Services that I selfhost
A while ago, I wrote about building a TrueNAS server (formerly FreeNAS). Since then, I’ve used this server a lot, mainly for selfhosted services and occasionally hosting minecraft and sauerbraten servers.
These are the services that I use that have made my life easier. I value services that load quickly over ones with shiny UX.
All are run via docker images unless otherwise noted.
Collaboration & Utility
In my opinion, this is the best opensource alternative to Google Sheets / Docs. It embeds OnlyOffice without any hassle.
It’s awesome when you keep up with entering transactions. I never liked Mint because I wasn’t selfhosting it, and the automatic transaction logging meant that I never really looked at it. Having to input each of my transactions forced me to acknowledge that I had bad spending habits.
Previously I used ledger for double-entry accounting but I frequently forgot to sync between computers.
Gitea is significantly more lightweight than Gitlab, and I like the UX more. DroneCI integrates smoothly for builds as long as both services aren’t on the same subnet or compose network… Which is very annoying.
Healthchecks lets me monitor the status of cronjobs. It sends me notifications if a job takes too long to respond.
I use this to make sure my backup scripts are running every night. Prior to this, I accidentally made a typo in a backup script that caused it to fail immediately, and didn’t realize until a few months later. Thankfully I didn’t lose any data but that really made me look into better solutions like Healthchecks.
This is my favorite collaborative markdown editor. It supports tables! It supports Keycloak SSO and has been very smooth with multiple users working on docs at the same time.
I think of Huginn as a selfhosted, much more powerful IFTTT alternative. The possibilities here are endless… I used Huginn agents to track when products came in stock, and sent myself Pushover notifications with the prices.
Being able to see a directed graph of agents and event flows is very useful for more complex chains.
If you haven’t tried Kanban, I highly recommend it. Kanboard is extremely snappy and responsive, unlike Wekan.
Github and Gitea also integrate Kanban-style trackers into their repositories.
I wanted a simple app for my brother and I to store our family recipes, and Mealie works nicely. This space could use improvement in general; apps are either too simple or too complicated. Or maybe I used the other ones wrong… either way I’m not going to inventory individual ingredients because who has the time for that?
How do I remember contact information, preferences, allergies, and birthdays? This is how. Monica sends me email reminders and it has a birthday calendar that I integrate into Thunderbird.
It has a bunch of other features that I don’t use, like recording the last time I called someone.
Social & Entertainment
Plex is very hostile to their users. Why pay $5/mo and be at their whims when Jellyfin provides those features for free? If you have an Apple TV, the Infuse app works well.
The groupwatch sync feature is amazing, when it works. We had a few issues but I was able to watch Bobobo-bo Bo-bobo with a few friends and Running Man with my mother, and that makes this my favorite service in my heart.
Loads way faster than youtube and provides a nice API for downloading playlists and videos.
Pairs well with Privacy Redirect Browser Extension.
Very few complaints here. With double panels, I wish they were rendered wider than the regular scans.
Miniflux is by far the cleanest RSS reader I’ve used. I don’t use very many features other than reader mode and tags/categories.
Of all these services, I use Navidrome the most. I’m addicted to buying CDs on discogs… I have over 300 albums scanned in now; mostly older jazz albums.
I like the web client and that it supports the SubSonic api, which has many iOS apps. Development is very active and the developers/contributors are responsive in the github issues.
Pretty self-explanatory. I wish it supported multiple users.
Gone are the days of maintaining ZNC bouncers and crappy terminal clients. TheLounge is so much nicer than irssi and weechat.
Gotta share that media! I set up an LXC in Proxmox that whitelists local IPs.
This is arguably the second most useful service here for me. I fastidiously use my calendar to plan and get reminders for important events, and this lets me sync to Thunderbird and my iOS app, Calendars 5.
Radicale does what it says on the tin. Setting up user auth is a bit annoying, but it’s simple, fast, and reliable.
There is an add-on Thunderbird that lets you add caldav calendar syncing.
I chose this over Nextcloud because I prefer simple services that do one job well, rather than large services that try to do everything.
Syncthing is very lightweight. I have folders such as
that I synchronize between my computers and NAS for backup.
Syncthing allows ignoring certain folders or files with
I wasn’t really a fan of Matomo or Plausible. Goatcounter is dead simple and lets me track stats for this website in a non-invasive manner.
