Not familiar with opnSense, but on your PC, you can check the address it assigns - if it’s /128, it’s a single address.

My ISP does not assign a prefix for delegation unless you specifically ask for it. I had to add “request_prefix 1” to my dhclient.conf file to get a /64 I assume opnSense has a friendly setting somewhere for that. For me, the key phrase was ‘prefix delegation.’ After I got that, I could search around and get my solution.

From a non-lawyer perspective, it is not yet clear how such regulations apply to a non-commercial, volunteer-driven project like Debian, which does not sell software and provides it in a highly decentralized way. It seems plausible that obligations, if any, may primarily affect redistributors or commercial entities building products on top of Debian. In such cases, Debian would as usual be open to contributions that help downstreams meet their requirements, while keeping such features optional and respecting the needs of users in other jurisdictions. However, this is an area where proper legal analysis is still required.

I found this part very reassuring. Being neither a lawyer nor having read any of the legislation (of which I am not a subject, anyway), the “it’s not our job” approach seems very reasonable. Facilitating downstream vendors who do want/have to comply seems like an exceptional effort to show good faith to local legal processes, while remaining, fundamentally, just people freely sharing knowledge.

I hope their lawyers can make that work.

Logging power use by my server was one of the motivators to add homeassistant. That also showed me that specific containers use a (relative) ton of background power. Immich and authentik each raised power consumption by 2-3 watts, so I leave them down unless I have specific need.

If the birthdate field is just a random number, then I don’t see why anyone cares - it would have less personally identifying information than the MAC address. I thought the whole reason people are up in arms about this is the proposal/hypothetical where the OS is required to validate that field against government ID databases, thus giving a third party - the OS vendor or whatever contractor performs the validation - a link to real world identity of any computer user.

So, I can see where commercial OSes, like Windows and MacOS, but maybe including Chrome, Red Hat, and similar, would welcome the requirement to collect user ages. Another piece of user data for telemetry, ad serving, etc, with the cover of ‘government made me do it.’

Linux is always going to have weirdos, ready to spin up their own distribution for their own reasons. Like, I remember when the majors all started switching from init to systemd. There’s still a bunch of distros, even some good–sized ones, that avoid systemd. If age verification works its way from facilitating tools to distro mandates, I guarantee that there will be distributions created in jurisdictions without age mandates that exclude any tools that require age validation or with systems to spoof age validation. It’s simply too easy to change linux to avoid this.

85% of the flat retail rate. AFAIK, no company with a rooftop solar program puts them through spot wholesale market prices. I don’t think my provider even participates in the spot market - they own all their own generation with plenty of excess capacity and essentially no net interchange. They also cap participation in net metering at 0.2% of system-wide peak demand, so there’s very little chance they’ll take much of a loss, regardless.

Shelly makes miniature switches and power monitors that are small enough to fit inside a 1-gang electrical box beside a manual switch or outlet. It’s tight, but it’s a fair way to convert existing hardware. Zigbee/bluetooth/wifi https://us.shelly.com/products/shelly-1-mini-gen4

At least in my area, solar roofs still have to pay the usual service fee, an extra fee for grid-tie, taxes and fees on all the power they consume, without deduction for power they deliver. I know many utilities buy power at the same rate they sell it, but mine only pays 85% (before taxes). Solar people pay just fine for grid maintenance.

If you only need it to be accessible inside your home, then you just need to run your own DNS. Have your dhcp point at your DNS and your DNS declare itself the master for your domain.

To get full functionality, you’ll probably want to have your registrar point to the public IP you get from your ISP as the domain’s authoritative name server.You should be able to script it to update the registrar when your ISP changes your IP, but that usually happens infrequently enough to do manually. Obviously can’t do that if you’re behind CGNAT.

To get Lets Encrypt certificates, you can do the DNS challenge. If your ISP gives you a (even inconsistent) public IP, you can do fancy ‘views’ with your selfhosted DNS, where it responds with private IPs inside your network and your ISP-given IP outside your network. I have certbot set up to expose my DNS & web server just before it starts its renewal process, then close the firewall after. Once you have the certificate, you can move it to where ever it will actually be used.

To me, the nonstandard port is mostly nice for reducing log spam from scripts. The risk is that using a nonstandard port lulls one into a false sense of security and overlook good sshd practices. Good sshd practices will prevent the script-kiddies just as well as the non-standard port, while a non-standard port will not challenge a targeted attack. And, if you interact with multiple servers, it can be inconvenient to remember a different port for each one.

