Honestly I think this might be a better way than what I’m using now. I’ve subbed to dockerrelease.io (edit: docker-notify.com) and releasealert.dev … get spammed all day everyday because the devs keep pushing all sorts of updates to old branches… or because those sites aren’t configured well.
- 0 Posts
- 9 Comments
Joined 8 days ago
Cake day: March 5th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
2·16 hours agoI agree that you’ll want to figure out inter-pod networking.
In docker, you can create a specific “external” network (external to the docker container is my understanding) and then you can attach the docker compose stack to that network and talk using the hostnames of the containers.
Personally, I would avoid host network mode as you expose those containers to the world (good if you want that, bad if you don’t)… possibly the same with using the public IP address of your instance.
You could alternatively bind the ports to 127.0.0.1 which would restrict them from exposing to internet… (see above)
So just depends on how you want to approach it.
I am running AdGuard Home DNS, not PiHole… but same idea. I have AGH running in two LXCs on proxmox (containers). I have all DHCP zones configured to point to both instances, and I never reboot both at the same time. Additionally, I watch the status of the service to make sure it’s running before I reboot the other instance.
Outside of that, there’s really no other approach.
You would still need at least 2 DNS servers, but you could setup some sort of virtual IP or load balancing IP and configure DHCP to point to that IP, so when one instance goes down then it fails over to the other instance.
Like others, I started with owncloud but when Nextcloud forked I switched within a year. I haven’t looked back and is working without any issues and is performant.
I don’t really care about the enterprise shit since it’s not being shoved in my face 🤷🏼♂️
Man I’m lame.
Used to be {env}-function##
Now it’s {env}-{vlanlocation}-function##
VLAN location such as DMZ, Infra, Jump for jump boxes, IOTSec or IOTInsec, Etc
I’ve just started to delve into Wazuh… but I’m super new to vulnerability management on a home lab level. I don’t do it for work so 🤷🏼♂️
Anyways, best suggestion is to keep all your containers, vms, and hosts updated best you can to remediate vulnerabilities that are discovered by others.
Otherwise, Wazuh is a good place to start, but there’s a learning curve for sure.
I’m not sure if you ever made your way to following through with this… But the three node system isn’t a bad starting point. However, here’s how I would approach it (similar to how I actually got my start in homelabs and how I do things now)
1 system for your router (looks like you picked a Qotom unit, those are decent), 8-16 gb ram
1 system for proxmox virtualization… run all your services in LXC’s or Virtual machines, as much ram as you can get a get for your system
And 1 system dedicated to storage (truenas or unraid), 32gb ECC ram (personal preference but not necessarily needed even with zfs for home use)
I’d start at https://reddit.com/r/homelab … but since we’re on Lemmy, I’d rather suggest posting on !homelab@geekroom.tech (new, but looking to gain traction)
@xanza@lemm.ee has a great response and also suggests using AdGuard Home instead, which is what I run as well. The biggest benefits the AGH has over PiHole for my family is the fact that you can very easily define a Client and the ips that pertain to that client… so I can define a single client for all of my devices , a single client for each of my kids, etc.
Then from there I can block specific services like social media platforms per client group or allow them. And similar to PiHole, I can setup all the blocklists that I want and it’ll block them across all clients.
For my kids, this means it’s blocking all those pesky ads that pop up in games getting them to go and download more mind numbing and draining games…
Finally, I can keep tabs on my network traffic and see what individual devices are accessing what domains; however, this doesn’t mean that I can see the individual web pages.
I have two AGH instances setup on two different hosts, and an additional AdGuardHome-sync container that syncs between the two instances, to make sure that all settings are mirrored.