Not familiar with opnSense, but on your PC, you can check the address it assigns - if it’s /128, it’s a single address.

My ISP does not assign a prefix for delegation unless you specifically ask for it. I had to add “request_prefix 1” to my dhclient.conf file to get a /64 I assume opnSense has a friendly setting somewhere for that. For me, the key phrase was ‘prefix delegation.’ After I got that, I could search around and get my solution.

Logging power use by my server was one of the motivators to add homeassistant. That also showed me that specific containers use a (relative) ton of background power. Immich and authentik each raised power consumption by 2-3 watts, so I leave them down unless I have specific need.

If you only need it to be accessible inside your home, then you just need to run your own DNS. Have your dhcp point at your DNS and your DNS declare itself the master for your domain.

To get full functionality, you’ll probably want to have your registrar point to the public IP you get from your ISP as the domain’s authoritative name server.You should be able to script it to update the registrar when your ISP changes your IP, but that usually happens infrequently enough to do manually. Obviously can’t do that if you’re behind CGNAT.

To get Lets Encrypt certificates, you can do the DNS challenge. If your ISP gives you a (even inconsistent) public IP, you can do fancy ‘views’ with your selfhosted DNS, where it responds with private IPs inside your network and your ISP-given IP outside your network. I have certbot set up to expose my DNS & web server just before it starts its renewal process, then close the firewall after. Once you have the certificate, you can move it to where ever it will actually be used.

To me, the nonstandard port is mostly nice for reducing log spam from scripts. The risk is that using a nonstandard port lulls one into a false sense of security and overlook good sshd practices. Good sshd practices will prevent the script-kiddies just as well as the non-standard port, while a non-standard port will not challenge a targeted attack. And, if you interact with multiple servers, it can be inconvenient to remember a different port for each one.

You can start by experimenting on your current computer. Install docker, get some service that sounds interesting, and just access it on localhost. You’ll miss out on anything the service does overnight or downtime, and you won’t be able to access it from off-site, but it’s a fine way to wet your toes and see how it goes.

Docker: https://docs.docker.com/desktop/setup/install/windows-install/

Photo library: https://docs.immich.app/install/docker-compose/

Some maintainers even provide handy windows installers

Media library: https://jellyfin.org/docs/general/installation/windows

In the old days, university IT put essentially no access controls on their networks, so students’ dorm computers were completely exposed to the internet. Any service you started was immediately, globally accessible. Some big sites, including slashdot and facebook, got their start in some kid’s dorm room. I feel like access controls really got going in the early 00’s - first for residential, then for broader campus.

Check with your IT people - they may have policy or conditions under which they will expose ports on your personal computer to the internet. Otherwise, your best bet is probably free-tier AWS or Oracle.

Not free, but there are some ‘KVM VPS’ providers out there that will rent you a small, internet exposed computer pretty cheap. They can be a good platform for experimenting with self-hosting services, without exposing your personal equipment or home network. eg: 1CPU/1GB RAM/24GB SSD $12/year https://my.racknerd.com/cart.php?a=add&pid=903

I realize you’re looking for new toys, but ‘anywhere in the flat’ includes ‘under a pile of pillows.’ Otherwise, for personal photo-sized storage, just put a couple 2.5mm format SSDs in the QNAP.

Depending on the board in your mini-server, you may have enough SATA ports to plug in directly. I have a system similar to what you’re describing (N100 with 4x 2TB HDDs with 1.5TB data): 2 of those drives are set up in RAID1 (mirror), and once a month, I plug in one of the spares, rsync the array to it, and unplug it. Every 3 months or so, I swap the offline drive with an offsite drive. I used to use a USB dock for the offline drive, but I got a 3-bay hot-swap enclosure to make the whole process faster and easier.

The server shares the array via NFS and SMB, and it is absolutely a NAS for all my other systems.

If you expect to exceed 2TB data within 2 years, then you’ll need to replace all 4 of those 2TB drives in 2 years. You might, today, get a pair of 4 TB drives and one 2TB, use the 4TB as your main storage, the 2TBs as rotating backups, and wait until you actually outgrow 2TB to upgrade the backups.

