Cool, I recommend it!

I have my public facing reverse proxy point to my public services, and I also have it set up as a “roadwarrior” VPN to my home. So, I can connect my phone via WireGuard to my VPS, and a local DNS resolves my private services to the private IP addresses in my home network (so, I also run a reverse proxy on my server, for internal services).

I also have an off-site backup using this — just a raspberry pi and an HDD at family’s, that rsyncs+snapshots over the WireGuard network.

I’m sure I’m not following all the best practices here, but so far so good.

VPS with a public ip (which just takes all the fun out of selfhosting)

Why do you say this? My VPS only runs a reverse proxy and WireGuard, with all services hosted on my computers at home.

Remember that RAID and redundancy is not backup.

Try to 3-2-1, or something similar/better, if you can.

I am fairly sloppy here, and I am also very cheap. I have multiple copies in my home for important stuff (mainly Immich), the in use copy being on SSD and a few backups on spinning rust. I have a raspberry pi with an external HDD at family’s place, with a daily rsync+snapshot, for off site backups.

Of course, I’ve never had a catastrophic failure, so who knows how smooth that would be…

Maybe take a look at Outline. (Not affiliated, but I host it for myself.)

I also host KitchenOwl, but mostly just as a grocery list.

Link(s) in post contain punctuation and break, at least on my client. Here’s the codeberg link (working);

https://codeberg.org/BobbyLLM/llama-conductor

https://www.superbowl-ads.com/1997-tabasco-mosquito/

Best ad ever IMHO (sorry for funky link, YouTube if you prefer).

No dialog, no rampant consumerism (hot sauce is a necessary food), no sex/sexism, no emotional manipulation.

From link:

NOTE: The script is broken, DO NOT ATTEMPT TO USE THE SCRIPT NOW. Attempting to run it may get your account flagged stopping you from trying face verification either temporarily or permanently, forcing you to use your ID.

pr: https://github.com/xyzeva/k-id-age-verifier/pull/12

Or, malicious compliance by someone with a moral compass. Best is to somehow leak documents wholesale. But if that’s not possible, I think the next best way to all but guarantee that the information gets out is to do a lousy job censoring, and let “The Internet” do the rest. It also makes the administration look even more stupid, especially in the eyes of technically minded folks.

But yeah, not the best and brightest, that’s certainly a possibility.

I would probably add “transmit power” in there somewhere, but I guess if you’re assuming regulatory limits then it’s not a big variable.

Not sure how serious your comment is, but I could certainly imagine Microsoft introducing new dependencies/hooks/all-executables-must-support-copilot, etc., that break compatibility faster than Wine can keep up. Glad to hear that’s not the case!

For old stuff though…yeah, I’d hope it’s not moving backwards :)

200MWh is about 1/100 of Little Boy, the atomic bomb dropped on Hiroshima.

Compressed air can get out all at once given the right circumstances.

Storing energy in a way that can go boom is something I’d be a little scared of, were I a nearby resident. I’m sure thermal batteries can have gnarly failure mechanisms but I would way rather live near one of those than a giant compressed air cylinder.

Maybe not a service in the typical sense, but setting up your router+server to route your home network traffic through a VPN is a fun project.

My router (MikroTik) supports WireGuard, so I can use it with Mullvad for the whole house—but wg is demanding and it’s a slow router, so while it can NAT at ~1Gbps, it can’t do WireGuard at more than ~90Mbps. So, I set up WireGuard/Mullvad on a little SBC with a fast processor, and have my router use that instead. Using policy based routing and/or mangling, I can have different VLANs/subnets/individual hosts selectively routed through the VPN.

It’s a fun exercise, not sure I implemented it in a smart way, but it works :)

If you search around you might find free ones. Oracle has/had a free tier (though it’s Oracle, so…).

Yes, but you can run multiple VPS, from different providers, simultaneously.

What I like is that while it does depend on an external provider, it doesn’t depend on a specific external provider. Any VPS with a public IPv4 would work.

VPS+VPN, this is what I do.

VPS has public IP and runs WireGuard “server”* and a reverse proxy (and fail2ban…). Reverse proxy points to my home computer over the WireGuard link. No open ports on my home router.

For private facing/LAN-only services I just don’t have an entry in the VPS reverse proxy. DNS on the router points everything to my local server, so if at home I access everything directly. To access internal services remotely requires VPN (i.e., WireGuard to the VPS).

Works well; I have a tiny free tier VPS but even so, no complaints.

*Yes I know there are no wg clients or servers, only peers, but it plays a server-likr role.

I used Photoprism years ago, so my knowledge is probably pretty outdated.

My experience of Photoprism was that mobile was not tightly integrated. At the time I used Syncthing to sync photos — it worked ok for me, but I wasn’t going to set it up on my partner’s phone, for example.

Immich Just Works on both mobile and desktop. Multi user is great, sharing is great, and the local ML and face detection work remarkably well.

Whatever works for you is the best of course! Immich fits the bill for me, and it was very much worth it for me to “buy” it.

Regarding DNS servers, what router do you have? Some routers have simple enough DNS capabilities — I have a MikroTik, and have it set up with DNS entries for internal services (including wildcard). Publicly accessible services just use my registrar’s DNS (namecheap — no complaints).

I’ve been really impressed with Immich, can’t recommend it enough.

I’d put substitute first, but yours sounds better :)

(I’m a big Immich fan, and I’m taking and sharing photos more than ever before, in part because Immich is awesome, self hosted, and open source [the other part is that I have kids now so I’m taking way more photos that grandparents want to see].)

On low end CPUs you can max out the CPU before maxing out network—if you want to get fancy, you can use rsync over an unencrypted remote shell like rsh, but I would only do this if the computers were directly connected to each other by one Ethernet cable.