Today I set up my old laptop as a Debian server, hosting Immich (for photos), Nextcloud (for files), and Radicale (for calendar). It was surprisingly easy to do so after looking at the documentation and watching a couple videos online! Tomorrow I might try hosting something like Linkwarden or Karakeep.
What else should I self-host, aside from HA (I don’t have a smart home), Calibre (physical books are my jam), and Jellyfin (I don’t watch too many movies + don’t have a significant DVD/Blu-ray collection)?
I would like to keep my laptop confined to my local network since I don’t trust it to be secure enough against the internet.
edit: I forgot, I’m also hosting Tailscale so I can access my local network remotely!
Just from the top of my head:
- Navidrome (Music)
- Audiobookshelf (Audiobooks)
- Paperless-ngx (documents)
- Joplin (notes, lists and more)
- Komga (comics)
- Mealie (mealplanner, recipes, shopping lists)
Edit: I left out some stuff that you or others already mentioned. But here’s the extended list so I can copy/paste this if someone else asks in the future.
- Immich (photos)
- Home Assistant (home automation)
- Jellyfin (Movies, TV series and more)
- Calibre & Calibre-Web (ebooks)
- Pi-hole (DNS sinkhole)
- Vaultwarden (password manager)
- Nextcloud (data sharing)
- Homarr (Dashboard)
- Headscale (Tailscale Server)
Honorable mention:
- Proxmox (Hypervisor)
- Portainer (Container Management) - I know a lot of people wouldn’t recommend it for various reasons, but works alright for me
As someone who works in security, I don’t personally recommend self hosting your password manager unless you’re planning on never opening it up outside your network or you’re willing to be on top of all potential security issues. These are your account credentials we’re talking about. You WANT them safe, and the people paid to make sure they stay secure are likely going to do a better job than you.
Why not Jellyfin for music? I’m curious as I run plex and Plexamp myself but have been considering switching over to Jellyfin for media.
I use Navidrome for music because Jellyfin’s Android TV client still can’t handle playlist lengths above 300 songs.
Jellyfin is quite capable for music, however Navidrome has a much better client ecosystem. Personally I use the Finamp beta on mobile as it does everything I want and is quite stable, but if you want Android auto/apple carplay you will have to use a client that isn’t as reliable or proprietary (paid.
I’ve set up navidrome a long time ago, way before I’ve started using Jellyfin. And it just runs like a charm paired with some great clients for the subsonic ecosystem. So honestly it never even occurred to me to use Jellyfin for music.
I use Jellyfin for movies and TV shows, but never tried for music because I already had Navidrome set up. It is so good, really one of my all-time favourite pieces of software. It greatly repays a well-tagged collection, relying on embedded metadata only. Not sure how Jellyfin works here, maybe there is some ability to scrape album info from online sources (?), but I believe it’s pretty strict about directory structure (one folder per album), which Navidrome doesn’t care about.
That’s a big list. I already use joplin, but never knew you could self-host syncing! I’ll do that then :D
- AdguardHome/Pi-Hole (for DNS Filter)
- DrawIO (MS Visio equivalent)
- Invidious (Youtube privacy frontend)
- SearxNG (Google Privacy frontend)
- Vaultwarden (Self-hosted Bitwarden server)
- Miniflux (RSS Reader)
- linkWarden (Link aggregator)
Also, checkout https://selfh.st/apps/
- SearxNG (Google Privacy frontend)
SearXNG is more than just a front end for google search, it’s an aggregator, if configured properly can collect results from Bing, Startpage, Wikipedia, DuckDuckGo, Brave.
Yacy is a web crawler/search engine that IIRC you can self host and use as a SearXNG backend
That’s correct. Thanks for the correction.
I’m no expert, but I read that self hosting your own instance doesn’t actually help with privacy since the search providers still track those requests and if you’re the only one using it, that’s just tracking you with extra steps.
