RE: https://mastodon.bsd.cafe/@subnetspider/116758330967344651

Bastille makes a great self-hosting platform! Look at this absolute list of self-hosted software ⬇️

nsd, unbound, acme, adguard, gitea, haproxy, homebox, mail, netbox, nextcloud, plex, rustdesk, samba, syncthing, tor, unifi, vaultwarden, and more on one box.

#FreeBSD #BastilleBSD #selfhosted #selfhosting

Stefano Marinelli boosted

subnetspider » 🌐 2026-06-16
@subnetspider@mastodon.bsd.cafe

FreeBSD 15.1 is here, and my home server is already running it. :D

Alt...

Screenshot of my home server running FreeBSD 15.1-RELEASE and all 22 jails currently running on it.

New blog post:

"Speeding up static site generation with BSSG"

Some fantastic new features by @stefano to his excellent bash static site generator.

https://neilzone.co.uk/2026/06/speeding-up-static-site-generation-with-bssg/

#selfhosting #smallWeb #blog

Damn. Again?!

https://www.heise.de/en/news/Up-to-200-percent-Cloud-hoster-Hetzner-adjusts-prices-again-11333037.html

One of the servers I use would go from 7.99 to 19.49 and another from 20.99 to 62.49

Oof

#Hetzner #SelfHosting

New blog post: Do-the-work instead of proof-of-work, for Git hosting

https://blog.legoktm.com/2026/06/14/do-the-work-instead-of-proof-of-work-for-git-hosting.html

On https://git.legoktm.com/ I am now running a fully client-side Git repository viewer; on the server-side it is entirely static hosting, which makes it super cheap.

I hope this is a useful proof-of-concept as an alternative to (IMO wasteful) solutions like Anubis and provides better user privacy in the process.

#Git #WebAssembly #Rust #SelfHosting

The webserver for my websites (https://blog.hofstede.it and others) is now runing on 15.1-RELEASE arm64 with PKGBase 🙂

Upgrade from 15.0 to 15.1was pleasantly boring:

https://docs.freebsd.org/en/books/handbook/cutting-edge/#pkgbase

- Creating a BE for the new version
- Mounting the BE to /mnt/upgrade
- Executing "env ABI=FreeBSD:15:aarch64 pkg-static -c /mnt/upgrade upgrade -r FreeBSD-base"
- bectl activate -t 15.1-RELEASE
- Rebooting the system

Everything working fine, all lights green

#freebsd #unix #selfhosting #arm64

It is surprisingly easy to get a locality domain.

I followed this guide and had one in 18 minutes:
https://fredchan.org/blog/locality-domains-guide/

#homelab #selfhosting

Kinda postmortem:

1) The maximal log size before rotation and count of gzipped logs to store should be increased in the newsyslogd configuration. This should be applied to any service, which is looking into the void^WInternet. So, I will not loss log records, related to the start of attack…

2) Also, Asterisk log should be added to newsyslogd configuration first. It weren't added here, so *.log files became too big (> 1 Gb) and of course fail2ban ate a lot of memory while parsing these big logs. If they were rotated properly, then fail2ban will not eat so much memory, parsing small enough files.

3) Since start of attack in logs were lost, then I could only imagine possible root cause of an attack. By default, any IP, which once failed to provide the proper credentials to login somewhere in my kitchen server, is banned immediately and forever.
But somehow those attackers managed to use just 2 IPs to make an attack and they weren't banned before manual intervention

According to fail2ban logs they were banned, but they were obviously not banned by npf. So, I think, they started attack right in time when my blacklists were successfully updated and npf was reloading — as a result their IPs appeared as "banned" in the fail2ban, but the fail2ban failed to ban them via npf, so "IRL" their IPs still weren't banned. Time to revisit my script to update blacklists

4) Looks like I need to install some Intrusion Detection System (possibly snort since it is mature enough). It isn't good to rely only on one mechanism (fail2ban + blacklists + npf) to protect my precious machine.

#NetBSD #selfhosting #fail2ban #npf

Oh fuck, I was mistaken — it was a real attack, not LLM bots — someone, using machines from French hosting, was trying to connect to my Asterisk box, using various SIP endpoints.

The attack was started at Monday's night and was found only because monit reported about too much memory eaten by fail2ban

Interesting, why fail2ban didn't banned attacker's IP, because it should do that right after failed attempt to login? Tine to revisit fail2ban jails configs…

#asterisk #pbx #hackers #selfhosting

Alt...

