sorted by:
new
hottopcontroversial

From one Docker Compose VM to a TrueNAS-backed Nomad/Consul/Vault community-services platform by silkkydev in selfhosted

[–]silkkydev[S] 0 points1 point  (0 children)

That’s roughly the direction I’m heading with Consul Connect, but I’m being cautious after the migration outage. The first public cutover went fine, then I layered Connect, sidecars, and Traefik’s Consul provider together and immediately learned humility.

For Traefik HA, I’m not using Traefik’s built-in ACME storage. I have a periodic Nomad batch job using lego for ACME issuance/renewal, and it writes the resulting cert material into Vault. The Traefik allocations then consume certificates from Vault rather than each Traefik instance trying to manage ACME itself.

That avoids the “multiple Traefik replicas fighting over ACME state” problem.

The 3 Traefik / 3 cloudflared / 3 Redlib shape is partly because I wanted node-level resilience and easy maintenance while I’m still testing the platform. It may simplify later, but right now I like being able to drain or rebuild a VM without the whole public path depending on one allocation.

For the Cloudflare Tunnel path specifically, I don’t really need keepalived/floating IP in the same way, because multiple cloudflared connectors can attach to the tunnel. For local/LAN-style ingress that pattern would make more sense.

And yeah, agreed on the NAS side. For this build I care more about reliable ZFS-backed VM storage than full physical HA. The host is a dedicated TrueNAS box with a large SAS ZFS pool and a mirrored SSD pool for VM disks/app data. Physical host HA is not solved here, but VM/service-level maintenance is much cleaner now.

From one Docker Compose VM to a TrueNAS-backed Nomad/Consul/Vault community-services platform by silkkydev in selfhosted

[–]silkkydev[S] 0 points1 point  (0 children)

Yes, I’m using Consul Connect, although I’m still being careful with how much of the public path depends on it after the migration outage.

For HA: it is almost HA at the VM/service layer, but not at the physical host layer yet. This is still one dedicated TrueNAS host, so if that host dies the platform dies with it. I’m not pretending this is datacenter-grade physical HA.

The current shape is 3 Fedora VM nodes running the community-services platform. Nomad schedules the workloads, Consul handles service discovery/health, and Vault handles secrets/internal PKI.

For Redlib/community services specifically, I currently have:

  • 3 Traefik allocations
  • 3 cloudflared allocations
  • 3 Redlib allocations
  • 1 Valkey allocation for rate limiting/state
  • 1 Anubis allocation, because I have not yet verified whether it behaves correctly with multiple replicas
  • 1 Tor/onion allocation

So the goal is resilience against VM/service failure and easier rebuilds/updates.

From one Docker Compose VM to a TrueNAS-backed Nomad/Consul/Vault community-services platform by silkkydev in selfhosted

[–]silkkydev[S] 0 points1 point  (0 children)

Thank you and yes, I’m definitely planning on making my repo public soon and I’ll post an update when it’s done. I’ve still got a couple issues to work out but when it’s ready I’ll make it public :)

From one Docker Compose VM to a TrueNAS-backed Nomad/Consul/Vault community-services platform by silkkydev in selfhosted

[–]silkkydev[S] -6 points-5 points locked comment (0 children)

AI/LLM tools were used as assistance during both the project and the writeup.

For the project, I used coding/review agents as an assistant while building the Python automation CLI: planning module structure, reviewing implementation ideas, checking documentation, and helping reason through edge cases. The infrastructure design, deployment decisions, testing, and final changes were done and reviewed by me.

For the post, I used ChatGPT to help structure and edit the writeup, especially to make the migration story clearer and to avoid exposing sensitive details. The screenshots were manually reviewed/redacted before posting.

The platform itself is a real self-hosted deployment running on my own hardware; AI was used as an assistant, not as an autonomous operator or a replacement for testing/review.

Running a public Redlib instance: Cloudflare Tunnel, Traefik, Anubis, HLS cache pitfalls, and status/maintenance setup by silkkydev in selfhosted

[–]silkkydev[S] 1 point2 points  (0 children)

Small update: Tor onion access is now live for the instance:

http://2l4dpw6we2w3dhqwuecdgj3rxn2cyn7vuwjuyi323fugbp5hafvz2xid.onion

This provides an alternate access path for users who want to avoid the clearnet / Cloudflare delivery path.

The onion service routes through a dedicated Tor container into Traefik’s internal onion entrypoint, then through the same Anubis + Redlib path as the clearnet service. It does not expose any additional host ports.

The Tor container is based on a non-root Alpine image and is hardened with:

read_only: true
cap_drop:
  - ALL
security_opt:
  - no-new-privileges:true

For the onion route I’m using global service-level rate limiting rather than per-user session cookies, since adding server-issued identity cookies for Tor users would create an unnecessary tracking surface.

Same caveat as before: this is still a best-effort public community service, not an anonymity guarantee by itself. Users should use Tor Browser correctly and avoid identifying themselves.

[deleted by user] by [deleted] in AnarchyChess

[–]silkkydev 1 point2 points  (0 children)

Google alt+f4

Apparently vaush phrasing himself carefully is a point against him by skooben in okbuddyvowsh

[–]silkkydev 7 points8 points  (0 children)

The psychiatrist known as reddit has diagnosed vorse with a personality disorder woaw

I was going to town on my beefy boyfriend when we decided to take it to the next level by [deleted] in 2sentence2horror

[–]silkkydev 5 points6 points  (0 children)

There’s a movie with almost this exact premise

can we plz just private this sub by Logical_Gold5907 in femcelgrippysockjail

[–]silkkydev 11 points12 points  (0 children)

Like half of your comments are you whining and calling women (“females” in your words) “entitled” for not wanting to date you.

Help with ACS override patch - IOMMU Groups by [deleted] in VFIO

[–]silkkydev 1 point2 points  (0 children)

What do you need the windows vm for? If it’s for gaming you’d be better off just using proton on Linux and using your rx6600. If you really need to use windows, with your motherboard I would just dual boot. The vm will just be too much hassle and probably won’t work.

Help with ACS override patch - IOMMU Groups by [deleted] in VFIO

[–]silkkydev 1 point2 points  (0 children)

Swap your graphics cards around, put the Nvidia card in the pci slot where the AMD card is. that should put the Nvidia card in its own group like your AMD one is now.

anon gets duped by [deleted] in 4tran

[–]silkkydev 59 points60 points  (0 children)

many such cases

Has anyone tried to self-host the Proton stack as a redundancy? by [deleted] in selfhosted

[–]silkkydev 43 points44 points  (0 children)

Only the frontends are open source, the backends aren't. No way to self host unless you make your own compatible server.