couteausuis.se thoughts

pomelo

Build

When one of my previous workplace closed, I was gifted a complete server setup inside a blank ATX-sized tower.

For a few years it was used as a cryptocurrency mining rig, but since it was not profitable anymore, I began to think of how to repurpose it.

At the same time, I was very frustrated by multiple things in my life :

While this was on the back of my mind, the pandemic hit, and I suddenly had much more free time to start working on the obvious project of building a complete home server.

In terms of raw performance, the current setup is as follows :

Being on a tight budget, I took the time to plan my transition. I would reduce my current backups, juggle data between disks while moving the disks to the server and then moving that back to it. The whole process took me about 2 weeks. I have upgraded the disks in all data pods since, I essentially wasted 2 weeks there…

To prevent bit rot and further secure my data, I decided to use ZFS for my data pods :

Total of 36tb available, currently 75% full (I’m a real data hoarder).

Building the zfs array was quite straight forward and simple. It’s also very easy to health-check the pods (zfswatcher), scrub them or replace disks.

Since I used Ubuntu, I could not use Backblaze anymore, and decided to switch to Crashplan. It’s as easy to use, but it’s much, much slower to upload. Even with multiple tricks to speed up the process, I manage to backup only 25% of my files in 7 months.

Services

Quite a few services are always running on my server, all run them in detail here.

CrashPlan (Code42 GUI app) is always running with a high priority, to backup every new files.

To use the server as a NAS, accessible from our 5 macs, I’m using netatalk to create a few afp share points. I can even make one that’s recognised as a time machine destination. See instructions here.

A pihole container is running, to block all ads in our LAN and uses DNS-Over-HTTPS. I use a docker-compose inspired by this post.

A complete bitcoin core node is always running too. Still in GUI mode.

Lately, I’ve been giving my wasted cpu cycles to BOINC, in order to help scientific research.

I had a few trading project running, but they are down now since I paused my work on them.

Plex

There is a complete Plex system running with docker-compose :

There is also a deluge with vpn (ProtonVPN) container, to separate my traffic.

version: "2.1"
services:
  deluge-openvpn:
    image: binhex/arch-delugevpn
    container_name: deluge-openvpn
    cap_add: 
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - UMASK=002 #optional
      - VIRTUAL_HOST=deluge.couteausuis.se
      - LETSENCRYPT_HOST=deluge.couteausuis.se
      - VIRTUAL_PORT=8112
      - VPN_ENABLED=yes
      - VPN_USER=myUser
      - VPN_PASS=myPass
      - VPN_PROV=custom
      - VPN_CLIENT=openvpn
      - VPN_OPTIONS=
      - STRICT_PORT_FORWARD=yes
      - ENABLE_PRIVOXY=no
      - LAN_NETWORK=10.0.1.0/24
      - NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1
      #- DELUGE_DAEMON_LOG_LEVEL=info
      #- DELUGE_WEB_LOG_LEVEL=info
    networks:
      - net
    ports:
      - 8112:8112
      - 58846:58846
      - 58946:58946
    volumes:
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
networks:
    net:
        external: true

All of those services are running behind a reverse proxy, so I can access their home pages using my domain with https (as I use CloudFlare to manage my domain, I have access to a free ssl certificate):

version: "3.7"
services:
  reverse-proxy:
    image: "jwilder/nginx-proxy:latest"
    container_name: "reverse-proxy"
    volumes:
      - "html:/usr/share/nginx/html"
      - "dhparam:/etc/nginx/dhparam"
      - "vhost:/etc/nginx/vhost.d"
      - "certs:/etc/nginx/certs"
      - "/run/docker.sock:/tmp/docker.sock:ro"
    restart: "always"
    networks: 
      - "net"
    ports:
      - "80:80"
      - "443:443"
  letsencrypt:
    image: "jrcs/letsencrypt-nginx-proxy-companion:latest"
    container_name: "letsencrypt-helper"
    volumes:
      - "html:/usr/share/nginx/html"
      - "dhparam:/etc/nginx/dhparam"
      - "vhost:/etc/nginx/vhost.d"
      - "certs:/etc/nginx/certs"
      - "/run/docker.sock:/var/run/docker.sock:ro"
    environment:
      NGINX_PROXY_CONTAINER: "reverse-proxy"
      DEFAULT_EMAIL: "[email protected]"
    restart: "always"
    depends_on:
      - "reverse-proxy"
    networks: 
      - "net"
volumes:
  certs:
  html:
  vhost:
  dhparam:

networks:
  net:
    external: true

Other services:

Finally, I monitor my server with a mix of Cockpit and NetData.

Future projects :