Screenshot of termux with opened console of my home server. There is an asterisk log in the console, showing various and constant attempts to login into my PBX via PJSIP.

Kinda postmortem:

1) The maximal log size before rotation and count of gzipped logs to store should be increased in the newsyslogd configuration. This should be applied to any service, which is looking into the void^WInternet. So, I will not loss log records, related to the start of attack…

2) Also, Asterisk log should be added to newsyslogd configuration first. It weren't added here, so *.log files became too big (> 1 Gb) and of course fail2ban ate a lot of memory while parsing these big logs. If they were rotated properly, then fail2ban will not eat so much memory, parsing small enough files.

3) Since start of attack in logs were lost, then I could only imagine possible root cause of an attack. By default, any IP, which once failed to provide the proper credentials to login somewhere in my kitchen server, is banned immediately and forever.
But somehow those attackers managed to use just 2 IPs to make an attack and they weren't banned before manual intervention

According to fail2ban logs they were banned, but they were obviously not banned by npf. So, I think, they started attack right in time when my blacklists were successfully updated and npf was reloading — as a result their IPs appeared as "banned" in the fail2ban, but the fail2ban failed to ban them via npf, so "IRL" their IPs still weren't banned. Time to revisit my script to update blacklists

4) Looks like I need to install some Intrusion Detection System (possibly snort since it is mature enough). It isn't good to rely only on one mechanism (fail2ban + blacklists + npf) to protect my precious machine.

#NetBSD #selfhosting #fail2ban #npf

New post: IPv6 Foundations.

IPv6 isn't "the future of the internet." It's the internet. IPv4 is the relic we keep alive on NAT life support.

A laid-back tour through the basics: how the addresses are built, the two rules for crushing out the zeros, a /64 per subnet so you stop counting hosts, SLAAC, and why blocking ICMPv6 is a self-inflicted wound.

And no, dual-stack isn't a destination. It's a burden.

https://blog.hofstede.it/ipv6-foundations-the-internet-protocol-you-should-already-be-using/

#IPv6 #Networking #SelfHosting

Huh, looks like the new ASes, with LLM-bots attacking servers, just dropped

TLDR: there are AS12876 and AS16276 — both located in France (Scaleway SAS and OVH SAS). My Asterisk self-hosted box was attacked from the next IPs: 62.4.15.81 and 51.222.38.229.

Today, after I was checked my e-mail, I found three warnings from Monit about fail2ban exhausting limits in my small server in the kitchen (Intel Atom N2800 1866 MHz and 4 Gb of RAM). First e-mail warns about fail2ban ate 200 MB of RAM, next about 500 MB of RAM and the last e-mail warns me that fail2ban ate 2 GB of RAM

#AInt #LLM #selfhosting #bots

Alt...

Emacs Gnus with e-mail from Monit opened. In the e-mail Monit warns me about fail2ban ate 2.1 GB of RAM when the limit is 200 MB.

Then, I logged into my box and found that fail2ban, Asterisk and PostgreSQL aren't feeling well. The system load and the traffic amounts was unusual — the parameters are completely differs from which I used to see since server installation.

I checked fail2ban logs and found that it is still parses the data from Asterisk log which were happen at near 5 hours ago And there were total mess in the Asterisk security.log (see screenshot) — some dumb (as it programmers ) LLM-bots were constantly trying to connect to my Asterisk server with HTTP protocol, evaluating it as a web-server, I dunno

And the Asterisk logs became enormously big — while newsyslogd wasn't invoked — they eat at near 4 GB . I didn't specify the maximal size of Asterisk logfiles in the /etc/newsyslog.conf, because I wasn't expected a lot of lines in the PBX logs, which is in use only for my relatives.

#Asterisk #selfhosting #AInt #LLM

Alt...

top output in the terminal of NetBSD server, showing three CPU-consuming processses: python3.12, postgres, asterisk.

Alt...

Excerpt from failban log showing how it processes events from asterisk logs, happened 5 hours ago.

Alt...

Video with as fast scrolling lines -- there is a tail -f security.log for my Asterisk installation. Each three lines is an unsuccessfull attempt to break into my Asterisk from LLM bots.

Alt...

ls -lh in the /var/log/asterisk. Size of asterisk.log: 1.2 Gb, queue.log: 4.4 Kb, security.log: 2.5 Gb.

Some graphs from #Munin with LLM-bots attacking my kitchen server.
Graphs spans to the whole week, so on the left there is a normal state of my server. And on the right — attack is happening.

#NetBSD #LLM #AInt #selfhosting

Alt...