Takes data from InfluxDB, Prometheus, etc, and turns it into pretty graphs. It goes without saying that these services are not hosted on the same server as the rest of services I selfhost. If something goes awry on the main server I need to be able to see what service, VM, or LXC was the culprit, etc.
Proxmox supports dumping data to InfluxDB, and I run node_exporter on the router which Prometheus scrapes.
InfluxDB is a time series database, and acts as a data source for Grafana.
Prometheus collects metrics at configured intervals, and acts as a data source for Grafana.
Formerly known as bitwarden_rs. This is definitely the most important service that I selfhost. I previously used MasterPasswordApp but I hated basing my security around a website that could go down at any time (and it did, once).
I store all my passwords and credentials (like app tokens or 2fa recovery codes) here. The iOS app, desktop app, and Firefox add-on all work quite nicely.
It’s… LDAP. But open source, and poorly documented.
LAM has dated but performant UX. Setting up users is quite easy.
Services generally support LDAP and OIDC auth, in that order. Keycloak can synchronize users with LDAP. It also supports 2FA.
I highly recommend taking some time and learning Keycloak; it’s easier than you’d think and makes SSO (Single Sign On) a breeze when services support it.
EAS makes it easy to configure reverse proxies with authentication schemes, like Keycloak OIDC. I use it as a middleware with Traefik.
Manually configuring static nginx or caddy configs is so dated. With Traefik, all I need to do is add some labels to a docker compose service, and like magic, Traefik automatically updates its routing.
It also supports automatic Lets Encrypt certs, so all I need to do is add something like the following and then I’m done!
version: '3.7' services: traefik: # ... command: # ... - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.myresolver.acme.tlschallenge=true" - "[email protected]om" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" podgrab: # ... labels: - "traefik.enable=true" - "traefik.http.routers.podgrab.rule=Host(`podcasts.example.com`)" - "traefik.http.routers.podgrab.entrypoints=websecure" - 'traefik.http.routers.podgrab.middlewares=eas-default' - "traefik.http.routers.podgrab.tls.certresolver=myresolver"
These are run in separate LXCs via Proxmox.
I’ve written about [selfhosting Minecraft with Fabric].
This fast-paced arena shooter is suprisingly addicting and is very performant. We like to play this on older thinkpads (e.g. x201, x220, x230, t430).
An arena shooter with source engine physics. Movement is quite fun and it’s very polished for a community mod.
What I don’t host (so far)
It’s not worth the headache… Gandi provides two mailboxes for me per domain, which is plenty. I don’t plan on ever hosting email.
What I want to host
Digital Document Stores
I tried Mayan EDMS (obscure errors) and Papermerge lacked features. This was a while ago though, so I want to re-evaluate. I want a service that supports:
multiple user accounts
text OCR and indexing
fast text search
RBAC that isn’t overly complicated
Ingestion via email or dropping files in a folder
easy organization and tagging
I haven’t found a file uploading service that I’m happy with yet. I want one that supports:
user upload limits
self-destructing download links (per use or after X amount of time)
secure upload links (so I don’t have to force people to sign up or login)
SSO with RBAC via LDAP or OIDC (preferably OIDC)
Ultimately I think I’m going to have to write my own file uploading application.
I haven’t found a photo service that I really liked. I want one that supports:
SSO, preferably with RBAC
VERY easy to use UX, preferably with an iOS app
public, private, and password-protected albums
tags and categories
fast searching by title, location, etc
My Top 10 Favorite Services
Honestly though I find all of these to be great.
Is it worth the hassle to selfhost?
Absolutely. I don’t have hard numbers, but I tend to spend a bit of time working on the server every 3-4 weeks or so. For the most part maintenance takes very little time.
Figuring out how Keycloak + EAS + Traefik + OpenLDAP all work together took the most time, but that was also pretty satisfying once I got it smoothly working. Other than that, now I spend more time on evaluating -what- service to use, like with various photo services.
The value that I get out of these services is easily worth that, so I recommend trying it out! You don’t need a beefy server, a raspberry pi should work fairly well. Just remember it’s all fun and games until the server crashes and you realized your backups don’t work… Don’t put it off until "later", get it going from the beginning!