I did have backups, it was an easy fix. I had a pihole -up on a crontab for years, probably not the best idea :)

FW rule accept :53 from pihole only, deny :53 from all. I had some devices with hardcored DNS settings (8.8.8.8).

Pihole 6 broke my DNS (dnsmasq), and since I had a fw rule in opnsense to only use pihole’s DNS, and deny public DNS access, it was an early rise for me :)

Why not just use forgejo’s actions and runner?

I use lidarr + jellyfin + symfonium (android), and that works for me. I mainly listen to full albums, and don’t play around with playlists or recommendations though. I get flac quality and lyrics, remote access to my home-lab via VPN (no offline sync), Android Auto support…

Check out crowdsec. Like fail2ban, but with crowdsourced lists on top.

I did not know about opencloud.eu, and now I’m intrigued. I was always looking for a simple Google Drive alternative, but Nextcloud was too much. Will definitely keep an eye on it.

Got a .cc for my home-lab, and a very cheap .li for a website I’m building. Other than that i got .de, .eu and .com for my name and my kids names. Don’t know if they’ll ever use them, but meh, a .de is a few cents per month.

I use Wireguard, so when I am outside, connected to my VPN, I use the internal DNS (pihole) for accessing internal network services using their fqdn.

Like other people suggested here, use opnsense instead of pfsense, and wireguard instead of openvpn. What I did for my homelab was to get a used HP t620 thinclient and an Intel 350 card with 2x 1gbps ports. You say you have 10gbps, so you would need a card that can handle that, and maybe a beefier CPU. For my setup, this tiny 65€ machine is not even feeling it. Single digit cpu usage for 2 wireguard connections, a little over 1GB RAM usage for a handful of services. I think for you an n100 with 4gb of ram is more than enough, but going for 8gb will be better and it will not be much more expensive.

:| gosh… I’ll go back to edit it.

For live monitoring (not offline!), maybe dozzle can help?

I know about pbs, I even have an IP set aside for it :) I do have the built-in proxmox backup function take nightly snapshots or my important vms to my nas, but I don’t have anything really put together. Also, nothing for my nas itself. It is configured in a raid 5, but as we all know, raid is not backup :)

One day, after I am done with [insert reason here], I will have a bad ass, well thought out backup solution.

My backup concept is on the to-do list. Been there for a couple years. I do have triple pihole/caddy/haproxy/redis for high availability on a triple node proxmox cluster! necessary? no. cool, though? heck yeah! friends and family impressed? uhm… what was the question?

I use the reporting tools on my opnsense box.

 igb0  /  yearly

         year        rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
          2023     33.97 TiB |   22.90 TiB |   56.87 TiB |   15.86 Mbit/s
          2024    110.69 TiB |   32.26 TiB |  142.95 TiB |   39.76 Mbit/s
          2025     22.20 GiB |    7.14 GiB |   29.34 GiB |    4.35 Mbit/s
     ------------------------+-------------+-------------+---------------

I’m actually doing the opposite :)

I’ve been using vms, lxc containers and docker for years. In the last 3 years or so, I’ve slowly moved to just docker containers. I still have a few vms, of course, but they only run docker :)

Containers are a breeze to update, there is no dependency hell, no separate vms for each app…

More recently, I’ve been trying out kubernetes. Mostly to learn and experiment, since I use it at work.

What do you mean it’s hard to update containers?

How is duckdns unreliable? I use it just to have wireguard access, been using it for years. Just curious about your issues…

Look into mattermost. Quite powerful, and free.

We’re using a self hosted Nexus instance at work. You probably don’t need all the features it offers, but it does its job really well. For free, too.