Graph of CPU usage, which going high after LLM bots attack (at near 08 Jan Monday). At near 2 CPU cores were used by LLM bots, trying to abuse my PBX as an Web-server.

Alt...

Graph with main network interface bits per minute — before attack there were almost no data receivin/transmitting, only some cron jobs at night. But after attack there are at near 20 Mb per minute both receiving and transmitting.

Alt...

Graph with PostgreSQL connections. Active connections has green color. Before the attack there are almost no active connections, but after attack there are a lot of them, since Asterisk using PostgreSQL as a main backend.

Alt...

Load average for my server. After attack it increased at near 4 times.

Wait, you guys are paying people to host your private data?

#selfhosting #diday

There is no Cloud!
Only someone else’s #selfhosting

If you run your own local DNS servers at home, do you: (select all that apply)

Comment with your preferred DNS stack and privacy friendly DNS providers.

#FreeBSD #Linux #selfHosting #DNS

I know "AI" is a polarizing topic around here, but I wanted to share a small side-project I've been tinkering with to scratch a personal itch: MastoSum.

It’s a lightweight web app that listens to public streams, filters for the hashtags I actually care about, and uses an LLM to generate a daily digest of the last 24 hours. Basically, a personalized news feed to help cut through the noise.

It works reasonably well for what I need. Here’s an example of today's run: https://mastosum.linuxserver.pro/s/6q1ZdTOuHBfKyQ3aVU3dOw

It's IPv6-only. Not reachable via IPv4.

#python #fastapi #mastodon #newsfeed #selfhosting #ai #llm #ipv6

@rastilin It'd be a good move to ditch GMail. I teach people how to go about it, and I'm thinking I should publish resources towards this end. But say the word if that's something that interests you. I want to see the world break free from GMail.

The outline: Buy a domain. Rent a VPS so you have an easy static IP address with reliable and power. Spin up BIND or similar. Serve up basic records for your domain. Make a glue record and delegate your domain to your name server using your registrar's web site. Next, spin up minimal web service and get a Let's Encrypt cert. Make a cron job to renew it. Spin up Postfix and Dovecot. Have Postfix use Dovecot auth and have them both use your Let's Encrypt cert. Add cron jobs to restart them when certs renew. Test. Now add MX and SPF records to your DNS. Consider spinning up DKIM, and adding records for that and DMARC to your domain. Consider procmail or maildrop for filtering and sorting. Consider RBLs, SpamAssassin, SpamProbe, and similar. Decide how you want to back the server up. Consider redundancy.

#selfhosting

So…Bitwarden quietly swapped their CEO for a PE exit specialist, dropped “Always free”, rewrote their values, then half-scrubbed a 4 year old blog post to cover it. Post still contradicts itself. I looked. There was no announcement.

https://blog.ppb1701.com/the-quiet-renovation-at-bitwarden

#bitwarden #passwordmanager #selfhosting #userhostile #privacy #blog #vaultwarden #privateequity

Alright folks, it's time for me to zero in on my self-hosted RSS aggregator setup.

Priorities: ease of maintenance, support for a variety of readers (or at least Capy)

I know people have opinions. Tell me them!

#rss #selfhosted #selfhosting

I had found a very thorough server checker (e.g. TLS, DKIM, certificates, PFS, DMARC, you name it) here on the fedi at some point and thought I'd bookmarked it, but just can't find it anymore. Any recommendations from the sysadmin crowd?

#selfhosting #infosec #sysadmin

Is there anyone out there running an AMD 5650GE based system running Linux or BSD?

Can you tell us your CPU and GPU idle power numbers as displayed in btop?

Maybe this is an "easy button" of sorts to reduce power on an existing AMD AM4 system without going through the machinations of new mobo, ram, etc., etc. Get most of the way there?

#Linux #RunBSD #AMD #5650GE #PowerConsumption #Power #HomeLab #SelfHosting #SelfHosted #SOHO

Is there anyone out there running an AMD 5825U based system running Linux or BSD?

Can you tell us your CPU and GPU idle power numbers as displayed in btop?

#Linux #RunBSD #AMD #5825U #PowerConsumption #Power #HomeLab #SelfHosting #SelfHosted #SOHO

Looks like it has basic Markdown -> HTML converting. Neat.

That

works

for

me.

• (I'm not gonna show it all)

And of course, no post or poll length limit :)

#Snac #SnacServer #SelfHosting

Almost done my custom recycled component OPNSense router. Final missing piece is this 2" PCIe riser. I may hit MicroCenter today. #opnsense #selfhosted #selfhosting #homekit

Alt...

