Maybe your own adblocker, I thought about doing that myself, I use the public one from adguard on my phone (dns.aguard-dns.com) but having it on your own device would be pretty slick perhaps. But thinking about it more, Google wouldn’t just let you use an internal IP for the private DNS. I have tried it with my locally hosted adblocker and it rejects it.
Or you could set up a dashboard like Homepage or Dashy, or Flame or ? Ultimately, your imagination would do! :)
NFS4 I don’t think its obsolete.
I use it for my Desktop computers to connect to the server. All of my systems use Linux so that’s my primary use. They backup to the server nightly.
I discovered about a few months ago that XCP-NG does not support NFS shares which was a huge dealbreaker for me. Additionally, my notes from my last test indicated that I could not mount existing drives without erasing them. I’m aware that I could have spun up a TrueNAS or other file sharing server to bypass this, but maybe not if the system won’t mount the drives in the first place so it can pass them to the TrueNAS . I also had issues with their xen-orchestra which I will talk about below shortly. They also at the time, used an out of date CentOS build which unless I’m missing something, is no longer supported under that branding.
For the one test I did which was for a KVM setup, was my Home Assistant installation, I have that running in Proxmox and ccomparativelyit did seem to run faster than my Proxmox instance does. But that may be attributed to Home Assistant being the sole KVM on the system and no other services running (Aside from XCP-NG’s).
Their Xen-Orchestra for me was a bit frustrating to install as well, and being locked behind a 14 day trial for some of the services was a drawback for me. They are working on the front end gui to negate the need for this I believe, but the last time I tried to get things to work, it didn’t let me access it.
Pushed Wireguard back onto my network. I’ve been a Tailscale user for a couple of years, but never really saw the need for it for me as I’m the only user of the service. :)
I will freely admit though, there’s nothing wrong with the service and honestly is great if you are behind a CGNAT router or don’t want to use Cloudflare for your tunneling.
You said
I’m only really running a caddy reverse proxy on the VPS which forwards my home server’s services through Tailscale. "
It seems then that you are using a Tailscale Funnel to expose your services to the public web. Is this the case? I ask because the basic premise of Tailscale is that you have to be logged into your Tailscale network to access the services and if you are not logged in, then the site you try to access won’t even appear to exist. Unless it’s setup via the Funnel.
Assuming then that you setup a funnel, then you are now 100% exposed to the WWW. AI Bots and bots in general crawl the WWW daily and eventually your site will be found. You have a few choices here, rely on a Web Application Firewall (WAF) such as Bunkerweb which would replace Caddy, but would provide a decent firewall of sorts. Or…you can use something like Config Server Firewall but I’m not sure if they have AI Bot protection. The last I used them was before AI was a thing.
If hardware service counts. :) I have been fighting for the last few months with my Promxox server telling me a drive went read only , from a SSD and even a HDD, very odd behavior and it finally pulled the last straw with me last Thursday. I had a 4TB drive acting as my Storage/backup drive which this complained about so I put a 1TB drive in which is pretty much 2 yrs old so plenty of life on it.
I went through and tested the SSD with extended tests and it passed with flying colors, so it dawned on me, maybe it’s the SATA data cable, and sure enough, it was. When I had run the sudo smartctl -x -T permissive /dev/sdb it only presented very little information on it, swapping the cable and it now presents the full SMART data and stats as it should. Additionally, it’s been more stable with the performance so far. So I call that a win.
In the software side, I have been going through the Home Assistant instance and removing dead/old entities I never had gotten to removing
I’m not the host or author of this one, but I know it already covers what you are wanting to do. ;)
https://github.com/ArabCoders/watchstate
I use this one for my Emby server and it keeps track of what we watch, and so far so good. I made it our Trakt.tv replacement and have no complaints so far.
