It’s mind-bogglingly convenient, especially compared to the before times. Consider donating to them if you can.

No one’s mentioned Forgejo yet? Solid git and artifact repository.

There’s lots of ways to skin this particular cat. My current approach is low powered Synology (j series?) for mass storage, then 1 litre PC’s running proxmox for my compute power using their NVME for storage, all backed up to the Synology.

Two good points here OP. Type docker image ls to see all the images you currently have locally - you’ll possibly be surprised how many. All the ones tagged <none> are old versions.

If you’re already using github, it includes an package repository you could push retagged images to, or for more self-hosty, a local instance of Forgejo would be a good option.

Yeah na, put your home services in Tailscale, and for your VPS services set up the firewall for HTTP, HTTPS and SSH only, no root login, use keys, and run fail2ban to make hacking your SSH expensive. You’re a much smaller target than you think - really it’s just bots knocking on your door and they don’t have a profit motive for a DDOS.

From your description, I’d have the website on a VPS, and Immich at home behind TailScale. Job’s a goodun.

how to access the NAS and HA separately from the outside knowing that my access provider does not offer a static IP and that access to each VM must be differentiated from Proxmox.

Tailscale, it will take about 5 minutes to set up and cost nothing.

Your workload (a NAS and a handful of services) is going to be a very familiar one to members of the community, so you should get some great answers.

My (I guess slightly wacky) solution for this sort of workload has ended up being a single Docker container inside an LXC container for each service on Proxmox. Docker for ease of management with compose and separate LXCs for each service for ease of snapshots/backups.

Obviously there’s some overhead, but it doesn’t seem to be significant.

On the subject of clustering, I actually purchased three machines to do this, but have ended up abandoning that idea - I can move a service (or restore it from a snapshot to a different machine) in a couple of minutes which provides all the redundancy I need for a home service. Now I keep the three machines as a production server, a backup (that I swap over to for a week or so every month or two) and a development machine. The NAS is separate to these.

I love Proxmox, but most times it get mentioned here people pop up to boost Incus/LXD so that’s something I’d like to investigate, but my skills (and Ansible playbooks) are currently built around Proxmox so I’ve got a bit on inertia.

Is that a mini? I love those little 1L HP’s. I run 3 G2 800’s. These are very nicely built and therefore a joy to work on, and sip power when idling. Highly recommend. Also +1 for Proxmox.

For light touch monitoring this is my approach too. I have one instance in my network, and another on fly.io for the VPSs (my most common outage is my home internet). To make it a tiny bit stronger, I wrote a Go endpoint that exposes the disk and memory usage of a server including with mem_okay and disk_okay keywords, and I have Kuma checking those.

I even have the two Kuma instances checking each other by making a status page and adding checks for each other’s ‘degraded’ state. I have ntfy set up on both so I get the Kuma change notifications on my iPhone. I love ntfy so much I donate to it.

For my VPSs, this is probably not enough, so I am considering the more complicated solutions (I’ve started wanting to know things like an influx of fali2ban bans etc.)

If this is a question about how to access your server at home from devices anywhere, securely, with a simple setup, then the answer is turn off all that port forwarding, and use Tailscale.

This. Hosting at home might be cheaper if you are serving a lot of data, but in that case, the speed’s going to kill you.

I’m a keen self-hoster, but my public facing websites are on a $4 VPS (Binary Lane - which I recommend since you’re in Aus). In addition to less hassle, you get faster speeds and (probably) better uptime.

Ah yes! That’s exactly what I had & need. Thank you.

Also - lol. I assumed this was a screenshot of your domain, and I was like, hang on…

Yep, I can live with no sending, so a forwarding only solution works. I didn’t know about the SMTP relays, but a couple of people have mentioned them. I guess I’d try without that first - it might be luck if my ip/hosting service has low trust with gmail.

Great suggestion, thanks. For anyone reading through, it looks like it will just forward all the emails for a domain to a single email address, for free. That’s definitely what I want for one of my domains. But the other one I’ve used some addresses for family, so that will have to go through a provider.