For example, something that is too complex for your comfort level, a security concern, or maybe your hardware can’t keep up with the service’s needs?

  • Ruud@lemmy.worldM
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 year ago

    Anything that the family uses. Because when I cease to exist, my wife isn’t gonna take over self-hosting! So e-mail, chat, documents etc.

    • Cole@midwest.social
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I told my wife when I die, she’s just going to have to throw it all away and start over.

      We have separate email accounts and she knows how to get into my Keepass, so she should be able to get into whatever she needs to. I now have a daughter who is becoming interested in how these things work, so I’m hoping to slowly start training/handing off to her.

  • DeltaWhy@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 year ago

    Backups. Cloud services like Backblaze B2 are so cheap for the durability they offer, it just doesn’t make sense for me to roll my own offsite solution with a Raspberry Pi at my parents’ house or something. Restic encrypts everything before it leaves my machine.

    Password manager- it’s too important and it’s the thing that has to work for me to recover when I break something else. I’m happy to support Bitwarden with a few bucks a year.

    Email- again, it’s mission critical and I have a habit of tinkering with things and breaking them. And it’s just no fun. The less I need to think about email, the happier I am.

    • hempster@lemm.ee
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      1 year ago

      That’s what “1” in the “3-2-1” backup strategy stands for, a true offsite backup (preferably continent where you do not reside) For “2” I would still deploy a local offsite at someone’s house for quick disaster recovery.

      Downloading your 10TB data from B2 (or even requesting a tarball HDD from them) is costlier than recovering from an offsite backup facility within an hour’s reach.

      • hot_guava@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Because the assumption is there’s very little throughput. Storage isn’t really that expensive, but bandwidth is and Backblaze is only cheap if you aren’t trying to get at your data regularly. That’s fine for backups because hopefully you never need them.

        EDIT: I should say that for an individual user, getting data out of Backblaze isn’t that expensive, but it’s more expensive than cold storage. I think they charge $.01 per GB transfered, so a 10GB movie would cost you about ten cents to stream. It would cost you $100 to recover a 10TB backup from Backblaze (though for a fee than can mail you some of that on a hard drive, I think).

    • Artaca@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Lemmy instance for me as well. I have a specific community I miss from reddit that I want to replicate, I even have a domain sitting around that’d be good…I just don’t want to store data coming from complete strangers. I also have zero interest in any sort of admin/moderating. So I’ll just go without it and get over it lol

    • Reivax@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Yes these. Essentially anything that an unidentified user could push data to that would land me in regulatory trouble. I would want to host these things, but I don’t want to become a distributor of anything that would get me a search warrant.

  • 👁️👄👁️@lemm.ee
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    3
    ·
    1 year ago

    Email. Way too complicated and lots of maintenance. Not to mention it you mess it up, there are huge downsides.

    • aard@kyu.de
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I find it funny that a bunch of the simple basics are nowadays considered complicated. I’ve been doing my own mail and DNS for over two decades now, and don’t see a reason for stopping. It is pretty low maintenance, and generally less headache than having someone else do it.

      • Toribor@corndog.social
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Standing up email might not be that hard… but it’s much harder to ensure that your mail will actually be delivered successfully. Plus it’s not a service you can typically afford to go down. Any emails you miss during that downtime are gone forever, whereas even if my Vaultwarden credential vault goes down I can access passwords from a device that has things cached at least while I fix things.

        Plus the big providers just treat small mail servers with a lot more skepticism than they did 20 years ago.

        • aard@kyu.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Plus it’s not a service you can typically afford to go down. Any emails you miss during that downtime are gone forever

          The sending server will retry a few times, so you have at least a few days to bring it back. And if you prefer an additional fail-safe - adding a secondary MX somewhere else which will just store mails until the primary comes back is trivial.

  • h3ndrik@feddit.de
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    Nothing really. I’m comfortable hosting mail, chat, my passwords and important documents. However:

    Hosting personal/important data for other people is a bit intimidating because you kind of guarantee for safety and availability.

    And services that are likely to be misused for illegal stuff and would be too bothersome. Otherwise i might host an anonymous spam eating email-forwarder, maybe a tor exit-node and a forum where adults can practise free speech. But that kind of stuff just attracts the wrong kind of idiots.