Of course if you use a public instance, you have to then trust that the instance isn’t tracking you
While true, they still collect data on the results hosting your own instance can prevent you from hitting rate-limits as often.
Unless you are routing traffic through a VPN.
I just recently started routing mine through a gluetun container, but now I’m hitting timeouts pretty consistently. Not sure if there’s a solution to that or just deal with it.
For which self-hosted app? Invidious?
Gotta be better than being tracked everywhere… and of course I personally use a vpn (and encrypted traffic to the server)
How safe is it to self host something that you open up to the web? I’ve been thinking about a keepass self host, but I need it to be accessible from anywhere… I’m just really worried what that does once you open up your local server to the world
If you want to expose a container based service just for yourself over internet, you can -
-
If you have static IP4 or IPV6 - Setup Wireguard VPN on your homelab/server, and wireguard client on client devices[1].
-
If you are behind NAT or CGNAT - either Cloudflared Tunnel[2] or Tailscale[3].
In either scenarios, you need to setup firewall of your server to allow connection from LAN to port of your docker container/services. By default you should set your firewall to block all incoming request from anywhere except LAN.
I’m personally using Cloudflared Tunnel, but planning to migrate to Tailscale.
[1] https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04
[2] https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/
-
- Paperless if you want to keep your digital documents organized.
- Jellyfin/Navidrome for music streaming if you have a collection.
- AudiobookShelf for streaming & tracking progress of audoobooks if you have a collection.
- Kitchenowl for organizing your household (expenses, shopping lists, recipes, planning meals)
- FreshRSS for RSS-Feeds (News, Blogs etc)
- LinkDing for Bookmark Management
- Game-Servers (like Minecraft or others)
EDIT:Added Linkding & GameServers
Are you using Kitchenowl for storing recipes? If so, what’s your experience with it?
I’ve tried Tandoor, the common suggestion for recipe management, but I’ve found it too clunky to add recipes to. I like the concept, but it would take a long time to move all my recipes into the specific format they use, and the web UI does not make things easier.
Worth checking out Mealie, too. Can’t say how it compares to Tandoor or Kitchenowl but I’ve been happy with Mealie for years now.
My experience with the function is limited, but I think it’s decent. Markdown support, import from websites etc. If you add the items to the recipe with their amounts and then write them out in the text it automatically give you the amount you need based on the portions specified.
On app.kitchenowl.org you can create a demo-user and household. Within that, you can try the recipe function. Sign up requires a mail-address, but it does not need to be a valid one.
You may or may not be a developer, but I would like to vote for Gitea/Forgejo. Should you ever get a grasp of git, a git forge is great for keeping code and even plain text documents recorded. It’s my favorite self-hosted service by far.
It can even operate as an OIDC server, so you can create a single login for all your services (that support OIDC).
I’ll also recommend Grist, an alternative to Google Sheets (and Notion, I believe?). It’s a web interface to spreadsheets that supports Python code as formulas. (I’ve also tried Nocodb, another Notion alternative, and I much prefer Grist.)
I love Grist!
My wife and I were frequent Google Sheet users and since a few years ago we started using Grist a lot. We tried some other alternatives before, but none of them felt even close to right for us.
I am, indeed, a developer. I might try locally hosting Gitea/Forgejo as an extra backup. I assume you can have multiple “origins” in git, right? That means I can back my repository to both codeberg and server.
Grist seems pretty cool too.
Absolutely! I have used multiple origins for posting my projects to Gitea/Forgejo and GitHub. You can also mirror repositories from one site to another, too, although it requires a clean slate for pulling from another remote.
The biggest use case for me is documenting (as code) my home network setup on my private forge.
Should I get Gitea or Forgejo? Forgejo seems to be a more free/libre fork of Gitea, the latter of which is influenced by a for-profit company. Is Forgejo functionally equivalent to Gitea, and if not, what are the differences? If they are basically the same I would probably go with Forgejo over Gitea. Is Forgejo’s documentation and setup similar, better, or worse than Gitea?
