- 0 Posts
- 12 Comments
I was in the same place as you a few years ago - I liked swarm, and was a bit intimidated by kubernetes - so I’d encourage you to take a stab at kubernetes. Everything you like about swam kubernetes does better, and tools like k3s make it super simple to get set up. There _is& a learning curve, but I’d say it’s worth it. Swarm is more or less a dead end tech at this point, and there are a lot more resources about kubernetes out there.
Infrastructure as code/config as code.
The configurations of all the actual machines is managed by Puppet, with all its configs in a git repo. All the actual applications are deployed on top of Kubernetes, with all the configurations managed by helmfile and also tracked in git. I don’t set anything up - I describe how I want things configured, and the tools do the actual work.
There is a “cold start” issue in my scheme - puppet requires a server component that runs on Kubernetes but I can’t deploy onto kubernetes until the host machines have had their puppet manifests applied, but at that point I can just read the code and do enough of the config by hand to bootstrap everything up from scratch if I have to
“GPT” describes a machine learning technique - tools like ChatGPT use this technique along with massive training sets to produce their results, but there isn’t anything stopping you doing it on a small scale so you can slap “GPT” or “AI” on your product and jump on the band wagon without actually adding anything of value
What do you mean by “increase security”? Security isn’t a thing where you get +5 points for every antivirus you have installed - it’s about risks, and how you mitigate them. A perfect antivirus isn’t going to protect you if you have a crappy password on something you forgot about, or if you are running software with a serious security vulnerability.
I wouldn’t think it would be worth the effort in syncing the downloaded files - a podcast is literally just a list of download URLs with some metadata, probably simpler to just re-download the file. I guess I could see that being a problem if you are on a very restrictive internet plan, but podcast files episodes are typically quite small
Kubernetes is awesome for self hosting, but tbh is superpower isn’t multi-node/scalability/clustering shenanigans, it’s that because every bit of configuration is just an object in the API, you can really easily version control everything - charts and config in git, tools like Helm make applying changes super easy, use Renovate to do automatic updates, use your CI tool of choice to deploy on commit, leverage your hobby into a DevOps role, profit
It’s super achievable - I’ve run my own DNS for ages, there are a few common pitfalls but overall it’s pretty low maintenance.
- Personally I use PowerDNS, but you could also use something like BIND. I find PDNS to be a little easier to configure
- Make sure you are looking at the docs for PowerDNS Authoritative, not PowerDNS recursor
- You install PDNS Authoritative on bother servers, then designate one as a primary (/master) and the other as a secondary (/slave/replica). You create records on the primary, and configure it to replicate the records to the secondary using AXFR
- I’d recommend using one of the database backends for PDNS - personally I use Postgresql. Sqlite is simpler to set up, but I’ve had issues where making multiple updates over the API causes errors due to locking
- DNSSEC is a bit fiddly to set up initially, but doesn’t add much operational overhead once it’s running
- Take a looks at glue records if your want to host the domain that the nameservers themselves use
- Once you’ve got things running, consider something like https://ns-global.zone as a backup
Feel free to ping me if you have questions or need help getting things set up
Keycloak to provide OIDC, although in hindsight I should have gone with
AutheliaAuthentik