Let's tinker around and accidentally break something.
this post was submitted on 13 Mar 2026
1335 points (99.0% liked)
Selfhosted
58044 readers
1282 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
"Damn, I've got this Debian server shit down. I wonder how an opensuse server would work out"
*installs tumbleweed*
True story
load more comments
(1 replies)
Have you tried introducing unnecessary complexity?
If you know how your setup works, then that's a great time for another project that breaks everything.
Saturday morning: "Incus and podman seem interesting. I bet I could swap everything over while the family is out this afternoon"
Sunday evening: "Dad, when will the lights work again?"
“Dad, when will the lights work again?
As soon as selinux decides I have permission.
load more comments
(2 replies)
Infrastructure diagram? No! In this homelab we refer to the infrastructure hyperdodecahedron.
load more comments
(3 replies)
load more comments
(3 replies)
When's the last time you checked if your backup solution works?
But if my backups actually work then I miss out on the joy of rebuilding everything from scratch and explaining to my wife why non of the lights in the house work anymore.
load more comments
(1 replies)
Yesterday! Switched my media server from freebsd to alpine and got the arr stack all set up using the backup zip files
Backup? Psh... That's what the lab is for.
load more comments
(4 replies)
logging is probably down
You do, of course have a dedicated rsyslogd server? An isolated system to which logs are sent, so that if someone compromises another one of your systems, they can't wipe traces of that compromise from those systems?
Oh. You don't. Well, that's okay. Not every lab can be complete. That Raspberry Pi over there in the corner isn't actually doing anything, but it's probably happy where it is. You know, being off, not doing anything.
load more comments
(2 replies)
You have remote power management set up for the systems in your homelab, right? A server set up that you can reach to power-cycle other servers, so that if they wedge in some unusable state and you can't be physically there, you can still reboot them? A managed/smart PDU or something like that? Something like one of these guys?
Oh. You don't. Well, that's probably okay. I mean, nothing will probably go wrong and render a device in need of being forcibly rebooted when you're physically away from home.
load more comments
(9 replies)
Time to start documenting it!
At 71, I have to document. I started a long time ago. I worked for a mec. contractor long ago, and the rule was: 'If you didn't write it down, it didn't happen.' That just carried over to everything I do.
load more comments
(5 replies)
NEVER1!!!11!!
load more comments
(1 replies)
Have you already tried implementing an identity provider like Authentik, so you can add OIDC and ldap for all your services, while you are the only one that’s using them? 🤔
Behind a traefik reverse proxy with lets encrypt for ssl even though the services aren’t exposed to the internet?
Don’t forget about Anubis and crowdsec to make it even safer inside your LAN
To be fair a lot of apps don't handle custom CAs like they should. Looking at you Home Assistant! 😠
load more comments
(1 replies)
Probably a good idea to switch over to WPA-Enterprise using Authentik's RADIUS server support and let all of the users of your wireless access point log in with their own network credentials, while you're at it.
Hey my wife uses some of them too!
All of those systems in your homelab...they aren't all pulling down their updates multiple times over your network link, right? You're making use of a network-wide cache? For Debian-family systems, something like Apt-Cacher NG?
Oh. You're not. Well, that's probably okay. I mean, not everyone can have their environment optimized to minimize network traffic.
load more comments
(2 replies)
The comments in this thread have collectively created thousands of person-hours worth of work for us all...
Don't worry, you're one Docker pull away from having to look up how to manually migrate Postgres databases within running containers!
(Looks at my PaperlessNGX container still down. Still irritated.)
load more comments
(2 replies)
Actually, one thing I want to do is switch from services being on a subdomain to services being on a path.
immich.myserver.com -> myserver.com/immich
jellyfin.myserver.com -> myserver.com/jellyfin
I'm getting tired of having to update DNS records every time I want to add a new service.
I guess the tricky part will be making sure the services support this kind of routing...
Why are you having to update your DNS records when you add a new service? Just set up a wildcard A record to send *.myserver.com to the reverse proxy and you never have to touch it again. If your DNS doesn't let you set wildcard A records, then switch to a better DNS.
load more comments
(8 replies)
Wildcard CNAME pointing to your reverse proxy who then figures out where to route the request to? That's what I've been doing - this way there's no need to ever update DNS at all :)
I find the path a bit clunky because the apps themselves will oftentimes get confused (especially front-ends). So keeping everything "bare" wrt path, and just on "separate" subdomains is usually my preferred approach.
load more comments
(4 replies)
You have an intrusion detection system set up, right? A server watching your network's traffic, looking for signs that systems on your network have been compromised, and to warn you? Snort or something like that?
Oh. You don't. Well, that's probably okay. I mean, probably nothing on your network has been compromised. And probably nothing in the future will be.
load more comments
(1 replies)
Never run:
docker compose pull
docker compose down
docker compose up -d
Right before the end of your day. Ask me how I know 😂
compose up will automatically recreate with newer images if the new one were pulled. so there is no need for compose down btw
load more comments
(1 replies)
load more comments
(1 replies)
I should do some breaking network changes... While tunneled in.
“Yes, while connected to my wireguard server through port 123 here from my Chinese office, I should probably try to upgrade the wireguard server. That’s a great idea!”
Ask me how I know.
load more comments
(2 replies)
All of your systems are set up, but are they capable of being redeployed using a configuration management software package? Ansible or something like that?
Oh. They're not. Well, that's probably okay. I mean, you could probably go manually reproduce configurations, more or less.
You have all your devices attached to a console server with a serial port console set up on the serial port, and if they support accessing the BIOS via a serial console, that enabled so that you can access that remotely, right? Either a dedicated hardware console server, or some server on your network with a multiport serial card or a USB to multiport serial adapter or something like that, right? So that if networking fails on one of those other devices, you can fire up minicom or similar on the serial console server and get into the device and fix whatever's broken?
Oh, you don't. Well, that's probably okay. I mean, you probably won't lose networking on those devices.
load more comments
(1 replies)
Can't believe nobody here mentioned nixOS so far? How about moving all of your configs in a flake and manage all of your systems with it?
I made a git repo and started putting all of my dot files in a Stow and then I forgot why I was doing it in the first place.
load more comments
(2 replies)
load more comments
(2 replies)
Then it turns out your monitoring system failed and FUCK IT'S BEEN A MONTH SINCE THE LAST PROPER BACKUP
load more comments
(5 replies)
You have squid or some other forward http proxy set up to share a cache among all the devices on your network set up to access the Web, to minimize duplicate traffic?
And you have a shared caching DNS server set up locally, something like BIND?
Oh. You don't. Well, that's probably okay. I mean, it probably doesn't matter that your devices are pulling duplicate copies of data down. Not everyone can have a network that minimizes latency and avoids inefficiency across devices.
load more comments
(1 replies)
Do you have a spinning fish display in front of your homelab server, right? We all know the spinning fish improves performance and security, it is a indispensable part of homelabbing
load more comments
(1 replies)
Buy a UPS and setup a NUT server on the spare raspberry pi you have lying around.
heck i really wish we could all throw a party together. part swap, stories swap. show off cool shit for everyone to copy.
help each other fill in the missing pieces
y'all seem like cool peeps meme-ing about shit nobody else gets!
time to test the backups!
load more comments
(3 replies)
view more: next ›