I see you’re getting lots of advice just to use c/selfhosted as a free consultant. That’s good advice if you’re self-motivated and focused.

If you want someone to be a coach through the process, to keep you focused and moving, that’s a) a slightly different skillset and b) worth putting in the description. I mention this only because I have a bunch of aspirational projects on my to–do list that have just sat there for literally years because of perfectionism, anxiety, and maybe some undiagnosed ADHD. I’ll also counter by noting that a lot of people, this time of year, buy a gym membership on the theory that spending the money will somehow force them actually to go to the gym, only to find that spent money is not actually a motivator.

Great project. I like the 1-star reviews complaining about the lack of advertising and tracking.

If you want it to be an actual community service, then you want it to be something that outlives your residence, your tenure as event coordinator, and your interest in being the neighborhood IT guy. It’ll be much easier to transfer control of a VPS to your successor than to give them hardware that also hosts a bunch of your personal services.

You can start with a very small, nearly free VPS while you recruit users & scale up as (if) anyone bites. Probably even get the HOA to pay for it.

I got my Pi4 to be a media player - LibreElec or Kodi - for my old, not-smart TV. It plays my library of CDs&DVDs, frontend for OTA TV, and a variety of streaming services. Fanless, so it doesn’t distract from audio, low power, so I don’t mind leaving it on 24/7. You can configure it to listen to a USB IR receiver, but I control mine from phone via web. The actual media library/NAS and tvheaded run on an old desktop in another room.

My favorite thing is all the sensors you can hook up. Adafruit & Sparkfun have a wide array of sensors with breakout boards for simplicity and well documented python libraries. I started just logging temperature, humidity, then air quality, CO2 to my own database and web page, but eventually expanded to full HomeAssisstant system.

Pihole.

Tandoor: I ended up there because it has an API that I can access and cross-reference to my grocer (Kroger.com also has API) to get current pricing, calculate recipe costs, nutrient costs, or find what’s on special this week. It’s theoreticcally possible, but I haven’t sorted out how to integrate that directly into tandoor & its shopping lists.

A lot depends on how many users you expect and how much media you expect. For one or two users with that stack, transcoding media is really the only CPU load. If most of your media is already in your desired format, then that’s not a big deal.

My stack is pretty similar (no *arr, plus tvheadend, homeassistant and a kodi frontend) for two users and it sits near idle all day long. It runs on an N100 NAS system off Aliexpress with 16GB and will transcode 1080p to x264 at just about playback speed… System runs from a 100 GB nvme, with a couple half-full 4 TB WD Reds for data. 35-ish Watts, maybe an extra 5 when actively transcoding. Used to be ~150 USD,

If you want a lot of 4k content, then I’d definitely go with the GTX 1660.

Same. Eventually upgraded to a Pi 4, which doesn’t have any trouble with 1080p content. Pi 3’s onboard wifi was also problematic, and I had to run it over wired networking. Kept that for the Pi 4, so I don’t know if its wifi is any better.

Honestly, don’t know about recent versions, either. I got sick of Intuit extorting me to upgrade every few years, so I’m frozen in 2012 (which is obviously useless for taxes). According to https://appdb.winehq.org/objectManager.php?sClass=application&iId=120 Quickbooks 2004 & 2007 run ok.

Didn’t realize Quickbooks was so much more complicated than Quicken; kind of assumed it was just some kind of business-reskinned Quicken.

Can’t speak for Quickbooks, but Quicken works fine in WINE; you can set up a shell script in ~/Desktop to start it, so it works just like on Windows. Quicken (and 20 years of fin data) was one of the last things holding me to Windows, and getting it transferred to linux was hugely liberating.

I made a self-hosted forgejo repository of /etc. Commit messages aren’t always informative, and I’ve never actually gone back to the repository to figure something out, but it’s there, just in case. Me cosplaying a sysadmin.

It looks like he’s split out the individual USB wires, run the power to the USB port, and the signal wires to different places on the exposed board, maybe to force fast mode in the charger. Then just buried everything in silicone for insulation and to keep wires from pulling loose.

Would you allow the converse: FoF to store data on your system? Data that could be CSAM - maybe encrypted, maybe not - ‘terrorism’ content, etc?