I like named volumes, externally created, because they are less likely to be cleaned up without explicit deletion. There’s also a few occasions I need to jump into a volume to edit files but the regular container doesn’t have the tools I need so it’s easier to mount by name rather than hash value.
I did this and the fun thing about it is that your runner can access things inside your network that a regular GitLab runner can’t. I’ve used it to manage a k8s cluster that isn’t exposed to the Internet at all.
I don’t think it necessarily needs to be either or. Organizing the playbooks and folders myself can be stressful so an extra layer of organization might work best for you. There are other tools like Semaphore that are specifically built for Ansible executions though. Might need a lot of duct tape for Jenkins to run Ansible.
And if you’re not a fan of yaml you can always nope out and embed shell scripts into your Playbooks. You can even put Docker compose yaml inside a playbook but it’s a bit inception-y and I don’t really recommend that.
Ansible is nice but I’ll repeat (as I said in another thread) it’s kind of advanced and gives a much better return on investment if you manage several hosts, plan to switch hosts regularly, or plan to do regular rebuilds of the environment.
Programming is generally not needed when self-hosting. At best you might learn Ansible, Puppet, Salt, or Terraform, but that’s for advanced scenarios (e.g. easily shifting the workloads between machines or into the cloud).
Learning the ins-and-outs of containers will get you the biggest return on investment. They’re not strictly necessary but most tools will expect that is the common use-case and the community won’t be as much help. Until you know more about containers I would also recommend Docker over Podman. It has a few more “conveniences” than Podman and orgs like LinuxServer will target Docker as the engine.
Right. When a request comes in, Traefik, for one, will hold the connection until the service is back up then forward the request as usual. This works for UIs as well. You’ll get a temporary loading page then redirected to the requested UI when the service is up.
It probably would work well with those as long as the startup time was quick (my containers come up almost instantly) and the initiating clients can handle a bit of latency. I didn’t notice any hiccups in my use at all.
Not useful on its own but https://sablierapp.dev/ was really useful for me in getting back resources from some of the heavyweight containers I use. For those unfamiliar with it, Sablier can stop containers that go idle and then spin them back up automatically when a request comes in. It requires Traefik, NGINX, or Caddy running always so it could complicate your server but for me I couldn’t do without it.
It’s not fully selfhosted but I did setup my own runner that integrates with their site.
Maybe a dumb question but what kind of case do you have? Hopefully not metal because I had some crazy wifi behavior before I realized the case was either dampening the signal or capturing too much noise.
Hoping it remains viable for a long time without updates. Syncing my KeePass database is really key for me. I need to fluidly add and read passwords from at least 3 devices.
DebOps my dude.
In a similar situation. I was using Open Media Vault but it has some networking bug that I just can’t nail down or work around. I have to manually fix the networking every time it breaks. Otherwise I barely used OMV features and did most things through Docker. I’ll be switching to Diet Pi and probably Ansible unless I feel like learning Puppet.
They’re very similar so you pretty much can’t go wrong. Podman, I believe, is more secure by default (or aims to be) so might run into more roadblocks with its use.
The n100 and n200 have quite low TDP values for much better performance than a Pi.
As a long-time user, not at all simple.
Reading a post on the LE forum it sounds like smallstep might be closer to what I need.
Is this only for public facing services then? I have little desire to expose my services except through tailscale or something like that.
Any recommended “quick start” guides for LetsEncrypt? I get hung up trying to actually understand the process but I should just nut up and get it done.
In addition to other advice you could also use SSH over Wireguard. Wireguard basically makes the open port invisible. If you don’t provide the proper key upfront you get no response. To an attacker the port might as well be closed.
Here’s at least one article on the subject: https://rair.dev/wireguard-ssh/