  arr-stack-prowlarr:
    image: ghcr.io/linuxserver/prowlarr:1.9.4
    container_name: arr-stack-prowlarr
    deploy:
      resources:
        limits:
          cpus: '4'
          memory: 4G
        reservations:
          cpus: '2'
          memory: 1G
    environment:
      - PUID=1000
      - PGID=1000
      - UMASK=022
      - TZ=America/Chicago 
    volumes:
      - prowlarr-config:/config
    restart: unless-stopped
    network_mode: service:arr-stack-gluetun
    depends_on:
      - arr-stack-gluetun
     # - arr-stack-qbittorrent
     # - arr-stack-sabnzbd
 
    
  arr-stack-sonarr:
    image: ghcr.io/linuxserver/sonarr:3.0.10
    container_name: arr-stack-sonarr
    deploy:
      resources:
        limits:
          cpus: '4'
          memory: 4G
        reservations:
          cpus: '2'
          memory: 1G
    volumes:
      - sonarr-config:/config
      - media-tv:/media/TV Shows
      - media-downloads:/downloads:z # this is only needed if qbit-torrent is used. It must be added to remote path in the app(complete foler)
    environment:
      - PUID=1000
      - PGID=1000
      - UMASK=022
      - TZ=America/Chicago 
    restart: unless-stopped
    network_mode: service:arr-stack-gluetun
    depends_on:
      - arr-stack-gluetun

  arr-stack-radarr:
    image: ghcr.io/linuxserver/radarr:5.0.3
    container_name: arr-stack-radarr
    deploy:
      resources:
        limits:
          cpus: '4'
          memory: 4G
        reservations:
          cpus: '2'
          memory: 1G
    volumes:
      - radarr-config:/config
      - media-movies:/media/Movies
      - media-downloads:/downloads:z # this is only needed if qbit-torrent is used. It must be added to remote path in the app(complete foler)
    environment:
      - PUID=1000
      - PGID=1000
      - UMASK=022
      - TZ=America/Chicago 
    restart: unless-stopped
    network_mode: service:arr-stack-gluetun
    depends_on:
      - arr-stack-gluetun


Stuff like this is why I moved my docker from unraid to a VM where I can use docker compose. Docker compose is really the only way to get a clean setup with complex stuff like this. That being said I recommend beginners use unraid. You don't need a full vpn for torrents, a socks5 proxy will be fine and doesn't require and special docker settings.

My setup uses traefik reverse proxy. Internal HTTPS (let's encrypte wild card) and external HTTPS depending on what I want.

It uses authentik for single sign on and in this case provides LDAP for jellyfin and also provides web authentication for arr services.

The glutun container can be configured with any VPN and all services can only access the internet via the VPN.

My NAS is unraid, my docker host is a VM on proxmox. Media files are stored on HDDs on unraid and everything else is on on the docker SSD. Volumes are connected to where they need to be via NFS shares.

There are limits for cpu and ram so one container can't bring everything down.

The containers themselves all communicate via their own docker network and only the reverse proxy (traefik) allows access to the UI.

[–] [email protected] 1 points 10 months ago

Thank you so much. I have spent so long trying to find this.

[–] [email protected] 1 points 10 months ago

Thanks for posting this for everyone. I also use docker-compose for all of my self hosted services and would recommend others to do the same.

[–] [email protected] 5 points 10 months ago

Well said.

The spirit of Self-Hosting is trying things and then asking specific questions when you get stuck (stuck includes having no luck using a search engine).

[–] [email protected] 21 points 10 months ago (2 children)

https://www.serverbuilds.net/ is a popular website online for folks building NASes at home. They’re fans of Unraid as well. They’ve got a Discord if you’re looking for something more interactive. Worth checking out. 👍

[–] [email protected] 1 points 10 months ago

Dang I wish I knew about this a month ago, I just built a NAS myself. Thanks for the link!

[–] [email protected] 1 points 10 months ago
[–] [email protected] 9 points 10 months ago

Unraid is great, I use it daily. I grew past it in some aspects, but it's a great starter OS.

Agree with other commenter. Don't discount backups. Unraid is not a backup. Plan to lose all of your data someday.

[–] [email protected] 7 points 10 months ago (1 children)

What OS are you planning on running? I personally use FreeNAS(TrueNAS) and largely love it. There's a steep initial learning curve, but it's not too high.

I run it in a VM inside of esxi so I don't need a lot of it's more advanced features. But I do have a jail with deluge in it to handle my torrents. Deluge isn't up to the task though so I may migrate to a separate VM with something else, or just make a new jail with a different client.

[–] [email protected] 1 points 10 months ago

They specified Unraid.

[–] [email protected] 6 points 10 months ago

Here's my advice. The most important things are that you have a free GPU slot and another PCIE slot on whatever you get. You're going to want a GPU for transcoding when disk space gets tight. You want the extra PCIE slot for a sas card. Disk shelves are surprisingly cheap, and you can keep adding disk that way. They daisy chain.

As far as the OS, I'm partial to Unraid and Truenas but seriously, anything you are comfortable with will work.

[–] [email protected] 4 points 10 months ago

I don’t use unraid by my advice for everyone is that you can’t have too many backups of data that you really care about, use the 3-2-1 rule at a minimum.

Also, welcome to your new hobby you will love and hate at the same time sometimes :D

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
HTTP Hypertext Transfer Protocol, the Web
HTTPS HTTP over SSL
NAS Network-Attached Storage
PSU Power Supply Unit
SSD Solid State Drive mass storage
SSL Secure Sockets Layer, for transparent encryption
VPN Virtual Private Network

5 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

[Thread #376 for this sub, first seen 27th Dec 2023, 00:45] [FAQ] [Full list] [Contact] [Source code]