The image is a close-up photograph showing a stainless steel ruler positioned vertically inside a computer case to measure the clearance of an internal component. The ruler is placed between a grey metal power supply unit on the left and a green PCI Express expansion card on the right. The expansion card features gold-plated connection fingers at the bottom and a large, black, finned aluminum heatsink on top, with the text "PCI EXPRESS" and "23.0" clearly printed on the green circuit board. According to the ruler's inch markings, the height of the green PCB aligns almost exactly with the two-inch mark. Below the card, the black PCIe slot on the motherboard is visible, along with the printed text "Designed in Taipei PCI Express." The background is softly out of focus, showing a blue-handled screwdriver and a teal-colored surface on a wooden desk, suggesting an active hardware modification or repair project.

Alt...

The image shows an open, small-form-factor black computer case resting on a wooden desk, revealing its internal components in the middle of a build or repair. Inside the case, a silver power supply is mounted on the left, while the opening is dominated by a prominent green expansion card featuring a large, black, finned heatsink. A tangle of multicolored power cables in red, yellow, and orange, along with several black SATA data cables, snakes through the compact interior. To the left of the case, an OCZ Vertex 3 solid-state drive (SSD) lies flat on the desk, connected to a power and data cable. A blue-handled Phillips-head screwdriver labeled "#1 MADE IN USA" rests next to the SSD. The background is cluttered with a messy arrangement of blue and white networking cables and a portion of a teal-colored mousepad in the upper right corner. The black case itself features a mesh ventilation pattern on its side and two blue USB 3.0 ports on what appears to be the front-facing panel.

Pleased to announce another edition of Cloudbreak, taking place May 28.

For those that don't know already, this is a 6hr fully-supported live training opportunity leading participants with no prior experience in system administration through the process of building up their own #sovereign & secured cloud server.

Hosted in the EU on renewable energy, the finished server also offers both Zoom & Google Docs alternatives.

Info & signup here:

https://courses.nikau.io/cloudbreak

#selfhosting

Alt...

The title image for the Cloudbreak training, featuring that word in white and in caps, in a sans serif typeface, against a grayscale photograph of a cumulus cloud structure

👩‍💻​ My So Called Sudo Life - day 500: still a newbie edition 🆕​

Dear Fedi friends,

Today marks the 500th day of my self-hosting adventures and I'm celebrating it with... a slice of humble pie:

🔗​: https://blog.elenarossini.com/my-so-called-sudo-life/my-so-called-sudo-life-day-500-still-a-newbie-edition/

Also: please remember to update your Linux system to patch the critical vulnerability that has been found.

#Linux #CopyPaste #security #MySoCalledSudoLife #SelfHosting #YunoHost

Today in #selfhosting fun. I have a mail server that's been in place for years and hasn't had any noticable problems, but today I sent the same email from two different addresses to hotmail. Both had SPF, DKIM, DMARC and the same outbound IP address. One was delivered and one went to junk. Headers on the latter show a spam score of 5 (which is sufficient for it to be diverted):

X-MS-Exchange-Organization-SCL: 5

I tried running it through https://github.com/mgeeky/decode-spam-headers but that didn't give any clues

Hi folks! I would love to hear about the non-standard physical #homelab #selfhosting security measures you've taken. From alarms to boobytraps, from customized IKEA boxes to reinforced closets. The crazier the better!

One requirement: you need to have it implemented (at some point in the past or currently). No concepts that never left the design table please.

New blog post: Self-Host Me, Self-Host Me Not

I like to self-host my services. But there are some things that I don't self-host, and I gladly pay somebody else to handle them.

https://www.crosenthal.com/chrome/2026/04/28/self-host-me-self-host-me-not.html

#selfHosting #fastmail #cloudns

👩🏻‍💻 my so-called sudo life - day 489: new experiments edition 🧪

A blog post that chronicles what I have been up to since December... namely: advocating for the Fediverse, creating #selfhosting guides for newbies and experimenting with e-reader jailbreaks and off-grid mesh radio communications

🔗​: https://blog.elenarossini.com/my-so-called-sudo-life/my-so-called-sudo-life-day-489-new-experiments-edition/

#MySoCalledSudoLife #KindleJailbreak #KOreader #SimpleUI #meshtastic #blog #tech #resistance

• users: 1 (just myself)
• following: 254
• timeline_purge_days: 30
• disk: 298m (/var/snac/data)
• ram: 184m (including relayd, httpd, logger, snac itself)