Forgejo is a fork from gitea that is made for us. Forgejo is the new gitea.
There was some licensing or something, some kind of disagreement I don’t recall. Forgejo is the one that is still free and open source.
I haven’t looked much into the differences, but from my brief research, it appears that Forgejo has just recently updated such that migration from Gitea is no longer possible. I knew that they had become a “hard” fork last year but it has now diverged.
From a feature standpoint, I know that Forgejo is working on Fediverse integration. Beyond that, I think the differences are less apparent.
So to answer your question, I use Gitea and have for a long time. They’ll still remain MIT-licensed even if it’s no longer fully open source. However, the owning company can (and may) cease open source development. If I had known of Forgejo breaking away earlier, or if I were a new user, I would have probably started with Forgejo. That’s my recommendation.
How about installing a downgraded instance solely for migration and then upgrading it?
To my knowledge, there is 1 feature that forgejo has that gitea doesn’t: it can generate a new ssh key for you at the click of a button that can be used to push repo changes to another git forge.
I have several personal repos on my forgejo instance that are each setup so that they mirror themselves onto my Codeberg account at noon every day.
I also have a gitea instance on a raspi on my local network that itself will push out changes on certain repos to the (public-facing) forgejo instance.
I can push and/or pull to any of the three origins as needed, but usually I just push to the gitea when I’m at home and the forgejo when I’m not, and let the mirroring take care of propagating changes to Codeberg.
update: I’ve installed forgejo! Super easy once I figured out I had to create a new user. I’ve set up a second origin for my repos called “local”, since it will be a nice local backup for all my code.
I have mine configured with my SSO (Authentik) for login. It’s nice being able to single pane login, and for services where it makes sense, utilize the LDAP outpost feature to login with the same username and password at least (Jellyfin, calibre-web).
Actual Budget is an open-source envelope-style budgeting tool similar to YNAB. It has a self-hostable syncing service so that you can manage your budget across multiple devices.
The reason you might want to do this is that it’s probably easier to do full account review sitting at your computer, but you might want to track expenses/receipts on your smartphone while you’re away from home.
Actual has been great for my partner and me. Highly recommend!
Maybe Pihole/Adguard home?
Host a pangolin reverse proxy on a free oracle cloud VPS! It’s super nice to redirect online traffic to a LAN resource, that way you can share your home lab with friends and family without having to forward any ports or loosen your security posture.
https://blog.thetechcorner.sk/posts/Connect-to-your-homelab-over-CGNAT-with-tunnels-homelab-2-0/
I also highly recommend this suite of tools for downloading and streaming legal media via torrent because I would never endorse piracy.
From what I have seen, oracle is not a good host. They randomly delete servers for no reason. I’d steer clear of oracle
I don’t trust oracle at all. The guide uses them because they’re free (It includes a business generator so that oracle doesn’t reclaim your box)
I personaly went with IONOS because they have a 2.99 plan with unlimited bandwidth which is great for pangolin as that’s routing traffic for my “media” box
That’s because they are free. You really do get what you paid for - or not in this case. It’s in the t&c’s too
I know. I’m just saying, don’t use them if you don’t want ot constantly reinstall your server
can I ask what is the advantage of radicale over nextcloud calendar sync?
I’m thinking about moving my Nextcloud calendars and addressbooks to Baikal. Why? Because I like one “tool for one thing” better than “one tool for everything”.
Small update: Today I moved to Baikal successfully.
It’s missing some features, I noticed.
- There are no shared addressbooks, so a shared user is needed. Addressbooks also cannot be read-only.
- There is no birthday calendar. There is a Python script for MySQL to run from cron. I ported it to PostgreSQL today.
that makes sense, not having all your eggs in one basket.
I hosted radicale first so already had my events sorted out. Wasn’t really bothered moving them again. Also, I like radicale, it’s simple and it works.
