I see these as infrastructure rather than the interesting project itself.

Well, you kind of have to have the infrastructure to make the fun happen. Docker is probably one of the more easy to deploy from the standpoint of someone just standing up a server.

• media server: Navidrome is what I use, but there are a plethora of choices
• photos app: Immich is quite popular, but again there are a list of them
• game servers: There are several that I know of like Doom , Minecraft, iirc there is a Quake server, I think you can integrate Steam. I can’t run games because of a seizure condition, but maybe others can chime in.
• home automation: HomeAssistant, NodeRed, N8N, Ansible, just literally tons of automation

These and thousands of other apps can be deployed via Docker. You don’t have to use docker, you can install on bare metal as well, tho containers make things neat and tidy.

As far as ‘fun’, to me it’s all fun. I selfhost for the utility, privacy, security, and anonymity of it, the educational part of it, and because it’s fun. My version of fun is going to vary widely from yours probably, but I find learning quite fun. Sky’s the limit pretty much.

I’m a dumbass sometimes. LOL

I get it. Some of us are staunch anti-ai. That’s fine. I am not an n8n sales person, but I just wanted to make it clear, there are two versions and you can integrate a host of thing into it. Personally, I would run the AI version with a private AI that doesn’t need an external LLM. But my equipment is not that new and it takes some power to run AI efficiently and effectively. No issues with anyone, it just seemed that there was some confusion.

You can integrate a host of things into n8n including AI, however you can also just run n8n as an automation tool without anything else integrated. It does take a little reading of the docs to figure that out. I am sure that most people run n8n with AI, and admittedly, the front page of the n8n site promotes the AI version because other users would like to run n8n with AI. Some in this thread are suffering from knee jerk syndrome.

Edit: it’s more AI agent shit. Disregard everything. I don’t want to know more.

n8n can be run with the assistance of AI, and n8n can also be run without AI.

There is n8n with AI and there is n8n without AI. I run the n8n without AI. AI is not required to run n8n. Both versions can be run in Docker.

Just deployed it. So nice, much better than what I was using. Thank you so very much.

That is a consideration. I’ve never really had any issues with anything I’ve purchased from NamesCheap, and I’ve used them for years. True, my less than $5 original cost will be $11 to renew but that seems to be the standard introductory pricing scheme most everyone uses. The domain name came with whois privacy included. I hear about PorkBun a lot, but I’ve never used them. I’m sure there are horror stories for NamesCheap and that seems to vary from person to person. However, it is good to be well informed before making your selection.

Just to be clear there are two versions. One with nuts for those who want that AI experience, and one without nuts for the anti-ai faction in the group. The n8n ai-starter kit will spin up n8n with AI. I use the plain n8n mainly because I don’t have the equipment to run an in-house AI properly or rather effectively, and I don’t want to connect to AI exterior of my network. A friend of mine runs the ai-starter kit and does some really impressive stuff with it, but he has all the new toys to properly run it.

my homeserver is compromised and has beenpart of a bitcoin mining farm for years

The very first Linux server I deployed on a VPS was hacked almost immediately because of my ignorance. The bot gained entrance, and they supplanted a miner rig. Now, on a tiny VPS, it’s pretty easy to tell if you’re running a coin miner because all of the resources will be pegged. However, I got to thinking, on a corporate server, if they did manage to do this, it would almost be undetectable until someone started reviewing logs.

lol

Pull weather data and get notified if it is going to rain

That’s a pretty respectful list you have there. I am working on something that will pull in weather data and forecast maps, but haven’t completed the flow yet.

The latest thing I’ve cobbled together with n8n is a routine that goes out to https://sol24.net/ and pulls in the current Aurora forecast and the current 7 day video of solar flares into my dashboard. I’ve always had a fascination with how the sun affects the earth and the protective layers of our atmosphere, since I was a child. I built my own 5 watt, code only, transmitter and receiver and would set in my room late nights collecting QSL cards and talking to people from all over the world . I quickly learned that the ionosphere and other protective layers affected how far my little 5 watt signal would bounce. Solar flares burn holes in the ionosphere and prevent a good bounce halfway around the world. So the challenge was to pick days where there was good ionosphere coverage, and minimal solar flares in conjunction with antenna positioning.

This is the current video which takes you from 11/29 to 12/5. It’s mind boggling to me the absolute power and energy represented: https://sol24.net/data/stereo_7day_euvi304.mp4

You could probably conjure up something in bash to do this, but I really like working in n8n.

So, this discussion has intrigued me and some good points have been brought up by seemingly knowledgeable network engineers of which I am not. If I may, introduce you guys to my network to see if there are points I can improve on.

For simplicity, the network diagram would be: modem---->stand alone pfsense firewall with a tailscale overlay, running Suricata, pfblockerng, vlans to segment server traffic from normal traffic, & a very robust rule set & ntopng for traffic analysis -----> server & devices. Server is piped through Cloudflare Tunnel/Zero Trust. On the server, I run UFW, fail2ban with a hair trigger & Crowdsec. Also, since I am the only user, I lock everything down in the .host Allow/Deny & use ssh keys. Users cause complexities and complexities turn into issues. All devices are running a VPN. I do run Docker in lieu of Podman. Server has been hardened through various means and to an extent in line with Lynis.

I’ve been told that this is overengineered, but it seems to work just jammy. Knock on wood, I’ve never had a breach on my local network, though there is always the possibility. A long time ago, when I stood my first server up on a VPS, it got hacked almost immediately. So I dropped back and did some studying, but I am no network engineer.

Anyways, for the experts here, my question is: What would you do to improve, harden, rip out, redo, add etc?

ETA: Server also has a tailscale overlay.

recommendations I’ve seen are Cloudflare

I know a lot here are not too comfortable with Cloudflare. However, the Cloudflare Tunnels/Zero Trust is a solid option.

As far as Cloudflare goes, setting up a tunnel requires you to have a domain set up with them

I purchased a domain from NamesCheap for less that $5 USD. Cloudflare doesn’t require you to purchase a domain from them, however they do require that you use their nameservers for obvious reasons.

Baring all of that, Tailscale is solid as well.

Sure, I use them from time to time in my lab to spin up test runs. I also have a cheap VPS ($25/year) that I do the same on. You could also use VMWare Workstation Pro (free) or Oracle Virtual Box (free), on your desktop/laptop, to spin up a Ubuntu or other server, and test to your heart’s content. I would think the 1 gb spec on the RPi 3 might limit you somewhat on what you could test run, but I have surprised myself as to what I can jam into an RPi 3. PiMyLifeUP has a ton of tutorials for the RPi. Might want to take a glance to see what’s possible, but, for an initial investment of $25 seems like a doable opportunity.

I’ll be publishing more pieces soon

Awesome. I look forward to reading more. I had never heard of SafeBox until about a month or so ago. Seems like a great platform to go from zero to hero in no time flat. I keep hoping that offerings like SafeBox, et al, will gel with the general public and expose them to the world of self hosting and make it not as scary for beginners just striking out. Thanks for the article. Bookmarked, and will be shared.

There’s a kind of personal, cute story to why I asked, in particular with the name Scatola Magica. You may or may not find it humorous. My lady friend is Italian and often refers to her naughty bits as ‘Scatola Magica’, or ‘the magic box’. She will smile at me and say, ‘Scatola Magica baby!’ In fact, she has modified Lil’ Kim / 50 cent’s ‘Magic Stick’ to include such lyrics. It’s kind of cute watching this 65 year old Italian lady sashay around the house singing ‘I got the magic box…I know if I can hit once I can hit twice…’. So there you go. Now that I’ve stained your brain…have a great day! LOL