You can start by experimenting on your current computer. Install docker, get some service that sounds interesting, and just access it on localhost. You’ll miss out on anything the service does overnight or downtime, and you won’t be able to access it from off-site, but it’s a fine way to wet your toes and see how it goes.

Docker: https://docs.docker.com/desktop/setup/install/windows-install/

Photo library: https://docs.immich.app/install/docker-compose/

Some maintainers even provide handy windows installers

Media library: https://jellyfin.org/docs/general/installation/windows

I started using HA to turn lights on and off on timer while I’m out of town, so it looks like the house is occupied.

Then, because I am a nerd, I added some environmental sensors so I could see temperature & air quality.

Eventually linked the air quality sensor to a smart thermostat, so it could turn the HVAC fan on when the air is dirty & off when clean, rather than leave it on 24/7 (like the HVAC people recommend) or on ‘circulate.’ That saved around 3.5 kWh electricity every day, or $100/year, while keeping the house dust and allergen-free.

In the old days, university IT put essentially no access controls on their networks, so students’ dorm computers were completely exposed to the internet. Any service you started was immediately, globally accessible. Some big sites, including slashdot and facebook, got their start in some kid’s dorm room. I feel like access controls really got going in the early 00’s - first for residential, then for broader campus.

Check with your IT people - they may have policy or conditions under which they will expose ports on your personal computer to the internet. Otherwise, your best bet is probably free-tier AWS or Oracle.

Not free, but there are some ‘KVM VPS’ providers out there that will rent you a small, internet exposed computer pretty cheap. They can be a good platform for experimenting with self-hosting services, without exposing your personal equipment or home network. eg: 1CPU/1GB RAM/24GB SSD $12/year https://my.racknerd.com/cart.php?a=add&pid=903

I started using https://purelymail.com/ because they’re $10/year. Been happy with them, but I don’t use/need any fancy features. Hosted on AWS, if you care about that. Their domain instructions are https://purelymail.com/docs/domainDocs

Good discovery tools are essential on a federated platform. An important part of twitter, facebook, and reddit success is/was that that they were the place for their particular style of content. You had a pretty good chance of being able to discover your old high school friends, because they were on the one platform. Then the (early) algorithm started discovering for you all the obscure content similar to your history.

Discovery has to work differently in a federated system. You can search for communities on Lemmy, but if your instance doesn’t already have someone subscribed to a community, then you’re not going to find it.

I realize you’re looking for new toys, but ‘anywhere in the flat’ includes ‘under a pile of pillows.’ Otherwise, for personal photo-sized storage, just put a couple 2.5mm format SSDs in the QNAP.

Depending on the board in your mini-server, you may have enough SATA ports to plug in directly. I have a system similar to what you’re describing (N100 with 4x 2TB HDDs with 1.5TB data): 2 of those drives are set up in RAID1 (mirror), and once a month, I plug in one of the spares, rsync the array to it, and unplug it. Every 3 months or so, I swap the offline drive with an offsite drive. I used to use a USB dock for the offline drive, but I got a 3-bay hot-swap enclosure to make the whole process faster and easier.

The server shares the array via NFS and SMB, and it is absolutely a NAS for all my other systems.

If you expect to exceed 2TB data within 2 years, then you’ll need to replace all 4 of those 2TB drives in 2 years. You might, today, get a pair of 4 TB drives and one 2TB, use the 4TB as your main storage, the 2TBs as rotating backups, and wait until you actually outgrow 2TB to upgrade the backups.

I see you’re getting lots of advice just to use c/selfhosted as a free consultant. That’s good advice if you’re self-motivated and focused.

If you want someone to be a coach through the process, to keep you focused and moving, that’s a) a slightly different skillset and b) worth putting in the description. I mention this only because I have a bunch of aspirational projects on my to–do list that have just sat there for literally years because of perfectionism, anxiety, and maybe some undiagnosed ADHD. I’ll also counter by noting that a lot of people, this time of year, buy a gym membership on the theory that spending the money will somehow force them actually to go to the gym, only to find that spent money is not actually a motivator.

Great project. I like the 1-star reviews complaining about the lack of advertising and tracking.

If you want it to be an actual community service, then you want it to be something that outlives your residence, your tenure as event coordinator, and your interest in being the neighborhood IT guy. It’ll be much easier to transfer control of a VPS to your successor than to give them hardware that also hosts a bunch of your personal services.

You can start with a very small, nearly free VPS while you recruit users & scale up as (if) anyone bites. Probably even get the HOA to pay for it.