As you mentioned Immich, Nextcloud and Radicale - don’t forget to make regular backups. If you haven’t automated them, that’s your next project now ;)
Yes, back up your stuff regularly, don’t be like me and break your partition table with a 4 month gap between backups. Accomplishing 4 months of work in 5 hours is not fun.
that seems quite important, I’ll do that then!
Just a quick add on: not only do and automate backups - do also test them every now and then.
And don’t think that you can just back up using a file-copy process. These things have databases that also need to be backed up. It’s not as simple as it first seems.
Source: been selfhosting for an embarrassingly long time without any backup!
How do I set up backups for Immich, Nextcloud, and Radicale? I see lots of different options, I can’t pick!
I only host Nextcloud in an old setup (read pure PHP, MariaDB, Apache - no docker, etc.)
That server is set-up to be snapshotted daily. Also there’s a script running about 30 min before each snap shot that will also dump the database to disk (as otherwise the snapshot might contain a random state of the database). It’s not perfect, but it works - also because everything of this is done in the night, when I do not use the system, so chances are really low, that the snapshot of the disk and the database dump in it are not desynchronized too much.
I do not know what’s the best practice for a modern Nextcloud setup with docker is or how to handle the other two…
Paperless-ngx - it allows you to upload important documents like receipts, contracts, etc. and uses OCR so you can search them
I’m absolutely loving immich. Definitely check it out. Via Docker compise is a breeze.
I’m already hosting Immich, I feel it was the most painless to set up out of the three. There was a weird error with python modules with radicale and Nextcloud was a bit more complex to set up, but they were all relatively easy to get started with.
I particularly like Immich’s mobile app. I just clicked a few buttons and BOOM all my photos are backed up (you can even change what albums to include and exclude, and duplicates are automatically removed e.g. if you have the same photo in multiple albums)
Just as a side node, make sure to backup your immich / nextcloud services too.
yep, will do that. That seems really important
Well, backups aren’t important at all,until you need them. Like insurance - you’re screwed if you don’t have any when trouble strikes.
I run a small setup on a seperate server segment (2nd router behind my main router) so it is on the internet. I run nextcloud, an dendrite and conduit instance (matrix chat-server servers), a mastodon and go-to-social instance (fediverse), bitwarden (password manager), and others.
If there is a service that you do not want to be publically accessable by everybody but you do want to access from everywhere on the internet yourself, check out client-side TLS (https) certificates. The server does is accessable from the internet put only people who have a TLS certificate on their client signed by you can access it. For services that do not require incoming connections from other machines (e.g. nextcloud, bitwarden, … but no federated services like matrix-chat or the fediverse) that is a very good option to protect your servers.
Snikket is easy to host in a docker container. You would have your own internet messenger for friends and family. Snikket is based on the xmpp protocol thats been around for 20 years, is tried and tested and very lightweight and does take very few resources on your server. things like Nintendo’s messenger and WhatsApp are xmpp based).
what is your favorite app for android?
we like conversations, but our phones don’t treat it like a regular calling app. navigation and music still play over the conversation phone call.
I use conversations on android as well. I think it’s the best app for android. You can ask in the conversations support channel for help, there are very knowledgeable people around:
Vaultwarden
I personally prefer keepass and really don’t trust my server to be secure enough with all my passwords…
Haha, I don’t trust my own server either, but I don’t trust anyone elses even more.
hence keepass :D
might set up syncthing too so I can sync my passwords p2p…
Home Assistant? Maybe a homepage like Heimdall or some other dashboard? Maybe Uptime Kuma to notify you when your services go down? Definately a pihole or adguard home. Biggest quality of life improvement. It’s the biggest thing my wife notices and approves of. She audibly groans in disgust when she leaves the LAN on her cellphone and sees all the ads and garbage that had previously been blocked. My pihole dashboard show 70% of the requests are blocked on my LAN. And everything works great.
If she has an Android, you can use the DNS blocker in ReThink to do something similar to pihole outside of your LAN. That’s what I use. There are others, but ReThink is pretty good and has lots of other stuff it can do as well, or just use the DNS option.
