logoalt Hacker News

stego-techtoday at 10:58 AM0 repliesview on HN

This has been a similar approach to what I did for my own homelab. I still need to setup some sort of GitOps so I don’t have to ssh into the box and manually bootstrap whatever compose file I’ve thrown on there, but that’s honestly about it.

* Docker Compose files and various folders for containers live on an NFS share

* SQLite and other databases run off a local SATA SSD for speed and reliability

* Cronjob tarballs the critical stuff nightly and throws it on another NFS share to get ingested into Backblaze B2.

Now I just get to kick back and actually experiment with new things instead of babysitting a convoluted Proxmox upgrade or shunt onto a new container standard.

Does it run rootless? Not atm (blame FreshRSS, my sole holdout). Is it super secure? Probably not, but I’m not doing anything goofy like mounting the Unix socket into a container at the very least, and the server credentials don’t work anywhere else should it get popped. The blast radius is contained, and that’s more important to me than Enterprise-grade security for my homelab (a la Wazuh, another backlog project TBD).