nico

If it's helpful to you it's helpful in reality!

If you are having trouble installing or the documentation is not clear, feel free to point it out here or in the issues on github. Personally I think it is simplest to use docker :)

What you described is correct! How to replicate this will depend heavily on your setup.

In my specific scenario, I make the containers of all my apps use leng as my DNS server. If you use plain docker see here, if you use docker compose you can do:

version: 2
services:
 application:
  dns: [10.10.0.0] # address of leng server here!

Personally, I use Nomad, so I specify that in the job file of each service.

Then I use wireguard as my VPN and (in my personal devices) I set the DNS field to the address of the leng server. If you would like more details I can document this approach better in leng's docs :). But like I said, the best way to do this won't be the same if you don't use docker or wireguard.

If you are interested in Nomad and calling services by name instead of IP, you can see this tangentially related blog post of mine as well

Thanks! I didn't know you could do that. I'll see how it compares to my current solution

Including SRV records? I found that some servers (blocky as well) only support very basic CNAME or A records, without being able to specify parameters like TTL, etc.

I also appreciate being able to define this in a file rather than a web UI

Ouch, thanks for catching that! Should be good now. Link here for the curious

Like chiisana@lemmy.chiisana.net said - I want to be able to add my own records (SRV, A, CNAME...) so that I can point to the services hosted in my VPN. CoreDNS is good for this but it doesn't also do adblocking. If PiHole can do this, I don't know how.

I also don't need a web UI, DHCP server, and so on: I just want a config file and some prometheus metrics

Yes (much simpler) and also allows you to specify custom DNS, which is very useful for more advanced self-hosted deployments - this is something PiHole is just not built to address

• Can you show the diff with your previous WG config?
• Is 10.11.12.0/24 also on enp3s0?

I am able to connect and can ping 10.11.12.77, the IP address of the server, but nothing else

Including the wider internet, if you set your phone's AllowedIPs to 0.0.0.0/0? This makes me think it's a problem with the NAT, not so much wireguard. Also make sure ipv4 forwarding is enabled:

sysctl -w net.ipv4.conf.default.forwarding=1
sysctl -w net.ipv4.conf.enp3s0.forwarding=1

Reading this article might help! I know this is not what you asked, but otherwise, my approach to accessing devices on my LAN is to also include them in the WG VPN - so that they all have an IP address on the VPN subnet (in your case 10.11.13.0/24). Bonus points for excluding your LAN guests from your selfhosted subnet.

Yep I am using traefik -> nginx. I simply add the traefik tags to the nginx service. I didn't include that in the example file to keep it simple.

As for the storage, I use SeaweedFS (has a CSI plugin, really cool, works well with nomad) but as a CSI volume it's not suitable for backing postgres' filesystem. The lookups are so noticeably slower that your Lemmy instance will be laggy. So I decided to use a normal host volume, so the DB writes to disk directly, and you can back that up to an S3-compatible storage with this (also cool). Could be SeaweedFS, AWS, Backblaze...

I think SeaweedFS is suitable for your pictrs storage though, be it through its S3 API (supported by pictrs) or through a SeaweedFS CSI volume that stores the files directly.

I hope that answers it! Do let me know what you end up with

Have you considered running your Lemmy instance on more than a single machine? If it is possible to run two lemmy containers anyway (ie, lemmy is not a singleton), why not run them on separate machines? With load balancing you could achieve a more stable experience. It might be cheaper to have many mediocre machines rather than a single powerful one too, as well as more sustainable long-term (vertical vs horizontal scaling).

The downside would be that the set-up would be less obvious than with Docker compose and you would probably need to get into k8s/k3s/nomad territory in order to orchestrate a proper fleet.

There are dozens of us!

• nomad fmt was applied already - granted it is not a small easy to read job file, it might be easier to split it up into separate jobs
• I will look into making this into a Pack - I have never built one because I have never shared my config like this before. I don't know how popular they are among selfhosters either!

I think an easy first step would be to contribute a sample job file like this into the Lemmy docs website. Then people can adapt to their setups. I find there is a lot more to configure in Nomad than in Docker compose for example because you stop assuming everything will be in a single box, which changes networking considerably. There is also whether to use Consul, Vault etc.