  • bladewdr@infosec.pub
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    2
    ·
    1 year ago

    Mail server, but mostly because deliverability in this day and age is a nightmare. If you’re some one off running your own mail server in 2023 be prepared to deal with many headaches around IP reputation.

    • daFRAKKINpope@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Second. I used to self-host Bitwarden. Then I realized it’d be too devistating to lose all my passwords, even with backups. So I moved to their cloud service and paid for my families accounts too.

      Joplin tho, Joplin stays on the server with no backup. I should really, really make a backup this weekend.

      • cmhe@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        I am hosting bitwarden myself (on a VPS) and I am not that concered about losing my passwords, because every device syncs all passwords locally regulary so that you don’t need internet to access them.

        So to loose all your passwords not only do you have to loose your bitwarden server and all the backups, you also have to loose access to all your bitwarden clients synchroniously.

      • aard@kyu.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Because passwords are so critical I’d never give that to a third party.

        Stuff like bitwarden is needlessly complicated, though - I nowadays have a vaultwarden instance for friends and family, but everything important is done via pass - which only needs a git server, which I have anyway.

  • faethon@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    Hosting an email server is pretty sure a magnet for half the Chinese IP range… So I would refrain from hosting that myself.

    • chris@l.roofo.cc
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I did host my email, but the problem wasn’t the spam but the bigger email providers. Best case was my mail was marked as spam. Worst case was that I was blocked until I jumped through hoops. Email hosting is unfortunately broken.

    • Anafroj@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Gladly, fail2ban exists. :) Note that it’s not just smtp anyway. Anything on port 22 (ssh) or 80/443 (http/https) get constantly tested as well. I’ve actually set up fail2ban rules to ban anyone who is querying / on my webserver, it catches of lot of those pests.

      • StarDreamer@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        CrowdSec has completely replaced fail2ban for me. It’s a bit harder to setup but it’s way more flexible with bans/statistics/etc. Also uses less ram.

        It’s also fun to watch the ban counter go up for things that I would never think about configuring on fail2ban, such as nginx CVEs.

        Edit: fixed url. Oops!

        • Anafroj@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Thanks for mentioning it, I didn’t know about it. Protecting against CVEs sounds indeed awesome. I took a more brutal approach to fix the constant pentesting : I ban everyone who triggers a 404. :D Of course, this only work because it’s a private server, only meant to be accessed by me and people with deep links. I’ve whitelisted IPs commonly used by my relatives, and I’ve made a log parser that warns me when those IPs trigger a 404, which let me know if there are legit ones, and is also a great way to find problems in my applications. But of course, this wouldn’t fly on a public server. :)

          Note for others reading this, the correct link is CrowdSec

    • Tinnitus@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I figured email would be a common theme. I’m just starting to dip my toes into all of this, so an email server is not on my to-do list (and may never be).

      • body_by_make@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Google and other large scale providers have intentionally made it very difficult to self host your own email. It’s generally not considered a wise move these days and is very difficult to maintain.

        • peregus@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Why do you say so? I’m not an expert in the fields, but isn’t a mail server pretty much the same as 20 years ago plus DKIM and SPF?

          • ikidd@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 year ago

            With DKIM and SPF, I’ve had zero problems in the last 15 years of selfhosting, most recently with Mailcow Docker on a residential IP. I don’t even have a reverse PTR to my mailserver hostname, just a PTR provided by the ISP that can be resolved.

            I’ve added a few fresh, un-reputed domains to the server and had no issues.

            I think many people’s problems with running email servers are self-inflicted. I remember even before there were things like blacklists, etc with large providers, many people had problems keeping mailservers running. It’s just not an easy task for a variety of reasons completely unassociated with the mega’s blacklisting you. I’ve been running mailservers at various scales for 20+ years so maybe it’s just second nature to me now.

          • MaggiWuerze@feddit.de
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            Problem is, that most larger providers sort your mails to spam if the domain is not well known to them, which is not easy to achieve

            • peregus@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Mmm…are you sure about that? I happen to buy some random domain and I’ve never had any problem sending email even right after the domain created.

