I am finally making the push to self host everything I possibly can and leave as many cloud services as I can.
I have years of linux server admin experience so this is not a technical post, more of an attempt to get some crowd wisdom on a complex migration.
I have a plan and have identified services i would like to implement. Take it as given that the hardware I have can handle all this. But it is a lot so it won’t happen at once.
I would appreciate thoughts about the order in which to implement services. Install is only phase one, migration of existing data and shaking everything down to test stability is also time consuming. So any insights, especially on services that might present extra challenges when I start to add my own data, or dependencies I haven’t thought of.
The list order is not significant yet, but I would like to have an incremental plan. Those marked with * are already running and hosting my data locally with no issues.
Thanks in advance.
Base system
- Proxmox VE 8.3
- ZFS for a time-machine like backup to a local hdd
- Docker VM with containers
- Home Assistant *
- Esphome *
- Paperless-ngx *
- Photo Prism
- Firefly III
- Jellyfin
- Gitea
- Authelia
- Vaultwarden
- Radicale
- Prometheus
- Grafana
You are correct that I will be using it only for internal authentication. I want to get away from my bad habit of reusing passwords on internal services to reduce pwnage if mr robot gets access ;)
Any experience on how authelia interacts with vaultwarden? They seem sympatico but should I install them in tandem? Would that make anything easier?
Please implement a password manager.
Bitwarden can do almost anything on the free tier and the few perks cost 10$ per year which arent even mandatory for actual usage.
No, but Vaultwarden is the one thing I don’t even try to connect to authentik so a breach of the auth password won’t give away everything else
May I ask why you’d want to selfhost bitwarden if the free hosted version is almost as good aside from the few unimportant paid perks?
I’m not the guy you asked, but I self-host it because I like a couple of the features (like making an org for house stuff, and sharing that with certain family members), it’s really awesome for OTP as well. I honestly don’t know which features are the paid ones because I went straight to Vaultwarden as I knew I wanted it in house (physically) and Bitwarden didn’t offer that.
You can create (i think one) org under paid accounts as well and delegate specific collections access between members.
My use case is for home-stuff I want access from work (e.g. Jellyfin)
I don’t?
But you mention having vaultwarden and not connecting it to authentik. So you basically have bitwarden selfhosted.
Yes, but I don’t plan to host bitwarden. I was referring to op’s question regarding vaultwarden+auth. Sorry, I think I can’t follow you
Implying you have it deployed in active use, no?
Yes, I think I’m getting your original question now. I didn’t even look into their hosting offers because I’m actively looking for things I can self host. It’s the same reason I self host many things, I don’t care if someone else offers it for free. I’m 100% owning it, I don’t have to rely on someone else’s server, and I enjoy the process of setting up my own infrastructure, figure out ways to make it reliable etc. It’s also a learning experience for me.
Fair point.
Personally I wouldn’t bother with critical stuff. If vaultwarden was down I’d have too much other issues I wouldnt want to deal with right now.