I never thought I would use Docker for 'production' in home network, but I recently completed a transition from three separate x64 servers to a single Raspberry Pi 4 [mostly] provisioned using Docker. Energy use-wise I went from maybe 90W to 2.9W. And to a single old-skool shell script that deploys and sets-up everything on a freshly installed Raspbian OS.
In addition to the services mentioned in the article, one that I recently added to my home network is Stratum-1 NTP server that gets it's time via Pi GPIO GPS module. Whether or not this has any real positive privacy or security implications, I do like the idea that I have significantly reduced outbound traffic to/from port 123 from the devices in the home network. Interestingly most devices are happy with NTP server provided via DHCP, but notably Apple and Sonos products always want to go to time.apple.com and Sonos' alternative (and I haven't yet have had heart to setup split DNS to try and redirect them to local NTP anyways...). edit: typos
True. But I do like the fact that this way I have [almost] stock Raspbian OS and all the crud that gets installed by pihole, minidlnad, cloudflared, shinobi (especially by this!!) and so on are one 'docker image rm' away from removal.
And then there is of course the pure hack value of playing with the setup I don't get to/have to deal with / manage otherwise.
Crud containing for easy removal was one reason why I chose Docker for my infrastructure too. I'm fearless about trying out new containers, because the worst that can happen still leaves everything outside of that one application intact.
Once you know it, Docker is so much easier operationally.
The following things are easy:
- Tweaking a container version in the composefile to upgrade or downgrade
- Entirely swapping out the underlying Linux distro without touching a line of code in existing composefiles
- Isolating all incidental data generated by the application from the user-generated data (for backup purposes)
- Infrastructure as code (so you can easily migrate between servers, and version your setup)
- Quick iteration on service set-up are all so much easier with containers. It's possible to remove services entirely too, so experimentation between different options is very easy.
A sustainable self-hosted setup is one that is quick to maintain and upgrade. If you don't do both, security issues and incompatibilities will eventually be a problem.
- Docker's built-in service management works plenty well enough for a lazy home setup, which saves you having to care about how your server's distro manages services.
- Using docker means I can easily specify the version I want to run.
- Docker images are, for some reason, often simpler to configure than OS packages, for the same result.
- It's also really easy to tell what you need to back up, and to be sure that you got all of it. Plus it's very easy to make sure everything—data and config—for every service lives in a single branch of the filesystem tree, for further convenience.
- For similar reasons, entirely erasing a daemon is very easy.
- Using docker means I don't have to care which version(s) of the software I need is provided by my distro, or go track down extra repos, or whatever. This makes it easy to run a boring-but-stable distro to minimize maintenance, but still have the latest versions of the things you're actually running, and upgrading one of them will never mess up anything else.
- There's a lot more server software available through docker-hub than most (all?) distro official package sets—and, again, that works the same no matter which distro you're on, so everything about it, including the knowledge, is portable.
- All that, using the exact same docker-compose files or simple shell scripts, works the same on any distro, plus macOS. Migrating to a new server can, trivially, be made as simple as rsyncing your entire docker-stuff tree and then doing one "docker-compose up -d" or running a single very boring and simple shell script one time.
Really, the only down-side is you can't use it on FreeBSD right now.
As someone who's run Linux servers (public-facing, even, in the early days) at home since, oh, 2000 or 2001 (plus managing them professionally) I can say that Docker's great for home servers. Less fiddly trivia to worry about. What distro's on my home server? I'm not even sure. I think it's Debian? Dunno. Hardly matters. I've written zero "config as code" stuff for my home set-up, yet could have a new server up with identical services in maybe 3-5 minutes longer than it takes to install the OS, and all but maybe a minute of that would be hands-off, just watching progress bars complete. With effort I could get that down even lower, but I got that much for free.
I agree exactly with what you said, since this is exactly my experience as a home hoster. To add to what you said, I suspect that Docker containers are much easier to configure than OS packages because they are all to some extent Twelve Factor compliant, which means that configuration and operations are simplified.
> To add to what you said, I suspect that Docker containers are much easier to configure than OS packages because they are all to some extent Twelve Factor compliant, which means that configuration and operations are simplified.
Yeah, I think that's got something to do with it. At the very least, you practically have to document right up front where all the config affecting the container lives, both files and env vars. It's also tempting to put the most commonly-used config items in env vars, if they weren't already. Consequently, dockerized Samba, for example, is the easiest config of that daemon that I've ever performed, for any of my never-unusual-or-complex use cases, including with GUI tools, over a couple decades of using it.
> I recently added to the home network is Stratum-1 NTP server that gets it's time via Pi GPIO GPS module. Whether this has any real positive privacy or security implications, I do like the idea that I have significantly reduced outbound traffic to/from port 123 from the devices in home network
I like the way you think, and was thinking about some of the same. Could you share what solution you went with in terms of hardware? I am interested in using better than commodity time that could serve both NTP and precision time as well.
The benefits for better time, and local time are fairly impacting if you are doing anything with time sensitive computing (PKI, performance measurement, and audio are interests of mine).
I used this board from Uputronics[0] with optionally included active GPS antenna. Mostly because they were readily available, and there were few guides online for setting ntpd up on Pi using Uputronics board.
As a word of caution - it looks like most guides that I came across are outdated, or indeed have never produced a reliably (or at all) working NTPd setup. Instructions that lead me to the 'right' path is linked here[1]. I am still in the process of tuning GPS offset in my setup. But all in all, it's been a great learning experience into complexities of the protocol I've mostly taken for granted for a very long time.
In addition to the services mentioned in the article, one that I recently added to my home network is Stratum-1 NTP server that gets it's time via Pi GPIO GPS module. Whether or not this has any real positive privacy or security implications, I do like the idea that I have significantly reduced outbound traffic to/from port 123 from the devices in the home network. Interestingly most devices are happy with NTP server provided via DHCP, but notably Apple and Sonos products always want to go to time.apple.com and Sonos' alternative (and I haven't yet have had heart to setup split DNS to try and redirect them to local NTP anyways...). edit: typos