                • peregus@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  But there are even people that still self host email server (have a look in the selfhosted subreddit for example). IP reputation is a thing, for sure, but I don’t feel that it’s been brought up by the big corp wickedly, it’s a good way to prevent spam to arrive to the server. There are thousands of email providers in the world that are not Google, Amazon, Microsoft or some other big corp. This means that is possible. Is it difficult? For me for sure!!! But I think that the rising difficulty has been a result of this fields over the years. Just my 2 cents.

  • Karcinogen@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Password manager like Bitwarden. I’d rather they take care of it for me. The consequences would be too great if I messed it up.

    • rglullis@communick.news
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      I still don’t get why people want to have cloud-based password managers. Keepass works in all major platforms, it’s just one file, which it is super easy to sync and/or merge. It can integrate with your browser/Os if you want, but otherwise the surface attack is basically zero.

    • ChrislyBear@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Oh man, that’s actually really good advice! I recently switched to Vaultwarden, but you’re right: If my server goes down, I can’t even restart it, because the password for my account is in there! Damn! Close call!

      • Limit@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Well with bitwarden/vaultwarden you can have a copy of your entire vault on your phone or computer or both… so even if your server was totally dead, you’d have access to your passwords. Solid backups is a must, I follow the 3-2-1 rule on super critical systems (like vaultwarden) and test that you can actually recover. Something as simple as spinning up a VPS, testing a restore, testing access, see if that could work in a pinch until you get your server back online, then tear it down. Linode is very cheap for this kind of testing, it’d only cost you a few pennies to run a “dr” test of your critical systems. Of course you still want to secure it, I’d recommend wireguard or tailscale instead of opening access to your DR node to the internet, but as a temporary test it’s probably fine if your running patched up to date versions of docker, vaultwarden, and I’d always recommend putting a reverse proxy in front like nginx.

  • jetsetdorito@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    I feel like I’m having a change of heart on NextCloud… Every time some little thing breaks I have to figure out how to fix it

        • 2xsaiko@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Bare metal (using the NixOS module, so the manual stuff like database upgrades after an update and such is automated). Only containers that go on my servers are Pterodactyl because it requires it ;)

      • jetsetdorito@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        It largely is, but yesterday the Recognize app broke and I have no idea how to fix it. I think the environment got messed up from an apt-get upgrade? Its little things like that I have to figure out how to fix

  • 子犬です@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I think someone else already mentioned it, but just to reiterate… Anything for other people who aren’t my wife and future kids.

    Password manager, file backups, photo backup, whatever.

    If something happens to me, or I pass away, wifey has instructions on shutting everything down (probably should write instructions on how to save all the important stuff).

    But I don’t want to deal with other peoples stuff. I like tinkering with my server and different docker containers, etc. So I don’t want someone complaining they can’t access their photos because I wanted to try something new. Also, just don’t wanna be responsible for storing their photos and important documents.

  • emhl@feddit.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago
    • My own search engine (a meta search engine like searx-ng would be fine though)
    • a tor exit node, because don’t want to deal with the legal hassle (i run snowflake on multiple machines though)
    • a SMTP relay (recieving email is easy. Sending email is a pain in the ass)
    • okamiueru@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      1 year ago

      What’s the problem with it being local-only? Just backup the secrets, and you’re good? Or is backing it up the “online” element?

      • hempster@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Like a password manager, I can’t trust myself for the seeds to get misplaced.

        • zaphod@lemmy.ca
          link
          fedilink
          English
          arrow-up
          7
          ·
          edit-2
          1 year ago

          First, that’s what recovery codes are.

          Second, that’s what backups are for.

          Frankly, given what we’ve seen with LastPass this past year alone, there is absolutely no one I would trust to host any of my credentials.

          My TOTP seeds go in a Keepass database that has a very long passphrase. That database is then sync’d across devices with syncthing and included in encrypted backups.

      • hempster@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Authy, having paid bitwarden and 2FA in one app is a disaster waiting to be happen in case of a security breach.

          • hempster@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Out of all hosted options available that I lasted tested 2-3 years back, Authy is the only one that reliably syncs and backups seeds across devices. I would switch in an instant if something like Bitwarden comes up but for 2FA only.