For Home Assistant, I use the installation script from here, it works flawlessly:
https://community-scripts.github.io/ProxmoxVE/scripts
This group took over the project after the main developer passed on, they are quite easy to install and just need you to be in the Proxmox host shell (Once you install it, you will know where it is) :)
I moved my Home Assistant from Proxmox VM to a older Lenovo Laptop we had stored as we thought the charger wasn’t working. We are preparing to move so it was my job to check that laptop as well as 2 others. 2 I am not going to use and e-scrap those later this week after yanking the drives out (I don’t trust anyone with my old drives). It turned out, the charger works just fine! I just installed it early in the morning (Midnight) and so far, it seems just as responsive if maybe more than what I had on the Proxmox host so that’s a win on my end. Plus, I was able to give it the full 8gb of RAM it has instead of the 4gb I gave it in Promxox and somehow it’s showing lighter use than what I had in the VM. 2.8gb vs. 4-5gb it reported from the Home Assistant Hardware details when in the VM.
What limits do you set on yours?
I prefer the WYSIWYG get with Joplin and mostly because I’m stuck in my ways!! LOL
Nothing really wrong with it though, it’s just not for me. :)
To add to this, I have tried Obsidian notes which is super highly recommended by many. I also have tried self hosting Bookstack for logging my notes etc… But every time I tried it, nothing ever matched what I could do with Joplin which was exactly as what other said, rock solid and I have yet to run into any device which can’t handle the client. I will say that the launch time on the one on my machine (Arch Linux) is a bit slow, but after it’s launched, it’s very easy to bring up and use as needed. :)
I use Gotify I self host it and it uses an app on my Android, super easy to set up and use. I tie in Home Assistant and a few other setups with it and it runs great.
I have AdguardHome on my RPi4 (4GB) model, and it works perfectly fine. I have also hosted Pi-Hole v.5 and even their recent Pi-Hole v6 they just released on it and have even at times run TechnitiumDNS on it. Not all at once of course, but I wanted to let you know you can host any of these on a RPi without issues.
One think you get with the Pi-hole is you can set up a DNS entry where you could for example, set up “laptop” and any time you want to access it or ping it, anywhere on your network, you can simply just enter in http://laptop/ or ping laptop. With both AdguardHome and Technitium, you need to append the .local or .internal or .home subdomain to make it work. It’s not really an issue for me since I just modify my hosts file on my computer to do the same thing, but is sort of cool when you use a system on the network to just go to http://homepage/ to reach your dashboard like Homarr or Flame on your phone where you can’t adjust the hosts file as easily.
TechnitiumDNS is what you want if you are wanting to dive deep into your world of DNS configurations, from there, I was able to set up a redirect to my PXE boot server so when devices would grab their IP from the DHCP server, if they queried for a boot device, it would tell the device where to boot from. I’m pretty sure you can do that with PiHole, but I may be wrong. Additionally, with TechntiumDNS, I was able to set up an adblock for my IoT’s VLAN network. without the need to add a second one to the network. As far as I can tell, with the other solutions, this is not as easy to do.
If you are wanting to determine which would be easier to run, I would say AdguardHome for the easiest. Next in line is PiHole v6. and lastly TechnitiumDNS if you really want to dive into the complexities. It is a good business class DNS server. The reason I’m on AdGuardHome right now is for as others stated simplicity. TechnitiumDNS is overkill for my home network, PiHole V6 took forever for them to release, but was a major re-write and if you want to set up your DHCP static mapping like I do, they kneecapped the entry a bit. It’s still there, but not as easy to find and more of a thing like (I don’t recall the order it goes on) MAC;IP;HOSTNAME or something like that instead of the easier method of just clicking in a row and entering those data points one per field like AdGuardHome, and TechnitiumDNS do. Pihole V5 included.
My Network pretty much has 3 layers of DNS filtering active, The first layer is on my router which has built in adblock (FreshTomato), then AdGuardHome, and finally, browser level blocking. I don’t get Youtube Ads on my computers, but on the phones and TV I do. In the browser, I use U-Block Origin which is in the cat and mouse game with Youtube ad-blocking.