Power

• 2x feeds into the rack (same circuit but we’ll work on that)
• Eaton 2000VA double conversion UPS on Feed A
• APC 1500VA line interactive UPS on Feed B (bypassed, replacing it with another double conversion 2kVA eventually)

Network

• 2x Dell N2048P, stacked (potentially getting replaced with 2x stacked Cisco 9300)
• FortiGate firewall
• 1000/50 FTTP primary Internet link
• 4G backup Internet link using a different Telco (the dream is to replace this with Starlink)

Storage

• Synology 4-bay NAS with 4x4TB in RAID-10 (for overflow storage from Virtual SAN cluster)
• HP MSL2024 8GB Fiber Channel LTO5 Tape autoloader for off-site backup

Compute

• Dell R520 running VMware ESX for Production (2x Xeon E5-2450L, 80GB DDR3, 4x500GB SSD RAID-10 for Virtual SAN, 1x10TB SATA “scratch” disk, 2x10G fibre storage NICs, 2x1G copper NICs for VM traffic)
• Dell R330 running VMware ESX for backups and DR (1x Xeon E3-1270v5, 32GB DDR4, 2x512GB SSD RAID-1, 2x4TB HDD RAID-1, 8G FC card for tape library)

A second prod host will join the R520 soon to add some redundancy and mirror the Virtual SAN.

All VMs are backed up and kept in an encrypted on-site data store for at least 4 weeks. They’re duplicated to tape (encrypted) once a month and taken off site. Those are kept for 1 year minimum. Cloud backup storage will never replace tape in my setup.

Services

As far as “public facing” goes, the list is very short:

• Bludit
• Lemmy
• Mailcow
• Thelounge

Though I do run around 30-40 services all up on this setup (not including actual non-prod lab things that are on other servers or various SBCs around the place).

If I had unlimited free electricity and no functioning ears I’d be using my Cisco UCS chassis and Nexus 5K switch/fabric extenders. But it just isn’t meant to be (for now, haha).

Depends on your use case, but you can use some Group Policy Objects on Linux (at least with sssd). See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/sssd-gpo

You can also grant sudo to AD group members in the sudoers file, which is how I’ve done it in a corporate setting.

I believe there are 3rd party ADMX templates you can add to your domain controllers to get more granular as well as additions to the AD schema, but I haven’t gone that deep with it since between sssd and the sudoers file I can achieve what I need to.

Authelia is popular, as is Keycloak. I believe Red Hat develops Keycloak or at least has a hand in it.

I’m on this journey as well, figuring out what I’m going to use. Currently most of my services just use LDAP back to AD but I’m looking to do something more modern like SAML, oAuth or OpenID Connect so that I can simplify the number of MFA tokens I have.

Just as an anecdote you may find useful - Personally I used to run an Active Directory for Windows and FreeIPA for my Linux machines and have managed to simplify this to just AD. Linux machines can be joined, you can still use sudo and all the other good stuff while only having one source of truth for identity.

Thanks for letting me know (and to the others that did as well). I might be able to jump sooner than anticipated, I’ll check my client tonight for the feature. I’m using it on the Apple TV, I think its the Swiftfin flavour of the client.

As a side note, it sure is a refreshing change to not be downvoted into oblivion for simply having out of date information and respectfully informed in the comments.

Whilst some might not find it a huge deal, not being able to shuffle all episodes of a specific TV show is a deal breaker for me. I do have Jellyfin deployed and configured, ready to go for when the feature arrives. Plex feels a lot more polished as well, but I can get over that.

Same here lol. I’m keen to keep this instance going even if I end up being the only user. I’ve toyed with the idea of what I might do if I did end up with a bunch of users (would i cap at a certain amount of usrrs, how would I put the feelers out to get mods, etc).

The “niche” I’m going for is no reliance on public cloud. I run everything on my own hardware, back it up myself, scale it as needed and maintain it myself. That won’t appeal to everyone, but I’m not trying to be the biggest instance.