At home, nagios, at work colleagues. (I finally escaped the admin rat race)

I have a Squeezebox Classic, so I started with Logitech Media Server. It’snnow slimserver (open source), so I use that. However, it’s pretty end of live, so I’m lookingbfora replacement as well for my player. (Love the device)

Sorry, totally forgot apparmor. On debian that thing can be nasty, I had to fix those rules as well for bind That was years ago and was added to my Puppet module, so I forgot.

Then those disks should have been wiped at the company before they were allowed to leave the building.

In defence, the power prizing here is a tad different, €0.45/KWh was the prize here. Also, when those disks are given away, they are usually smaller then the current standard and less efficient. On the other hand, those enterprise grade disks generate some heat, saving on the heating bill.

Sell them and buy low budget low power consumption disks that would fit my purpose.

Enterprise-grade usually has enterprise-grade power consumption. From the power saving alone you can buy nice stuff.

Second that. I’m glad RPis are finally supported.

You need to include the files in the zone file. Bind 9.18.18 is a mess with the changed DNSSEC setup, it broke my domains as well. I’t isn the bind documentation, so I have to refer you there. I have no access to my setup now (or my browser history) as I’m not at my computer.

Edit: managed to get in dns.

named.conf.local: zonefile needa to be the .signed file the unsigned zone file must have both keys included, best is via absolute path:

$INCLUDE "/etc/bind/keys/example.com.123456.key"

for both the ZSK and KSK keys. The include is to get the RRSIG entries.

I’ve setup my email via a VPN to my own server.

• DNS, mail, business web, cusromer web on VPSes (2, 1 primary, 1 secondary DNS only)
• Personal email, incoming and outgoing via VPS, personal websites (all static) on local system (RPi 4 8GB)

This gives the advantage that your outgoing email always comes from the VPS ip address (pick a VPS provider that is trusted) and when your line is down, incoming email is cached on your VPS. It’s a tad of double work, but pretty secure. Even connecting to my employer to work from home is not a big issue. (and that connection is limited to it’s own vlan)

Also, with this method, you can route the mail into your network via port 26 when 25 is blocked or even set an outgoing vpn to your VPS and route the email that way. You’ll be provider independent at home. (I even have a private ipv6 /48 via a tunnel broker)

You’ll need to work a lot on your knowledge though, without DNSSEC, SPF, DKIM and DMARC the big 2 (Google and hotmail) will refuse your email.

I’m running domoticz with an rflink interface for my rf433 devices. No clue if they support ESPHome, but you can check. It runs confined to my network.

Interesting to know. As of which version? RPi 4? I have to admit, I never tried it.

I know, and from network, but I haven’t put time into enabeling that. (and I have loads of < 1G SD cards that need to be used up anyway)

Depends. I used loads of ‘known brand’ micro SD cards and went trough them one per month. I ordered 2 KingSpec and ‘Kunup’ sticks, just to test. (june '20) Of each, 1 worked perfectly, 1 was not good enough for continuous use. The active Kingspec has been active for years now, but I use less then 20 GB of the 120 GB SSD. (Really need to clean up logs, OS shouldn’t use more then 5G, data is on NAS) The ones that were not reliable enough for continuous use are still in use for transport.

It worked here and proved a lot cheaper then replacing the SD card every month. As they are Chineese ‘unknown brand’, ymmv hugely. (and don’t buy something that will just fit, as trade GB isn’t IT GB and Chineese GBs vary even more) It however is always a gamble to buy something from the other side of the world. (but hey, every ‘known brand’ is made in China anyway now, so we already are hugely locked into that country)

What do you need?

I run 2 vps’es via Hetzner, 1 for dns (primary), mail and webhosting and 1 for dns (secondary). No javascript needed for those hosts. The web interface to the provider requires scripting to be able to order them and pay the monthly bill, but my sites run script free on Linux. The sites on there are plain text sites. (files edited with vi and uploaded to the dorresponding shell account)

BTW the vps’es are for a minute hosting company, works perfectly.

Then I’d go that route. Here all is on RPies, alas not the NAS, but those disks are almost always in sleep mode.

Small tip on the storage, go for a cheap SSD external (alie has a few for next to nothing), get at least 2-4, as reliability issues exists, but will show themselves within days or not. Only use rhe sd card to boot from, mount / from the ssd.

1 RPi and an ssd can runa while on a small UPS. (Need to get me one as well)

Then I’ll limit myself to the situation at work. ifupdown2 works great and doesn’t need replacing at home.

My main router here is a RPi4 with 4GB memory, Debian and an USB interface for the connection to internet. The switches are Netgear (324 and a gifted 724) and tthe main server is an RPI 4 as well, but with 8G mem.

That’s useful when you have a backup tool like TitaniumBackup (root needed) to do the backup locally to SD. That negates the need to sync to one of the 3 supported cloud platforms. (where a selfhoster wouldn’t want to store the data)

What are the rights of the directories? (dkim and postfix directory)

I see only r for group, not other, so I’m expecting /etc/postfix to be 750 as well for group postfix. (is opendkim user member of that group?) You need 751 (x for other on dir) to be able to get to directories in that directory.

Thanks, it was already a mess to figure out without systemd ‘defaults’ barging trough my settings. Maybe I;ll keep my personal setup as it is and only let systemd dat the interface names of the 2 physical interfaces and have the dependencies of services linked to the virtual device states. As long as I can ditch NetworkManager at work I’m totally happy.