Not familiar with opnSense, but on your PC, you can check the address it assigns - if it’s /128, it’s a single address.

My ISP does not assign a prefix for delegation unless you specifically ask for it. I had to add “request_prefix 1” to my dhclient.conf file to get a /64 I assume opnSense has a friendly setting somewhere for that. For me, the key phrase was ‘prefix delegation.’ After I got that, I could search around and get my solution.

He believes he is the smartest person in any room - great genes, uncle at MIT. He thinks we are more stupid than he is.

Beyond “whomever holds the highest office at the moment,” there’s “whomever gets the biggest media coverage.” That might be Gavin Newsom, who’s not very popular, even in his home state. Bernie Sanders and AOC always get good coverage, but that’s partly because they’re so far outside the mainstream.

US isn’t really set up for singular leaders at the national level, which is part of what makes Trump so unusual.

I’m trying to imagine Mohammad bin Salman or Kim Ju Ae going on a “re-elect President Trump” tour of the US. I can’t imagine it would be received well by either party. Can’t imagine why JD thinks this is a good idea. Maybe I’m just not that good at imagining.

Logging power use by my server was one of the motivators to add homeassistant. That also showed me that specific containers use a (relative) ton of background power. Immich and authentik each raised power consumption by 2-3 watts, so I leave them down unless I have specific need.

If you only need it to be accessible inside your home, then you just need to run your own DNS. Have your dhcp point at your DNS and your DNS declare itself the master for your domain.

To get full functionality, you’ll probably want to have your registrar point to the public IP you get from your ISP as the domain’s authoritative name server.You should be able to script it to update the registrar when your ISP changes your IP, but that usually happens infrequently enough to do manually. Obviously can’t do that if you’re behind CGNAT.

To get Lets Encrypt certificates, you can do the DNS challenge. If your ISP gives you a (even inconsistent) public IP, you can do fancy ‘views’ with your selfhosted DNS, where it responds with private IPs inside your network and your ISP-given IP outside your network. I have certbot set up to expose my DNS & web server just before it starts its renewal process, then close the firewall after. Once you have the certificate, you can move it to where ever it will actually be used.

To me, the nonstandard port is mostly nice for reducing log spam from scripts. The risk is that using a nonstandard port lulls one into a false sense of security and overlook good sshd practices. Good sshd practices will prevent the script-kiddies just as well as the non-standard port, while a non-standard port will not challenge a targeted attack. And, if you interact with multiple servers, it can be inconvenient to remember a different port for each one.

Lemmy is social media, too.

The problem isn’t social media. The problem is profit-driven monopolies incentivized to promote high-emotion content. The problem, more generally, is monopolies that no one has hindered since 1974.

You can start by experimenting on your current computer. Install docker, get some service that sounds interesting, and just access it on localhost. You’ll miss out on anything the service does overnight or downtime, and you won’t be able to access it from off-site, but it’s a fine way to wet your toes and see how it goes.

Docker: https://docs.docker.com/desktop/setup/install/windows-install/

Photo library: https://docs.immich.app/install/docker-compose/

Some maintainers even provide handy windows installers

Media library: https://jellyfin.org/docs/general/installation/windows

You don’t think that individualized price gouging will improve life for Jeff Bezos?

In the old days, university IT put essentially no access controls on their networks, so students’ dorm computers were completely exposed to the internet. Any service you started was immediately, globally accessible. Some big sites, including slashdot and facebook, got their start in some kid’s dorm room. I feel like access controls really got going in the early 00’s - first for residential, then for broader campus.

Check with your IT people - they may have policy or conditions under which they will expose ports on your personal computer to the internet. Otherwise, your best bet is probably free-tier AWS or Oracle.

Not free, but there are some ‘KVM VPS’ providers out there that will rent you a small, internet exposed computer pretty cheap. They can be a good platform for experimenting with self-hosting services, without exposing your personal equipment or home network. eg: 1CPU/1GB RAM/24GB SSD $12/year https://my.racknerd.com/cart.php?a=add&pid=903

Are you suggesting that Obama is one of the Nobel Laureates negotiating to gift his medal to Trump? What do you think a former President wants from the current President?

FIFA are trend setters. Surely, there’s a line forming of other Nobel Laureates excited to turn over their medals for a favor from POTUS.

I realize you’re looking for new toys, but ‘anywhere in the flat’ includes ‘under a pile of pillows.’ Otherwise, for personal photo-sized storage, just put a couple 2.5mm format SSDs in the QNAP.

Who needs soft power when you can just kidnap world leaders and declare yourself the caretaker regime?

Trump has never solved a problem in his life. His entire experience is to tell a lackey what he wants, then either fire or reward that lackey. He thinks he’s “solved” Venezuela just by telling Pete Hegseth to take care of it.

Depending on the board in your mini-server, you may have enough SATA ports to plug in directly. I have a system similar to what you’re describing (N100 with 4x 2TB HDDs with 1.5TB data): 2 of those drives are set up in RAID1 (mirror), and once a month, I plug in one of the spares, rsync the array to it, and unplug it. Every 3 months or so, I swap the offline drive with an offsite drive. I used to use a USB dock for the offline drive, but I got a 3-bay hot-swap enclosure to make the whole process faster and easier.

The server shares the array via NFS and SMB, and it is absolutely a NAS for all my other systems.

If you expect to exceed 2TB data within 2 years, then you’ll need to replace all 4 of those 2TB drives in 2 years. You might, today, get a pair of 4 TB drives and one 2TB, use the 4TB as your main storage, the 2TBs as rotating backups, and wait until you actually outgrow 2TB to upgrade the backups.

It may be time for the rest of the world to stop waiting patiently for Americans to mobilize. When non-US states commit atrocities, the civilized world does sanctions to erode public support for the regime. It’s time for sanctions on the US. Russia can’t be the only nation that condemns us.

I see you’re getting lots of advice just to use c/selfhosted as a free consultant. That’s good advice if you’re self-motivated and focused.

If you want someone to be a coach through the process, to keep you focused and moving, that’s a) a slightly different skillset and b) worth putting in the description. I mention this only because I have a bunch of aspirational projects on my to–do list that have just sat there for literally years because of perfectionism, anxiety, and maybe some undiagnosed ADHD. I’ll also counter by noting that a lot of people, this time of year, buy a gym membership on the theory that spending the money will somehow force them actually to go to the gym, only to find that spent money is not actually a motivator.

Great project. I like the 1-star reviews complaining about the lack of advertising and tracking.