I’m using Kopia with AWS S3 for about 400GB and it runs a bit less than $4/mo. If you set up a .storageconfig file it will allow you to set a storage level based on the file names. Kopia conveniently makes the less frequently accessed files begin with “p” so you can set them to the “infrequently accessed” level while files that are accessed more often stay in standard storage:

{
  "blobOptions": [
    {
      "prefix": "p",
      "storageClass": "STANDARD_IA"
    },
    {
      "storageClass": "STANDARD"
    }
  ]
}

I’ve been using OneDev. It’s really easy to set up, kinda just works out of the box

I use it in a homelab, I don’t need to apply prod/team/high-availability solutions to my Audiobookshelf or Mealie servers. If an upgrade goes wrong, I’ll restore from backup. Honestly, in the handful of years I’ve been doing this, only one upgrade of an Immich container caused me trouble and I just needed to change something in the compose file and that was it.

I get using these strategies if you’re hosting something important or just want to play with new shiny stuff but, in my humble opinion, any extra effort or innovating in a homelab should be spent on backups. It’s all fun and games until your data goes poof!

Komodo is a big topic so I’ll leave this here: komo.do.

In a nutshell, though, all of Komodo is backed by a TOML-based config. You can get the config for your entire setup from a button on the dashboard. If have all of your compose files inline (using the editor in the UI) and you version control this file, you can basically spin up your entire environment from config (thus my Terraform/Cloudformation comparison). You can then either edit the file and commit, which will allow a “Resource Sync” to pick it up and make changes to the system or, you can enable “managed mode” and allow committing changes from the UI to the repo.

EDIT: I’m not really sure how necessary the inline compose is, that’s just how I do it. I would assume, if you keep the compose files in another repo, the Resource Sync wouldn’t be able to detect the changes in the repo and react ¯\_(ツ)_/¯

I guess I don’t get that granular. It will respect the current docker compose image path. So. if you have the latest tag, that’s what it will use. Komodo is a big topic: https://komo.do

Not sure why Renovate is necessary when Komodo has built-in functionality to update Docker images/containers. I wish there was an option to check less often (like once a day), maximum time is hourly.

Also, if you’re using Komodo and have one big repo of compose files, consider just saving your entire config toml to a repo instead. You end up with something akin to Terraform or Cloudformation for your Docker hosts

My home network is called The IT Clowd with these devices:

• Moss - physical server
• Roy - physical server
• Jen - vm - main docker host
• Richmond - vm - *arr stack
• Denholm - vm - management, monitoring
• Douglas - vm - Home Assistant stack
• Basement - vm - development server

Give me the angry downvote all you want but, you are administering a system, you are literally a sysadmin

Kopia doesn’t get enough love, it’s awesome

I’m not looking to become a sysadmin

“I want to be an F1 racer but I don’t wanna learn to drive”

That’s what I heard you say

Yep, I think you’re spot on! Glad I asked, I don’t think I would’ve ever thought of that. Thanks!

When I turn off Wi-Fi, I’m not on the same network as my server, it’s my carrier network so all the internet hops are expected.

The way it’s working now is I have a domain (example.com) that is set up on cloudflare DNS. I added a tunnel in cloudflare zero trust, which generates certificates you add to your server to encrypt traffic from your server to cloudflare. I have added these to traefik to be served with my service url (service.example.com). Then, I added a route in cloudflare for service.example.com.

This works fine. But, what I’ve also done is add a local DNS entry for service.example.com so when I’m on my LAN, I access it without going out to the internet and back (seems like a waste). However, this is serving the origin server certs from cloudflare, which causes trust issues

I’m using docker for everything: traefik, cloudflared tunnel, and my services on the same hardware. The tunnel just runs, and it’s configured on cloudflare zero trust to talk directly to the container:port over the docker network.

That’s what I’m settling on. However, it’s not just about trust, some of the services I’m exposing deal with moving files and I’m mostly interested in higher speeds associated with local transfers as well as not using up my internet data cap.

You’re right, I’m using the cloudflare DNS challenge to get let’s encrypt certs. I’m definitely hitting traefik. I’m testing by turning the Wi-Fi on my phone off/on and opening the page after. I get the same cert every time but it’s not trusted when on Wi-Fi. This makes sense since it’s the origin server cert which is meant to encrypt traffic between my server and cloudflare. To add more certainty, when Wi-Fi is on, a traceroute shows only one hop to my server and shows a bunch of hops when it’s off.

Barring any Traefik tricks that allows me to accomplish what I’m after, I was thinking of going with your “third” option of just letting it use Cloudflare for everything but, I had to check with the experts first before just doing it.

I have some apps that complain or, in one case, flat out doesn’t work if the cert is invalid. I’ve been working around it (sort of) but it would be nice to have it set up “correctly” for once. If routing all traffic through Cloudflare is the answer, so be it ¯_(ツ)_/¯

If I use the Cloudflare origin server certs, the browser shows insecure and the message is “certificate not trusted” which is the same message as self-signed, if I’m not mistaken. I’m not sure what other details are relevant as I’m still new-ish to the networking portion of this home server thing. I’m happy to answer any questions if you suspect something.

I’m not using self-signed anymore, I’m getting them from Cloudflare via DNS challenge

My guess is they’re referring to these release posts with zero detail.

“KelmRigger new release!” means nothing to anybody that’s never heard of it. At least add a sentence to say what it is rather than make everyone go look it up.

I needed something dead-simple to keep homelab documentation. If it’s not simple, I probably wouldn’t keep up with changes. I landed on An Otter Wiki https://github.com/redimp/otterwiki